Cisco Customer Collaboration Architectural Vision Michael Lepore, Tod Famous BRKCCT-1009 Disclaimer The Cisco products, service or features identified in this document may not yet be available or may not be available in all areas and may be subject to change without notice. Consult your local Cisco business contact for information on the products or services available in your area. You can find additional information via Cisco’s World Wide Web server at http://www.cisco.com. Actual performance and environmental costs of Cisco products will vary depending on individual customer configurations and conditions. This is a confidential Cisco Internal launch document and not for external distribution. Agenda

• Disruptive Solutions • OmniChannel • Mobile, Video • Context • Cloud Evolution • HCS, Cloud Extensions • DevOps

• Architectural Evolution • UI Architecture • Cloud Evolution • Cloud Basics • Context Architecture

• Technological Building Blocks

• Q&A Disruptive Solutions John Bowden, Senior Vice President of Customer Care, Time Warner Cable Omnichannel = Multichannel + Context

Single Multichannel Omnichannel Channel

Context How do I get ? what I want? How do I get ? what I want? Marketing Process Process

Sales

Process

Service IVR/Voice CC ? eMail, SMS, chat How do Self-Service I get Automation what I Mobile/Web want? Marketing

Sales

Service ? IVR/Voice CC Context eMail, SMS, chat

Simple Self-Service Platform Contact Customer Automation Mobile/Web Context Service Unify customer journeys, across time, medium, people, process and outcome

Social Media Chat Email

Phone Customer SMS Journey

IVR Retail

Mobile Web IoE

Cisco Customer Custom Applications Collaboration Solutions how not where

Paul Maritz CEO, VMware Contact Center Cloud Strategy On-Premise CC

CC App

CC Platform

UC Infra

HCS Partner Platform

CC App

CC Platform

UC Infra Contact Center Cloud Strategy On-Premise CC

CC App

CC Platform

UC Infra

HCS Partner Platform Cisco Cloud Platform

CC App Conversation Media Context Service

CCtr Services (Dictionary, Common Services (Atlas, CIS, etc.) CC Platform etc.)

UC Infra CTG IAAS PAAS Contact Center Cloud Strategy On-Premise CC

CC App Value Extended

CC Platform

UC Infra

HCS Partner Platform Cisco Cloud Platform

CC App Conversation Media Context Service

CCtr Services (Dictionary, Common Services (Atlas, CIS, etc.) CC Platform etc.)

UC Infra CTG IAAS PAAS Contact Center Cloud Strategy On-Premise CC Future Cloud Offerings CC App Value Extended

CC Platform

UC Infra Value Created Value HCS Partner Platform Cisco Cloud Platform

CC App Conversation Media Context Service Future Services

CCtr Services (Dictionary, Common Services (Atlas, CIS, etc.) CC Platform etc.)

UC Infra CTG IAAS PAAS Cisco’s Hybrid Architecture

Cisco Collaboration Cloud Partner Cloud Customer Cloud

Collaboration on Intercloud

Extensions Cloud Cloud

On Premises Cisco Cloud Architecture Openstack IaaS Providers A New Type of Bursting

Cisco Collaboration Cloud

Cisco Collaboration DEPLOY Cloud Partner Cloud

Private Customer Cloud DevOps

• Application of Agile concepts to Operations and DevOps Development • “Pipelines” of software development • Organization and Operations Technology Architectural Evolution User Interface Architecture Principals drive Technology Choices

Standards Based

Thin client • HTML5, JavaScript, CSS Extensible • REST APIs • OpenSocial Gadgets Coherent role-driven applications • Admin, Agent/Supervisor and Reporting User applications • Bootstrap, Common JavaScript (JQuery Based) Decoupled but Integrated • OpenSocial Gadgets • Common infrastructure to share across implementations Cisco Finesse = Agent/Desktop Evolution

