Administration Console User Guide for Cisco Unified Intelligence Center, Release 10.0(1)
Cluster Configuration Drawer
Downloads: This chapterpdf (PDF - 1.29MB) The complete bookPDF (PDF - 5.25MB) | The complete bookePub (ePub - 1.87MB) | The complete bookMobi (Mobi - 3.04MB) | Feedback

Cluster Configuration Drawer

Cluster Configuration Drawer

Reporting Configuration

To navigate to this page, choose Cluster Configuration > Reporting Configuration.

This page has these tabs for entering reporting configuration:

Active Directory Tab

Report Scheduler Email Settings Tab

See also: Troubleshooting Reporting Configuration

Configure Active Directory Server

Fields on the Active Directory tab configure the Active Directory server to authenticate reporting users as they log in to the Unified Intelligence Center Web application.

You must configure Active Directory for the Unified ICM/CC supervisors so that they can sign in as Unified Intelligence Center Reporting users.

Active Directory is not used to authenticate Administration Super Users. These Super Users can only be authenticated through the local database. The first Super User is added during installation. All other Super Users are added through the Admin User Management interface, and their credentials are encrypted into the local database.

To navigate to this page, choose Cluster Configuration > Reporting Configuration and select the Active Directory tab.

Table 1 Fields on This Tab

Field

Description

Host Address and Port for Primary Active Directory Server

Provide the Host name or IP address and the port of the Primary Active Directory server.

The port defaults to 389.

Host Name and Port for Redundant Active Directory Server

Provide the Host name or IP address and the port of the Redundant Active Directory server.

The port defaults to 389.

Use SSL

Check these boxes if you want the connection from the Unified device to the Active Directory connection to be encrypted with SSL while doing authentication.

Manager Distinguished Name

Enter the Manager Distinguished Name used to login to the Active Directory server, for example, on a default installation of Microsoft AD: CN=Administrator, CN=users, DC=MYSERVER, DC=COM. Replace MYSERVER and COM with your respective hostname.

Note   

If users other than the LDAP administrator is configured as Manager Distinguished Name in the OAMP LDAP configurations, they should have the following rights:

  1. User search permissions on the domain.
  2. Read access to user objects and their attributes.
  3. Read access to the base DN.
  4. Permission to bind to LDAP.

Manager Password

Enter the Active Directory manager password.

Confirm Manager Password

Confirm the Active Directory manager password.

User Search Base

Specify the user search base. For example, on a default installation of Microsoft AD, CN=users, DC=MYSERVER, DC=COM, replace MYSERVER and COM with your respective hostname.

Note    This example assumes you placed the users in the USERS subtree of AD. If you created a new organizational unit within your subtree, then the syntax would be: OU=MYUSERS, DC=MYSERVER, DC=COM. Note that it is "OU=MYUSERS" instead of "CN=MYUSERS".

Attribute for User ID

Whenever a user logs in, Unified Intelligence Center searches for that user in the LDAP (Lightweight Directory Access Protocol) using the login attribute specified in the LDAP configuration. After the user is found, the full DNS of the user is extracted and used for authenticating the user.

The login attribute specified in the LDAP configuration will be the property against which LDAP search is issued to find the matching username. If you do not know which attribute to use, use sAMAccountName, which is the default Microsoft username attribute.

Different organizations settle on different LDAP attributes to identify the user name across the organization, depending on the tools used to administer LDAP within their organizations. This attribute allows you to customize the login depending on the attribute used. Even a custom attribute can be specified using this dialog.

sAMAccountName indicates the user attribute to search the user for is the userPrincipalName. sAMAccountName contains just the short user name. For example, jDoe for the user John Doe.

userPrincipalName indicates the user attribute to search the user for is the userPrincipalName. This attribute contains user name in the email format, in the form user@compay.com. Therefore this entire string becomes the user name and not just user. Therefore when this attribute is selected this entire form of username has to be typed in as the username in the login box.

Custom User Attribute allows you to specify the attribute used for searching the user in LDAP.
Note   

Custom User attributes are not validated and are used as is. Ensure that the correct case and attribute name are used.

Contact your Active Directory Administrator for the correct attribute to use.

UserName Identifiers

Users are stored in Unified Intelligence Center in the format <UserName Identifier>\<username>

The UserName Identifiers are used to identify the different kinds of users within Unified Intelligence Center. For example, local, LDAP, user-synced user, users from different LDAP domains and so on.

The username identifier has to be first declared for use in this page before it can be used. When LDAP is configured at least one identifier must be configured and set as default so that LDAP users can be identified in the system.

When userPrincipalName are used as the LDAP attribute for searching users in the domain, valid formats for username has to be supplied in the form of @company.com. Unlike sAMAccountName any identifier cannot be configured. Only existing identifiers as configured in the LDAP Active Directory userPrincipalName attribute should be configured here. Users are created as company\user.

UserSychronization brings in users in format <syncdomain>\username and collections will have users in the same format. It is therefore required that these users login to Unified Intelligence Center using the syncdomain\user syntax. To enable please add syncdomain or @syncdomain.com (if you are using userPrincipalName) to the list of valid identifiers.

