This document describes security hardening configuration guidelines for
Cisco Unified Intelligent Contact Management (Unified ICM) Release
9.0(1) on Windows Server 2008 R2 and Windows Server 2008 R2. The term
"Unified ICM" includes:
Unified Contact Center Enterprise/Hosted (Unified CCE/CCH), and
Cisco Unified Intelligent Contact Management Enterprise/Hosted. Optional
Unified ICM applications that apply to these server configurations are also
addressed here, with the exception of the following:
Cisco Unified Web Interaction Manager (Unified WIM), Media Blender (when not co-resident with
a Peripheral Gateway [PG]; if co-resident with a PG then these best practices
are applicable), Dynamic Content Adapter and
Cisco Unified E-Mail Interaction Manager (Unified EIM). References throughout this document to
"Unified ICM/Cisco Unified Contact Center Enterprise (Unified CCE)" will assume the aforementioned
configurations. Any accompanying applications that make up the customer's
particular solution, whether Cisco provided—such as PSO applications—or
provided by a Cisco partner, have not been approved for use with these security
hardening recommendations. Special testing and qualification must be considered
to ensure that recommended security configurations do not hinder the operation
of those applications.
The configurations presented in this document represent parameters used internally within Cisco to develop and test the applications. Other than the base Operating System and application installations, any deviation from this set cannot be guaranteed to provide a compatible operating environment. It is important to note recommendations contained in this document will not always be uniformly implemented; some implementations—as based on corporate policy, specific IT utilities (for example, backup accounts) or other external guidelines—may modify or limit the application of these guidelines.
Operating System Security Hardening is not supported for Release 9.0(1).
This document is primarily intended for server administrators and OS and application installers.
It is assumed that the target reader of this document is an experienced administrator familiar with Windows Server 2008 R2 and Windows Server 2008 R2 installations. It is further assumed that the reader is fully familiar with the applications that make up the Unified ICM/Unified CCE solution, as well as with the installation and administration of these systems. It is the intent of these best practices to additionally provide a consolidated view of securing the various third-party applications on which the Cisco contact center applications depend. If vendor recommendations differ from these guidelines, following such recommendations may result in systems that are not protected from malicious attacks.
This document is organized into the following chapters:
Related documentation includes the documentation sets for Cisco CTI
Object Server (CTI OS), Cisco Agent Desktop (CAD), Cisco Agent Desktop -
Browser Edition (CAD-BE), Cisco Unified Contact Center Management Portal, Cisco
Unified Customer Voice Portal (CVP), Cisco Unified IP IVR, Cisco Unified
Intelligence Center, and Cisco Support Tools.
The following list provides more information.
For documentation for these Cisco Unified Contact Center products mentioned above,
Voice and Unified Communications, then click
Customer Collaboration, then click
Cisco Unified Contact Center Products or
Cisco Unified Voice Self-Service Products, then click the
product or option you are interested in.
In this release, the product names listed in the table below have
changed. The New Name (long version) is reserved for the first instance of that
product name and in all headings. The New Name (short version) is used for
subsequent instances of the product name.
This document uses the naming conventions provided in each GUI, which
means that in some cases the old product name is in use.
Subscribe to the What's New in Cisco Product
Documentation as a Really Simple Syndication (RSS) feed and set
content to be delivered directly to your desktop using a reader application.
The RSS feeds are a free service and Cisco currently supports RSS Version
You can provide comments about
this document by sending email to the following address: