Reference
Security Certificates
Graceful Shutdown of Call Server or Reporting Server
Unified CVP Statistics
- Call Server
- VXML Server
Unified CVP Reporting Statistics
- Reporting Statistics
- Infrastructure Statistics

Reference

Security Certificates

Certificates are used to ensure that browser communication is secure by authenticating clients and servers on the Web. Users can purchase certificates from a certificate authority (CA signed certificates) or they can use self-signed certificates. To establish a secure communication, execute the commands in the Command Prompt as an Administrator (right click over the Command Prompt and select Run as administrator).

Note

To download PEM encoded certificates, refer to the respective browser documentation for instructions.

Certificates for Live Data

You must set up security certificates for Finesse and Cisco Unified Intelligence Center with HTTPS.

You can:

Use the self-signed certificates provided with Finesse and Cisco Unified Intelligence Center.
Obtain and install a Certification Authority (CA) certificate from a third-party vendor.
Produce a certificate internally.

Note

As is the case when using other self-signed certificates, agents must accept the Live Data certificates in the Finesse desktop when the sign in before they can use the Live Data gadget.

Add Self-Signed Certificates for Live Data

Both Finesse and Unified Intelligence Center are installed with self-signed certificates. If you choose to work with these self-signed certificates (rather than producing your own CA certificate or obtaining a CA certificate from a third-party certificate vendor), you must first export the certificates from the Unified Intelligence Center Publisher and Subscriber. You must then import the certificates into Finesse, importing the Publisher certificate to the Finesse Primary node and the Subscriber certificate to the Finesse Secondary node.

As is the case when using other self-signed certificates, agents must accept the Live Data certificates in the Finesse desktop when they sign in before they can use the Live Data gadget.

Procedure

Step 1	Sign in to Cisco Unified Operating System Administration on Cisco Unified Intelligence Center (https://`<hostname of Cisco Unified Intelligence Center server>`/cmplatform).
Step 2	From the Security menu, select Certificate Management.
Step 3	Click Find.
Step 4	Do one of the following: If the tomcat certificate for your server is on the list, click the certificate to select it. (Ensure that the certificate you select includes the hostname for the server.) If the tomcat certificate for your server is not on the list, do the following: Click Generate New. When the certificate generation is complete, restart the Cisco Tomcat service, Unified Intelligence Center Reporting service, and Cisco Live Data NGNIX service. Restart this procedure.
Step 5	Download the PEM encoded certificate and save the file to your desktop. You must download the certificates that contain the hostnames Cisco Unified Intelligence Center publisher and Cisco Unified Intelligence Center subscriber.
Step 6	Sign in to Cisco Unified Operating System Administration on the primary Finesse server (https://FQDN of Finesse server:8443/cmplatform).
Step 7	From the Security menu, select Certificate Management.
Step 8	Click Upload Certificate.
Step 9	From the Certificate Name drop-down list, select tomcat-trust.
Step 10	Click Browse and browse to the location of the certificate (Cisco Unified Intelligence Center publisher and subscriber certificates).
Step 11	Click Upload File.
Step 12	Restart Cisco Finesse Tomcat on the Finesse server.

Obtain and Upload CA Certificate for Live Data from a Third Party Vendor

You can use a Certification Authority (CA) certificate provided by a third-party vendor to establish an HTTPS connection between the Finesse and Cisco Unified Intelligence Center servers.

Follow the instructions in the TechNote Procedure to Obtain and Upload CA Certificate from a Third-party Vendor, available at https://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-enterprise-1101/200286-Unified-CCE-Solution-Procedure-to-Obtai.html.

Setup CA in Windows

Set up Microsoft Certificate Server for Windows 2008 R2

This procedure assumes that your deployment includes a Windows Server 2008 R2 (Standard) Active Directory server. Perform the following steps to add the Active Directory Certificate Services role on the Windows 2008 R2 (Standard) domain controller.

Procedure

Step 1	Click Start, right-click Computer, and select Manage.
Step 2	In the left pane, click Roles.
Step 3	In the right pane, click Add Roles. The Add Roles Wizard opens.
Step 4	On the Select Server Roles screen, check the Active Directory Certificate Services check box, and then click Next.
Step 5	On the Introduction to Active Directory Certificate Services screen, click Next.
Step 6	On the Select Role Services screen, check the Certification Authority check box, and then click Next.
Step 7	On the Specify Setup Type screen, select Enterprise, and then click Next.
Step 8	On the Specify CA Type screen, select Root CA, and then click Next.
Step 9	Click Next on the Set Up Private Key, Configure Cryptography for CA, Configure CA Name, Set Validity Period, and Configure Certificate Database screens to accept the default values.
Step 10	On the Confirm Installations Selections screen, verify the information, and then click Install.

Set up Microsoft Certificate Server for Windows Server

This procedure assumes that your deployment includes a Windows Server Active Directory server. Perform the following steps to add the Active Directory Certificate Services role on the Windows Server domain controller.

Before you begin

Before you begin, Microsoft .Net Framework must be installed. See Windows Server documentation for instructions.

Procedure

Step 1	In Windows, open the Server Manager.
Step 2	In the Quick Start window, click Add Roles and Features .
Step 3	In the Set Installation Type tab, select Role-based or feature-based installation , and then click Next.
Step 4	In the Server Selection tab, select the destination server then click Next.
Step 5	In the Server Roles tab, check the Active Directory Certificate Services box, and then click the Add Features button in the pop-up window.
Step 6	In the Features and AD CS tabs, click Next to accept default values.
Step 7	In the Role Services tab, verify that Certification Authority box is checked, and then click Next.
Step 8	In the Confirmation tab, click Install.
Step 9	After the installation is complete, click the Configure Active Directory Certificate Service on the destination server link.
Step 10	Verify that the credentials are correct (for the domain Administrator user), and then click Next.
Step 11	In the Role Services tab, check the Certification Authority box, and then click Next.
Step 12	In the Setup Type tab, select Enterprise CA, and then click Next.
Step 13	In the CA Type tab, select Root CA, and then click Next.
Step 14	In the Private Key, Cryptography, CA Name, Validity Period, and Certificate Database tabs, click Next to accept default values.
Step 15	Review the information in the Confirmation tab, and then click Configure.