Media Finesse Finesse CUIC Finesse Sense

Media CUIC Social CUIC Social Social Miner Miner Sense Miner 8.5(3) 9.x 10.0

Media Media CUIC CUIC Finesse Sense Finesse Sense

Social Social CCX CCX Miner Miner Chat,Email Chat Chat,EMail Chat 10.6 10.5 Finesse 11.0 – Extending Finesse to the Cloud

Media CUIC Finesse Sense Context Social CCX Miner Context Chat,Email Chat,EMail Service 11.0 Cisco Finesse Architecture

Cisco Finesse (Agent & Supervisor

Desktop)

Browser Desktop Context

Common ContainerShindig (Shindig) VOS

VOS 1st Party 3rd Party REST API

Common Gadgets Gadgets Finesse Server Finesse

REST Gadget REST Gadgets REST Gadgets

VOS s VOS VOS API

CUIC API API

SocialMiner MediaSense Responsive Design – Media Queries CSS: Media Queries

https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Media_queries WebRTC – Browsers as Endpoints Cisco Remote Expert Mobile High Level Architecture

RE Mobile Client SDK REM Media Broker

Finesse Agent Desktop

Voice & Video Web Gateway REM App Server Expert Assist CUBE & CUCM

Co-browse App Share Media Endpoint RE Mobile Client SDK REM Admin Console Customer Expert Cloud Evolution Cloud Characteristics

Cloud-Scale Security Availability • Application • Data Security • Metrics and independent scale • Encryption Logging • More servers, not • Reliability bigger servers • Always Available • Elasticity 3 Cloud Service Delivery Models

Software - SaaS • Context Service, CRM, Virtual Desktops, File Sharing, etc

Platform as a Service – PaaS • Application Execution Environments, Databases, Message Busses, etc

Infrastructure as a Service - IaaS • VMs, Networks, Storage What is OpenStack

- A Free Open Source IaaS Platform

- Multiple Related Projects - Horizon (UI), Neutron (Networking), Nova (Compute), Swift (Object Storage), Cinder (Block Storage), etc.

- What it provides - A coherent interface that allows for provisioning resources - Tenant Isolation - Isolate resources (not HW) to a user (or set of users) • Floating IP’s, Software Networks, and Security Rules • Software Defined Subnets • Virtual Public IP’s that can be associated with a Virtual Machine via NAT • Limit Access: Ingress and Egress Rules

Floating IP 1

Floating IP 2

Router – Bridges the sub nets with the public Floating IP Network Application Design Cloud Applications 101:

Remove the complexity of cloud development

Framework for “cloudy” software

• Scale • Reliability • Serviceability • Isolation • Deployment, Lifecycle Management

Provide Code Isolation

• IaaS, Operating Systems, Networks PaaS Layer

App Config

Deps RT App Container

Logging Externalized Metrics State

12factor.net PaaS Layer

App Config App Config App Config App Config

Deps RT Deps RT Deps RT Deps RT App Container App Container App Container App Container

Logging Externalized Metrics State

12factor.net Architecture

Browser API CLI / CI System

Deploy / Config Load Balancer

Request Router Request Router Request Router Request Router

Cloud M Controller S Cloud Java App Java App .JS App .JS App G Foundry B DEA (Execution Engine) DEA (Execution Engine) U Health AppApp Engines Engines AppApp Engines Engines S Manager Cloud Management Cloud Collaboration Administration A Common Admin platform that allows customers and partners to manage Cisco Collaboration services in a simple tool with an intuitive interface

Automated Reports, Analytics & Manage Security & License & Account provisioning & Simple System Health/ Policy settings Management / Upsell User management Support & Debugging Design Considerations

Partner as a first class citizen

Automated provisioning which gives an admin access to Admin Console as soon as the order is placed

First Time Wizard that guides the admin through Dir Sync and SSO setup

Service and User Management – One console to manage multiple services and users /entitlements

Single notification to end users for all service entitlements

Support and Debugging tool accessible to the relevant roles Architecture – Core with Micro Services Core Logs/ Settin Notif Clien Metric Analyti ( Common Features) Spark gs s cs ts s

