About this Document

This document provides installation instructions for Unified CCE 12.6(2) ES108. It also contains a list of Unified CCE issues resolved by this engineering special. Review all installation information before installing the product. Failure to install this engineering special as described can result in inconsistent Unified CCE behaviour.

This document contains these sections:

Sign Up for Email Notification of New Field Notices

In the Product Alert Tool, you can set up profiles to receive email notification of new Field Notices, Product Alerts, or End of Sale information for your selected products.

The Product Alert Tool is available at https://www.cisco.com/cisco/support/notifications.html.

About Cisco Unified CCE (and Unified CCE Engineering Specials)

 

Unified CCE 12.6(2) ES108 patch contains defect fixes done on all previous ES along with a security feature enhancement done as part of CSCwp80812.

 

With the enhanced feature connection between CCE Router Side A and CCE Logger Side A and connections between CCE Logger and its peer is made secured by introducing TLS in the existing TCP connection.  This is also been done in the TCP connection between CCE Logger and CCE HDS, CCE Logger to CCE Dialer.

 

For the CCE Dialer to connect securely with CCE Logger, CCE 12.6(2)ES108 has to be installed on the CCE PG machine and CCE 12.6(2)ES103 on CCE Logger. For CCE Logger to connect securely with CCE AWHDS or AWHDS-DDS, CCE 12.6(2)ES102 has to be installed in AW machines.

 

Once 12.6(2)ES108 is installed few manual steps needs to be followed to enable the security feature. This will be covered in the section “Manual steps to enable TLS Security Feature”.

 

 

Unified CCE Compatibility and Support Specifications

Unified CCE Version Support

Unified CCE Component Support

This section lists the Unified CCE components on which you can and cannot install this engineering special.

Supported Unified CCE Components

You can install Unified CCE 12.6(2) ES91 on these Unified CCE components:

Unsupported Unified CCE Components

Do not install this engineering special on any component other than:

Unified CCE Engineering Special Installation Planning

Planning for maintenance window and downtime

You can use graceful shutdown procedure to install this ES with Zero down time. To avail this Zero Down Time feature, ES68 in Rogger/Router server, ES69 in Peripheral Gateway, ES70 in Admin Workstation/Distributor servers is a prerequisite to be present in the system.

Note: Prior to initiating installation or uninstallation, ensure that only one user session is active on the target servers. Concurrent user logins are not allowed during this process.

Installing Unified CCE 12.6(2) ES108

To install the Unified CCE 12.6(2) ES108 with maintenance mode (Zero Downtime), follow the steps:

  1.  Using maintenance mode stop services on side A.
  2.  Install this ES on side A and restart VM.
  3.  Start services on side A.
  4.  Using maintenance mode stop services on side B.
  5.  Install this ES on side B and restart VM.
  6. Start services on side B

For more information about graceful shutdown, please refer to Administration guide for unified contact centre enterprise release -https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_12_6_2/administration/guide/administration-guide-for-cisco-unified-contact-center-enterprise-release-1262/ucce_m_graceful-shutdown.html?bookSearch=true

Uninstall Directions for Unified CCE 12.6(2) ES108

  1. To uninstall this patch, go to Control Panel.
  2. Select "Add or Remove Programs".
  3. Find the installed patch in the list and select "Remove".

Note: If you have enabled the security feature by following the steps given in “Steps to enable TLS Security Feature” section after installing the patch then you have to disable the feature by following the steps given in the section “Steps to disable TLS Security Feature” before the uninstall of the patch.

Note: Remove patches in the reverse order of their installation. For example, if you installed patches 3, then 5, then 10 for a product, you must uninstall patches 10, 5, and 3, in that order, to remove the patches from that product.

New Feature : Secure Communication across components  CCE Router, CCE Logger, CCE PG and CCE AWHDS-DDS

With this feature, inter-datacentre CCE components that communicate with each other across different processes which carries customer sensitive Personally Identifiable Information (PII) that include credit card information, PIN, and other sensitive details become secure, as TLS 1.2 is now implemented over the underlying TCP connections.

The following components and processes are secured:

  1. Router communication with peer Router on private network interface. 
  2. Peripheral Gateway communication with peer Peripheral Gateway on private network interface. 
  3. Router and Peripheral Gateway communication on public network interface.
  4. Logger communication with peer Logger on private network interface. 
  5. Logger processes communication with Router on private network interface if configured on separate machine. 
  6. Logger communication with AWHDS or AWHDS-DDS on public network interface. 
  7. Logger communication with Agent PG  on public network interface. 

 

By default this feature will be disabled, to enable refer to the steps to enable feature.

Steps to enable TLS Security Feature

Prerequisites:
To enable this feature the following ES has to be installed.

1.     12.6(2)ES103 on Routers

2.     12.6(2)ES108 on Peripheral Gateways.

3.     12.6(2)ES102 on AWHDS, AWHDS-DDS.

This feature requires the certificates to be exchanged between the CCE Router side A and Side B, Logger Side A and Logger Side B and also all PG sand AWHDS servers certificates needs to be installed on both sides of CCE Routers and CCE Logger and vice-versa. Hence on each node a certificate has to be deployed, and client should be installed with trust certificate of the server. For example, on Router A, the Router-B trust certificates has to be installed, similarly between Peripheral Gateways and Router. Certificates can be generated and installed using the CiscoCertUtil tool. Refer to the Cisco Security Guide for detailed instructions.

