As with most companies, Polycom works hard to continually improve our products.  With that comes changes in Polycom's software including in our APIs. (What is an API?  An API or Application Programming Interface can be thought of as an agreement provided by one piece of computer software to another.  If you ask me "X", then I will respond with "Y" in a specific format.) 

 

Polycom works to maintain both forwards and backwards compatability with our APIs, so a change in our software doesn't change the response back to your software-- we try not to break the "agreement". 

 

In order to write software that will work after upgrades, Polycom has released Best Practices to Prevent Versioning Issues in the Polycom RealPresence Platform API Guide  (see http://bit.ly/1shsRyN) 

 

For Example: Best Practices to Prevent Versioning Issues (from Page 25):

 

Developers using the API should use the following practices, to minimize software versioning related issues

and protect against unintentional agent upgrades:

• Use an XML parser that respects extension points in the schema, and ignores attributes that it does not understand at these points.
• Include the 'Content-Type' HTTP header in every request that includes an XML document.
• Include the 'Accept' HTTP header in every request that expects an XML document in response.
• Failure to include an 'Accept' header may result in a random, incompatible version being sent in a response. 

 

To determine whether a version is compatible, refer to the documentation for the API methods, which specifies what representations are possible as returned values.

• As part of the upgrade process for Polycom products, check the release notes for content types that are no longer supported. If there are any, make sure that they are not used in the client application

 

Polycom is committed to maintaining both forward and backward compatibility of the API where possible.  Typically, the API will support both the old and new content types when incompatible differences occur.

• API clients written to use an old version of the API may continue to do so, by specifying the old content type.
• API clients written to use the new version of the API may do so by specifying the new content type.

In some relatively rare cases, it may simply be impossible to support the old content type. In these cases, the release notes for the new version of the API will include a list of the content types that are no longer supported.

 

 

Want to learn more about what Polycom APIs can do?  Join the Polycom Developer Community or read the Polycom RealPresence Platform API Guide

Polycom's RealPresence Access Director (RPAD) is a scalable and secure firewall traversal solution that enables seamless video collaboration across business-to-business and intra-company networks for H.323 and SIP devices, including SVC solutions.

 

However, sometimes, some RPAD installations are left in a less than secure configuration. What are the best practice configurations to help?  Obviously, change the default passwords.  Additionaly, in most cases, it should prevent remote, unathenticated guest users from registering their video device to your system.    Finaly, some organizations have business rules to only permit inbound calls to virtual meeting rooms (VMRs). 

 

 

---

Warning, This does change how your RPAD handles calls. Misconfigurations can adversly affect external calling.  As always, best practices are to implement these changes after taking a backup, off hours, and under the appropriate change controls for your organization. If you are unsure of the reasons behind implementing these settings, or why they are important, please contact your Polycom Partner or Polycom support team for more assistance.  

---

 

 

These instructions will:
1) Prevent remote guest users from registering as an unathenticated internal user on your RPAD (via SIP or H.323)
2) Restrict guest users from directly dialing any individual endpoint and only permit them to meet your conference bridge.

 

 

---

 

 

1) To prevent remote guests from registering through the RPAD. We need at least 3 rules created to protect against unwanted guest registrations. You can add more depending on your business requirements, but these 3 should be basic to every install.

 

On the RPAD, go to Configuration > Access Control List Settings

 

 

 

The above is the end result of what we should be working towards. Now for the rule creation. The RPAD contains default rules which we will use. Of course your external signaling IP address will be different from those in the below images.

