Cisco Customer Collaboration Architectural Vision Michael Lepore, Tod Famous BRKCCT-1009 Disclaimer The Cisco products, service or features identified in this document may not yet be available or may not be available in all areas and may be subject to change without notice. Consult your local Cisco business contact for information on the products or services available in your area. You can find additional information via Cisco’s World Wide Web server at http://www.cisco.com. Actual performance and environmental costs of Cisco products will vary depending on individual customer configurations and conditions. This is a confidential Cisco Internal launch document and not for external distribution. Agenda
• Disruptive Solutions • OmniChannel • Mobile, Video • Context • Cloud Evolution • HCS, Cloud Extensions • DevOps
• Architectural Evolution • UI Architecture • Cloud Evolution • Cloud Basics • Context Architecture
• Technological Building Blocks
• Q&A Disruptive Solutions John Bowden, Senior Vice President of Customer Care, Time Warner Cable Omnichannel = Multichannel + Context
Single Multichannel Omnichannel Channel
Context How do I get ? what I want? How do I get ? what I want? Marketing Process Process
Sales
Process
Service IVR/Voice CC ? eMail, SMS, chat How do Self-Service I get Automation what I Mobile/Web want? Marketing
Sales
Service ? IVR/Voice CC Context eMail, SMS, chat
Simple Self-Service Platform Contact Customer Automation Mobile/Web Context Service Unify customer journeys, across time, medium, people, process and outcome
Social Media Chat Email
Phone Customer SMS Journey
IVR Retail
Mobile Web IoE
Cisco Customer Custom Applications Collaboration Solutions how not where
Paul Maritz CEO, VMware Contact Center Cloud Strategy On-Premise CC
CC App
CC Platform
UC Infra
HCS Partner Platform
CC App
CC Platform
UC Infra Contact Center Cloud Strategy On-Premise CC
CC App
CC Platform
UC Infra
HCS Partner Platform Cisco Cloud Platform
CC App Conversation Media Context Service
CCtr Services (Dictionary, Common Services (Atlas, CIS, etc.) CC Platform etc.)
UC Infra CTG IAAS PAAS Contact Center Cloud Strategy On-Premise CC
CC App Value Extended
CC Platform
UC Infra
HCS Partner Platform Cisco Cloud Platform
CC App Conversation Media Context Service
CCtr Services (Dictionary, Common Services (Atlas, CIS, etc.) CC Platform etc.)
UC Infra CTG IAAS PAAS Contact Center Cloud Strategy On-Premise CC Future Cloud Offerings CC App Value Extended
CC Platform
UC Infra Value Created Value HCS Partner Platform Cisco Cloud Platform
CC App Conversation Media Context Service Future Services
CCtr Services (Dictionary, Common Services (Atlas, CIS, etc.) CC Platform etc.)