 

A. Enable Secured Communication on Peripheral Gateway

1.     Make sure 12.6(2)ES103 is installed and feature is enabled on CCE Router component before enabling the feature. Refer readme document of 12.6(2)ES103.

2.     Once CCE 12.6(2)ES108 is installed, you open Peripheral Gateway setup on  CCE PG Side A.

3.     Edit PG1 and click “Next” button till you get “Peripheral Gateway Network Interfaces” dialog box.

4.     Check the check boxes “Enable secure connection” under “Private Interfaces” and “Visible Interfaces” sections.

5.     With the above steps system will be able to communicate with its peer (other side of CCE PG) with TLS secured TCP connection via MDS process.

6.     With the above steps system will be able to do state transfer with TLS on TCP connection during failover.

7.     PG can connect to central controller via TLS on existing TCP connection.

8.     Do the above  change to each PG of side A.

9.     Do the above  change to each PG of side B.

10.  Cycle CCE PG Service on SideA and SideB.

B. Enable Secured Communication between On CCE Dialer

1.     Make sure 12.6(2)ES103 is installed and feature is enabled on CCE Loggercomponent before enabling the feature. Refer readme document of12.6(2)ES103.

2.     Once CCE 12.6(2)ES108 is installed, you open Peripheral Gateway setup on  CCE PG Side A.

3.     Edit “Dialer” and click “Next” button till you get “Outbound Option Dialer Properties” dialog box.

4.     Check the check box“Enable secure connection” under “Campaign Manager Connections” section.

5.     Do the above  change to each Dialer of side A.

6.     Do the above  change to each Dailer of side B.

7.     Cycle all CCE PG Service on SideA and SideB servers.

Steps to disable TLS Security Feature

It is not recommend to disable the feature as this is security feature over the TCP connection going out of datacentre.

Do the below steps in maintenance.

A. Disable Secured Communication on Peripheral Gateway

1.     Once CCE 12.6(2)ES108 is installed, you open Peripheral Gateway setup on  CCE PG Side A.

2.     Edit PG1 and click “Next” button till you get “Peripheral Gateway Network Interfaces” dialog box.

3.     Check the uncheck boxes “Enable secure connection” under “Private Interfaces” and “Visible Interfaces” sections.

4.     With the above steps system will be able to communicate with its peer (other side of CCE PG) with TLS secured TCP connection via MDS process.

5.     With the above steps system will be able to do state transfer with TLS on TCP connection during failover.

6.     PG can connect to central controller via TLS on existing TCP connection.

7.     Do the above  change to each PG of side A.

8.     Do the above  change to each PG of side B.

9.     Cycle CCE PG Service on SideA and SideB.

B. Disable Secured Communication between On CCE Dialer

1.     Once CCE 12.6(2)ES108 is installed, you open Peripheral Gateway setup on  CCE PG Side A.

2.     Edit “Dialer” and click “Next” button till you get “Outbound Option Dialer Properties” dialog box.

3.     Check the uncheck box“Enable secure connection” under “Campaign Manager Connections” section.

4.     Do the above  change to each Dialer of side A.

5.     Do the above  change to each Dailer of side B.

6.     Cycle all CCE PG Service on SideA and SideB servers.

Resolved Caveats in this Engineering Special

This section provides a list of significant Unified CCE defects resolved by this engineering special. It contains these subsections:

Note: You can view more information on and track individual Unified CCE defects using the Cisco Bug Search tool, located at: https://bst.cloudapps.cisco.com/bugsearch/search?null.

Resolved Caveats in Unified CCE 12.6(2) ES108

This section lists caveats specifically resolved by Unified CCE 12.6(2) ES108.

Index of Resolved Caveats

Caveats in this section are ordered by UNIFIED CCE component, severity, and then identifier.

Identifier

Severity

Component

Headline

Dependency

CSCwp80812

6

MDS

Connections among CCE components in different VMs via MDS is not secured.

ES102 on AW, ES103 on Router

CSCwr18559

2

cg.ctiserver

CTIServer not sending the SNAPSHOT_DEVICE_CONF and Finesse Freezes for all agents

 

CSCwo11931

3

cg.ctiserver

CTI Server Crash due to ValidateApplicationThreadServicing in Customer system

 

CSCwr56798

4

pg.cucm.jtapi

JGW is not considering the Success flag from LineCallConferenceEnded event sent from CUCM

 

 

Obtaining Documentation

You can access current Cisco documentation on the Support pages at the following sites:

Documentation Feedback

To provide comments about this document, send an email message to the following address:

contactcenterproducts_docfeedback@cisco.com

We appreciate your comments.

Obtaining Technical Assistance

Cisco.com is a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC site.

Cisco.com

Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. You can also resolve technical issues with online technical support and download software packages. Valuable online skill assessment, training, and certification programs are also available.

Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.

Technical Assistance Centre

The Cisco TAC site is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.

Contacting TAC by Using the Cisco TAC Site

If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to https://www.cisco.com/c/en/us/support/index.html.

P3 and P4 level problems are defined as follows:

In each of the above cases, use the Cisco TAC site to quickly find answers to your questions.

If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following site: https://mycase.cloudapps.cisco.com/create/start/

Contacting TAC by Telephone

If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following sites:

P1 and P2 level problems are defined as follows: