Jump to: navigation, search

Policy Enforcement

The Resource Manager tracks sessions, IVR Profiles, and service usage, to enforce policies that are imposed on a per-application and per-tenant basis. The Resource Manager also consults dialing and service allowability rules, to enforce policies that are imposed on a per-application and per-tenant basis.

The configuration options specifying the policies that you can configure for GVP are in the gvp.policy, gvp.policy.dialing-rules, and gvp.policy.call-info configuration sections of the IVR Profile and Tenant objects. Configuration options enable you to customize the SIP responses that are sent when the Resource Manager rejects a call because of policy criteria. They also enable you to specify whether certain policy violations will trigger an alarm.

HMT Policy Enforcement

Starting in GVP 8.1.2, the Resource Manager can manage parent-child relationships between tenants in a Hierarchical Multi-Tenancy (HMT) to enforce policies, selectively. HMT tenants are organized in a tree hierarchy, which means that the parent tenant can have many child tenants, and the child tenants can have many child tenants within its own tenant object. There is no limitation on the depth of the tree. Only a single Resource Manager or a Resource Manager High Availability (HA) pair can manage a complete tenant hierarchy.

The Resource Manager manages the policies for the entire tree hierarchy by using a top-down method of enforcement for all parameter categories except category 3 on page 84. Each tenant in the hierarchy, except for the root tenant (Environment), uses the parent Tenant DBID to reference its parent tenant and inherits the policies of the parent tenant.

In general, when enforcing policies the Resource Manager checks the parent tenant to see if there are any overriding policies for the child tenant. If the gvp.policy.<child-tenant-dbid> section is defined in a tenant, where <child-tenant-dbid> is the DBID of the first child tenant in the hierarchy, the Resource Manager enforces configuration parameters of the parent tenant in the Annex section. The child tenant can have the same parameters defined in its own gvp, policy section of the Annex, but the policies of the parent tenants have priority over the policies of the child tenant.

Policy Enforcement Types

Four types of policy enforcement parameters exist in HMT:

  • Usage-limit parameters The Resource Manager checks the hierarchy from the top-down to determine whether tenant-level usage is violated. It also checks the parent-to-child enforcement sections to determine if the usage-limit that is configured in the child tenant can be overridden. The last child in the hierarchy is checked, provided that no usage violation is detected at a higher level.
  • Permission-policy parameters These parameters are treated in the same way as the usage-limit parameters in that it searches from the top down until it finds a not-allowed (false) value for one of the options. However, it continues to check for a value of false in any other tenant, including the IVR Profile. If a not-allowed value is encountered at any level, the Resource Manager enforces the policy based on that value. The following parameters are included in this category:
    • announcement-allowed
    • out-bound call-allowed
    • transfer-allowed
    • voicexml-dialog-allowed
    • cti-allowed
    • msml-allowed
    • recordingclient-allowed
    • recordingserver-allowed
  • Non-enforcement/Unrestricted parameters The Resource Manager does not use parent-to-child enforcement for these parameters. Instead, it checks the IVR-Profile parameter first. If that parameter is not configured, it searches the hierarchy for a match by using the bottom-up method.
    The following parameters are included in this category:
    • codec/media and disable/enable parameters that are passed to the Media Control Platform
    • speech and language parameters (passed to the Media Control Platform)
    • mcp-sendrecv-enabled parameter (passed to the Media Control Platform)
    • metricsfilter parameter (passed to other GVP components)
    • max-subdialog-depth parameter (passed to the Media Control Platform)
    • prediction-factor parameter (related to OCS call distribution related)
  • Ordered list of rules--The Resource Manager uses the top-down method to check the parameters in this category. The first rule in the ordered list that matches the regular expression determines the outcome of the action. For simplicity, these policies are enforced on all of the child tenants. The parent tenant cannot define rules for one specific child tenant. Tenant and child objects can be managed, created, modified, and deleted by using the Genesys Administrator. The Environment tenant (and any other tenant at the same level) is considered the root tenant. For information about how HMT is displayed and managed in Genesys Administrator, see the Genesys Administrator 8.1 Help.

Speech Resource Reservation

Users can configure the gvp.policy.asr-reserve and gvp.policy.tts-reserve configuration options to reserve ASR and TTS resources on a per-application or per-tenant basis. When the Resource Manager receives and incoming call and maps it to the voicexml service, it passes those options to Media Control Platform mapped as the gvp.config.asr.reserve and gvp.config.tts.reserve SIP Request-URI parameters. The Resource Manager uses the bottom-up methodology to enforce the policy by checking the IVR-Profile first, and then the tenant hierarchy.

Speech Resource Limit Policy

You can configure Resource Manager (RM) to enable or disable access to ASR and TTS speech resources, by language and by tenant IVR profile. To complete the configuration, users must partition ASR and TTS so that each engine handles a specific language.

While handling a VoiceXML call, the RM checks the chosen profile to see if it specifies the authorized ASR/TTS engines. If it does, then the RM searches in the tenant hierarchy (bottom-up) for these configuration parameters:

  • List of Authorized ASR Engines
  • List of Authorized TTS Engines

If these parameters are configured, the RM passes that information to the Media Control Platform (MCP) handling the request (the VoiceXML call). RM itself will not enforce the policy; that is done by the MCP (or MRCP Proxy, if present).

Context-Services Authentication

On a per-application basis, the Resource Manager supports context-services authentication. The [gvp.context-services-authentication].username and [gvp.context-services-authentication].password configuration options can be used to configure a user name and password, respectively for context-services authentication. When the Resource Manager receives and incoming call and maps it to the voicexml service, it passes those option to Media Control Platform mapped as the X-Genesys-GVP-CS-Username and X-Genesys-GVP-CS-Password custom headers with the url-encoded value.

Transaction List in JSON Format

On a per-application basis, the user can configure a Transaction List by using the gvp.OPM.Transaction_dbid configuration option. When the Resource Manager parses the IVR Profile configuration, it checks for a List object. It reads the key-value pairs in the List object s OPM section and transforms them into a JSON string. The Resource Manager maps this string as parameters in the Request URI to the Media Control Platform. If the list changes during runtime, the Resource Manager processes the change and forms a new JSON string, based on the updated OPM parameters in the List.

Comment on this article:

blog comments powered by Disqus
This page was last modified on 9 January 2015, at 15:17.