Cisco Cisco IP Contact Center Release 4.6.2 Design Guide
8-2
Cisco Unified Contact Center Enterprise 7.0, 7.1, and 7.2 SRND
OL-8669-16
Chapter 8 Securing Unified CCE
Security Layers
as voice, VPN, QoS, Microsoft Windows Active Directory, and so forth. While this chapter provides
some guidance that may touch on these various areas, it is not meant to be an all-inclusive guide for
deploying a secure Unified CCE network.
some guidance that may touch on these various areas, it is not meant to be an all-inclusive guide for
deploying a secure Unified CCE network.
Along with the Unified Communications Security Solution portal, you should use other Cisco solution
reference network design guides (SRNDs) in addition to this document to answer many design and
deployment questions. The SRNDs provide proven best practices for building a network infrastructure
for Cisco Unified Communications. The SRNDs are available at
reference network design guides (SRNDs) in addition to this document to answer many design and
deployment questions. The SRNDs provide proven best practices for building a network infrastructure
for Cisco Unified Communications. The SRNDs are available at
Among the SRNDs at this site are the following relevant documents relating to security and
Cisco Unified Communications, which you should use in order to deploy a Unified CCE network
successfully:
Cisco Unified Communications, which you should use in order to deploy a Unified CCE network
successfully:
•
Cisco Unified Communications SRND Based on Cisco Unified Communications Manager
•
Data Center Networking: Server Farm Security SRNDv2
•
Site-to-Site IPSec VPN SRND
•
Voice and Video Enabled IPSec VPN (V3PN) SRND
Updates and additions to these documents are posted periodically, so frequent visits to the SRND website
are recommended.
are recommended.
This chapter provides limited guidance on the intricacies of designing and deploying a Windows Active
Directory. Additional information is available from Microsoft on designing a new Active Directory
logical structure, deploying Active Directory for the first time, upgrading an existing Windows
environment to Windows Server 2000 or 2003 Active Directory, and restructuring your current
environment to a Windows Active Directory environment. In particular, the Designing and Deploying
Directory and Security Services section of the Microsoft Windows Server 2003 Deployment Kit can assist
you in meeting all of the Active Directory design and deployment goals for your organization. This
development kit and its related documentation are available from Microsoft at
Directory. Additional information is available from Microsoft on designing a new Active Directory
logical structure, deploying Active Directory for the first time, upgrading an existing Windows
environment to Windows Server 2000 or 2003 Active Directory, and restructuring your current
environment to a Windows Active Directory environment. In particular, the Designing and Deploying
Directory and Security Services section of the Microsoft Windows Server 2003 Deployment Kit can assist
you in meeting all of the Active Directory design and deployment goals for your organization. This
development kit and its related documentation are available from Microsoft at
Security Layers
An adequately secure Unified CCE deployment requires a multi-layered approach to protecting systems
and networks from targeted attacks and the propagation of viruses, among other threats. The goal of this
chapter is to stress the various areas pertinent to securing a Unified CCE deployment, but it does not
delve into the details of each area. Specific details can be found in the relevant product documentation.
and networks from targeted attacks and the propagation of viruses, among other threats. The goal of this
chapter is to stress the various areas pertinent to securing a Unified CCE deployment, but it does not
delve into the details of each area. Specific details can be found in the relevant product documentation.
Cisco strongly recommends that you implement the following security layers and establish policies
around them:
around them:
•
Physical Security
You must ensure that the servers hosting the Cisco contact center applications are physically secure.
They must be located in data centers to which only authorized personnel have access. The cabling
plant, routers, and switches should also have controlled access. Implementing a strong
physical-layer network security plan also includes utilizing such things as port security on data
switches.
They must be located in data centers to which only authorized personnel have access. The cabling
plant, routers, and switches should also have controlled access. Implementing a strong
physical-layer network security plan also includes utilizing such things as port security on data
switches.
•
Perimeter Security
While this document does not delve into the details on how to design and deploy a secure data
network, it does provide references to resources that can aid in establishing an effective secure
environment for your contact center applications.
network, it does provide references to resources that can aid in establishing an effective secure
environment for your contact center applications.