Author Topic: CS Proxy question (Read 4525 times)

Gremlin · « **on:** September 23, 2010, 03:51:36 PM »

With a multisite design.. where we have CS Proxy at the remote site, I assume that all configuration details are kept in CS Proxy sever's cache / memory locally.

a) Does the memory / cache include sensitive data like agent login and password ? Any encryptionon the data kept in the cache / memory for added security ?

b) Can we determine what data should be cached and what should continue to be pulled from the config database directly ?

Steve · « **Reply #1 on:** September 23, 2010, 05:14:25 PM »

Your CS Proxy holds the same data as your main config server. This included usernames and passwords (if you don't use a Radius/LDAP solution).

Data is not pulled from the database directly, except by Config Server and CS Proxy, all other apps get their config from these 2 applications.

Gremlin · « **Reply #2 on:** September 24, 2010, 01:12:28 AM »

Due to security considerartions, are we able to config such that agentIDs and passwords are not sent to the CS proxy svrs ?

Thus, can agent logins always access the config db directly while cs proxy clients will get all other config details (non-sensitive info) from the cs proxy svrs?

Steve · « **Reply #3 on:** September 24, 2010, 03:54:28 PM »

I doubt it.

A CS proxy is a config server, and just like config server it loads everything from the DB when it starts.

René · « **Reply #4 on:** September 26, 2010, 11:34:45 AM »

Hi Gremlin,

As Steve wrote CS Proxy is de facto Configuration Server running in read-only mode and using Configuration Server to retrieve configuration data instead of connection to database. In theory, it's possible to restrict CS Proxy from reading some data like agent's information but in that case agents must connect directly to Configuration Server as CS Proxy would return an error when trying to read non-existing - from Proxy perspective - object.

If you are concerned about security I think connection between CS and CS Proxy can be secured by using TLS.

R.

bublepaw · « **Reply #5 on:** September 29, 2010, 11:40:36 PM »

Hi Gremlin,

The whole idea behind CS Proxy is to allow system to function when there is no connection to config server - that is why it must keep copy of all data in it's memory. As Rene mentioned You can turn on TLS encryption to protect data which are sent during startup between CS Proxy and config server. Also You may consider using external authentication to keep passwords in system like active directory. With external authentication whenever user needs to authorize CS Proxy will send request through radius to external system so no password are stored in CS Proxy or config server or database.

Pawel

Benjamin5kelvain · « **Reply #6 on:** September 30, 2010, 06:09:12 AM »

since last four days i will use CS Proxy server. it could be not understand properly to me. please help me.

Genesys CTI User Forum

News:

Author Topic: CS Proxy question (Read 4525 times)

Gremlin

CS Proxy question

Steve

Re: CS Proxy question

Gremlin

Re: CS Proxy question

Steve

Re: CS Proxy question

René

Re: CS Proxy question

bublepaw

Re: CS Proxy question

Benjamin5kelvain

Re: CS Proxy question