The maximum allowed length of a UserName identifier is 128 characters.

set Default. (UserName Identifier)

Default identifiers allows users to login without typing the full domain identifier (<domain>\user) or the userPrincipalName suffixes to usernames (user <@company.com>) on the Login page.

It can be set by choosing one of the Identifiers from the list box and by clicking the Set Default button.

Users who need to use any other identifier can still login by typing their full identifier in the login box. For example, domain2\user or netbiosname\user, provided those identifiers have already been configured.

Test Connection button

Click to test the connection to the primary and secondary LDAP servers and display the connection status.

  • Save saves the configuration information you entered for the active directory. Clicking Save does not validate the configuration.
  • Refresh rolls back all changes since the last save and reloads the values set during the last save.

Note


You cannot save LDAP configuration unless you choose a default Identifier from the UserName Identifiers list box and clicking the Set Default button.

The UserName Identifier list box is pre-populated with the UserName Identifiers after upgrade to 9.0 release from 8.x releases based on the list of user names stored in the Unified Intelligence Center database. The most frequently occurring identifier in the list of user name is auto-selected as the default.

Configure Active Directory with SSL

Perform the following steps if you want the connection from the Unified Intelligence Center to the Active Directory server to be encrypted with SSL while doing authentication.

Procedure
    Step 1   Perform the tasks outlined in the Microsoft Active Directory documentation or the Microsoft Knowledge Base (http:/​/​support.microsoft.com/​default.aspx?scid=kb;en-us;247078) to set up and generate the Certificate Authority.
    Step 2   Save the certificate in Base-64 encoded X.509 (CER) file format.
    Step 3   Log in to the Cisco Unified Operating System Administration UI.
    Step 4   From the Security menu, select Certificate Management.
    Step 5   Select the certificate name as tomcat-trust.
    Step 6   Click Browse to browse and select the certificate that you have generated from the AD server.
    Note   

    You can leave the Root Certificate field as blank. This is an optional field.

    Step 7   Click Upload File to upload the certificate.
    Step 8   Use the utils service restart Cisco Tomcat and the utils service restart Intelligence Center Reporting Service CLI commands to restart the Cisco Tomcat and Intelligence Center Reporting services respectively.

    Configure Email Server to Send Scheduled Reports

    Use the Report Scheduler Email Settings tab to configure the email server used to email scheduled reports.

    The actual schedules for reports (for example, schedule daily at 10AM) are defined and maintained from the Unified Intelligence Center web application. The report scheduler emails scheduled reports at the exact time they are scheduled.

    To navigate to this page, choose Cluster Configuration > Reporting Configuration and select the Report Scheduler Email Settings tab.

    Table 2 Fields on This Tab

    Field

    Description

    SMTP hostname/IP address

    Enter the Hostname or IP address of the SMTP Server. Leave this field blank if you do not have an SMTP server.

    From email address

    Enter the email address that is to appear in the From field of emails sent by the Scheduler.

    Use email proxy

    Check this if you use a proxy server to reach your SMTP server.

    The only supported proxy type is http.

    Email proxy hostname

    Enter the Hostname or IP address of the proxy server used to reach the SMTP server.

    Email proxy port

    Enter the port the Unified Intelligence Center will use to connect to the SMTP proxy server. This defaults to 80.

    Use SMTP authentication

    Check this if your SMTP server expects to receive username/password credentials.

    SMTP Username

    If you check the Authenticate check box, enter the username that is to be authenticated.

    SMTP Password

    If you check the Authenticate check box, enter the password that is to be authenticated.

    Test Connection button

    Click to test the connection. Unified Intelligence Center attempts to send an email to check for open connections. The connection status displays next to the button.

    • Save saves the configuration information you entered above for the active directory. Note that clicking Save does not validate the configuration. Use the Test Configured Connection button to test the connection.
    • Refresh undoes all changes since the last save and reloads the values set at the last save.

    Unified CCE User Integration Configuration

    To navigate to this page, choose Cluster Configuration > UCCE User Integration.

    The User Integration feature facilitates the automatic import of reporting supervisors who are added or modified in Unified ICM Configuration Manager and stored in the Unified ICM/CCE/CCH database.

    Once integrated (imported), supervisors are added as users to the Unified Intelligence Center database and can sign into Unified Intelligence Center with their User ID and Password. They are created as users in Unified Intelligence Center with the User Roles of Dashboard Designer and Report Designer and with the rights to view the collection(s) for their agent team(s).

    When Unified CCE User Integration runs, data is retrieved from the Unified CCE Data Source and two stock Value Lists (Agents and Agent Teams) are updated.


    Note


    You cannot run User Integration until you upload the license.

    See also: Troubleshooting Unified ICM User Integration.


    Warning


    Schedule Unified CCE User Integration at off-peak hours and several hours after the database purge. By default, the purge runs at midnight (12:00:00 AM). Database tables are locked during the purge and are unlocked when the purge completes. If the Unified CCE User Integration runs at the same time as the purge, the user integration will fail.
    Table 3 Fields on This Tab

    Field

    Description

    Enable UCCE User Integration at...check box

    Check this to:

    • Enable Unified CCE User Integration and to
    • Set the time and the day of week when it is to occur.
    Note    Leave this field blank if you do not want to run Unified CCE User Integration. See About Unified CCE User Integration.

