Requirements
This chapter describes the requirements for the Cisco Contact Center environment that must be met in order to run b+s Connects for SAP C4C.
3rd Party Host System Requirements
For third-party host system requirements involving all Cisco components as well as for information regarding CCE hardware and software requirements, please refer to the official Cisco Design Guides.
Cross-Origin Resource Sharing (CORS)
CORS support to third-party web servers is disabled by default for Cisco Finesse and OpenFire. In order to allow connections from b+s Connects for SAP C4C, CORS must be enabled on all Finesse servers.
Please check the Cisco Finesse Admin Guide for more information.
The following commands may be used (depending on your needs):
utils finesse cors enable_all: This command allows all origins to make cross domain requests. It responds and allows CORS preflight requests from any domain to make Finesse API/OpenFire requests.utils finesse cors enable: This command allows CORS for Cisco Finesse APIs and OpenFire requests for the allowed origin list. It responds to browser CORS preflight requests and allows valid domains to make Finesse API/OpenFire requests.utils finesse cors disable: This command restricts CORS for Cisco Finesse APIs and OpenFire requests. It disallows or prevents CORS preflight requests from any external domain from making Finesse API and OpenFire requests.utils finesse cors status: This command displays the CORS status (enable_all, enabled, or disabled) on the console.utils finesse cors allowed_origin list: This command lists all the origins in the allowed origin list.utils finesse cors allowed_origin add: This command adds origins to the allowed origin list. Origins can be added by using a comma separated string. For example:utils finesse cors allowed_origin add http://origin1.com:[port]utils finesse cors allowed_origin add http://origin1.com: [port], http://origin2.com:[port]
After you make changes to the CORS status or to the allowed origin list, restart Cisco Finesse Tomcat and Notification Services for changes to take effect.
Enable CSP on Finesse Server
The Content Security Policy (CSP) is a standardized set of security directives that can inform the policies' users on how to mitigate various forms of attack. The CSP frame-ancestor policy defines the allowable locations from where the Finesse desktop can be accessed, as embedded HTML content, which can help prevent click-jacking attacks.
On a SAP C4C hosted deployment of the Connects Gadget with SSO integration, the Content Security Policy needs to be enabled on the Finesse server.
You can also use wildcards * in order to whitelist multiple subdomains at once. e.g. https://*.bucher-suter.com
Finesse 12.0(1) ES4 or newer, Finesse 12.5(1) ES3 (CCE) ES2 (CCX)
To enable Frame Access on the Finesse server use the following procedure:
Step 1: Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to the Finesse CLI (Command Line Interface)
Step 2: Execute the following command on the CLI:
utils finesse frame_access_whitelist add https://connects.bucher-suter.com
utils service restart Cisco Finesse Tomcat
utils service restart Cisco Finesse Notification Service
Step 3: Repeat steps 1 and 2 on every Finesse server
In order to disable the CSP, execute utils finesse frame_access_whitelist delete https://connects.bucher-suter.com and restart the services.
Finesse 12.5(1) ES4 or newer
To enable Frame Access on the Finesse server use the following procedure:
Step 1: Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to the Finesse CLI (Command Line Interface)
Step 2: Execute the following command on the CLI:
utils finesse frame_access_allowed_list add https://connects.bucher-suter.com
utils service restart Cisco Finesse Tomcat
utils service restart Cisco Finesse Notification Service
Step 3: Repeat steps 1 and 2 on every Finesse server
In order to disable CSP, execute utils finesse frame_access_allowed_list delete https://connects.bucher-suter.com and restart the services.
Finesse 11.6(1) ES10 or newer
To allow Finesse resources to be loaded inside any Iframe use the following procedure:
Step 1: Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to the Finesse CLI (Command Line Interface)
Step 2: Execute the following command on the CLI:
utils finesse xframe enable_all
utils service restart Cisco Finesse Tomcat
utils service restart Cisco Finesse Notification Service
Step 3: Repeat steps 1 and 2 on every Finesse server
In order to disable embedding iFrames, execute utils finesse xframe disable https://connects.bucher-suter.com and restart the services.
Reset 3rdpartygadget FTP Password
If SSO is enabled you will need to upload a file to the Cisco Finesse 3rdpartygadget folder. If the password for the FTP User is unknown, here are the instructions on how to reset it.
Step 1: Open an SSH session to the Finesse server (e.g. with PuTTY) and log on.
Step 2: Enter utils reset_3rdpartygadget_password and set the new password for the 3rdpartygadget user.
Network Requirements
For UCCE:
| Source | Destination | Origin | Protocol | Port | Secured |
|---|---|---|---|---|---|
| Connects Gadget | Cisco Finesse | Agent Browser | TCP/IP | 443 | Yes |
| Connects Gadget | Cisco Finesse | Agent Browser | TCP/IP | 7443 | Yes |
| Connects Gadget | SAP C4C platform | Agent Browser | TCP/IP | 443 | Yes |
For UCCX:
| Source | Destination | Origin | Protocol | Port | Secured |
|---|---|---|---|---|---|
| Connects Gadget | Cisco Finesse | Agent Browser | TCP/IP | 8445 | Yes |
| Connects Gadget | Cisco Finesse | Agent Browser | TCP/IP | 7443 | Yes |
| Connects Gadget | SAP C4C platform | Agent Browser | TCP/IP | 443 | Yes |
Redundancy Considerations
If the SAP C4C platform experiences a power outage, a substitute agent desktop must be used to handle call center-based calls (i.e. the Cisco Finesse Desktop). The platform-based features (e.g. Click-to-Dial and work log) and information (lookup results) will not be available under these conditions.
Cisco Finesse Failover Conditions
b+s Connects for SAP C4C supports Cisco Finesse failovers.
A failover can occur in the following scenarios:
- The Cisco Tomcat Service (Finesse Webservice) goes down.
- The Cisco Finesse Notification Service (XMPP) goes down.
- Network connection is lost or a network glitch occurs.
- Finesse loses connection to both CTI servers.