In a typical installation where agents using Cisco Interaction Manager could be spread across multiple locations, the load balancer, along with the Cisco Interaction Manager web servers, may be deployed in a DMZ. This is a required deployment for Unified WIM installations where customers enter chat sessions from outside the intranet. However, having the web-application servers within the intranet is possible, too. The services and database server can reside in the network over the same or different VLAN. If integration of these servers is implemented with Active Directory, then associated ports should be opened for communication with Domain Controllers.
The web server does not need to be installed in the same domain as other Cisco Interaction Manager components. It can be
located anywhere, for example, in a DMZ.
For EIM WIM 9 Deployment model to Support DMZ web server, following points need to be taken care of:
Keep Web server within the Network while installing the setup
After Installation of Web Server, move webserver VM to demilitarized zone (DMZ)
Only four ports need to be open between Web Server and App Server (i.e. 15006, 15007, 15008 and 15009)
Or if you do not want to put in network even at the time of installation then all the ports that we use between the web server and the intranet servers (application, server, etc) that we document need to be open at installation, if the web server is already in the DMZ
For installing web server in DMZ or installing in n/w and then moving to DMZ, you can refer regular web server install document.
And with web server in DMZ external users won't have direct access to any CIM servers except Web server so I dont think another reverse proxy layer is needed but this can be evaluated based on clients intial requirement of reverse proxy
I am still not clear on how I can achieve a secure solution without reverse proxy. The documentation states that WIM must be on a domain (not necessarily the same domain as App server) which is not a good DMZ solution.
To avoid doing this I would like to keep WIM in the Intranet zone and route chat requests via reverse proxy therefore not requiring a domain server in the DMZ. The documentation mentions reverse proxy in the context of load balencers for HA but does not mention a supported configuration where the WIM box stays in the intranet.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...