Cisco Cisco Unified Contact Center Enterprise 9.0(2) Release Notes
31
Release Notes for Cisco IPCC/ICM Enterprise & Hosted Editions Release 7.0(0) Installer Update C November 24, 2008
New and Changed Information
Secure Socket Layer (SSL) Changes
The ICM and IPCC web-based applications are all installed enabled with SSL with a self-signed server
certificate by default on Windows Server 2003 (except for multi-channel applications). SSL is only
enabled by default on WebView for the authentication of user credentials. WebView users will need to
change the web server address (URL) of the WebView server to start with "https://" instead of "http://".
Bookmarks may also need to change after upgrading to Release 7.0(0).
certificate by default on Windows Server 2003 (except for multi-channel applications). SSL is only
enabled by default on WebView for the authentication of user credentials. WebView users will need to
change the web server address (URL) of the WebView server to start with "https://" instead of "http://".
Bookmarks may also need to change after upgrading to Release 7.0(0).
The default SSL settings are configurable using the SSL Encryption Utility (\icm\bin\sslutil.exe) which
is installed on a Distributor or Administrative and Reporting server. For example, this multi-instance
aware application can be used to enable SSL for the full reporting session on WebView. It can also be
used to administer the self-signed certificate installed by Setup.
is installed on a Distributor or Administrative and Reporting server. For example, this multi-instance
aware application can be used to enable SSL for the full reporting session on WebView. It can also be
used to administer the self-signed certificate installed by Setup.
Windows Server 2003 SP1 Firewall Behavior
Windows Server 2003 SP1 introduced a new host-based firewall functionality which is supported by the
ICM suite of applications. Windows Firewall is a protective boundary that monitors and restricts traffic
that travels between a server and a network. It provides a line of defense against unauthorized users,
malicious applications or unsolicited traffic. When properly configured, it can allow application or port
based exceptions. The ICM product ships with a configuration utility that can be used to configure the
Windows Firewall on the application server it is installed on. The list of supported applications can be
found in the Windows Firewall Configuration chapter of Security Best Practices Guide for Cisco
ICM/IPCC Enterprise & Hosted Editions. Please note that no other host-based firewall is supported,
especially running alongside Windows Firewall. Host firewall implementations vary widely and there is
no guarantee that a non-Microsoft host firewall and Windows Firewall will work well together. Cisco
has only qualified the Windows Firewall.
ICM suite of applications. Windows Firewall is a protective boundary that monitors and restricts traffic
that travels between a server and a network. It provides a line of defense against unauthorized users,
malicious applications or unsolicited traffic. When properly configured, it can allow application or port
based exceptions. The ICM product ships with a configuration utility that can be used to configure the
Windows Firewall on the application server it is installed on. The list of supported applications can be
found in the Windows Firewall Configuration chapter of Security Best Practices Guide for Cisco
ICM/IPCC Enterprise & Hosted Editions. Please note that no other host-based firewall is supported,
especially running alongside Windows Firewall. Host firewall implementations vary widely and there is
no guarantee that a non-Microsoft host firewall and Windows Firewall will work well together. Cisco
has only qualified the Windows Firewall.
There are a number of areas which must be carefully reviewed before enabling the Windows Firewall
using the Configuration Utility provided (CiscoICMfwConfig).
using the Configuration Utility provided (CiscoICMfwConfig).
•
Make sure the Windows Firewall/Internet Connection Sharing service (sharedaccess) is running
before any programs or system services listed in the program exceptions list are started. If you start
the Windows Firewall/Internet Connection Sharing service after you have started programs that are
listed in the Windows Firewall exceptions list, restart your computer and then start your programs
and system services. Windows Firewall cannot track the state of a program's traffic if the program
is started before you start the Windows Firewall/Internet Connection Sharing service. This will lead
to the dropping of traffic targeted to a specific application or port, even though this application/port
exists in the exception list.
before any programs or system services listed in the program exceptions list are started. If you start
the Windows Firewall/Internet Connection Sharing service after you have started programs that are
listed in the Windows Firewall exceptions list, restart your computer and then start your programs
and system services. Windows Firewall cannot track the state of a program's traffic if the program
is started before you start the Windows Firewall/Internet Connection Sharing service. This will lead
to the dropping of traffic targeted to a specific application or port, even though this application/port
exists in the exception list.
•
If the Windows Firewall service cannot start, all incoming connections are refused until the
Windows Firewall service starts successfully. Check whether the Windows Firewall is either
disabled or started to help determine the possible cause of a network communications failure. The
Windows Firewall log file can be a good reference to determine what if any traffic is getting
dropped. More on this can be found in the Security Best Practices Guide for Cisco ICM/IPCC
Enterprise & Hosted Editions.
Windows Firewall service starts successfully. Check whether the Windows Firewall is either
disabled or started to help determine the possible cause of a network communications failure. The
Windows Firewall log file can be a good reference to determine what if any traffic is getting
dropped. More on this can be found in the Security Best Practices Guide for Cisco ICM/IPCC
Enterprise & Hosted Editions.
•
The Windows Firewall may mask network problems due to configuration errors, for example:
A computer was attempting to send traffic from its private interface (2nd NIC) to its public
interface's network but was unable to do so because of a mis-configured system that had not been
setup with static routes.
interface's network but was unable to do so because of a mis-configured system that had not been
setup with static routes.