Field notes from setting up a pair of Polycom CX7000 with Lync Server 2013, configured to connect externally via a Lync Edge Server.
The environment I used for this was just a Standard Edition, minimal deployment of Lync Server 2013 (Domain Controller w/ Standalone CA, Lync Standard Edition Server, and OWApps internally, and with Reverse Proxy, and an Lync Edge Server in a perimeter network). It was homed in a data centre with only external access (No VPN etc).
The Polycom CX7000 ships with the default base-level software of v1.0.1.
Once connected up, and powered on, you *MUST* join a domain to continue, I couldn’t find a way around this, so you will need at least be able to get access to a Domain Controller on your LAN to get past this step.
Once you are on a domain and logged in, you get access to the home screen with an ‘Options’ menu on the bottom right of the screen, with some basic actions, including a “Configuration” menu item.
On the main configuration screen, At the bottom left select ‘Admin Settings’ (it will prompt you to enter credentials to proceed – the same ones you specified as local administrator when you ran through the setup wizard).
Follow the usual update instructions from the Polycom user manual, I.e. put the firmware on a USB Stick and make sure it’s connected to the right ‘coloured’ port on the back of the CX7000.
First you will need an incremental update called “CX7000Update_184.108.40.20621.pup” which is around 47MB.
Once that’s complete, it will reboot and log back in, you need to install another software update to raise it to v1.1.0, this next update is a full OSD image called “CX7000Image_20120830.wim” and is at least 3.5GB. Even though it is a full image and not a patch, you are still required to install the above update first. You can only update to v1.1.0 from v1.0.2. To do this you need to enter the Domain Administrator’s credentials to install the update, the local admin (entered in the original wizard) did not work here. Also it seemed to need to be the actual ‘Administrator’ of the domain, a user account that was a member of Domain Admins didn’t work. (* I have only the word of Internal IT Department for that, they didn’t trust me enough to give me the password directly).
Ok, so now I was running v1.1.0 and presented with a new ‘setup wizard’, as if the device had all of it’s configuration wiped, which was fine by me. This time you get the option to configure the box as a ‘Standalone’ device, one that isn’t joined to a domain.
Running in Standalone mode it’s possible to ‘plug and play’ into any network, and it will connect via a Lync Edge server and register as a Lync endpoint. It makes deployments with cloud hosted Lync deployments much more flexible since they introduced this ability.
It’s straight forward from this point, it will even automatically discover your Lync server using the normal methods (If you’ve configured it properly). Or you can specify your server FQDN manually.
If you’re trying this on a Lab (like I was), and haven’t forked out for an expensive 3rd party publicly trusted SAN certificate, then importing the certificate is a tricky operation. There is a lack of any clear documentation on how to exactly do this. You must create a folder on the root of your USB Stick called ‘certchain’, but there is no details what format the certificate needs to be in.
In the same way as you’d import the Root CA onto a laptop or mobile device to trust any certificate you’d signed. I tried a copy of the Root CA’s certificate to the Polycom, with no luck, using the obvious formats and file extensions such as cer, crt, der, and p7b etc,
I saw a forum post that suggested that it needs to be a PFX certificate. Which didn’t make much sense, for a start PFX will also contain the private key (you can’t export a PFX without one), there’s no way you’d give up your Root CA’s (or intermediate, or indeed any certificate authority) cert and private key, just to connect a Video Conferencing device. But I was running out of time and getting desperate, but I had a thought to try the Front End Server first, I exported it’s certificate, private key, and chain into a PFX file and put that on the USB Stick in the same folder as the rest. And it worked.. I couldn’t really believe you need to go to that much trouble. On the 2nd device I duplicated the steps and it refused to accept the certificate, same USB Stick, nothing had changed. I was completely stumped, and tried different combinations of the certificates previously, in different orders, and one at a time, and still no joy. Until an unfortunate slip I knocked the power cord out, once I powered it up again, repeated the same steps it took the certificate and didn’t complain, it went straight in.
So I can’t categorically say which combination or format of certificates actually worked. All I know is that the import self-signed certificate process is incredibly flaky. And I got lucky after a reboot.
One point to make is that you need to amend the Client Version Policy to allow it to connect, I believe it’s just running Windows 7 Embedded and Lync 2010 CU5 (confirmed during a crash where the ‘front end’ disappeared, and left me looking at a blank desktop, no start bar, and a lonely Lync client looking back at me).
I tried to test as many features as possible, and everything worked as expected, as a piece of hardware the CX7000 is very good quality, the camera is amazing high quality build, and obviously quality image too. I didn’t really get to test the quality of the microphone as both devices were only separated by a thin partition and noise leaked through anyway.
My only personal comment is that, considering you still need to buy a screen or projector, and some sort of speaker setup, it’s a very expensive way of getting what is essentially a PC, Webcam, and Microphone. But it does fill a particular space where companies are transitioning from a more traditional Video Conferencing experience, wanting something to replace like for like (and then find out what other types of collaboration it can offer).
For the CEO that needs to replicate ‘one button video conferencing’, and has money to spare, then the CX7000 is perfect. But, to continue in that vein, I tend to compare it with the Windows 8 full screen metro Lync App, which can replicate many of it’s USPs, i.e. simple to use and non-tech friendly interface, quick access to contacts, and scheduled meetings. And considering the Lync App has the ability to ‘fall-back’ to the full desktop Lync 2013 for whiteboard, and application sharing etc, you can still get a comprehensive experience. And with the money you’ve saved them they can get a nice and large touchscreen display to use with it. then you don’t even have to worry about people walking off with the wireless keyboard and mouse, or worse… remembering to replace the batteries.