Cisco Cisco IP Contact Center Release 4.6.1 Design Guide

The CTI OS (C++/COM toolkit) and CAD agent desktops both support TLS encryption to the server. 
This encryption protects agent login and CTI data from snooping. A mutual authentication mechanism 
was implemented for the CTI OS server and client to agree on a cipher suite used for authentication, key 
exchange, and stream encryption. The Cipher suite used is as follows:

Protocol: SSLv3 

Key exchange: DH 

Authentication: RSA

Encryption: AES (128)

Message digest algorithm: SHA1

 shows the encryption implementation's use of X.509 certificates on the agent desktops as well 

as on the servers. The implementation supports the integration with a Public Key Infrastructure (PKI) 
for the most secure deployment. By default, the application will install and rely on a self-signed 
certificate authority (CA) used to sign client and server requests. However, Cisco supports integrating 
with a third-party CA. This is the preferred method due to the increased security provided by a corporate 
managed CA or external authority such as Verisign.

Unified CCM

Cluster

IP IVR 1

143957

PSTN

IP voice
TDM Voice
CTI/Call
control data

Unified CCE Agent 

desktops

IP IVR 2

IP phones

PG 1

PG server

SCI

JTAPI

SCI

JTAPI

JTAPI

CTI OS server

CCM PIM

IVR 1 PIM

IVR 2 PIM

OPC

PG Agent

CTI server

ICM central controller