This chapter describes the types of encryption used in the
Unified ICM system. The
concepts help you to understand how encryption is used in the
Unified ICM/Unified CCE environment.
User and Agent
Unified ICM/Unified CCE systems are highly distributed
applications composed of many node and server applications. The system stores application user
and contact center agent passwords in the Logger and the Distributor databases as an RSA Data Security, Inc. MD5 Message-Digest
Algorithm hash. When passed from one server node to another, such as from a
PG to a Router, the system passes the passwords as MD5 hashes.
Call Variables and
Extended Call Variables
To protect data sent
in call variables or expanded call context (ECC) variables,
Unified ICM relies
on IPsec and the deployment of IPsec policies between servers running Windows
Server 2008 R2. In a
environment, the establishment of an IPsec channel between the Cisco Unified
Communications Manager (Unified CM) and the Peripheral Gateway is also
supported. Use SHA-1 as your integrity algorithm and 3DES as your encryption
algorithm. For the Internet Key Exchange (IKE) security algorithm, use at least
a minimum of Diffie-Hellman Group 2 for a 1024-bit key, or 2048-bit key if
processing power allows it.
Editor and Agent Re-skilling
Unified ICM supports, as a default on Windows Server
2008 R2, the encryption of traffic for users accessing the
Internet Script Editor, Web Setup, and Agent Re-skilling applications so that
all user logins and optionally session traffic done from a remote machine are
protected from snooping. The applications that implement the Transport Layer
Security (TLS) v1.0 protocol using the Open SSL libraries are HTTP-based.
Re-skilling and Internet Script Editor web applications are deployed and
enabled for 128-bit SSL encryption in IIS 7 as a default so that all supervisor
logins, user logins, and data exchanged is protected across the network.
For more information
about enabling certain Cipher Suites in IIS, see the article
Cisco Contact Center SNMP Management Service
In addition to the various areas of application-level encryption
provided in the
Unified ICM suite of applications, Cisco supports the deployment of the
solution across sites running Cisco IOS IPsec in Tunnel Mode with HMAC-SHA1
Authentication (ESP-SHA-HMAC) and 3DES Encryption (ESP-3DES).