Context User Management, Dir Sync/ SSO

WebEx License Management

Cloud Extensions Devices / Endpoints

Cloud Endpoints Analytics/ Reports Admin Micro Services • Oauth / SAML with a Common Identity Server • Industry standard approach to authentication and authorization • Ability to authenticate user using their own Organization (SAML) • Ability to provision credentials for Oauth clients (generated client id / secret for machine accounts) Cluster Cluster Customer Customer OAMP/Finesse OAMP/Finesse CVP VXML CVP Finesse Servers Partner Server Admin Prem Subscription and DiscoveryUser Fuse, Fuse, Status Update POD API FMS Authentication Machine Account Machine Account Provisioning, Entitlement Customer Customer CIS CCFS=Contact Center Fusion Services

Admin Config* RT Node CIS FMS CCFS

Clicks “Register"

Admin logs into local ui, Click Fuse Redirect to CCFS

ccfs/fuse?returnURI=http://configserver/fuseReturnUri&serverID=configServerID&applicationType=XXXX

302 redirect to CIS to authenticate and go to FMS

/idb/oauth2/authorize (Implicit Code Grant)

Redirect_uri=/FMS/fuse-landing Authenticate User State=CCFS_landing_url 302: location mgmtSvc/cloud-fuse-landing /cloud-fuse-landing ; state=ccfs_fuse_landing_uri

Validate User / Confirm Prompt 302: Redirect to CCFS

/ccfs-fuse-success

cisRole, token timestamp, token, etc Create machine account (accessToken) See Fusion Services Screen

302: htttp://configserver/fuseReturnUri; machineCredentials=YYYYY /fuseReturnUri ; machineCredentials=YYYYY Auth Machine Account, Get Token Register Management Connector, RT Node Connectors Report Status (periodically)

Provision RT Node – machineCredentials=YYYY Report Status (periodically) • During initial connection • Determine pairs based on organization • Each org is bound to primary/secondary DC • Can be changed later via disconnect and reconnect Data Model Context Service Data Model

1 Org 1

1

Workgroup 1..n Request Customer 1..n 0..1

1 1..n 1..n 1..n 0..1 0..1

POD

1..n User

1 KMS 1 1 Resource

1

CIS Identity * Context Service Fields and Fieldsets

Field Name Privacy Description Translations Request Lookup?

1..n

1..n Contain data that map 1..n to 1 or more Classes Field Set POD Each element adheres 1..n to the Field Definition

Customer Workgroups

1 Org

1

*

1 1 User CIS Identity

*

*

* 1 1 KMS Workgroup Resource

Request Customer POD KMS Keys Workgroup Security (Partners)

Org

Local Cloud Local Machine Analytics Agents Accounts Partner

KMS Workgroup 1 Workgroup 2 KMS Resource Full Access Encrypted Only Resource

Key 1 CustomerCustomer CustomerCustomer CustomerCustomer Key 2 Requests11 Customers11 1PODs1

Enc & PII Enc Data Data Workgroup Security (Lab/Production)

Org

CVP Finesse EIM/WIM Custom Deployment Deployment Deployment Application Account Account Account Account

Workgroup 1 Workgroup 2 Production Lab

CustomerCustomer CustomerCustomer CustomerCustomer CustomerCustomer CustomerCustomer CustomerCustomer Requests11 Customers11 1PODs1 Requests11 Customers11 1PODs1

Selected when SDK is instantiated Data Security Cloud Context Data Security

POD

IVR SDK KMS

Email / Chat SDK

Partner SDK Application CIS POD

Context Finesse SDK PO PODD Encryption Model Requirements

• Applies to POD, Request, Customer • Reinforce application security with cryptographic security • Security granted at the workgroup level • Encrypted and PII have separate access • Multiple users per workgroup • Multiple workgroups per user • Utilize standard keying protocol • https://tools.ietf.org/html/draft-abiggs-saag-key-management-service-00

• Allow anonymized access for certain workgroups • Encrypted data only Record (Customer/POD/Request)

Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open

PiiData

Name Fred Smith Phone Number 555-867-5309 Email [email protected]

