Jump to: navigation, search

Securing connections on WFM servers

Workforce Management (WFM) supports Transport Layer Security (TLS) on the following connections within WFM, and between WFM and Genesys Management Framework:

Connection between servers TLS 1.2 TLS 1.0
WFM Data Aggregator and Configuration Server, Stat Server
WFM Data Aggregator and WFM Server
WFM Daemon and Configuration Server, Message Server
WFM Daemon and WFM Server
WFM Builder and Configuration Server
WFM Builder and WFM Server
WFM Server and Configuration Server
WFM Server and WFM Data Aggregator, WFM Daemon, WFM Builder, WFM Web, and WFM Server (acting as a server application)
WFM Web and Configuration Server, Message Server
WFM Web and WFM Data Aggregator, WFM Daemon, WFM Builder, WFM Server

Configuring secure connections between servers

The information in this topic is provided to help you to configure secure connections between servers.

WFM Server, WFM Builder, WFM Data Aggregator

Transport Layer Security (TLS) configuration for WFM Server, Builder, and Data Aggregator adhere to the common guidelines in the Genesys Security Deployment Guide as they apply to deployment on Windows platforms. However, there are couple of limitations:

  • Parameters of the secure connection must be configured on the Host level.
  • WFM supports only Simple TLS

WFM Web and WFM Daemon

WFM Web and Daemon have a dependency on Java. Therefore, the TLS implementation uses Java Secure Socket Extensions from Oracle JDK with a configured provider.

You must configure two certificate stores on the servers that will host WFM Damon and WFM Web:

  • Java Keystore for certificates that are required for TLS communications with WFM components
  • Windows Certificate Store for certificate that is required for TLS communications with Framework components

To configure secure connections on the WFM Web and WFM Daemon hosts, adhere to common guidelines in the Genesys Security Deployment Guide and complete the procedure below.

Start procedure

  1. Import certificates to the Java Keystore that is used by WFM Daemon and Tomcat (WFM Web):
    • For WFM Daemon—Import the WFM Daemon, Server, and Web host certificates to the Java Keystore used by WFM Daemon. By default, the path is JAVA_HOME/jre/lib/security/cacerts
      Find the value for JAVA_HOME by opening the wfmdaemon.cmd file in the WFM Daemon installation folder in line set JAVA_HOME.
    • For WFM Web—Import the WFM Web (Tomcat), Data Aggregator, Daemon, Builder, and Server host certificates to the Java Keystore used by Tomcat.
      You can use the Java Keytool to import certificates to the Java Keystore. For example
      keytool.exe -import -alias tomcat -file C:\Certificates\tomcat.crt -keystore “C:\Program Files\Java\jdk1.8.0_181\jre\lib\security\cacerts” -storetype JKS -storepass changeit
  2. Import the host certificate (on which WFM Daemon or WFM Web is installed) to the Windows Certificate Store for the user account that starts WFM Daemon or Tomcat (WFM Web) as a service.
    After installation, the WFM Daemon and Tomcat (WFM Web) user account is Local System, by default.
    • Complete the following steps, using the Microsoft PsExec tool to import certificates to Windows Certificate Store for the Local System account.
      1. Download the Microsoft PSTools.
      2. Unpack PsExec64.exe.
      3. Run the Command Prompt as Administrator.
      4. Execute the command PsExec64.exe –i –s mmc.exe.
        This command is run Microsoft Management Console for the Local System account
      5. Click File > Add/Remove Snap-in…
      6. Add the certificates snap-in for the My user account
      7. Import the certificate to the Personal folder
      8. Verify that the Trusted Root Certification Authorities folder contains the issuer certificate.
      9. Repeat steps 5 to 8 to import the certificate for the Computer account.

End procedure

Configuring secure connections between WFM Web server and WFM Web clients

The information in this topic will help you to configure secure connections between WFM Web and WFM Web clients.

WFM Web

WFM Web server runs in an Apache Tomcat Servlet/JSP container. Therefore, the secure connection must be configured in the servlet container. For more information see Apache Tomcat SSL/TLS Configuration HOW-TO.

WFM Web clients

TLS support must be enabled in browser that runs WFM Web for Supervisor, WFM Web for Agents, and WFM Agent Mobile Client.

To run WFM Web for Supervisor Java-based views, additional configuration is required:

  • Import the WFM Web (Tomcat) server certificate to the Java Keystore that is used by the browser or by the Java Webstart application on the host on which you plan to run WFM Web for Supervisors.

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on August 8, 2018, at 12:17.