CTI OS System Manager Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0(1)
CTI OS silent monitor installation and configuration
Downloads: This chapterpdf (PDF - 778.0KB) The complete bookPDF (PDF - 4.72MB) | Feedback

CTI OS silent monitor installation and configuration

Contents

CTI OS silent monitor installation and configuration


Note


You must install the CTI OS before installing and configuring the silent monitor service.


Silent monitor service installation and configuration

This section provides an overview of the silent monitor service and discusses the tasks involved in installing and configuring the silent monitor service.


Note


The terms silent monitor service and silent monitor server are used throughout this document. Silent monitor service refers to a silent monitoring service running on agent or supervisor's desktop computer or Citrix client. This service handles silent monitoring functionality for one agent or supervisor. Silent monitor server refers to a silent monitor service providing silent monitoring functionality for a group of mobile agents. These agents share the same gateway.


Silent monitor service overview

The silent monitor functionality resides in a separate silent monitor service, rather than in the CIL. This is necessary to support both Citrix and mobile agent environments. C++ agent and supervisor desktops communicate with the silent monitor service via TCP connection. The agent desktop uses the silent monitor service to forward a voice stream to the supervisor's silent monitor service that plays the stream on the supervisor's computer speakers.

In a traditional IPCC environment, the silent monitor service runs alongside the agent and supervisor desktops on the agent's and supervisor's computer. However, mobile agent and Citrix environments do not give the CIL access to the voice packets because the agent's computer is not connected to the network through the agent's phone. In a Citrix environment, the desktop is actually running on the Citrix Presentation Server. The agents and supervisor computers are running Citrix clients. These clients render the user interface for the desktops, but the actual desktop processes are running on the presentation server. In a Citrix deployment, the silent monitor service is deployed on the Citrix client where it has access to the agent's voice stream or the supervisor's speaker. In a Citrix deployment, a silent monitor service is deployed on the agent's Citrix client where it has access to the voice stream. The agent desktop uses this service to forward the agent's voice stream to the supervisor. The supervisor's Citrix client also runs a silent monitor service. This service plays back streams from monitored agents using the speaker on the Citrix client.

In mobile agent deployments, the voice path crosses the Public Switched Telephone Network (PSTN) and two gateways. One gateway control calls from customer phones. The other gateway controls agent calls. In this deployment, the silent monitor service is deployed from a SPAN port on the same switch as the agent gateway. This provides the silent monitor service with access to voice streams passing through the gateway. In a mobile agent environment, the supervisor still uses a silent monitor service on the supervisor's desktop or Citrix client to play back the voice stream.

How desktops connect to silent monitor services

The following is the supervisor desktop connection algorithm:

  1. If the supervisor desktop is running under Citrix, determine the IP address of the Citrix client. Connect to the silent monitor service running at port 42228 on the Citrix client.
  2. If the supervisor desktop is not running under Citrix, connect to the silent monitor service running at port 42228 on localhost.

Note


While CTI OS silent monitor clusters use port 42228 (the default), the silent monitor peers utilize port 42029 for communications purposes.


The following is the agent desktop connection algorithm:

  1. If the agent desktop's connection profile specifies a silent monitor server or set of silent monitor servers, randomly choose a silent monitor server to connect to using the port present in the connection profile. For more information about how you configure a connection profile to include silent monitor services, see CTI OS Server installation.
  2. If the agent desktop is running under Citrix, determine the IP address of the Citrix client. Connect to the silent monitor service running at port 42228 on the Citrix client.
  3. If the agent desktop is not running under Citrix, connect to the silent monitor service running at port 42228 on localhost.

Note


You can use a connection profile to override port 42228. In this case, desktops use the preceding algorithms to determine the address of the silent monitor service. After the address is determined, desktops connect using the determined address and the port that is present in the connection profile.