Generate and Import CA Signed Certificate in AW Machine

Generate and Import the CA signed certificate to all AW Machines.

Procedure

Step 1

Step 2

Execute the following command:

cd %JAVA_HOME%\bin

Step 3

Remove the existing certificate by executing:

keytool.exe -delete -alias <certificate_name> -keystore ..\lib\security\cacerts

Step 4

Enter the keystore password when prompted.

The default keystore password is changeit.

Note

To change the keystore password, see Change Java Truststore Password.

Step 5

Generate a new key pair for the alias with the selected key size by running keytool.exe -genkeypair -alias <certificate_name> -v -keysize 1024 -keyalg RSA -keystore ..\lib\security\cacerts.

Enter keystore password: <enter the keystore password>
What is your first and last name?
[Unknown]: <specify the AW host name> E.g CCE-AW-1-21
What is the name of your organizational unit?
[Unknown]: <specify OU> E.g. ccbu
What is the name of your organization?
[Unknown]: <specify the name of the org> E.g. cisco
What is the name of your City or Locality?
[Unknown]: <specify the name of the city/locality>  E.g. BLR
What is the name of your State or Province?
[Unknown]: <specify the name of the state/province>  E.g. KA
What is the two-letter country code for this unit?
[Unknown]: <specify two-letter Country code>  E.g. 91
Is CN=CCE-AW-1-21, OU=cisco, O=ccbu, L=BLR, ST=KA, C=91 correct?
[no]: yes

Step 6

Enter the keystore password when prompted.

Step 7

Generate the CSR certificate for the alias by running keytool.exe -alias <certificate_name> -certreq -keystore ..\lib\security\cacerts -file c:\cert\<certificate_name>.csr and save it to a file (for example, tomcatCert.csr).

Step 8

Enter the keystore password when prompted.

Step 9

Copy the root CA certificate and the CA-signed certificate to %JAVA_HOME%\bin>.

Step 10

Install the root CA certificate by running keytool.exe -keystore ..\lib\security\cacerts -import -v -trustcacerts -alias root -file %Path_Of_Root_Cert%\<filename_of_root_cert>.

Step 11

Enter the keystore password when prompted.

Step 12

Install the signed certificate by running keytool.exe -keystore ..\lib\security\cacerts -import -v -trustcacerts -alias <certificate_name> -file %Path_Of_Root_Cert%\<filename_of_CA_signed_cert>.

Step 13

Go to Services and restart Tomcat.

Generate and Import Self-signed Certificate in AW Machine

Generate and Import the self-signed certificate to all AW Machines.

Procedure

Step 1

Step 2

Execute the following command:

cd %JAVA_HOME%\bin

Step 3

Remove the existing certificate by executing:

keytool.exe -delete -alias <certificate_name> -keystore ..\lib\security\cacerts

Step 4

Enter the keystore password when prompted.

The default keystore password is changeit.

Note

To change the keystore password, see Change Java Truststore Password.

Step 5

Generate a new key pair for the alias with the selected key size by running: keytool.exe -genkeypair -alias <certificate_name> -v -keysize 1024 -keyalg RSA -keystore ..\lib\security\cacerts.

Enter keystore password: <enter the keystore password>
What is your first and last name?
[Unknown]: <specify the AW host name> E.g CCE-AW-1-21
What is the name of your organizational unit?
[Unknown]: <specify OU> E.g. ccbu
What is the name of your organization?
[Unknown]: <specify the name of the org> E.g. cisco
What is the name of your City or Locality?
[Unknown]: <specify the name of the city/locality>  E.g. BLR
What is the name of your State or Province?
[Unknown]: <specify the name of the state/province>  E.g. KA
What is the two-letter country code for this unit?
[Unknown]: <specify two-letter Country code>  E.g. 91
Is CN=CCE-AW-1-21, OU=cisco, O=ccbu, L=BLR, ST=KA, C=91 correct?
[no]: yes

Step 6

Go to Services and restart Tomcat.

Generate Self-Signed Certificate in ECE Web Server

Procedure

Step 1	Login to the ECE Web Server.
Step 2	Open the Internet Information Services (IIS) Manager.
Step 3	In the left pane, under Connections, choose the configured <hostname>. The <hostname> Home page appears.
Step 4	From the IIS area, click Server Certificates.
Step 5	In the right pane, under Actions, click Create Self-Signed Certificate. The Create Self-Signed Certificate window appears.
Step 6	In the Specify a friendly name for the certificate field, enter a name for the certificate.
Step 7	From the Select a certificate store for the new certificate drop-down list, choose Web Hosting.
Step 8	Click OK. The certificate is generated and appears in the Home page.
Step 9	In the left pane, under Connections, navigate to Sites > Default Web Site. The Default Web Site Home page appears.
Step 10	In the right pane, under Actions, click Bindings.
Step 11	Click Add. The Add Site Binding window appears.
Step 12	From the Type drop-down list, choose https.
Step 13	From the SSL certificate drop-down list, choose the <hostname>.
Step 14	Click OK.
Step 15	In the right pane, under Manage Website, click Restart.

Change Java Truststore Password

This procedure explains how to change a truststore password in a Windows machine.

Procedure

Step 1

Step 2

Run the following command:

cd %JAVA_HOME%\bin

Step 3

Change the truststore password by running the following command:

keytool.exe -storepasswd -keystore ..\lib\security\cacerts
Enter keystore password:  <old-password>
New keystore password:  <new-password>
Re-enter new keystore password:  <new-password>

Add Principal AW certificate to all Unified CVP Servers.

Procedure

Step 1	Download Packaged CCE webadmin self-signed certificate to %CVP_HOME%\conf\security\.
Step 2	Import the certificate to the CVP Call Server keystore - %CVP_HOME%\jre\bin\keytool.exe -import -trustcacerts -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias AW_cert -file %CVP_HOME%\conf\security\<AW certificate>.