UC Infra CTG IAAS PAAS Cisco’s Hybrid Architecture
Cisco Collaboration Cloud Partner Cloud Customer Cloud
Collaboration on Intercloud
Extensions Cloud Cloud
On Premises Cisco Cloud Architecture Openstack IaaS Providers A New Type of Bursting
Cisco Collaboration Cloud
Cisco Collaboration DEPLOY Cloud Software Partner Cloud
Private Customer Cloud DevOps
• Application of Agile concepts to Operations and DevOps Development • “Pipelines” of software development • Organization and Operations Technology Architectural Evolution User Interface Architecture Principals drive Technology Choices
Standards Based
Thin client • HTML5, JavaScript, CSS Extensible • REST APIs • OpenSocial Gadgets Coherent role-driven applications • Admin, Agent/Supervisor and Reporting User applications • Bootstrap, Common JavaScript (JQuery Based) Decoupled but Integrated • OpenSocial Gadgets • Common infrastructure to share across implementations Cisco Finesse = Agent/Desktop Evolution
Media Finesse Finesse CUIC Finesse Sense
Media CUIC Social CUIC Social Social Miner Miner Sense Miner 8.5(3) 9.x 10.0
Media Media CUIC CUIC Finesse Sense Finesse Sense
Social Social CCX CCX Miner Miner Chat,Email Chat Chat,EMail Chat 10.6 10.5 Finesse 11.0 – Extending Finesse to the Cloud
Media CUIC Finesse Sense Context Social CCX Miner Context Chat,Email Chat,EMail Service 11.0 Cisco Finesse Architecture
Cisco Finesse (Agent & Supervisor
Desktop)
Browser Desktop Context
Common ContainerShindig (Shindig) VOS
VOS 1st Party 3rd Party REST API
Common Gadgets Gadgets Finesse Server Finesse
REST Gadget REST Gadgets REST Gadgets
VOS s VOS VOS API
CUIC API API
SocialMiner MediaSense Responsive Design – Media Queries CSS: Media Queries
https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Media_queries WebRTC – Browsers as Endpoints Cisco Remote Expert Mobile High Level Architecture
RE Mobile Client SDK REM Media Broker
Finesse Agent Desktop
Voice & Video Web Gateway REM App Server Expert Assist CUBE & CUCM
Co-browse App Share Media Endpoint RE Mobile Client SDK REM Admin Console Customer Expert Cloud Evolution Cloud Characteristics
Cloud-Scale Security Availability • Application • Data Security • Metrics and independent scale • Encryption Logging • More servers, not • Reliability bigger servers • Always Available • Elasticity 3 Cloud Service Delivery Models
Software as a Service - SaaS • Context Service, CRM, Virtual Desktops, File Sharing, etc
Platform as a Service – PaaS • Application Execution Environments, Databases, Message Busses, etc
Infrastructure as a Service - IaaS • VMs, Networks, Storage What is OpenStack
- A Free Open Source IaaS Platform
- Multiple Related Projects - Horizon (UI), Neutron (Networking), Nova (Compute), Swift (Object Storage), Cinder (Block Storage), etc.
- What it provides - A coherent interface that allows for provisioning resources - Tenant Isolation - Isolate resources (not HW) to a user (or set of users) • Floating IP’s, Software Networks, and Security Rules • Software Defined Subnets • Virtual Public IP’s that can be associated with a Virtual Machine via NAT • Limit Access: Ingress and Egress Rules
Floating IP 1
Floating IP 2
Router – Bridges the sub nets with the public Floating IP Network Application Design Cloud Applications 101: Platform as a Service
Remove the complexity of cloud development
Framework for “cloudy” software
• Scale • Reliability • Serviceability • Isolation • Deployment, Lifecycle Management
Provide Code Isolation
• IaaS, Operating Systems, Networks PaaS Layer
App Config
Deps RT App Container
Logging Externalized Metrics State
12factor.net PaaS Layer
App Config App Config App Config App Config
Deps RT Deps RT Deps RT Deps RT App Container App Container App Container App Container
Logging Externalized Metrics State
12factor.net Cloud Foundry Architecture
Browser API CLI / CI System
Deploy / Config Load Balancer
Request Router Request Router Request Router Request Router