Run silent monitor service installer

The installer places two silent monitor service installers in the following directory:

<Install Drive>:\Program Files\Cisco Systems\CTIOS Client\CTIOS Toolkit\Win32 CIL\Silent Monitor Files

The following installers are available after the 7.1(1) CTI OS Client Upgrade and can be obtained from the Cisco.com:

  • SilentMonitorInstall_nogui.exe – this executable silently installs the silent monitor service with the following settings:
    • Installed in the directory C:\Program Files\CiscoSystems\CTIOS SilentMonitor
    • Listens on port 42228
    • No QoS
    • No Security
    This executable runs automatically when a Release 7.0(0) client is updated to Release 7.1(1) (or later). It replaces the Release 7.0(0) CIL with the Release 7.1(1) (or later) CIL, and installs and starts the silent monitor service so that the agent and supervisor desktops do not lose functionality. Running this executable is sufficient only if you do not wish to override the default settings or enable QoS or Security.

    Note


    This executable only works on the machines that either do not have WinPCap installed or have WinPCap Release 3.0 installed.


  • SMSelfExtractedInstallPackage.exe – this executable extracts the silent monitor service setup program into the following directory: <Install Drive>:\Program Files\Cisco Systems\CTIOS Client\CTIOS Toolkit\Win32 CIL\Silent Monitor Files\SilentMonitorServiceInstall Run this executable if you wish to specify a different destination directory or port, or if you want to enable QoS and/or Security.
Procedure
    Step 1   To run this executable silently:
    1. Open a command prompt window and navigate to the directory <Install Drive>:\Program Files\Cisco Systems\CTIOS Client\CTIOS Toolkit\Win32 CIL\Silent Monitor Files\SilentMonitorServiceInstall.
    2. Enter the command setup.exe /s .
      Note   

      This runs the executable with the default values specified in the supplied answer file setup.iss. To override the default values, edit this answer file and change the values that you wish to change.

    Step 2   To run the full installation program for this executable, perform the following steps:
    1. In Windows Explorer, navigate to the directory <Install Drive>:\Program Files\Cisco Systems\CTIOS Client\CTIOS Toolkit\Win32 CIL\Silent Monitor Files\SilentMonitorServiceInstall.
    2. Double-click the setup.exe file. The installation process begins and the following screen appears.
      Figure 1. Silent monitor service InstallShield wizard I



      You can either accept the default destination folder or click the Browse button and specify another directory.

    3. Click Next.

      The following screen appears.

      Figure 2. CTI OS silent monitor InstallShield wizard II



      Specify the following information on this screen:

      • Port – Enter the number of the port on which the silent monitor service listens for incoming connections.
      • Silent monitor Server – Select this to allow the silent monitor service to monitor many mobile agents simultaneously.
        Important:

        You must install the silent monitor on its own server; it cannot be coresident with CTI OS Server or a Peripheral Gateway. This server machine must meet the hardware and software requirements specified in Hardware & System Software Specification (Bill of Materials) for Cisco Unified ICM/Contact Center Enterprise & Hosted, Release 9.0(1). This document is available at:

        http://www.cisco.com/en/US/products/sw/custcosw/ps1844/prod_technical_reference_list.html.

      • Enable Quality of service – Select this to enable Quality of Service (QoS).
      • Enter peer(s) information – Select this if this silent monitor service is part of a cluster of silent monitor services.
      • Hostname / IP address – The hostname or IP address of the other silent monitor services in the cluster. You must configure all services in a cluster to listen on the same port. For example, if port is set to 42228 for the service you are currently configuring, you must set it to 42228 for all other services in the cluster. For more information, see Silent monitor service clusters.
    4. Users must install a Windows Server 2008 R2 compatible maintenance release (MR) for this software to function on Windows Server 2008 R2.
      Note   

      If setup.exe is run from a local drive, you cannot apply the maintenance release (the Maintenance Release Installer window does not appear).

    5. Click Next to finish the installation process.
    6. Set up security.

      Depending on whether you want to use a self-signed certificate authority (CA) or a third-party CA, follow the instructions in Sign a silent monitor server certificate request with self-signed CA or Sign a silent monitor service certificate request with third-party CA.


    Related Information

    Sign a silent monitor server certificate request with self-signed CA

    Procedure
      Step 1   If the self-signed CA does not exist, then run CreateSelfSignedCASetupPackage.exe and store all the files that were created by the CreateSelfSignedCASetupPackage.exe program in a safe place.
      Step 2   Copy CtiosServerKey.pem, and CtiosServerReq.pem files from the silent monitor server machine to the machine where CtiosRoot.pem and CtiosRootCert.pem reside. You must copy both CtiosServerKey.pem and CtiosServerReq.pem files to the same directory as CtiosRoot.pem and CtiosRootCert.pem.
      Step 3   Run SignCertificateSetupPackage.exe from the same directory where CtiosServerKey.pem, CtiosServerReq.pem, CtiosRoot.pem, and CtiosRootCert.pem reside, select CTI OS Server Certificate Request, and enter the Ctios Certificate Authority password. This step generates CtiosServer.pem file if it is successful; otherwise it displays an error message.
      Step 4   Copy CtiosServer.pem and CtiosRootCert.pem back to the machine where silent monitor server resides and save them in the C:\Cisco Systems\CTIOS\Silent Monitor\Security directory.
      Step 5   Delete CtiosServerkey.pem from the machine where silent monitor server is installed.
      Step 6   Delete CtiosServerKey.pem, CtiosServerReq.pem, and CtiosServer.pem from the machine where SignCertificateSetupPackage.exe ran.
      Step 7   If the silent monitor server machine has a peer server, then:
      1. Copy CtiosClientkey.pem and CtiosClientreq.pem files from the silent monitor server machine to the machine where CtiosRoot.pem and CtiosRootCert.pem reside. You must copy both CtiosClientkey.pem and CtiosClientreq.pem files to the same directory as CtiosRoot.pem and CtiosRootCert.pem.
      2. Run SignCertificateSetupPackage.exe from the same directory where CtiosClientkey.pem, CtiosClientreq.pem, CtiosRoot.pem, and CtiosRootCert.pem reside, select CTI Toolkit Desktop Client Certificate Request, and enter the Ctios Certificate Authority password. This step generates CtiosClient.pem file if it is successful, otherwise it displays an error message.
      3. Copy CtiosClient.pem to the machine where silent monitor server resides and save it in the C:\Cisco Systems\CTIOS\Silent Monitor\Security directory.
      4. Delete CtiosClientkey.pem from the machine where silent monitor server is installed.
      5. Delete CtiosClientkey.pem, CtiosClientreq.pem, and CtiosClient.pem from the machine where SignCertificateSetupPackage.exe ran.

      Sign a silent monitor service certificate request with third-party CA

      Follow these steps to sign a silent monitor service certificate request.

      Procedure
        Step 1   Copy CtiosServerReq.pem file from the silent monitor service machine to the machine where the third-party CA resides.
        Step 2   Signing silent monitor service certificate request (CtiosServerReq.pem) with third-party CA generates a silent monitor service certificate. Rename it CtiosServerCert.pem.
        Step 3   The third-party CA has its certificate public information in a file. Rename this file CtiosRootCert.pem.
        Step 4   Copy CtiosServerCert.pem and CtiosRootCert.pem to the machine where the silent monitor service resides and save them in the C:\Cisco Systems\CTIOS\Silent Monitor\Security directory.
        Step 5   On the silent monitor service machine, copy the data in CtiosServerCert.pem and the data in CtiosServerkey.pem files into one file called CtiosServer.pem. The order is very important, so CtiosServer.pem must contain CtiosServerCert.pem data first and CtiosServerkey.pem data second.
        Step 6   Delete CtiosServerCert.pem and CtiosServerkey.pem from the silent monitor service machine.
        Step 7   If the silent monitor service machine has a peer server, then:
        1. Copy CtiosClientreq.pem file from the silent monitor service machine to the machine where the third-party CA resides.
        2. Signing CTI Toolkit Desktop Client certificate request (CtiosClientreq.pem) with third-party CA generates a CTI Toolkit Desktop Client certificate. Rename it CtiosClientCert.pem.
        3. Copy CtiosClientCert.pem file to the machine where the silent monitor service resides and save it in the C:\Cisco Systems\CTIOS\Silent Monitor\Security directory.
        4. On the silent monitor service machine, copy the data in CtiosClientCert.pem and the data in the CtiosClientkey.pem files into one file called CtiosClient.pem. The order is very important, so CtiosClient.pem must contain CtiosClientCert.pem data first and CtiosClientkey.pem data second.
        5. Delete CtiosClientCert.pem and CtiosClientkey.pem from the silent monitor service machine.