 

H323

 

Click Add under Actions

   Service Name: H323

   IP: External signaling IP

   Port: H225 RAS port: 1719

Select Add

   Choose Access_Without_XMA_Provision and Action set to deny

Select OK x 2

 

 

 

 

SIP 5060 (Guests)

 

Click Add under Actions

   Service Name: SIP

   IP: External signaling IP

   Port: SIP External Port 5060

Select Add

   Choose SIP_Registration and Action set to deny

Select OK x 2

 

 

 

SIP 5061 (Internal Authenticated Users)

 

Click Add under Actions

   Service Name: SIP

   IP: External signaling IP

   Port: SIP External Port 5061

Select Add

   Choose Access_Without_XMA_Provision and Action set to deny

Select OK x 2

 

 

 

 

Now try to register using RealPresence Desktop (or another Polycom endpoint) from outside the firewall on both H323 and Sip as a guest (without credentials). You should see the following (screen shot from RealPresence Desktop Client):

  

 

 Congratulations, you've now helped secure your RPAD. 

 

 

---

 

2)  Additionally, you might have a business requirement to only allow incoming calls from guest users to meet on a bridge inside a virtual meeting room (VMR).  In the the  world, this is equivalent to saying nobody outside your organization can your direct number -- they have to meet you in a bridge. 

 

 

How to implement a H323 guest policy with a RPAD and DMA. In version 2.1+ of the RPAD, you now have access to a H323 Guest Policy setting.

 

Configuration > SIP and H323 Settings

 

 

The above setting will add a prefix of 88 to the dial string of any H323 call coming into the RPAD. However, the DMA does not yet support this feature like it does for the SIP guest user. If a call comes into the DMA in this fashion, the DMA will reject the call as unreachable. Therefore there needs to be an additional dial rule created on the DMA.

 

Admin>Call Server>Dial Rules 

Edit  the default Dial by Conference room ID dial rule and added the following preliminary script:

DIAL_STRING = DIAL_STRING.replace(/^88/,””);

 

 

Ensure that the dial rule is still enabled when done. 

 

Obviously if the deployment has VMRs that start with 88, then the prefix should be changed to use some other digits.  As long as the RPAD prefix and the DMA dial rule are the same and don't overlap the existing dial plan, they can be anything.  I know of one environment where they use 880000 to ensure uniqueness. 

 

Congratulations, you've now restricted unauthenticated guest calls to only join a VMR. 

---

 

 

For more information, see the individual product admin guides or the solution guide on support.polycom.com or join the Polycom communties and post your question in the Management, Securirty and Rich Media forum.   Also, see www.polycom.com/security for up to date security information. 

 

 

---

 

Thanks to Simon Smith and Barry Phearson for their original work on the underlying messages that became this blog post. 

Updated 27 Mar fix incorrect information.

 

Today workers often don't have private offices, but instead work from a cube farm. This office design maximizes the use of expensive office real estate.  Its open plan and high person-density often leads to  background noise; people talking and office machines whirring.  It’s not an environment appropriate for speakerphones, with users more likely to use a telephone handset or wear a headset when using the phone or participating in a video call.  A headset works well at picking up the speaker, but it often also picks up the background noises, distracting people on the other side of the phone or video call.

 

To solve this problem, Polycom developed the Headset Acoustic Bubble.  It is built into RealPresence Desktop for Windows clients.  While it is still an "experimental" feature, this Headset Acoustic Bubble dramatically reduces the background noise from the office by comparing sound on the headset microphone and the built-in microphone on the laptop or web cam.  If the sound comes from inside the bubble, it’s allowed.  If the sound is outside the bubble, then it’s automatically muted, without requiring any user intervention.  The goal is to make it easier for people in a noisy environment participate in voice and video calls.

 

Headset Acoustic Bubble is built into the RealPresence Desktop ver 3.1 for Windows, and is enabled under Settings/Audio Devices.   It works today with USB headsets.  Full support (e.g. not "experimental") including support on Mac OSX is expected in ver 3.2 of RealPresence Desktop. 

 

Learn more about about RealPresence Desktop, see http://bit.ly/1pyxu2o .