Cloud M Controller S Cloud Java App Java App .JS App .JS App G Foundry B DEA (Execution Engine) DEA (Execution Engine) U Health AppApp Engines Engines AppApp Engines Engines S Manager Cloud Management Cloud Collaboration Administration A Common Admin platform that allows customers and partners to manage Cisco Collaboration services in a simple tool with an intuitive interface
Automated Reports, Analytics & Manage Security & License & Account provisioning & Simple System Health/ Policy settings Management / Upsell User management Support & Debugging Design Considerations
Partner as a first class citizen
Automated provisioning which gives an admin access to Admin Console as soon as the order is placed
First Time Wizard that guides the admin through Dir Sync and SSO setup
Service and User Management – One console to manage multiple services and users /entitlements
Single notification to end users for all service entitlements
Support and Debugging tool accessible to the relevant roles Architecture – Core with Micro Services Core Logs/ Settin Notif Clien Metric Analyti ( Common Features) Spark gs s cs ts s
Context User Management, Dir Sync/ SSO
WebEx License Management
Cloud Extensions Devices / Endpoints
Cloud Endpoints Analytics/ Reports Admin Micro Services • Oauth / SAML with a Common Identity Server • Industry standard approach to authentication and authorization • Ability to authenticate user using their own Organization (SAML) • Ability to provision credentials for Oauth clients (generated client id / secret for machine accounts) Cluster Cluster Customer Customer OAMP/Finesse OAMP/Finesse CVP VXML CVP Finesse Servers Partner Server Admin Prem Subscription and DiscoveryUser Fuse, Fuse, Status Update POD API FMS Authentication Machine Account Machine Account Provisioning, Entitlement Customer Customer CIS CCFS=Contact Center Fusion Services
Admin Config* RT Node CIS FMS CCFS
Clicks “Register"
Admin logs into local ui, Click Fuse Redirect to CCFS
ccfs/fuse?returnURI=http://configserver/fuseReturnUri&serverID=configServerID&applicationType=XXXX
302 redirect to CIS to authenticate and go to FMS
/idb/oauth2/authorize (Implicit Code Grant)
Redirect_uri=/FMS/fuse-landing Authenticate User State=CCFS_landing_url 302: location mgmtSvc/cloud-fuse-landing /cloud-fuse-landing ; state=ccfs_fuse_landing_uri
Validate User / Confirm Prompt 302: Redirect to CCFS
/ccfs-fuse-success
cisRole, token timestamp, token, etc Create machine account (accessToken) See Fusion Services Screen
302: htttp://configserver/fuseReturnUri; machineCredentials=YYYYY /fuseReturnUri ; machineCredentials=YYYYY Auth Machine Account, Get Token Register Management Connector, RT Node Connectors Report Status (periodically)
Provision RT Node – machineCredentials=YYYY Report Status (periodically) • During initial connection • Determine data center pairs based on organization • Each org is bound to primary/secondary DC • Can be changed later via disconnect and reconnect Data Model Context Service Data Model
1 Org 1
1
Workgroup 1..n Request Customer 1..n 0..1
1 1..n 1..n 1..n 0..1 0..1
POD
1..n User
1 KMS 1 1 Resource
1
CIS Identity * Context Service Fields and Fieldsets
Field Name Privacy Description Translations Request Lookup?
1..n
1..n Contain data that map 1..n to 1 or more Classes Field Set POD Each element adheres 1..n to the Field Definition
Customer Workgroups
1 Org
1
*
1 1 User CIS Identity
*
*
* 1 1 KMS Workgroup Resource
Request Customer POD KMS Keys Workgroup Security (Partners)
Org
Local Cloud Local Machine Analytics Agents Accounts Partner
KMS Workgroup 1 Workgroup 2 KMS Resource Full Access Encrypted Only Resource
Key 1 CustomerCustomer CustomerCustomer CustomerCustomer Key 2 Requests11 Customers11 1PODs1
Enc & PII Enc Data Data Workgroup Security (Lab/Production)
Org
CVP Finesse EIM/WIM Custom Deployment Deployment Deployment Application Account Account Account Account
Workgroup 1 Workgroup 2 Production Lab
CustomerCustomer CustomerCustomer CustomerCustomer CustomerCustomer CustomerCustomer CustomerCustomer Requests11 Customers11 1PODs1 Requests11 Customers11 1PODs1
Selected when SDK is instantiated Data Security Cloud Context Data Security
POD
IVR SDK KMS
Email / Chat SDK
Partner SDK Application CIS POD
Context Finesse SDK PO PODD Encryption Model Requirements
• Applies to POD, Request, Customer • Reinforce application security with cryptographic security • Security granted at the workgroup level • Encrypted and PII have separate access • Multiple users per workgroup • Multiple workgroups per user • Utilize standard keying protocol • https://tools.ietf.org/html/draft-abiggs-saag-key-management-service-00
• Allow anonymized access for certain workgroups • Encrypted data only Record (Customer/POD/Request)
Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open
PiiData
Name Fred Smith Phone Number 555-867-5309 Email [email protected]
Encrypted Data
Balance 25,756 points Subject My account Record (Customer/POD/Request)
Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 State Open State Open
PiiData
Name Fred Smith Phone Number 555-867-5309 Email [email protected] Client Key 1
Encrypted Data
Balance 25,756 points Subject My account Client Key 2 Record (Customer/POD/Request)
Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 State Open State Open
SCRs PiiData
WG1 Name Fred Smith pod.piiData Client Key 1 Phone Number 555-867-5309 KMS Key 1 Email [email protected] pod.encData Client Key 2 Client Key 1 KMS Key 1 Encrypted Data WG1 pod.encData Client Key 2 Balance 25,756 points KMS Key 2 Subject My account Client Key 2 Secure Content Resource (Example)
{ "enc": "A256GCM", "key": "ZMpktzGq1g6_r4fKVdnx9OaYr4HjxPjIs7l7SwAsgsg", "iv": "27YvzsYL6vphciqr", "aad": "2014-08-15T12:59:59Z", "loc”: “pod.piiData”, "tag": "CbtrN5UY2m1LUtGtxSkTEw" }
enc – encryption algorithm
key, iv, aad – inputs to the encryption algorithm (part of the key)
loc – location of the data (JSONPath of the field that is encrypted)
tag – data validation tag – output of algorithm How does it work… Create POD Flow
POD: 1. Create client- generated keys PIIData KMS ClientKey1 2. Encrypt PII and Encrypted data EncryptedData with Client Keys ClientKey2 Client
ClientKey1 Context ClientKey2 Service Create POD Flow (2)
POD: 3. Request Key KMS-1 PIIData 4. Bind to WG-1 KMS ClientKey1 KMS-1
EncryptedData ClientKey2 Client
ClientKey1 Context ClientKey2 Service KMS-1 Create POD Flow (3)
POD:
PIIData 5. Create SCRs, KMS ClientKey1 Encrypt with KMS-1 KMS-1 6. Add to POD for EncryptedData WG-1 ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 ClientKey1 Context ClientKey2 Service KMS-1 Create POD Flow (4)
POD:
PIIData 8. Write POD to CS KMS ClientKey1 KMS-1
EncryptedData ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 Context Service Read POD Flow
POD: 1. Read POD
PIIData 2. Ask KMS for KMS ClientKey1 KMS-1 KMS-1
EncryptedData Granted as WG- 1 member ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context Service Read POD Flow (2)
POD: 3. Decrypt SCRs with KMS-1 PIIData KMS Get ClientKey1, ClientKey1 KMS-1 ClientKey2, Locations EncryptedData ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context ClientKey1 Service ClientKey2 Read POD Flow (3)
POD: 4. Utilize SCR’s to decrypt PIIData PIIData and/or KMS ClientKey1 EncryptedData KMS-1
EncryptedData ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context ClientKey1 Service ClientKey2 Grant EncryptedData Access to WG2 Flow (1)
POD: 1. Request new KMS key KMS-2 PIIData KMS ClientKey1 2. Bind KMS-2 to KMS-1 WG2 KMS-2 EncryptedData ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context ClientKey1 Service ClientKey2
KMS-2 Grant EncryptedData Access to WG2 Flow (1)
POD: 3. Re-Encrypt SCR-ClientKey2 PIIData with KMS-2 KMS ClientKey1 KMS-1 4. Add new SCR to KMS-2 EncryptedData POD ClientKey2 5. Update POD Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context SCR-ClientKey2 ClientKey1 Service WG2: KMS-2 ClientKey2
KMS-2 Finding a customer… Customer
Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open
SCRs PiiData
WG1 Name Fred Smith pod.piiData Client Key 1 Phone Number 555-867-5309 KMS Key 1 Email [email protected] pod.encData Client Key 2 Client Key 1 KMS Key 1 Encrypted Data WG1 pod.encData Client Key 2 Balance 25,756 points KMS Key 2 Subject My account Client Key 2 Customer
Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open
PiiData
Name Fred Smith Phone Number 555-867-5309 Email [email protected] Client Key 1
Encrypted Data
Balance 25,756 points Subject My account Client Key 2 Customer
Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open
piiHashes PiiData
HASH(name:Fred Smith) Name Fred Smith HASH(phone:555-867-5309) Phone Number 555-867-5309 HASH(email:[email protected]) Email [email protected] Client Key 1
Encrypted Data
Balance 25,756 points Subject My account Client Key 2 Customer
Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open
piiHashes PiiData
HASH(name:Fred Smith) Name Fred Smith HASH(phone:555-867-5309) Phone Number 555-867-5309 HASH(email:[email protected]) Email [email protected] Client Key 1
Encrypted Data
Balance 25,756 points Subject My account Client Key 2 PII Lookup for Customer
Context Client Service
1. Create query email:[email protected] 3. Lookup HASH in database 2. Hash query 4. Return results with encrypted data that HASH(email:[email protected]) client has access to Integration Creating data in Context Service
• Create record • Request keys from KMS
• Create multiple client generated keys • Bind keys to resources
• Determine which fields are PII, • Error management Encrypted, Unencrypted from API • Status reporting • Encrypt PII, Encrypted Data using Client Keys • Authentication and Authorization via CIS • Manage workgroup access • Create SCR JSON blobs
• Encrypt SCRs
• (Customer record) Create PII Hashes Context Service SDK FMS
CIS Simple Context Service SDK Java / JS CS • Create record • Request keys from KMS APIs • Create multiple client generated • Bind keys to resources keys KMS Clients • Error management • Determine which fields are PII, Encrypted, Unencrypted from • Status reporting API • Authentication and • Encrypt PII, Encrypted Data Authorization via CIS using Client Keys • Manage workgroup access • Create SCR JSON blobs
• Encrypt SCRs
• (Customer record) Create PII Context Hashes Service Hybrid Software Delivery
• Utilize Scripting languages to deliver features from cloud Groovy • Allows updates via cloud SocialMiner Script Filter • Controlled via feature flags
• SocialMiner Groovy Browser Script Filter Client Context • Finesse Gadget Javascript SDK • Authentication via Finesse, CS/Key access via Finesse Finesse Browser Gadget • JavaScript SDK Check for new Version Hybrid SDK Delivery FMS Download
CIS
Loader Dynamically KMS and
Proxy Loaded Code
Interface Interface
Context Service Metrics Foundational Technologies Presentation Layer Technologies
Browser Bootstrap BOSH
OpenSocial Web Server Web Sockets Application Server
UI APIs Events Security Javascript CSS Componentization Framework Framework Data Layer Technologies
Application
Web ActiveMQ Sockets Elastic Compute Apache Storm
Storage
Cassandra
Storage Indexing Compute Eventing Streaming and Framework Input Cloud Technologies
Platform as a Service (PaaS)
Storage & Processing Cassandra Kafka
Orchestration
and Operations Graphite LogStash Why Cisco Customer Collaboration Architecture?
Disruptive Architectural Building Blocks Solutions Evolution • Portfolio • Internet of • Presentation Layer Architecture Everything • Data Services • Guiding Principals • Mobile / Social • Asynchronous • Technologies • Cloud Routing Participate in the “My Favorite Speaker” Contest Promote Your Favorite Speaker and You Could Be a Winner
• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
• Send a tweet and include • Your favorite speaker’s Twitter handle <@TFamous> • Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin Complete Your Online Session Evaluation
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. • Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect. Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions Thank you