We are looking for some guidance on what Cisco’s recommendation is and what other clients are doing to secure the Cisco Web Inbox application. I have gone through the admin guide and did not notice anything related the quetstions.
1. Can we have different authentication mechanism whether connecting from a corporate/home computer as opposed to a public Internet kiosk, i.e. form based authentication;
2. What is the inactivity timeout, if so, can it be set/modified;
3. Is there any username/password caching on connecting computers, if so, is there any cache cleaner mechanism. Think this is done by clearing cache from Web Browser.
4. Can cookies be encrypted.
Any assistance you can offer would be greatly appreciated.
1. Not 100% sure what you mean, so I may not be able to answer it fully. You have to be on the network (whether locally or VPN) where Unity Connection resides in order to login to PCA. Your username/password for PCA is your locally created username/password from CUCM (or AD credentials), so to answer your question I believe the answer is no since these CUCM credentials do not have an alternate method of authentication.
2. 300 seconds is the default (5 mins). It can be modified...Login to CUC Admin Web Page and then go to system settings -->advanced-->connection administration
For question 2, I think you are referring to the setting "Voice Mail Web Service: Session Timeout (in Seconds)". I have tried unsuccesfully to get this to do anything. I set it to 60 and was not forced out after 1 min -- is it minutes perhaps, hours? Is "Voice Mail Web Service" the same as Web Inbox? There is also a an "Advanced --> PCA" configuration screen with "Cisco PCA Session Timeout (in Minutes)" that I was assuming included Web Inbox but after the default of 20 minutes passed I don't believe that is the way to control it either.
For question 4, isn't this a security risk that should be addressed by the programmers as opposed to encrypting cookies via a 3rd party? My customer's base build for PCs is set to prompt when getting mixed content (HTTP/HTTPS) and thus is getting an error message asking if you want to accept mixed content -- thus confusing some users. The Security department has confirmed that the cookies are the culprit and we have opened a TAC case on this, but turning the mixed content warning in the browser seems like it masks the real issue.
1. You have to be on local network or VPN to use Web Inbox, as Web Inbox messages do not show unless the URL you are using to connect is also configured on Unity. In other words, you cannot successfully connect via a public IP address URL if Unity is configured with a private IP address, nor with a user-friendly URL if Unity is configured with a different hostname. You can log in to PCA / Web Inbox when connecting remotely (non-VPN), but you will not see the Web Inbox content.
Upon recommendation of other users here on this site, I have implemented a reverse proxy, in my case using Cisco ASA firewall's Clientless SSL VPN facility. This is configured to allow remote users to connect to the firewall's SSL VPN login webpage and then if successfully security-checked to connect to the PCA login page, where they can then view the Web Inbox and, crucially, see and play voicemail message content. It should work from an Internet kiosk as it uses only a webpage and HTTPS, with no VPN client.
It also adds a 2nd layer of security, which is I believe what you are looking for.
IntroductionCUCM Routing RulesDial String implementation PolicyCUCM Routing LogicSIP URI Call Routing Analysis+++ Case Study: 1 ++++++ Case Study: 2 +++Conclusion
Over the last few months, I have had the privilege of working on SI...
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...