Import WSM CA Certificate into CVP

Procedure

Step 1

Note

At the command prompt, enter the following command:

more %CVP_HOME%\conf\security.properties.

Security.keystorePW = <Returns the keystore password>

Use this keystore password when prompted for, in the following steps.

Step 2

Remove the existing certificate by running %CVP_HOME%\jre\bin\keytool.exe -delete -alias wsm_certificate -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS.

Step 3

Enter the keystore password when prompted.

Step 4

Generate a new key pair for the alias with selected key size by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -genkeypair -alias wsm_certificate -v -validity <duration in days> -keysize 2048 -keyalg RSA.

Enter keystore password: <enter the keystore password>
What is your first and last name?
 [Unknown]: <specify the FQDN of the CVP server. For example: cvp-1a@example.com >
What is the name of your organizational unit?
 [Unknown]: <specify OU> E.g. CCBU
What is the name of your organization?
 [Unknown]: <specify the name of the org> E.g. CISCO
What is the name of your City or Locality?
 [Unknown]: <specify the name of the city/locality>  E.g. BLR
What is the name of your State or Province?
 [Unknown]: <specify the name of the state/province>  E.g. KAR
What is the two-letter country code for this unit?
 [Unknown]: <specify two-letter Country code>  E.g. IN
Specify ‘yes’ for the inputs.

Note

The default duration for validity is 90 days.

Step 5

Generate the CSR certificate for the alias by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -certreq -alias wsm_certificate -file %CVP_HOME%\conf\security\wsm.csr and save it to a file (for example, wsm.csr).

Step 6

Enter the keystore password when prompted.

Step 7

Download wsm.csr from CVP %CVP_HOME%\conf\security\ and sign it from CA.

Step 8

Copy the root CA certificate and the CA-signed certificate to %CVP_HOME%\conf\security\

Step 9

Install the root CA certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -validity <duration in days> -trustcacerts -alias root -file %CVP_HOME%\conf\security\<filename_of_root_cert>.

Step 10

Enter the keystore password when prompted.

Step 11

Install the signed certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -validity <duration in days> -trustcacerts -alias wsm_certificate -file %CVP_HOME%\conf\security\<filename_of_CA_signed_cert>.

Step 12

Enter the keystore password when prompted.

Step 13

Restart the Cisco CVP WebServicesManager service.

Import CA Certificate into AW Machines

Note

Prior to attempting to manage the system through Unified CCE Administration, the Administration & Data Server (AW) must exchange the SSL certificates with the Customer Voice Portal (CVP), Finesse, Cisco Enterprise Chat and Email (ECE), Cisco Unified Intelligence Center (CUIC), Cisco Unified Communication Manager (CUCM), Cisco Identity Service (idS), and Virtual Voice Browser (VVB) to establish a trust communication.

Procedure

Step 1

Step 2

Execute the following command:

cd %JAVA_HOME%\bin

Step 3

Copy the Root or intermediate certificates to a location in AW Machine.

Step 4

Remove the existing certificate by executing:

keytool.exe -delete -alias <AW FQDN> -keystore ..\lib\security\cacerts

Step 5

Enter the truststore password when prompted.

The default truststore password is changeit.

Note

To change the truststore password, see Change Java Truststore Password.

Step 6

At the AW machine terminal, run the following command:

```
cd %JAVA_HOME%\bin
```

keytool -import -file <path where the Root or intermediate certificate is stored> -alias <AW FQDN> -keystore ..\lib\security\cacerts

Step 7

Enter the truststore password when prompted.

Step 8

Go to Services and restart Apache Tomcat.

Add Solution Components Self-Signed Certificate to AW Machine

Add Finesse Certificate to AW Machine

If you do not have a CA certificate, you must import a self-signed certificate from the Finesse server to an AW machine. This enables AW Machine to communicate to Finesse over a secure channel.

Note

The certificate CommonName (CN) must match the Fully Qualified Domain Name (FQDN) provided for the respective Finesse and IdS servers in the Packaged CCE Inventory.

Procedure

Step 1	Sign in to the Cisco Unified Operating System Administration on the primary server (https://<FQDN of Finesse server>:8443/cmplatform).
Step 2	From the Security menu, select Certificate Management.
Step 3	Click Find.
Step 4	Do one of the following: If the tomcat certificate for your server is not on the list, click Generate Self-signed. When the certificate generation is complete, reboot your server. If the tomcat certificate for your server is on the list, click the certificate to select it. (Ensure that the certificate you select includes the hostname for the server.)
Step 5	Download the PEM encoded certificate and save the file to your desktop. You must download the self-signed certificates that contain the hostname of the primary server.
Step 6	Copy the certificate to a location in AW Machine.
Step 7	Run the following command at the AW machine terminal: `cd %JAVA_HOME%` `keytool -import -file <path where self-signed certificate is copied> -alias <FQDN of Finesse Server> -keystore .\lib\security\cacerts`
Step 8	Go to Services and restart Tomcat.

Add IdS Certificate to AW Machine

If you do not have a CA certificate, you must import a self-signed certificate from the Cisco Identify Service (IdS) to an AW machine. This enables AW Machine to communicate to IdS over a secure channel.

Note

You must download and import the certificate from both IdS publisher and subscriber servers.
The certificate CommonName (CN) must match the Fully Qualified Domain Name (FQDN) provided for the respective Finesse and IdS servers in the Packaged CCE Inventory.

Procedure

Step 1	Sign in to the Cisco Unified Operating System Administration on the primary server (https://<FQDN of Ids server:8443>/cmplatform).
Step 2	From the Security menu, select Certificate Management.
Step 3	Click Find.
Step 4	Do one of the following: If the tomcat certificate for your server is not on the list, click Generate Self-signed. When the certificate generation is complete, reboot your server. If the tomcat certificate for your server is on the list, click the certificate to select it. (Ensure that the certificate you select includes the hostname for the server.)
Step 5	Download the PEM encoded self-signed certificate and save the file to your desktop. You must download the self-signed certificates that contain the hostname of the primary server.
Step 6	Copy the certificate to a location in AW Machine.
Step 7	Run the following command at the AW machine terminal: `cd %JAVA_HOME%` `keytool -import -file <path where self-signed certificate is copied> -alias <FQDN of IdS Server> -keystore .\lib\security\cacerts`
Step 8	Go to Services and restart Tomcat.

Add ECE Web Server Certificate to AW Machine

If you do not have a CA certificate, you must import a self-signed certificate from the ECE web server to AW machine. This will enable you to launch the ECE gadget in the Unified CCE Administration.

Procedure

Step 1

From the ECE Web Server (https://<ECE Web Server>), download the PEM encoded certificate, and save the file to your desktop.

Step 2

Copy the certificate to a location in AW Machine.

Step 3

Run the following command at the AW machine terminal:

```
cd %JAVA_HOME%\bin
```

keytool -import -file <path where self-signed certificate is copied> -alias <FQDN of ECE Web Server> -keystore ..\lib\security\cacerts

Step 4

Enter the truststore password when prompted.

The default truststore password is changeit.

Note

To change the truststore password, see Change Java Truststore Password.

Step 5

Go to Services and restart Tomcat.

Import WSM Certificate into AW Machines

Note

This procedure is applicable if you do not have the CA certificate.

When you install CVP Call Server or Reporting Server, you must import the Web Service Manager (WSM) self-signed certificate into all AW machines. This will eliminate any browser warnings and establish HTTPS connection between CVP Call Server or Reporting Server and AW machine. Use Keytool to generate a Self-Signed Certificate.

Important

The certificate CommonName (CN) must match the Fully Qualified Domain Name (FQDN) provided for the CVP Call Server or Reporting Server in the Packaged CCE Inventory.

Procedure

Step 1

Step 2

On the command prompt, navigate to the directory where .keystore is located.

For example:

%CVP_HOME%\conf\security

Step 3

Delete the wsm certificate from the CVP keystore using the following command:

%CVP_HOME%\jre\bin\keytool.exe -delete -alias wsm_certificate -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS

Step 4

Enter the CVP keystore password.

The CVP keystore password is available at %CVP_HOME%\conf\security.properties.

Or,

Run the following command to get the keystore password:

more %CVP_HOME%\conf\security.properties
Security.keystorePW = <Returns the keystore password>

Step 5

Run the following command to generate the self-signed certificate:

%CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -genkeypair -alias wsm_certificate -v -validity <duration in days> -keysize 2048 -keyalg RSA

Note

The default duration for validity is 90 days.

Enter keystore password: <enter the keystore password>
What is your first and last name?.
 [Unknown]: <Specify the FQDN of the CVP server. For example: cvp-1a@example.com>
What is the name of your organizational unit?
 [Unknown]: <specify OU> E.g. CCBU
What is the name of your organization?
 [Unknown]: <specify the name of the org> E.g. CISCO
What is the name of your City or Locality?
 [Unknown]: <specify the name of the city/locality>  E.g. BLR
What is the name of your State or Province?
 [Unknown]: <specify the name of the state/province>  E.g. KAR
What is the two-letter country code for this unit?
 [Unknown]: <specify two-letter Country code>  E.g. IN
Specify ‘yes’ for the inputs.

Step 6

Enter the key password for wsm certificate. Leave it blank to use the default keystore password.

Step 7

Restart the CVP Call Server or Reporting Server.

Step 8

Download the self-signed certificate from the browser (https://FQDN of the CVP Server:8111/cvp-dp/rest/DiagnosticPortal/GetProductVersion).

Step 9

Copy the certificate to a location in AW Machine.

Step 10

At the AW machine terminal, run the following command:

```
cd %JAVA_HOME%\bin
```

keytool -import -file <path where self-signed certificate is copied> -alias <FQDN of the CVP Server> -keystore ..\lib\security\cacerts

Step 11

Enter the truststore password when prompted.

The default truststore password is changeit.

Note

To change the truststore password, see Change Java Truststore Password.

Step 12

Go to Services and restart Apache Tomcat.

Import VVB Self-Signed Certificate into AW Machines

Import self-signed certificate from Virtualized Voice Browser (VVB) into all AW machines. This enables the AW Machine to communicate with the component over a secure channel.

Note

The certificate CommonName (CN) must match the Fully Qualified Domain Name (FQDN) provided for VVB in the Packaged CCE Inventory.

Procedure

Step 1

Sign in to the Cisco Unified Operating System Administration on the VVB server using the URL (https://<FQDN of VVB server>:8443/cmplatform).

Step 2

From the Security menu, select Certificate Management.

Step 3

Click Find.

Step 4

Do one of the following:

If the tomcat certificate for your server is not on the list, click Generate Self-signed. When the certificate generation is complete, reboot your server.
If the tomcat certificate for your server is on the list, click the certificate to select it. (Ensure that the certificate you select includes the hostname for the server.)

Step 5

Download the PEM encoded certificate and save the file to your desktop.

You must download the self-signed certificates that contain the hostname of the primary server.

Step 6

Copy the certificate to a location in AW Machine.

Step 7

Run the following command as an administrator at the AW machine terminal:

```
cd %JAVA_HOME%\bin
```

keytool -import -file <path where self-signed certificate is copied> -alias <FQDN of component Server> -keystore ..\lib\security\cacerts

Step 8

Enter the keystore password when prompted.

The default keystore password is changeit.

Note

To change the keystore password, see Change Java Truststore Password.

Step 9

Go to Services and restart Apache Tomcat.

Graceful Shutdown of Call Server or Reporting Server

As a local administrator, you can use the following procedure to gracefully shut down the Call Server or Reporting Server services from the CLI.

Procedure

Step 1

Step 2

Go to <CVP-INSTALLED-LOCATION>\Cisco\CVP\bin\ServiceController.

Step 3

Run the service-controller.bat file.

Step 4

Enter the administrator credentials, service name, and IP address details at the prompt:

CALLSERVER-IP-ADDRESS: <IP-Address of the Call Server>
CALLSERVER-USERNAME: <Username of the Call Server>
CALLSERVER-PASSWORD:  <Password of the Call Server> 
SERVICE-NAME: <Choose the Service name which you need to shutdown gracefully(callserver/reportingserver)>
REPORTINGSERVER-IP-ADDRESS: <IP-Address of the REPORTING SERVER>

Note

To shut down the Reporting Server gracefully, ensure that the CVP Call Server is up and running.
If you have selected the reportingserver service, then be sure to provide the IP address of the Reporting Server.

Unified CVP Statistics

Call Server

Unified ICM Service Call Statistics

The ICM Service call statistics include data on calls currently being processed by the ICM service, new calls received during a specified interval, and total calls processed since start time.

The following table describes ICM Service call statistics.

Table 1. ICM Service Call Statistics
Statistic	Description
Realtime Statistics
Active Calls	The current number of calls being serviced by the Unified ICM Server for a Unified CVP Call Server. This value represents a count of calls currently being serviced by the ICM for the Unified CVP Call Server for follow-on routing to a Contact Center agent.
Active SIP Call Legs	The Unified ICM Server can accept Voice over IP (VoIP) calls that originate using the Session Initiation Protocol (SIP). Active SIP Call Legs indicates the current number of calls received by the Unified ICM Server from the Unified CVP Call Server using the SIP protocol.
Active VRU Call Legs	The current number of calls receiving Voice Response Unit (VRU) treatment from the Unified ICM Server. The VRU treatment includes playing pre-recorded messages, asking for Caller Entered Digits (CED), or Speech Recognition Techniques to understand the customer request.
Active ICM Lookup Requests	Calls originating from an external Unified CVP VXML Server need call routing instructions from the Unified ICM Server. Active Lookup Requests indicates the current number of external Unified CVP VXML Server call routing requests sent to the ICM Server.
Active Basic Service Video Calls Offered	The current number of simultaneous basic service video calls being processed by the ICM service where video capability was offered.
Active Basic Service Video Calls Accepted	The current number of simultaneous calls that were accepted as basic service video calls and are being processed by the ICM service.
Interval Statistics
Start Time	The time at which the current interval has begun.
Duration Elapsed	The amount of time that has elapsed since the start time in the current interval.
Interval Duration	The interval at which statistics are collected. The default value is 30 minutes.
New Calls	The number of new calls received by the Intelligent Contact Management (ICM) application for follow-on Voice Response Unit (VRU) treatment and routing to a Contact Center agent during the current interval.
SIP Call Legs	The Intelligent Contact Management (ICM) application has the ability to accept Voice over IP (VoIP) calls that originate via the Session Initiation Protocol (SIP). Interval SIP Call Legs is an interval specific snapshot metric indicating the number of calls received by the ICM application via SIP during the current interval.
VRU Call Legs	The number of calls receiving Voice Response Unit (VRU) treatment from the Intelligent Contact Management (ICM) application. The VRU treatment includes playing pre-recorded messages, asking for Caller Entered Digits (CED), or speech recognition techniques to understand the customer request during the current interval.
ICM Lookup Requests	Calls originating in an external Unified CVP VXML Server need call routing instructions from the Intelligent Contact Management (ICM) application. Interval Lookup Requests is an interval specific metric indicating the number of external Unified CVP VXML Server call routing requests sent to the ICM application during the current interval.
Basic Service Video Calls Offered	The number of offered basic service video calls processed by the ICM service during the current interval.
Basic Service Video Calls Accepted	The number of basic service video calls accepted and processed by the ICM service during the current interval.
Aggregate Statistics
Start Time	The time the service started collecting statistics.
Duration Elapsed	The amount of time that has elapsed since the service start time.
Total Calls	The total number of new calls received by the ICM application for follow-on VRU treatment and routing to a Contact Center agent since system start time.
Total SIP Call Legs	The ICM application has the ability to accept VoIP calls that originate via the SIP. Total SIP Switch Legs is a metric indicating the total number of calls received by the ICM application via SIP since system start time.
Total VRU Call Legs	The total number of calls that have received VRU treatment from the ICM application since system start time. The VRU treatment includes playing pre-recorded messages, asking for CED or Speech Recognition Techniques to understand the customer request.
Total ICM Lookup Requests	Calls originating in an external Unified CVP VXML Server need call routing instructions from the ICM application. Total Lookup Requests is a metric indicating the total number of external Unified CVP VXML Server call routing requests sent to the ICM application since system start time.
Total Basic Service Video Calls Offered	The total number of newly offered basic service video calls processed by the ICM service since system start time.
Total Basic Service Video Calls Accepted	The total number of new basic service video calls accepted and processed by the ICM service since system start time.

SIP Service Call Statistics

The SIP service call statistics include data on calls currently being processed by the SIP service, new calls received during a specified interval, and total calls processed since the SIP service started.

The following table describes the SIP Service call statistics.

