This release of the IM and Presence Service supports an encrypted compliance database for the Message Archiver feature. When
this feature is deployed, all instant messages are encrypted before they get sent to the compliance database. Anyone looking
at the data within the compliance database is unable to read the archived messages without an encryption key.
This feature provides greater security for your IM and Presence deployment by allowing your system to comply with compliance
regulations, while restricting read access for potentially confidential IM exchanges to authorized personnel. For example,
let’s say that your company uses instant messaging to communicate with customers, and your company does business in a regulated
industry that requires message archiving. By restricting access to the encryption key, you can archive all instant messages,
provide employees such as a database administrator with the database access that they need to keep the system running, while
still limiting read access to archived IM exchanges to only those employees with a genuine business need.
This feature is supported only if you have Microsoft SQL Server deployed as the external compliance database.
Intercluster Networks
For intercluster networks, you can enable encryption for the intercluster network from a single cluster, which then becomes
the master cluster for the network. The master cluster syncs its encryption key and encryption settings to the remote clusters,
which become the slave clusters in the intercluster network. Encryption is configured automatically for remote clusters, provided
the Message Archiver feature is configured in the remote cluster, with a Microsoft SQL Server compliance database.
Encryption Standards
To ensure that archived data is not compromised, this feature uses three keys: a symmetric encryption key, along with an assymetric
public-private key pair.
-
Encryption key—This 256-bit symmetric key is generated and stored internally by the IM and Presence Service, which uses this
key to encrypt IM compliance data before archiving the data in the compliance database. For intercluster networks, the master
cluster syncs its encryption key to the remote slave clusters so that the entire intercluster network is using the same encryption
key, which is controlled from the master cluster.
You must download this key from the IM and Presence Service and use it with your data viewer to be able to decrypt archived
IMs. When you download this key, the key is encrypted with the public key from the public-private key pair. You can later
decrypt the encryption key with the private key.
-
Public-Private key pair—You must generate this assymetric key pair in an approved key generation tool (for example, OpenSSL)
and use it to encrypt the key in the IM and Presence Service and then decrypt the key with your data viewing tool. The public-private
key pair secures the encryption key while in transit from the IM and Presence Service to your data viewing tool (for example,
Splunk).
The encryption password is hashed with SHA2 and then encrypted with AES 256. Instant Messages are encrypted with the AES 256
algorithm
Process Flow for Encryption
The following table highlights the process flow for enabling encryption and for viewing encrypted data from the database.
The flow highlights each step, and the interface on which each step is completed.
Table 1. Encryption Process Flow
|
IM and Presence Service Master Cluster
|
Key Generation Tool (e.g., OpenSSL)
|
Data Viewing Tool
|
Step 1
|
The administrator configures encryption for the intercluster network. The master cluster syncs encryption settings across
the intercluster network. Archived data is now encrypted.
|
—
|
—
|
Step 2
|
—
|
The administrator generates a public-private key pair for securing the encryption key.
|
—
|
Step 3
|
The administrator downloads the encryption key from the IM and Presence Service. During the download, the public key encrypts
the encryption key.
|
—
|
—
|
Step 4
|
—
|
—
|
The administrator uses the private key to decrypt the encryption key.
|
Step 5
|
—
|
—
|
The encryption key decrypts compliance data. Authorized personnel can view archived compliance data.
|
Minimum Requirements
The following requirements apply for this feature
Table 2. Minimum Requirements for Encrypted IM Compliance Database
System
|
Requirements for this Feature
|
IM and Presence Service
|
-
For 11.x releases, the minimum release for this feature is 11.5(1)SU5.
-
For 12.x releases, the minimum release will be 12.5(1).
-
This feature is not supported with 12.0(1) or 12.0(1)SU1. If you have this feature deployed in 11.5(1)SU5 and you upgrade
to 12.0(1) or 12.0(1)SU1, you will lose this feature.
|
External Database
|
|
Configuration
For details on how to configure an encrypted database for the Message Archiver, refer to the "Message Archiver Configuration"
chapter of the Instant Messaging Compliance Guide for the IM and Presence Service.
User Interface Updates
To support this feature, the Encryption settings for external database section has been added to the Compliance Settings Configuration window. This set of fields appears only if you configure the Message Archiver and select a Microsoft SQL Server compliance database. This section contains the following fields, all of which are added
for this release:
-
Enable Encryption on this cluster—Check this check box to enable encryption in the local cluster
-
Enable Encryption on Remote Clusters—Check this check box to enable encryption on intercluster peers in an intercluster network. The local cluster becomes the
master cluster, which syncs its encryption key to the remote clusters, which are slave clusters.
-
Password/Confirm Password—Enter the encryption password. You will need to reenter this password if you want to download the encryption key, disable
encryption, or change the encryption password.
-
Status table for this cluster—This read-only status table displays the status of any intercluster syncs, and which also displays which cluster is the master
cluster. The table displays the following status columns:
-
Successful Modification Date—The result of the last successful configuration modification for both encryption passwords, and
encryption status.
-
Failed Modification Date—If any attempts to change the encryption password or encryption status failed, the results display
here.
-
Master Cluster ID—This field identifies which cluster, in an intercluster peer setup, is the master cluster.
-
Change Password—If encryption is configured, click this button to change the password. You can only change the password on the master cluster.
-
Download Encryption Key—Click this button to download the encryption key. To download the key, you must enter the encryption password as well as
the public key that you generated with the external Windows tool.
-
Disable Encryption—Check this check box to disable encryption.
Alarm Updates
The MAencryptionMultiMaster alarm has been added under the Cisco XCP Message Archiver service to indicate an issue with message archiver encryption.
This alarm will be raised whenever you have an intercluster peer network where more than one cluster is configured as a master
cluster for message archiver encryption.