Genesys CTI User Forum
Genesys CTI User Forum => Genesys CTI Technical Discussion => Topic started by: tony on April 21, 2010, 02:24:34 PM
-
Hi Everyone! :)
I've got a Routing StatServer (7.6.100.12) that is not playing very nicely... It seems to be falling over when too many updates are being applied (from config), whilst dealing with stat requests from our URS...
Rather than looking at the number of requests, I am considering what I can do to reduce the number of updates being applied through the config. From what I understand, if the StatServer Application Permissions are updated in CME, then the Application is restarted, you can reduce the config updates being sent to it. So - when updates are being applied to other Solutions (such as WfM or Outbound or Reporting) the Application is excluded from receiving those updates and concentrates solely on the updates it requires (Stats and Routing Objects only) and it can then better fulfill it's primary role of dealing with stat requests from the URS...
This is just a theory - does anyone have any experience in applying this, to any degree of success?
Thanks!
Tony
-
I seemed to have the same issue with Stat server 7.6 ( dont remeber the exact version any more) it was fialing ie randlomly stopping once we changed users in Config server or made changes to the object we upgraded to the following hot fix 7.6.100.37 [12/11/2009] – Hot Fix seemed to resolve the issue try it
thanks
-
Hi,
I've used a similar approach (CME permissions) to reduce load on StatServers used for realtime reporting (with CCPulse) where there was a dedicated StatServer for each geographic site (with a "central" switch i.e. common T-Server).
I considered it very successful, but CME permissions can become a headache to manage when they get complex.
We also found a number of defects in Configuration Server (7.6) most of which were fixed by 7.6.000.36 related to permissions changes.
Also, making CME permissions changes when applications are under load (i.e. during business hours) can cause problems (particularly to Genesys Desktop) in my experience.
Regards,
Alistair
-
OK - I'll take a look at the possibility of an upgrade (the version mentioned in actually a Hot Fix and I am not keen on that..) and I will continue to look at permissions as a way forwards...
Thanks for the input so far guys! :)
Tony
-
I'm using permissions to reduce network traffic and avoid some problems (per example with Symon Genesys Collector performance). From my point of view it's quite simple. If you are using geographically distributed environments with CSProxy is even simpler and permissions you can set up only at CSProxy level (no need to distribute this to all applications). Till now I've found one big challenge - DataSourcer. It's quite obvious if it collects data only for agents, groups, routing points and queues, but if it collects also calling list and campaign groups data you must be very careful, especially if after setting permissions DataSourcer is seeing less objects. For other applications like StatServer or URS I didn't notice any problems.
-
Hi Tony.
I see your reply by e-mail notification, but I don't see it in topic tree. To answer your questions I wouldn't recommend modifying SYSTEM account permissions. It's one possible way, but I think very dangerous. I can recommend to create new account, propagate No Access permission at Tenant level, then give access to specific and needed objects and start applications with this specific, newly created account (App Security\Log On As). I think it's the best and secure way to achieve your goals.
-
Excellent responses - I understand them implicitly - thank you!
I think I am going to have a bit of a task on my hands, though - I am looking at the Permissions for our Network URS and it seems as if it needs Permissions to just about everything, anyway... I wanted to exclude Service Numbers or perhaps some of the Site/Premise Objects but it seems to use those too.
Has anyone any specific advice relating to the Permissions for a Network URS - perhaps some Do's and Dont's...?
Great stuff so far everyone - thank you! :)
T
-
Sort of nearly answering my own question...
The Routing Stat Servers serve the Inbound Call Routing being served by the Network URS's. We also have MCR, WfM, CCA and a few other Solutions which have nothing to do with our ICR Solution. I can use an Access Group and a new User to exclude access for the Routing Stat Servers to those Applications and components in CME.
In this way, I should be able to reduce the amount of config updates and general "traffic" being sent to the Routing Stat Server.
Is anyone able to confirm that this a "Best Practice" approach?
Thanks!
T
-
Almost done with this - all you Dev/Planning and Implementation guys out there might want to consider the following...
If you create Solution Sub-Folders in the Resources Section within CME, you can restrict access to for your Server Applications much more easily - thereby reducing the load on them.
For example;
Your Resources>Persons Folder (...and >Place Groups and >DN Groups and >Agent Groups... etc.) could contain 2 sub-Folders at the top level, to enable you to split your Resources into Multimedia and Voice. You would also need to create a User who has Permissions to access the Multimedia Folders (and not the Voice Folders) and another User who has Permissions to access the Voice Folders (and not the Multimedia Folders). Applying these Users as the Account you use to (re-)start your Server Applications means (for example); when you restart your Mutlimedia Routing Stat Server it will only accept/receive updates regarding Mutlimedia Resources - and not Voice Resources (which it doesn't need), cutting down the configuration messaging traffic dramatically in both Solutions.
If you already knew this - well done! :) If you didn't and your Platform is "struggling" it might be time to give it a closer look.... ;)
Tony
-
Hey Tony,
Nice tip, but for a better understanding do you think you can attach a network diagram of how many servers were impacted by this and which components were on each one? In that way we can have a better idea on how to deploy it and if needed...
Thanks!
-
Hi Tony,
Beside subfolders, you can also use Configuration Units. Then managing permissions is even simpler.
-
Configuration Units...? Please tell me more... lol
Tony
[quote author=borkokrz link=topic=5486.msg24038#msg24038 date=1272661555]
Hi Tony,
Beside subfolders, you can also use Configuration Units. Then managing permissions is even simpler.