        Additional configuration steps

        This section discusses the silent monitor service configuration steps that you must perform after you install the silent monitor service. These steps are necessary to deliver silent monitor service connection information to client applications.

        Rerunning CTI OS Server setup

        Rerun CTI OS Server setup to perform the following tasks:

        • To configure agents to use the Silent Monitor service.
        • To configure security for clients, so they can connect to Silent Monitor services that have security enabled.
        • To configure mobile agents. When you rerun setup, enable mobile agent and the appropriate agent mode. This modifies the connection profile information in the registry. The ShowFieldBitMask is modified to display the RAS fields on the login dialog box and the RasCallMode registry key is added.
        • To enable the default tracemark set it to 0x3.
        Related Information

        Silent monitor service installation in traditional IPCC environment

        When a desktop is upgraded to CTI OS Release 7.1(1) or later, the silent monitor service is silently installed on the desktop computer and set to listen for incoming connections on port 42228. The upgraded desktop then uses the silent monitor service to forward and play back streams.

        Silent monitor service installation in Citrix/WTS environment

        The following considerations apply when you install and configure the silent monitor service in a Citrix or Citrix/WTS environment:

        • You can use the SilentMonitorInstall_nogui.exe executable to silently install the silent monitor service on both agent and supervisor Citrix clients.
        • All supervisors in a Citrix environment must have the silent monitor service installed on the computer running the Citrix client.
        • All standard IPCC agents in a Citrix environment must have the silent monitor service installed on the computer running the Citrix client.
        • Mobile agents in a Citrix environment do not need the silent monitor service installed because they use the silent monitor service that is forwarding traffic from the agent gateway.
        Related Information

        Additional configuration for mobile agent environments

        The following configuration considerations apply to environments that run mobile agent:

        • Mobile agent is not supported with Siebel.
        • In a mobile agent environment, the silent monitor service uses a Switched Port Analyzer (SPAN) port to receive the voice traffic that passes through the agent gateway. Most of the time, this requires the computer running the silent monitor service to have two NIC cards: one to handle communications with clients, and one to receive all traffic spanned from the switch. Some switches do allow the destination port of a SPAN configuration to act as a normal network connection and in that case, only one NIC card is enough. See the "Network Traffic Restrictions" section in www.cisco.com/en/US/products/sw/custcosw/ps1001/products_tech_note09186a008010e6ba.shtml#umnic for more information on the types of catalyst switches that don't support outgoing traffic on SPAN destination port. For example, if the agent gateway is connected to port 1 and the NIC on the silent monitor server that receives SPAN traffic is connected on port 10, the following commands are used to configure the SPAN session:
          monitor session 1 source interface fastEthernet0/1
          monitor session 1 destination interface fastEthernet0/10
          
          Refer to your switch manual for details on configuring a span port. In general, traffic to and from the agent gateway's port must be forwarded to the port that is configured to receive span traffic on the silent monitor service.
        • The SPAN source port should be set as the switch port into which the agent gateway (instead of the caller gateway) is plugged, or the silent monitor won't work in conference call scenarios.
        • There must be two gateways: one gateway for agent traffic, and another for caller traffic. If one gateway is used for agent and caller traffic, the voice traffic does not leave the gateway and cannot be silently monitored.
        • Voice traffic that does not leave the agent gateway or does not cross the agent gateway cannot be silent monitored. For example, agent-to-agent and consultation calls between mobile agents that share the same gateway cannot be silently monitored. In most mobile agent deployments, the only calls that can be reliably silent monitored are calls between agents and customers.
        • All supervisors in a mobile agent environment must have the silent monitor service installed on their desktop or installed on the computer running the Citrix client if the supervisor is in a Citrix environment.
        • Agents do not need the silent monitor service configured on their desktops. However, you must configure the agent to use one or more silent monitor servers in the CTI OS Server setup program.
        • If there are agents that can be both mobile and traditional IPCC, there must be at least two profiles for such agents. One profile, used when logging in as IPCC, does not contain any silent monitor service information. A second profile, used when logging in as a mobile agent, contains information used to connect to a silent monitor server. This enables the mobile agent to use the silent monitor service on their desktop computer or Citrix client and provides that mobile agent with silent monitoring functionality.