Table 2. SIP Service Call Statistics
Statistic	Description
Realtime Statistics
Active Calls	A real time snapshot metric indicating the count of the number of current calls being handled by the SIP service.
Total Call Legs	The total number of SIP call legs being handled by the SIP service. A call leg is also known as a SIP dialog. The metric includes incoming, outgoing, and ringtone type call legs. For each active call in the SIP service, there will be an incoming call leg, and an outgoing call leg to the destination of the transfer label.
Active Basic Service Video Calls Offered	The number of basic service video calls in progress where video capability was offered.
Active Basic Service Video Calls Answered	The number of basic service video calls in progress where video capability was answered.
Active Agent Whisper Calls	The number of active whisper call legs.
Active Agent Greeting Calls	The number of active greeting call legs.
Interval Statistics
Start Time	The time the system started collecting statistics for the current interval.
Duration Elapsed	The amount of time that has elapsed since the start time in the current interval.
Interval Duration	The interval at which statistics are collected. The default value is 30 minutes.
New Calls	The number of SIP Invite messages received by Unified CVP in the current interval. It includes the failed calls as well as calls rejected due to the SIP service being out of service.
Connects Received	The number of CONNECT messages received by SIP service in order to perform a call Transfer, in the last statistics aggregation interval. Connects Received includes the regular Unified CVP transfers as well as Refer transfers. Any label coming from the ICM service is considered a CONNECT message, whether it is a label to send to the VRU or a label to transfer to an agent.
Avg Latency Connect to Answer	The period of time between the CONNECT from ICM and when the call is answered. The metric includes the average latency computation for all the calls that have been answered in the last statistics aggregation interval.
Failed SIP Transfers (Pre-Dialog)	The total number of failed SIP transfers since system start time. When Unified CVP attempts to make a transfer to the first destination of the call, it sends the initial INVITE request to set up the caller with the ICM routed destination label. The metric does not include rejections due to the SIP Service not running. The metric includes failed transfers that were made after a label was returned from the ICM Server in a CONNECT message.
Failed SIP Transfers (Post-Dialog)	The number of failed re-invite requests on either the inbound or outbound legs of the call during the interval. After a SIP dialog is established, re-INVITE messages are used to perform transfers. Re-invite requests can originate from the endpoints or else be initiated by a Unified CVP transfer from the Unified ICME script. This counter includes failures for both kinds of re-invite requests.
Basic Service Video Calls Offered	The number of basic service video calls offered in the current interval.
Basic Service Video Calls Answered	The number of basic service video calls answered in the current interval.
Whisper Announce Answered	The number of calls for which whisper announcement was successful during the interval.
Whisper Announce Failed	The number of calls for which whisper announcement was failed during the interval.
Agent Greeting Answered	The number of calls for which agent greeting was successful during the interval.
Agent Greeting Failed	The number of calls for which agent greeting was failed during the interval.
Aggregate Statistics
Start Time	The time the service started collecting statistics.
Duration Elapsed	The amount of time that has elapsed since the service start time.
Total New Calls	The number of SIP Invite messages received by Unified CVP since system start time. It includes the failed calls as well as calls rejected due to the SIP service being out of service.
Connects Received	The number of CONNECT messages received by SIP service in order to perform a Unified CVP Transfer, since system start time. Connects Received includes the regular Unified CVP transfers as well as Refer transfers. Any label coming from the ICM service is considered a CONNECT message, whether it is a label to send to the VRU or a label to transfer to an agent.
Avg Latency Connect to Answer	The period of time between the CONNECT from ICM and when the call is answered. The metric includes the average latency computation for all the calls that have been answered since system start up time.
Failed SIP Transfers (Pre-Dialog)	The total number of failed transfers on the first CVP transfer since system start time. A SIP dialog is established after the first CVP transfer is completed. The metric does not include rejections due to SIP being out of service. The metric includes failed transfers that were made after a label was returned from the ICM in a CONNECT message.
Failed SIP Transfers (Post-Dialog)	The number of failed re-invite requests on either the inbound or outbound legs of the call since start time. After a SIP dialog is established, re-INVITE messages are used to perform transfers. Re-invite requests can originate from the endpoints or else be initiated by a Unified CVP transfer from the Unified ICME script. This counter includes failures for both kinds of re-invite requests.
Total Basic Service Video Calls Offered	The total number of basic service video calls offered since system start time.
Total Basic Service Video Calls Answered	The total number of basic service video calls answered since system start time.
Total Whisper Announce Answered	The total number of call for which whisper announce was successful since the system start time.
Total Whisper Announce Failed	The total number of calls for which whisper announce failed since the system start time.
Total Agent Greeting Answered	The total number of calls for which agent greeting was successful since the system start time.
Total Agent Greeting Failed	The total number of calls for which agent greeting failed since the system start time.

Infrastructure Statistics

Unified CVP infrastructure statistics displays realtime, interval, and aggregate data (including Java Virtual Machine (JVM) and threadpool realtime statistics).

The following table describes infrastructure statistics.

Table 3. Infrastructure Statistics
Statistic	Description
Realtime Statistics
Ports Available	The number of ports available for the processing of new calls. Exactly one port license is used per call, independent of the call's traversal through the individual call server services.
Current Port Usage	The number of port usage currently in use on the call server. Exactly one port usage is used per call, independent of the call's traversal of the individual call server services.
Current Port Usage State	The threshold level of port usage. There are four levels: safe, warning, critical, and failure.
Interval
Start Time	The time the system started collecting statistics for the current interval.
Duration Elapsed	The amount of time that has elapsed since the start time in the current interval.
Interval Duration	The interval at which statistics are collected. The default value is 30 minutes.
Total New Port Usage Requests	The number of port usage checkout requests made in the current interval. For each port license checkout request, whether it checks out a new port license or not, this metric is increased by one.
Average Port Usage Requests/Minute	The average number of port usage checkout requests made per minute in the current interval. This metric is calculated by dividing the port license requests metric by the number of minutes elapsed in the current interval.
Maximum Port Usage	The maximum number of ports used during this time interval.
Aggregate Statistics
Start Time	The time the service started collecting statistics.
Duration Elapsed	The amount of time that has elapsed since the service start time.
Total New Port Usage Requests	The number of port checkout requests made since the system was started. For each port checkout request, whether it checks out a new port or not, this metric is increased by one.
Average Port Usage Requests/Minute	The average number of port checkout requests made per minute since the system was started. This metric is calculated by dividing the aggregate port license requests metric by the number of minutes elapsed since the system was started.
Peak Port Usage	The peak number of simultaneous ports used since the start of the system. When a port checkout occurs, this metric is set to the current ports in use metric if that value is greater than this metric's current peak value.
Total Denied Port Usage Requests	The number of port checkout requests that were denied since the start of the system. The only reason a port checkout request would be denied is if the number of port licenses checked out at the time of the request is equal to the total number of ports available. When a port checkout is denied, the call does not receive regular treatment (the caller may hear a busy tone or an error message).

The following table describes thread pool system statistics. The thread pool is a cache of threads, used by Unified CVP components only, for processing of relatively short tasks. Using a thread pool eliminates the waste of resources encountered when rapidly creating and destroying threads for these types of tasks.

