Cisco Cisco IP Contact Center Release 4.6.1 Leaflet
8-12
Cisco Unified Contact Center Enterprise 7.5 SRND
Chapter 8 Securing Unified CCE
IPSec Deployment
The following notes apply to
:
•
Cisco_ICM and ipcc organizational unit object hierarchies are created by the application installer.
•
Unified ICM Servers and Unified CCE Servers organizational unit objects must be created by the
AD administrators to separately apply custom Cisco Unified ICM Security Policies through a GPO
if required.
AD administrators to separately apply custom Cisco Unified ICM Security Policies through a GPO
if required.
•
Flexible Single Master Operation servers must be distributed across Domain Controllers in the
appropriate sites according to Microsoft recommendations.
appropriate sites according to Microsoft recommendations.
IPSec Deployment
The Unified CCE solution relies on Microsoft Windows IPSec and/or Cisco IOS IPSec to secure critical
links between application servers and sites. The solution can be secured either by deploying peer-to-peer
IPSec tunnels between the servers and sites, or by deploying more restrictive and preconfigured Network
Isolation IPSec policy, or by using a combination of both. The peer-to-peer IPSec deployment requires
manual configuration for each communication path that needs to be secured, using the tools provided by
Microsoft. However, the Network Isolation IPSec policy can be deployed automatically on each server
by using the Network Isolation IPSec utility, and it secures all communication paths to or from that
server unless an exception is made. The Network Isolation IPSec utility is installed by default on all
Unified CCE 7.5 servers and is available to download for Unified CCE 7.0, 7.1, and 7.2 releases.
links between application servers and sites. The solution can be secured either by deploying peer-to-peer
IPSec tunnels between the servers and sites, or by deploying more restrictive and preconfigured Network
Isolation IPSec policy, or by using a combination of both. The peer-to-peer IPSec deployment requires
manual configuration for each communication path that needs to be secured, using the tools provided by
Microsoft. However, the Network Isolation IPSec policy can be deployed automatically on each server
by using the Network Isolation IPSec utility, and it secures all communication paths to or from that
server unless an exception is made. The Network Isolation IPSec utility is installed by default on all
Unified CCE 7.5 servers and is available to download for Unified CCE 7.0, 7.1, and 7.2 releases.
For more details, refer to the Security Best Practices Guide for ICM and IPCC Enterprise & Hosted
Editions, available at
Editions, available at
The Security Best Practices Guide lists not only the supported paths but also information to help users
deploy Windows IPSec, including recommended settings and much more.
deploy Windows IPSec, including recommended settings and much more.
shows a number of connection paths where IPSec is supported.
illustrates the
guidelines provided in this chapter and shows the various server interconnections that should be secured
with either Windows IPSec or Cisco IOS IPSec. The diagram also shows a number of paths that support
SSL and TLS. More information on TLS support can be found in the section on
with either Windows IPSec or Cisco IOS IPSec. The diagram also shows a number of paths that support
SSL and TLS. More information on TLS support can be found in the section on
.