This document describes security hardening configuration guidelines for Cisco Unified Intelligent Contact Management (Unified ICM) Release 9.0(1) on Windows Server 2008 R2 and Windows Server 2008 R2. The term "Unified ICM" includes: Unified Contact Center Enterprise/Hosted (Unified CCE/CCH), and Cisco Unified Intelligent Contact Management Enterprise/Hosted. Optional Unified ICM applications that apply to these server configurations are also addressed here, with the exception of the following: Cisco Unified Web Interaction Manager (Unified WIM), Media Blender (when not co-resident with a Peripheral Gateway [PG]; if co-resident with a PG then these best practices are applicable), Dynamic Content Adapter and Cisco Unified E-Mail Interaction Manager (Unified EIM). References throughout this document to "Unified ICM/Cisco Unified Contact Center Enterprise (Unified CCE)" will assume the aforementioned configurations. Any accompanying applications that make up the customer's particular solution, whether Cisco provided—such as PSO applications—or provided by a Cisco partner, have not been approved for use with these security hardening recommendations. Special testing and qualification must be considered to ensure that recommended security configurations do not hinder the operation of those applications.
The configurations presented in this document represent parameters used internally within Cisco to develop and test the applications. Other than the base Operating System and application installations, any deviation from this set cannot be guaranteed to provide a compatible operating environment. It is important to note recommendations contained in this document will not always be uniformly implemented; some implementations—as based on corporate policy, specific IT utilities (for example, backup accounts) or other external guidelines—may modify or limit the application of these guidelines.
Operating System Security Hardening is not supported for Release 9.0(1).
This document is primarily intended for server administrators and OS and application installers.
It is assumed that the target reader of this document is an experienced administrator familiar with Windows Server 2008 R2 and Windows Server 2008 R2 installations. It is further assumed that the reader is fully familiar with the applications that make up the Unified ICM/Unified CCE solution, as well as with the installation and administration of these systems. It is the intent of these best practices to additionally provide a consolidated view of securing the various third-party applications on which the Cisco contact center applications depend. If vendor recommendations differ from these guidelines, following such recommendations may result in systems that are not protected from malicious attacks.
This document is organized into the following chapters:
Related documentation includes the documentation sets for Cisco CTI Object Server (CTI OS), Cisco Agent Desktop (CAD), Cisco Agent Desktop - Browser Edition (CAD-BE), Cisco Unified Contact Center Management Portal, Cisco Unified Customer Voice Portal (CVP), Cisco Unified IP IVR, Cisco Unified Intelligence Center, and Cisco Support Tools. The following list provides more information.
For documentation for these Cisco Unified Contact Center products mentioned above, go to http://www.cisco.com/cisco/web/psa/default.html, click Voice and Unified Communications, then click Customer Collaboration, then click Cisco Unified Contact Center Products or Cisco Unified Voice Self-Service Products, then click the product or option you are interested in.
In this release, the product names listed in the table below have changed. The New Name (long version) is reserved for the first instance of that product name and in all headings. The New Name (short version) is used for subsequent instances of the product name.
This document uses the naming conventions provided in each GUI, which means that in some cases the old product name is in use.
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
You can provide comments about this document by sending email to the following address: