Coming Soon

Here's a sneak peek at features and support we're adding for phase 2 of data locality:

  • We'll store encrypted user-generated content in the organization's geographic region. User-generated content includes messages, whiteboards, files, and related metadata.

  • We'll support Hybrid Data Security for organizations in the European region.

We expect to release phase 2 at the end of this month. Check this article on February 29th for updates.

We will not support migrating phase 1 organizations to phase 2 at the time of release. If user-generated content storage in the European GEO is a high-priority requirement for the organization, and you can wait to deploy a new organization until phase 2 is available, we recommend waiting.

Data Locality in Cisco Webex Teams Overview

The overall goal of data locality in Cisco Webex Teams is to keep users' data in regional data centers that correspond with the location of the organization. The first phase of the offering provides the following high-level functionality:

  • Your users have a single identity stored in your organization's geographic region. The identity service in your organization's geographic region handles client authentication requests.

    Your users can continue to meet with, message, and call users in other organizations across the globe without the need for separate accounts in foreign clusters. This means that Webex Teams does not proliferate extra personally identifiable information.

  • Encryption keys for your users are created and stored in your organization's geographic region, and the key management service (KMS) in your region handles requests for the keys to encrypt and decrypt spaces, messages, and content in Webex Teams.

    While the keys are stored and handled in your region, note that in this phase of data locality, the encrypted user-generated content (messages, whiteboards, files and related metadata) continues to be stored in global data centers with the data of all other organizations.

  • We store data about your organization, such as verified domains, preferences, and security settings, in your geographic region.

  • Partners in one region can create customer organizations in any region.

For data locality, we added a European geography (GEO) with data centers in London, Frankfurt, and Amsterdam. The existing data centers in the United States of America continue to serve North America and the "Rest of World" (RoW).

How We Determine the Data Locality Region

During provisioning, the administrator who sets up an organization sees a Country Selector drop-down menu in Control Hub. We determine the GEO region in which the organization's data resides based on the selected country.

If you have users in different countries, select the country where the majority of your users are located. To maximize user experience and minimize latency, data should be stored in the data centers closest to most users.

In future phases, the Country Selector will be pre-populated with a country code indicated in the order as the “Service to” location. Customers will have the option to override that default location.

To determine which region a country maps to, you can download the following Microsoft Excel file and select the country name from the drop-down menu: (The file begins to download immediately when you access the link.)

Limitations in Data Locality Phase 1

The following are limitations that exist in this phase of the data locality program, which we expect to address in a future phase of the program:

  • Data locality does not currently cover user-generated content (encrypted messages, whiteboards, files and related metadata). While keys for this content are stored in the organization's region, the content itself is stored in global data centers with the data of all other organizations. We plan to include data localization for user-generated content in future phases.

  • The following features are not available in Phase 1 for organizations that are provisioned in the European GEO:

    • Cisco Webex Video Mesh

    • Cisco Webex Hybrid Data Security

    • Cisco Webex Hybrid Call Service

    • Cisco Webex Calling (formerly Spark Call) (only available in North America)

    • Context Service

  • We do not support migrating an organization between GEO locations at this time. Organization data stays in the GEO in which it was created.

  • You can manage Cisco Webex Meetings sites for a European organization in Control Hub. However, data locality does not apply to Webex meeting recordings, which are stored in the cluster to which your Webex meeting site belongs.

Frequently Asked Questions for Data Locality

Why am I seeing a Country Selector during the organization provisioning process?

Cisco Webex is excited to provide customers the ability to localize certain Cisco Webex Teams data within “geo-based” data centers. In this Phase 1, data localization is available for an end customer’s organization, user identities, and encryption keys. In Phase 1, user-generated content (encrypted messages, boards, files and related metadata) continues to be stored in a common, global storage for all organizations. Future phases will include data localization for user-generated content (messages, files, whiteboards). Note that Webex Meetings sites can be managed through any such organization and recordings are still associated with the meetings site cluster.

In the future, we plan to release European content storage for new organizations before we support content migration (from common global storage to Europe) for existing organizations. For this reason, if user-generated content storage in the European GEO is a high-priority requirement for the organization, and you can wait to deploy a new organization until European content storage is available, we recommend waiting.

Which GEO locations are currently supported?

In Phase 1, we introduced the following locations, with the intention of expanding to more later:

  1. Europe—Hosted in the data centers in the United Kingdom and European Union.

  2. North America and Rest of the World (RoW)—Hosted in data centers in the United States.

What is the recommendation when selecting a country for the GEO location?

A customer’s organization data is created and maintained in the GEO location where the Webex Teams service is provisioned. During provisioning, the administrator will see a new option for selecting a country from a drop-down menu. This action permanently sets the GEO location for the organization’s users and encryption keys.

When selecting the country for an organization, consider the following recommendations:

  • If the organization's users are primarily based in one country, select that country, even if it doesn't match the business address of the organization. This will improve the user experience and minimize latency by utilizing storage in the data centers closest to the users.

  • If the users are spread across multiple countries, select the country that has the highest user count. Keep in mind that all of the organization's users will have their data stored in the associated GEO location, even those who are not located in that country or GEO.

  • Ideally, the ship-to country and country of data residency are the same.

We do not currently support migrating between GEO locations. When you create an organization in a GEO, it stays in that GEO.

To check the GEO location that a particular country maps to, download the CountryCodeGEOMapping.xlsx file, open the file in Microsoft Excel, and select the country from the drop-down menu.

Can my organization's users continue to collaborate with users in other regions?

Yes. Data locality strengthens the security and compliance features of Webex Teams without compromising the simplicity of the user experience. All users on our platform can communicate globally while retaining a single user identity.

How does data locality impact compliance and visibility across GEOs?

Compliance officers continue to have 100% visibility to user content regardless of where the data is stored (based on the Webex Teams ownership model). This means that compliance capabilities like eDiscovery and cloud access security broker (CASB) integrations will continue to allow you to monitor and take action on data loss prevention events, even if your users collaborate with those from other regions. The administrator controls that are already available allow you to disable external communication as needed.