Table 4. Thread Pool Realtime Statistics
Statistic	Description
Realtime Statistics
Idle Threads	The number of idle threads waiting for some work.
Active Threads	The number of running thread pool threads currently processing some work.
Core Pool Size	The number of thread pool threads that are never destroyed, regardless of their idle period.
Maximum Pool Size	The maximum number of thread pool threads that can exist simultaneously.
Largest Pool Size	The peak number of thread pool threads simultaneously tasks with some work to process.

The following table describes Java Virtual Machine statistics.

Table 5. Java Virtual Machine (JVM) Realtime Statistics
Statistic	Description
Realtime Statistics
Peak Memory Usage	The greatest amount of memory used by the Java Virtual machine since startup. The number reported is in megabytes and indicates the peak amount of memory ever used simultaneously by this Java Virtual Machine.
Current Memory Usage	The current number of megabytes of memory used by the Java Virtual Machine.
Total Memory	The total amount of memory in megabytes available to the Java Virtual Machine. The number reported is in megabytes and indicates the how much of the system memory is available for use by the Java Virtual Machine.
Available Memory	The amount of available memory in the Java Virtual Machine. The number reported is in megabytes and indicates how much of the current system memory claimed by the Java Virtual Machine is not currently being used.
Threads in Use	The number of threads currently in use in the Java Virtual Machine. This number includes all of the Unified CVP and thread pool threads, as well as those threads created by the Web Application Server running within the same JVM.
Peak Threads in Use	The greatest amount of threads ever used simultaneously in the Java Virtual Machine since startup. The peak number of threads ever used by the Java Virtual Machine includes all Unified CVP and thread pool threads, as well as threads created by the Web Application Server running within the same JVM.
Uptime	The length of time that the Java Virtual Machine has been running. This time is measured in hh:mm:ss and shows the amount of elapsed time since the Java Virtual Machine process began executing.

VXML Server

Unified CVP VXML Server Statistics

The Unified CVP VXML Server Statistics displays realtime, interval, and aggregate Unified CVP VXML Server statistics.

To view VXML Statistics, at least one deployed Unified CVP VXML Server application must be configured with the CVPDataFeed logger.

The following table describes the statistics reported by the Unified CVP VXML Server.

Table 6. VXML Server Statistics
Statistic	Description
Port Usage Statistics
Total Ports	The total number of licensed ports for this Unified CVP VXML server.
Port Usage Expiration Date	The date when the licensed ports expires for this Unified CVP VXML server.
Available Ports	The number of port licenses available for this Unified CVP VXML server.
Total Concurrent Callers	The number of callers currently interacting with this Unified CVP VXML server.
Real Time Statistics
Active Sessions	The number of current sessions being handled by the Unified CVP VXML Server.
Active ICM Lookup Requests	The number of current ICM requests being handled by the Unified CVP VXML Server.
Interval Statistics
Start Time	The time at which the current interval begins.
Duration Elapsed	The amount of time that has elapsed since the start time in the current interval.
Interval Duration	The interval at which statistics are collected. The default value is 30 minutes.
Sessions	The total number of sessions in the Unified CVP VXML Server in the current interval.
Reporting Events	The number of events sent to the Unified CVP Reporting Server from the Unified CVP VXML Server in the current interval.
ICM Lookup Requests	The number of requests from the Unified CVP VXML Server to the ICM Service in the current interval.
ICM Lookup Responses	The number of responses to both failed and successful ICM Lookup Requests that the ICM Service has sent to the Unified CVP VXML Server in the current interval. In the case that multiple response messages are sent back to the Unified CVP VXML Server to a single request, this metric will increment per response message from the ICM Service.
ICM Lookup Successes	The number of successful requests from the Unified CVP VXML Server to the ICM Service in the current interval.
ICM Lookup Failures	The number of requests from the Unified CVP VXML Server to the ICM Service in the current interval. This metric will be incremented in the case an ICM failed message was received or in the case the Unified CVP VXML Server generates the failed message.
Aggregate Statistics
Start Time	The time at which the current interval has begun.
Duration Elapsed	The amount of time that has elapsed since the start time in the current interval.
Total Sessions	The total number of sessions in the Unified CVP VXML Server since startup.
Total Reporting Events	The total number of reporting events sent from the Unified CVP VXML Server since startup.
Total ICM Lookup Requests	The total number of requests from the Unified CVP VXML Server to the ICM Service. For each ICM lookup request, whether the request succeeded or failed, this metric will be increased by one.
Total ICM Lookup Responses	The total number of responses the ICM Service has sent to the Unified CVP VXML Server since startup. For each ICM lookup response, whether the response is to a succeeded or failed request, this metric will be increased by one. In the case that multiple response messages are sent back to the Unified CVP VXML Server to a single request, this metric will increment per response message from the ICM Service.
Total ICM Lookup Successes	The total number of requests from the Unified CVP VXML Server to the ICM Service since startup. For each ICM lookup request that succeeded, this metric will be increased by one.
Total ICM Lookup Failures	The total number of requests from the Unified CVP VXML Server to the ICM Service since startup. For each ICM lookup request that failed, this metric will be increased by one. This metric will be incremented if an ICM failed message was received or if the Unified CVP VXML Server generates a failed message.

Infrastructure Statistics

To view further details about infrastructure statistics, see section Infrastructure Statistics.

IVR Service Call Statistics

The IVR service call statistics include data on calls currently being processed by the IVR service, new calls received during a specified interval, and total calls processed since the IVR service started.

The following table describes the IVR Service call statistics.

