how to design the various security layers required for a Unified CCE network,
this section introduces the differences that are inherent in the applications
making up the Unified CCE solution.
The Unified CCE
solution consists of a number of application servers that are managed
differently. The primary servers, those with the most focus in this document,
are the Routers, Loggers (also known as Central Controllers), Peripheral
Gateways, Administration & Data Servers, and so forth. These application
servers can be installed only on a standard (default) operating system
installation. For Unified CCE components that you install on Windows Server 2012 R2, use only a default retail version of the Windows Server software.
The maintenance of this operating system in terms of device drivers, security
updates, and so forth, is the responsibility of the customer, as is acquiring
the necessary software from the appropriate vendors. This category of
application servers is the primary focus of this topic.
The secondary group
of servers, those running applications that are part of the solution but that
are deployed differently, are Cisco Unified Communications Manager (Unified
CM), Cisco Unified IP IVR, and so forth. Customers are required to obtain all
relevant patches and updates to this operating system from Cisco. The security
hardening specifications for this operating system can be found in the
Cisco Collaboration System
Solution Reference Network Designs and
other Unified CM product
documentation at http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/tsd-products-support-series-home.html.
The approach to
securing the Unified CCE solution as it pertains to the various layers listed
above differs from one group of servers to another. It is useful to keep this
in mind as you design, deploy, and maintain these servers in your environment.
Cisco is constantly enhancing its Unified Communications products with the
eventual goal of having them all support the same customized operating system,
antivirus applications, and security path management techniques.