        Silent monitor service clusters

        If more than one agent gateway is present in the call center, and an agent can use either gateway to log in, silent monitor services must be clustered to support silent monitor. You must deploy a separate silent monitor server for each gateway. You must configure a SPAN port for each silent monitor server as described in the previous section. You must then run the silent monitor server installer to install and configure the two silent monitor servers as peers. After you complete this, you must set up a connection profile to instruct the agent desktops to connect to one of the peers. (For more information on the CTI OS Server installer program, see CTI OS Server installation.) To set up a connection profile, check the "Enter peer(s) information" checkbox and fill in the IP address of the other silent monitor service in the "Hostname/ip address" text box during silent monitor service installation (for more information, see Step 3 in the section Run silent monitor service installer).

        Installation of silent monitor service with Windows Firewall Service enabled

        You must create a new port with the following parameters for any Windows 2008 R2 computer that has Windows Firewall Service enabled:

        • Port Type: Silent Monitor Service Port
        • Port Number: 42029

        Note


        While CTI OS silent monitor clusters use port 42228 (the default), the silent monitor peers utilize port 42029 for communications purposes.


        Harden silent monitor server security

        You can run the ICM Security Hardening script only on Windows Server 2008 R2. To apply security hardening on a Silent Monitor Server, you must perform the following manual steps.

        Procedure
          Step 1   Run the executable SMSelfExtractedInstallPackage.exe, which the Release 7.1(1) installation process installs in the following directory: <Install Drive>:\Program Files\Cisco Systems\CTIOS Client\CTIOS Toolkit\Win32 CIL\Silent Monitor Files

          This executable puts a batch file named CopySecurityHardeningFiles.bat and the SecurityTemplate directory in the current directory.

          Step 2   Run CopySecurityHardeningFiles.bat. This creates the directory C:\CiscoUtils and copies the corresponding files there.
          Step 3   Go to the directory C:\CiscoUtils\SecurityTemplate.
          Step 4   Run the command cscript ICMSecurityHardening.vbe HARDEN.

          Add silent monitor service to Windows Firewall exceptions

          The following steps describe how to add the silent monitor service as an exception if Windows Firewall is enabled on Windows Server 2008 R2.

          Procedure
            Step 1   From the Windows Control Panel, click Windows Firewall.
            Step 2   If the message "Your PC is not Protected: Turn on Windows Firewall" appears, turn on Windows Firewall.
            Step 3   From the Windows Firewall dialog box, click the Exceptions tab.
            Step 4   Select the Silent Monitor service and specify it as an exception. If you do not see the silent monitor service on the list of programs, click the Add Program button, and then click the Browse button.

            The silent monitor service executable SilentMonitorService.exe is located in the bin directory below the install directory.


            Silent monitor service deployments

            This section illustrates the following example silent monitor service deployments:
            • IPCC
            • Citrix
            • Mobile agent
            • Mobile agent with Citrix

            IPCC deployment

            Figure 3. IPCC deployment topology



            • When customers install 9.0(1) desktops, the silent monitor service is installed on the agent desktop computer.
            • The desktop is deployed behind the agent's phone. Silent monitor functionality is the same as before the upgrade. The only difference is that the service and not the CIL provides the silent monitor functionality.
            • If the silent monitor service needs a different configuration than the one provided by the silent installer, then you must use SMSelfExtractedInstallPackage.exe to reconfigure the service.
            • You can use a default IPCC connection profile for IPCC agents if no QoS is required. Otherwise you must configure a connection profile containing QoS settings. This works because CTI OS agent desktops attempt to connect to the localhost if no silent monitor services are configured using the connection profile.
            • You can use a default IPCC connection profile for IPCC supervisors if no QoS is required. Otherwise, you must configure a connection profile containing QoS settings. This works because CTI OS supervisor desktops attempt to connect to localhost if no silent monitor services are configured via the connection profile.