Table 7. IVR Service Call Statistics
Statistic	Description
Realtime Call Statistics
Active Calls	The number of active calls being serviced by the IVR service.
Active HTTP Requests	The number of active HTTP requests being serviced by the IVR service.
Interval Statistics
Start Time	The time the system started collecting statistics for the current interval.
Duration Elapsed	The amount of time that has elapsed since the start time in the current interval.
Interval Duration	The interval at which statistics are collected. The default value is 30 minutes.
Peak Active Calls	Maximum number of active calls handled by the IVR service at the same time during this interval.
New Calls	New Calls is a metric that counts the number of New Call requests received from the IOS Gateway Service. A New Call includes the Switch leg of the call and the IVR leg of the call.
Calls Finished	A Call is a metric that represents the Switch leg of the CVP call and the IVR leg of the CVP call. When both legs of the call are finished, this metric increases. Calls Finished is a metric that counts the number of CVP Calls that have finished during this interval.
Average Call Latency	The average amount of time in milliseconds it took the IVR Service to process a New Call or Call Result Request during this interval.
Maximum Call Latency	The maximum amount of time in milliseconds it has taken for the IVR Service to complete the processing of a New Call Request or a Request Instruction Request during this time interval.
Minimum Call Latency	The minimum amount of time in milliseconds it took for the IVR Service to complete the processing of a New Call Request or a Request Instruction Request during this time interval.
Peak Active HTTP Requests	Active HTTP Requests is a metric that indicates the current number of simultaneous HTTP requests being processed by the IVR Service. Peak Active Requests is a metric that represents the maximum simultaneous HTTP requests being processed by the IVR Service during this time interval.
Total HTTP Requests	The total number of HTTP Requests received from a client by the IVR Service during this time interval.
Average HTTP Requests/second	The average number of HTTP Requests the IVR Service receives per second during this time interval.
Peak Active HTTP Requests/second	HTTP Requests per Second is a metric that represents the number of HTTP Requests the IVR Service receives each second from all clients. Peak HTTP Requests per Second is the maximum number of HTTP Requests that were processed by the IVR Service in any given second. This is also known as high water marking.
Aggregate Statistics
Start Time	The time the service started collecting statistics.
Duration Elapsed	The amount of time that has elapsed since the service start time.
Total New Calls	New Calls is a metric that counts the number of New Call requests received from the IOS Gateway Service. A New Call includes the Switch leg of the call and the IVR leg of the call. Total New Calls is a metric that represents the total number of new calls received by the IVR Service since system startup.
Peak Active Calls	The maximum number of simultaneous calls processed by the IVR Service since the service started.
Total HTTP Requests	Total HTTP Requests is a metric that represents the total number of HTTP Requests received from all clients. This metric is the total number of HTTP Requests received by the IVR Service since system startup.
Peak Active HTTP Requests	Active HTTP Requests is a metric that indicates the current number of simultaneous HTTP requests processed by the IVR Service. Maximum number of active HTTP requests processed at the same time since the IVR service started. This is also known as high water marking.

Unified CVP Reporting Statistics

Reporting Statistics

Unified CVP Reporting Server statistics include the total number of events received from the IVR, SIP, and VXML services.

The following table describes the Unified CVP Reporting Server statistics.

Table 8. Unified CVP Reporting Server Statistics
Statistic	Description
Interval Statistics
Start Time	The time the system started collecting statistics for the current interval.
Duration Elapsed	The amount of time that has elapsed since the start time in the current interval.
Interval Duration	The interval at which statistics are collected. The default value is 30 minutes.
VXML Events Received	The total number of reporting events received from the VXML Service during this interval. For each reporting event received from the VXML Service, this metric will be increased by one.
SIP Events Received	The total number of reporting events received from the SIP Service during this interval. For each reporting event received from the SIP Service, this metric will be increased by one.
IVR Events Received	The total number of reporting events received from the IVR service in the interval. For each reporting event received from the IVR service, this metric will be increased by one.
Database Writes	The total number of writes to the database made by the Unified CVP Reporting Server during the interval. For each write to the database by the Unified CVP Reporting Server, this metric will be increased by one.
Aggregate Statistics
Start Time	The time the service started collecting statistics.
Duration Elapsed	The amount of time that has elapsed since the service start time.
VXML Events Received	The total number of reporting events received from the VXML Service since the service started. For each reporting event received from the VXML Service, this metric will be increased by one.
SIP Events Received	The total number of reporting events received from the SIP Service since the service started. For each reporting event received from the SIP Service, this metric will be increased by one.
IVR Events Received	The total number of reporting events received from the IVR Service since the service started. For each reporting event received from the IVR Service, this metric will be increased by one.
Database Writes	The total number of writes to the database made by the Unified CVP Reporting Server since startup. For each write to the database by the Unified CVP Reporting Server, this metric will be increased by one.

Infrastructure Statistics

To view further details about infrastructure statistics, see section Infrastructure Statistics.

Cisco Packaged Contact Center Enterprise Administration and Configuration Guide, Release 12.0(1)

Bias-Free Language

Results

Chapter: Reference

Reference

Security Certificates

Certificates for Live Data

Add Self-Signed Certificates for Live Data

Procedure

Obtain and Upload CA Certificate for Live Data from a Third Party Vendor

Setup CA in Windows

Set up Microsoft Certificate Server for Windows 2008 R2

Procedure

Set up Microsoft Certificate Server for Windows Server

Before you begin

Procedure

Generate and Import CA Signed Certificate in AW Machine

Procedure

Generate and Import Self-signed Certificate in AW Machine

Procedure

Generate Self-Signed Certificate in ECE Web Server

Procedure

Change Java Truststore Password

Procedure

Procedure

Import WSM CA Certificate into CVP

Procedure

Import CA Certificate into AW Machines

Procedure

Add Solution Components Self-Signed Certificate to AW Machine

Add Finesse Certificate to AW Machine

Procedure

Add IdS Certificate to AW Machine

Procedure

Add ECE Web Server Certificate to AW Machine

Procedure

Import WSM Certificate into AW Machines

Procedure

Import VVB Self-Signed Certificate into AW Machines

Procedure

Graceful Shutdown of Call Server or Reporting Server

Procedure

Unified CVP Statistics

Call Server

Unified ICM Service Call Statistics

SIP Service Call Statistics

Infrastructure Statistics

VXML Server

Unified CVP VXML Server Statistics

Infrastructure Statistics

IVR Service Call Statistics

Unified CVP Reporting Statistics

Reporting Statistics

Infrastructure Statistics

Was this Document Helpful?

Contact Cisco