    Hour | Minute | AM or PM fields

    Click the arrows to the right of the Hour, Minute, and AM|PM fields to select the time of day you want the Unified CCE Integration synchronization to occur.

    Day of the week fields

    Select one, several, or all days that you want the Unified CCE User Integration synchronization to occur.

    Last Run Status

    Shows the status of the last synchronization. Shows PENDING if the that synchronization is still in progress.

    Duration

    Shows how long the synchronization process took.

    Unified CCE Supervisors imported

    Shows the number of new supervisors imported since the last import.

    You can view supervisors on the User List in the Unified Intelligence Center Reporting Interface (Security drawer).

    Supervisors are imported with their Active Directory credentials and can sign in to Unified Intelligence Center Reporting with those credentials.

    Team Collections Updated

    Shows a count of all teams updated. Teams are re-synchronized on each run.

    Supervisors can view their Agents and Agent Teams collections in the Value List drawer in the Unified Intelligence Center Reporting interface.

    • Synchronize Now - click this to run the user integration immediately. If the scheduled integration is configured to run later in the day, this action runs the job now and still runs it at the scheduled time. Clicking this button changes its appearance to Cancel Active Synchronization. A message appears if another user is already running a synchronization. This button is disabled if you have not yet applied a license.
    • Save - Click to save your time and date settings.
    • Refresh - Click to refresh the page to see changes that others might have made.

    See also: About Unified CCE User Integration.

    Unified CCE User Integration

    The Unified CCE User Integration feature imports supervisors and their teams from Unified ICM/CCE from the Unified ICM Configuration Manager and database into Unified Intelligence Center.

    Supervisors are automatically given Unified Intelligence Center user roles and can log in to Unified Intelligence Center to access collections for - and run reports for - their agent team(s).


    Note


    You cannot run User Integration until you upload the license.

    Note


    There are five tasks in the initial setup for Unified CCE User Integration. Some are performed in the Administration interface. Some are performed in the Reporting interface. As Super Users have access to both interfaces, it is efficient for a Super User to set up Unified CCE User Integration.
    • Enable Unified CCE User Integration in the Administration interface.
    • Complete the configuration of the Unified CCE Historical Data Source in the Data Sources drawer of the Reporting Interface.
    • Synchronize Users in the Administration Interface.
    • Validate Collections of Agents and Agent Teams in the Reporting Interface.
    • Set up a synchronization schedule in the Administration Interface.
    • Integrated Supervisors can sign in to Unified Intelligence Center Reporting (provided their Active Directory authentication has been configured.
    • Integrated Supervisors are added to the Unified Intelligence Center Reporting User List with the User Roles of Report Designer and Dashboard Designer.
    • The Unified Intelligence Center Value Lists page is updated with Agents and Agent Teams collections.
    • Integrated Supervisors can view their Agents and Agent Teams collections (Unified Intelligence Center Reporting > Value Lists drawer).
    • Integrated Supervisors are granted permissions to Agents and Agent Teams collections only (Unified Intelligence Center Reporting > Security drawer).

    After Unified CCE User Integration schedule is set up, Unified Intelligence Center is updated with changes to supervisors and their teams every time the synchronization updates.

    Manage License

    To navigate to this page, choose Cluster Configuration > License Management.

    Use the License Management tab to upload and retrieve your Unified Intelligence Center license. Once a license is uploaded, this tab displays information about the current license.

    Unified Intelligence Center uses a centralized licensing model, where the license file is uploaded to the Controller through this interface and, based on License Type, is distributed to nodes in the cluster using database replication.

    The license file is saved to the operating system, with its properties encrypted, as Cuic.lic.

    If the member node is not online when the license file is replicated, Unified Intelligence Center passes the license information when the member starts up.

    Table 4 Fields on This Page

    Field

    Description

    Current License Type

    The type of license - Standard, Premium, Lab, or Trial/Demo. See License Types.

    Maximum number of devices in this cluster Servers

    The number of servers the license allows. For most License Types, this shows 8.

    Start Date

    For Demo License Types only, shows the date the license became active.

    Expiration Date

    The date the license will expire. For most License Types, this shows Never expires. For Demo licenses, this shows the date 90 days later than the Start date.

    User Count

    For Lab License Types only, shows the maximum number of logged in users per device (5).

    • Upload license file (Browse) - If you have no license, click Browse and navigate to the local directory where your license (*.lic file) is stored.
    • Apply License - Click this to apply the license to all devices. A message displays indicating that the license file was uploaded successfully and will be distributed in the cluster in approximately one minute.

      Note


      The databases are polled once a minute for changes. The license replication is not immediate but will occur within a minute.
    • Retrieve - Click this to open a dialog box where you can choose to open the license file to review it or to save it to your local drive. Saving the license provides you with a backup copy in the event that your original license is lost or corrupted.

    See also:

    Troubleshooting License Management

    How to Obtain Your License

    License Types