Encrypted Data

Balance 25,756 points Subject My account Record (Customer/POD/Request)

Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 State Open State Open

PiiData

Name Fred Smith Phone Number 555-867-5309 Email [email protected] Client Key 1

Encrypted Data

Balance 25,756 points Subject My account Client Key 2 Record (Customer/POD/Request)

Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 State Open State Open

SCRs PiiData

WG1 Name Fred Smith pod.piiData Client Key 1 Phone Number 555-867-5309 KMS Key 1 Email [email protected] pod.encData Client Key 2 Client Key 1 KMS Key 1 Encrypted Data WG1 pod.encData Client Key 2 Balance 25,756 points KMS Key 2 Subject My account Client Key 2 Secure Content Resource (Example)

{ "enc": "A256GCM", "key": "ZMpktzGq1g6_r4fKVdnx9OaYr4HjxPjIs7l7SwAsgsg", "iv": "27YvzsYL6vphciqr", "aad": "2014-08-15T12:59:59Z", "loc”: “pod.piiData”, "tag": "CbtrN5UY2m1LUtGtxSkTEw" }

enc – encryption algorithm

key, iv, aad – inputs to the encryption algorithm (part of the key)

loc – location of the data (JSONPath of the field that is encrypted)

tag – data validation tag – output of algorithm How does it work… Create POD Flow

POD: 1. Create client- generated keys PIIData KMS ClientKey1 2. Encrypt PII and Encrypted data EncryptedData with Client Keys ClientKey2 Client

ClientKey1 Context ClientKey2 Service Create POD Flow (2)

POD: 3. Request Key KMS-1 PIIData 4. Bind to WG-1 KMS ClientKey1 KMS-1

EncryptedData ClientKey2 Client

ClientKey1 Context ClientKey2 Service KMS-1 Create POD Flow (3)

POD:

PIIData 5. Create SCRs, KMS ClientKey1 Encrypt with KMS-1 KMS-1 6. Add to POD for EncryptedData WG-1 ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 ClientKey1 Context ClientKey2 Service KMS-1 Create POD Flow (4)

POD:

PIIData 8. Write POD to CS KMS ClientKey1 KMS-1

EncryptedData ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 Context Service Read POD Flow

POD: 1. Read POD

PIIData 2. Ask KMS for KMS ClientKey1 KMS-1 KMS-1

EncryptedData Granted as WG- 1 member ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context Service Read POD Flow (2)

POD: 3. Decrypt SCRs with KMS-1 PIIData KMS Get ClientKey1, ClientKey1 KMS-1 ClientKey2, Locations EncryptedData ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context ClientKey1 Service ClientKey2 Read POD Flow (3)

POD: 4. Utilize SCR’s to decrypt PIIData PIIData and/or KMS ClientKey1 EncryptedData KMS-1

EncryptedData ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context ClientKey1 Service ClientKey2 Grant EncryptedData Access to WG2 Flow (1)

POD: 1. Request new KMS key KMS-2 PIIData KMS ClientKey1 2. Bind KMS-2 to KMS-1 WG2 KMS-2 EncryptedData ClientKey2 Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context ClientKey1 Service ClientKey2

KMS-2 Grant EncryptedData Access to WG2 Flow (1)

POD: 3. Re-Encrypt SCR-ClientKey2 PIIData with KMS-2 KMS ClientKey1 KMS-1 4. Add new SCR to KMS-2 EncryptedData POD ClientKey2 5. Update POD Client SCR-ClientKey1 SCR-ClientKey2 WG1: KMS-1 KMS-1 Context SCR-ClientKey2 ClientKey1 Service WG2: KMS-2 ClientKey2

KMS-2 Finding a customer… Customer

Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open

SCRs PiiData

WG1 Name Fred Smith pod.piiData Client Key 1 Phone Number 555-867-5309 KMS Key 1 Email [email protected] pod.encData Client Key 2 Client Key 1 KMS Key 1 Encrypted Data WG1 pod.encData Client Key 2 Balance 25,756 points KMS Key 2 Subject My account Client Key 2 Customer

Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open

PiiData

Name Fred Smith Phone Number 555-867-5309 Email [email protected] Client Key 1

Encrypted Data

Balance 25,756 points Subject My account Client Key 2 Customer

Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open

piiHashes PiiData

HASH(name:Fred Smith) Name Fred Smith HASH(phone:555-867-5309) Phone Number 555-867-5309 HASH(email:[email protected]) Email [email protected] Client Key 1

Encrypted Data

Balance 25,756 points Subject My account Client Key 2 Customer

Service Data UnEncrypted Data Created Date 10-Oct-2014 Created Date 10-Oct-2014 Last Modified 11-Oct-2014 State Open

piiHashes PiiData

HASH(name:Fred Smith) Name Fred Smith HASH(phone:555-867-5309) Phone Number 555-867-5309 HASH(email:[email protected]) Email [email protected] Client Key 1

Encrypted Data

Balance 25,756 points Subject My account Client Key 2 PII Lookup for Customer

Context Client Service

1. Create query email:[email protected] 3. Lookup HASH in database 2. Hash query 4. Return results with encrypted data that HASH(email:[email protected]) client has access to Integration Creating data in Context Service

• Create record • Request keys from KMS

• Create multiple client generated keys • Bind keys to resources

• Determine which fields are PII, • Error management Encrypted, Unencrypted from API • Status reporting • Encrypt PII, Encrypted Data using Client Keys • Authentication and Authorization via CIS • Manage workgroup access • Create SCR JSON blobs

• Encrypt SCRs

• (Customer record) Create PII Hashes Context Service SDK FMS

CIS Simple Context Service SDK Java / JS CS • Create record • Request keys from KMS APIs • Create multiple client generated • Bind keys to resources keys KMS Clients • Error management • Determine which fields are PII, Encrypted, Unencrypted from • Status reporting API • Authentication and • Encrypt PII, Encrypted Data Authorization via CIS using Client Keys • Manage workgroup access • Create SCR JSON blobs

• Encrypt SCRs

• (Customer record) Create PII Context Hashes Service Hybrid Software Delivery

• Utilize Scripting languages to deliver features from cloud Groovy • Allows updates via cloud SocialMiner Script Filter • Controlled via feature flags

• SocialMiner Groovy Browser Script Filter Client Context • Finesse Gadget Javascript SDK • Authentication via Finesse, CS/Key access via Finesse Finesse Browser Gadget • JavaScript SDK Check for new Version Hybrid SDK Delivery FMS Download

CIS

Loader Dynamically KMS and

Proxy Loaded Code

Interface Interface

Context Service Metrics Foundational Technologies Presentation Layer Technologies

Browser Bootstrap BOSH

OpenSocial Web Server Web Sockets Application Server

UI APIs Events Security Javascript CSS Componentization Framework Framework Data Layer Technologies

Application

Web ActiveMQ Sockets Elastic Compute Apache Storm

Storage

Cassandra

Storage Indexing Compute Eventing Streaming and Framework Input Cloud Technologies

Platform as a Service (PaaS)

Storage & Processing Cassandra Kafka

Orchestration

and Operations Graphite LogStash Why Cisco Customer Collaboration Architecture?

Disruptive Architectural Building Blocks Solutions Evolution • Portfolio • of • Presentation Layer Architecture Everything • Data Services • Guiding Principals • Mobile / Social • Asynchronous • Technologies • Cloud Routing Participate in the “My Favorite Speaker” Contest Promote Your Favorite Speaker and You Could Be a Winner

• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

• Send a tweet and include • Your favorite speaker’s Twitter handle <@TFamous> • Two hashtags: #CLUS #MyFavoriteSpeaker

• You can submit an entry for more than one of your “favorite” speakers

• Don’t forget to follow @CiscoLive and @CiscoPress

• View the official rules at http://bit.ly/CLUSwin Complete Your Online Session Evaluation

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. • Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect. Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Table Topics

• Meet the Engineer 1:1 meetings

• Related sessions Thank you