Achieving contact center enterprise solution security requires a security policy that accurately defines access, connection requirements, and systems management. A good security policy enables you to use the available Cisco technologies to protect your data center resources from internal and external threats. Security measures ensure data privacy, integrity, and system availability.
The security considerations for contact center enterprise solutions are similar to the considerations for the other applications in a Cisco Unified Communications solution. Contact center enterprise solutions vary greatly and often call for complex network designs. These deployments require competence in Layer 2 and Layer 3 networking as well as voice, VPN, QoS, Microsoft Windows Active Directory, and other networking issues. This chapter provides some guidance in these areas. But, this is not an all-inclusive guide for deploying a secure contact center.
Along with the Unified Communications Security Solution portal, use the design documentation in the Design Zone at http://www.cisco.com/c/en/us/solutions/enterprise/design-zone/index.html. These documents provide information on properly building a network infrastructure for Cisco Unified Communications. In particular, consult the following relevant documents about security and Cisco Unified Communications:
Cisco Unified Communications SRND Based on Cisco Unified Communications Manager
Data Center Networking: Server Farm Security SRNDv2
Site-to-Site IPSec VPN SRND
Voice and Video Enabled IPSec VPN (V3PN) SRND
Business Ready Teleworker SRND
Updates and additions to these documents are posted periodically, so visit the Design Zone frequently.
This chapter provides limited guidance on the intricacies of designing and deploying a Windows Active Directory. More information is available from Microsoft on the following topics:
Designing a new Active Directory logical structure
Deploying Active Directory for the first time
Upgrading an existing Windows environment to Microsoft Windows Server 2012 R2 Active Directory
Restructuring your current environment to a Windows Active Directory environment
In particular, see the Designing and Deploying Directory and Security Services section of the Microsoft Windows Server 2012 R2 Deployment Kit. That section can assist you in meeting all the Active Directory design and deployment goals for your organization. See the Microsoft TechNet articles at https://technet.microsoft.com/library/hh801901.aspx.
The contact center enterprise solution consists of several application servers that are managed differently. The primary servers are for the core components. Install these servers only on a standard (default) operating system installation. For components that you install on Windows Server 2012 R2, use only a default retail version of the Windows Server software. Keep the operating system up to date with the latest device drivers, security updates, and so forth.
Some servers, like Unified Communications Manager (Unified CM), run on the Cisco Voice Operating System (VOS). Obtain all relevant patches and updates to this operating system from Cisco. You can find the security hardening specifications for this operating system in the Cisco Collaboration System
Solution Reference Network Designs and other Unified CM product documentation at http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/tsd-products-support-series-home.html.
Appropriate security varies between the servers. Keep this in mind as you design, deploy, and maintain these servers in your environment. Cisco constantly enhances its Unified Communications products with the eventual goal of having them all support the same customized operating system, antivirus applications, and security path management techniques.