Cisco Cisco Unified Contact Center Enterprise 9.0(1)
Serviceability Best Practices Guide for Unified ICM/Unified CCE & Unified CCH
©2012 Cisco Systems, Inc.
151
3. Locate the following property and change the value to any number below 20:
<serviceThrottling maxConcurrentCalls="20" />
4. Save the file and quit Notepad.
5. Restart the Diagnostic Framework service.
Caution:
Do not increase the value beyond 20. It may lead to unexpected results during
peak call volume.
10.1.3 Security
The Diagnostic Framework provides the infrastructure to establish a secure connection between
the service and its clients. It uses HTTP basic authentication over SSL to authenticate, authorize,
and encrypt the connection. You need a valid Diagnostic Framework user account to access the
service. Connections are not session oriented; the connection is maintained from the receipt of a
request until the response is sent.
the service and its clients. It uses HTTP basic authentication over SSL to authenticate, authorize,
and encrypt the connection. You need a valid Diagnostic Framework user account to access the
service. Connections are not session oriented; the connection is maintained from the receipt of a
request until the response is sent.
For service provider deployments, the Diagnostic Framework service is ICM instance aware, and
can control access based on instance data requested.
can control access based on instance data requested.
10.1.3.1
Authentication, Authorization, and Auditing
The Diagnostic Framework service integrates with Windows as well as Active Directory to
provide user management and access control. The Diagnostic Framework allows two sets of
users:
provide user management and access control. The Diagnostic Framework allows two sets of
users:
1. A local Windows user who is a member of the local Windows security group called
ICMDiagnosticFrameworkUsers on the server where the service exists: This group is
created by the Unified ICM installer and is initially empty, so by default, no local users
have access to the service. The administrator on the server can make any local user a
member of this group and provide access to Diagnostic Framework service. To add a user
to the ICMDiagnosticFrameworkUsers group, use the Computer Management tool under
Administrative Tools.
created by the Unified ICM installer and is initially empty, so by default, no local users
have access to the service. The administrator on the server can make any local user a
member of this group and provide access to Diagnostic Framework service. To add a user
to the ICMDiagnosticFrameworkUsers group, use the Computer Management tool under
Administrative Tools.
2. A trusted domain user who is a member of the CONFIG domain security group of the
Unified ICM/Unified CCE/Unified CCH instance being accessed: A Unified
ICM/Unified CCE/Unified CCH SETUP user or domain administrator can make any
trusted user a member of the instance CONFIG group. Nested membership is allowed
too; as a result the SETUP users and domain administrator can also access the service. To
add a user to the instance CONFIG group use the Active Directory Users and Computers
tool or Unified ICM/Unified CCE/Unified CCH User List tool. Access to domain users
is configurable. By default, all direct and nested members of the CONFIG group have
access to the service. However, you can disable access to domain users as follows:
ICM/Unified CCE/Unified CCH SETUP user or domain administrator can make any
trusted user a member of the instance CONFIG group. Nested membership is allowed
too; as a result the SETUP users and domain administrator can also access the service. To
add a user to the instance CONFIG group use the Active Directory Users and Computers
tool or Unified ICM/Unified CCE/Unified CCH User List tool. Access to domain users
is configurable. By default, all direct and nested members of the CONFIG group have
access to the service. However, you can disable access to domain users as follows:
a. Stop the Diagnostic Framework service.
b. Launch Notepad and open the file:
<ICM_Drive>:\icm\serviceability\diagnostics\bin\DiagFwSvc.exe.config
Tip: You may want to make a copy of this configuration file before making any
changes to it.
changes to it.
c. Locate the following property and change the value from 1 to 0:
<add key="DomainAuthorizationEnabled" value="1" />