Polycom has a long history of promoting integration through delivering and supporting independent technology partners developing products using our documented API extensions.  We encourage our Technology Partners and others to build new solutions that leverage Polycom technologies in new or unique ways.  Two examples (of many) are: 

 

• VTC-uRemote
• RAMP MediaCloud

 

Developer Gary Miyakawa, Inc. has built several tools that make the video conference admin's life easier.  The latest, VTC-uRemote, is a java based tool for simulating the Polycom Group Series/HDX/VSX Video Conferencing Systems' remote control through a single application.  Entering an endpoint's IP address (and password, if required) gives you full "remote" control of the endpoint, just like you were in the room, from a single application. Learn more & download here from Gary Miyakawa, Inc or follow  @garymiyakawa on Twitter.

 

 

RAMP MediaCloud™ for Enterprise works together with Polycom's RealPresence Media Manager to allows users to more easily manage, find, share, and interact with all enterprise video content. After recording content, with Media Manager, it is automatically sent to RAMP to generates text transcripts and metadata from the recording.  It's then placed back in Media Manager where the metadata produced enable key word search within videos.  Learn more here or see the RAMP Media website www.ramp.com/ or @rampinc on Twitter.

 

 

 

Are you inspired yet?  See code samples and demo applications like "VMR Passcode Management" from people like @vperrin (also check out his helpful blog for info on APIs).  

See all the tools from @GaryMiyakawa like VTC-Call Stream Inspection, VTC-Info, VTC-Monitor and more (you'll also find him helpful in the forums). 

 

 

See more solutions in the Technology Partners Community or try the Polycom Technology Partner Locator.  

 

Did you see who won last year's App Developer Contest?

 

 

Have a favorite app?  Add it to the comments! 

I watched in awe as the new Polycom Immersive Studio was assembled at Team Polycom earlier this month.  I'd seen the Polycom RPX, the Polycom OTX, Halo, T3, CTS, and many of the others.  If you haven't yet seen it in person, be sure to watch the teaser video first. Or read a review from eWeek or V3 amongst others. 

 

 

After the full sized 84"- 1080p Ultra HD 4k displays went up, and while the rest of the system was being assembled it struck me that the installation was going very quickly. Amazingly quickly.  I know that in addition to the incredible work in camera miniaturization, spatial audio, finding the displays where people could walk around the room and remain on camera, and in addition to the powerfully simple user interface, the team also focused on something much more basic: minimizing TCO.  They've made installation faster and worked to reduce on going costs through better design, flexible network requirements and simplicity. 

 

 

 

You have to experience the Immersive Studio in person to grasp the life-like quality of the audio & video. After seeing it and then calculating the ROI, the Immersive Studio becomes a truly compelling business case.  

 

 Want to learn more about the RealPresence Immersive Studio?  See http://bit.ly/1eCUB5G 

 

Sincere apologies to the installation crew for photographing (and sharing) their backsides while setting up a Polycom Immersive Studio in the Vancouver Convention Center. 

 

Polycom released the next version of  Group Series software--from version 4.1.1.1 to 4.1.3.  While it doesn't sound like a major release, given all the new features, it should really be numbered version 4.2 or 5.0.  With improvements in: 

• native Microsoft Lync 2013 interoperability
• more robust and secure SNMP and system logging functionality
• support for the Polycom VisualBoard application built into the Group Series 
• major SVC functionality improvements
• includes support for a new version of the Polycom EagleEye Director with an additional tracking mode
• added support for recording on RealPresence Group 700 systems using output 3
• additions to the API functionality, including the much requested <button> commands. 
• support for EagleEye IV cameras
• added support for BroadSoft BroadWorks DMS provisioning
• formal support for additional browsers

and several more. However, the thing you'll notice first are user interface improvements.  The Polycom User Experience team (UX) has listened to feedback from customers and made the Group Series easier.  The web user interface really shines now.  Contrast the home page from two versions: 

 

Note the dial button, menus that expand have a triangle to indicate sub menus.  All the relevant device number information is above the top navigation bar.  Plus the fonts are much easier to read!  Thank you to the UX team for making small improvements that make a huge difference. 

 

For more information about all the changes see the release notes.  

 

Ready to upgrade?  Browse to the endpoint, click Admin Settings, General Settings, Software Update, and enjoy the new features.  If you're already on version 4.1.x, there is no upgrade key required.