            Citrix deployment

            Figure 4. Citrix deployment topology



            • The Release 9.0(1) desktop is installed on the Citrix server.
            • If Citrix clients are required to have silent monitoring functionality, you must deploy the silent monitor service on the Citrix client computers.
            • You can use the silent installer to install the silent monitor service with default settings. Otherwise, you must use SMSelfExtractedInstallPackage.exe.
            • You can use a default IPCC connection profile for IPCC agents if no QoS is required. Otherwise, you must configure a connection profile containing QoS settings. This works because CTI OS agent desktops attempt to connect to the silent monitor service running on the Citrix client if the client detects it is running under Citrix.
            • You can use a default IPCC connection profile for IPCC supervisors if no QoS is required. Otherwise, you must configure a connection profile containing QoS settings. This works because CTI OS supervisor desktops attempt to connect to the silent monitor service running on the Citrix client if the client detects it is running under Citrix.

            Mobile agent using analog/PSTN phone

            Figure 5. Mobile agent analog/PSTN phone topology



            • Install a silent monitor server on a separate computer using the SMSelfExtractedInstallPackage.exe installer:
              • Make sure to check "Silent Monitor Server" when you install the silent monitor server.
              • This computer must have two NIC cards: one to receive SPAN port traffic and the other to receive control requests from clients and to forward monitored voice streams.
            • Supervisors use the silent monitor service configured on supervisor's computer.
            • Connection profiles are configured to tell mobile agents how to connect to the Silent Monitor servers.
            • SPAN port is configured on the switch. Use the following steps to configure a SPAN port:
              • Locate the port on the switch where the agent voice gateway is connected.
              • Locate the port on the switch where the NIC card that receives SPAN traffic on the Silent Monitor server is connected.
              • Configure the switch to route SPAN traffic to the Silent Monitor server.
            • The following commands are issued in global configuration mode if the voice gateway was connected to port 10 on the switch and the silent monitor service was connected to port 15.
              no monitor session 1
              monitor session 1 source interface fastEthernet0/10
              monitor session 1 destination interface fastEthernet0/15
              

            Mobile agents IP phones topology

            In some deployments, mobile agents use IP phones homed to a Unified CM other than the Unified CM used by IPCC. The following diagram illustrates the deployment of the agent phones.

            Figure 6. Mobile agents IP phones topology



            In these cases, the silent monitor deployment is the same as the equivalent IPCC Agent deployment. The only difference is the Unified CM to which the agent's phone is homed. The following sections describe how to deploy silent monitor when mobile agents use IP phones.

            Mobile agent using IP phone

            Silent monitor is deployed as described below when mobile agents are using IP phones homed to a Unified CM other than the Unified CM used by IPCC:

            • When customers install or upgrade to release 9.0(1) desktops, the silent monitor service is silently installed on the agent desktop computer. The desktop is deployed behind the agent's phone; silent monitor functionality is the same as before the upgrade. The only difference is that the service and not the CIL provides the silent monitor functionality.
            • If the silent monitor service needs a different configuration than the one provided by the silent installer, you must use SMSelfExtractedInstallPackage.exe to reconfigure the service.
            • You can configure a connection profile to allow agents and supervisors to login as mobile agents. For more information, see "ConnectionProfiles registry key".

            For more information about this silent monitor deployment, see the figure in "IPCC deployment".

            Mobile agent using IP phone and Citrix

            Silent monitor is deployed as described below when mobile agents using Citrix are using IP phones homed to a Unified CM other than the Unified CM used by IPCC:

            • The release 9.0(1) desktop is installed on the Citrix server.
            • If Citrix clients are required to have silent monitoring functionality, you must deploy the silent monitor service on the Citrix client computers.
            • You can use the silent installer to install the silent monitor service with default settings. Otherwise, you must use SMSelfExtractedInstallPackage.exe.
            • You must configure a connection profile to allow agents and supervisors to log in as mobile agents. For more information, see ConnectionProfiles registry key.

            For more information about this silent monitor deployment, see the figure in Citrix deployment.

            Mobile agent using analog/PSTN phone and Citrix

            Figure 7. Mobile agent analog/PSTN and Citrix topology



            For the most part, Citrix mobile agents are configured the same as non-Citrix mobile agents with the following exceptions:

            • Mobile supervisors using Citrix clients need silent monitor services configured on their Citrix clients.
            • Mobile agents using Citrix do not need silent monitor services configured because the clients use the silent monitor server configured from the SPAN port.