[/quote]
-
Hi cav :)
I still can't seem to attach anything to my posts, so I'll take a look at the build at the next opportunity and write them out... I'm not clear on how that will help anyone, though..?
Tony
[quote author=cavagnaro link=topic=5486.msg24036#msg24036 date=1272650882]
Hey Tony,
Nice tip, but for a better understanding do you think you can attach a network diagram of how many servers were impacted by this and which components were on each one? In that way we can have a better idea on how to deploy it and if needed...
Thanks!
[/quote]
-
Really ?? ;-)
[quote author=Tony Tillyer link=topic=5486.msg24046#msg24046 date=1272788730]
Configuration Units...? Please tell me more... lol
Tony
[/quote]
-
Yes please - so far, I have been segregating my Resource Folders into "Voice" and "Multimedia", so that I can use Permissions to separate the Assets... [i]Configuration Units[/i] - that sounds like something where you can dump everything in another Folder somewhere, making the job much much easier... ???
TT
[quote author=borkokrz link=topic=5486.msg24050#msg24050 date=1272879072]
Really ?? ;-)
[quote author=Tony Tillyer link=topic=5486.msg24046#msg24046 date=1272788730]
Configuration Units...? Please tell me more... lol
Tony
[/quote]
[/quote]
-
Configuration Units are used to create complex configuration hierarchies for business, geographical or any other reasons. At Tenant/Environment level in 7.0+ framework you can create special "subfolder" called Configuration Unit. Inside CU you create folder tree analogical to that one on tenant/environment level so per example for Tenant create folders like Persons, Switches, Agent Groups, Campaigns etc. In that way inside single Configuration Unit you can create all relevant resources for Voice or Multimedia solutions in one place.
Look at framework 7.0+ documentations for specifics.
-
Thank you - I shall take a look...
...I'm just wondering how I missed this in the documentation... since 7.x...??? :)
TT
[quote author=borkokrz link=topic=5486.msg24055#msg24055 date=1272886631]
Configuration Units are used to create complex configuration hierarchies for business, geographical or any other reasons. At Tenant/Environment level in 7.0+ framework you can create special "subfolder" called Configuration Unit. Inside CU you create folder tree analogical to that one on tenant/environment level so per example for Tenant create folders like Persons, Switches, Agent Groups, Campaigns etc. In that way inside single Configuration Unit you can create all relevant resources for Voice or Multimedia solutions in one place.
Look at framework 7.0+ documentations for specifics.
[/quote]
-
I suppose that usually you don't do 'right-click' on Tenant or Environment level so you didn't discover this functionality. Besides CU I've done 'right-click' only to re-configure GVP.
-
OK - I see it now... I also understand that that may have been a good option to chose when first implementing Configuration items, to seperate the various Solutions during the initial build. I've had a play around with it and you can drag>drop [i]any [/i] Folder into it, which is very useful.
Very useful for new Sites but the environment I am woking with is rather complex and I think it would actually be easier to allocate Solution sub-Folders & Permissions under each type of Resource, rather than splitting everything between (4) Solution Configuration Units.
TT
[quote author=borkokrz link=topic=5486.msg24067#msg24067 date=1272903869]
I suppose that usually you don't do 'right-click' on Tenant or Environment level so you didn't discover this functionality. Besides CU I've done 'right-click' only to re-configure GVP.
[/quote]
-
Since I (still) cannot attach graphics, here is a narrative;
[color=red][b]ALWAYS TRY OUT [u]EVERYTHING [/u] BEFORE YOU APPLY IT IN YOUR PRODUCTION SYSTEM! :)[/b][/color]
METHOD:
Add sub-folders under the following Resources and drag/drop the relevant sub-sub-Folders into each one, according to the Solution-type;
Agent Groups>Voice>(Agent Groups)
Agent Groups>Multimedia>(Agent Groups)
AND
DN Groups>Voice>(DN Groups)
DN Groups>Multimedia>(DN Groups)
AND
Persons>Voice>(Persons)
Persons>Multimedia>(Persons)
AND
Place Groups>Voice>(Place Groups)
Place Groups>Multimedia>(Place Groups)
AND
Places>Voice>(Places)
Places>Multimedia>(Places)
AND
Skills>Voice>(Skills)
Skills>Multimedia>(Skills)
Create a Username (Person) configured with access [b]removed [/b] for all of the Multimedia Folders (Called "[i]Voice Only[/i]"). Do this by navigating to all of the Resources>Multimedia Sub-Folders, right-click them and update the Security>Permissions options, adding the [i]Voice Only [/i] Username then select "No Access".
Create a Username (Person) configured with access [b]removed [/b] for all of the Voice Folders (Called "[i]Multimedia Only[/i]"). Do this by navigating to all of the Resources>Voice Sub-Folders, right-click them and update the Security>Permissions options, adding the [i]Multimedia Only [/i] Username then select "No Access".
Identify the Applications which are ONLY Voice (and do not need access to Multimedia Resources such as DN Groups, Agent Groups, Place Groups, etc.) - this may include identifying Config Proxies too - and restart them, using the "Log On As" Username [i]Voice Only[/i]. Do this by navigating to the Application(s) in the Environment Section and click on the Security Tab - then navigate to the "Log On As" section and updated the "SYSTEM Account" to "This Account" and select the Username [i]Voice Only[/i].
Identify the Applications which are ONLY Multimedia(and do not need access to Voice Resources such as DN Groups, Agent Groups, Place Groups, etc.) - this may include identifying Config Proxies too - and restart them, using the "Log On As" Username [i]Multimedia Only[/i]. Do this by navigating to the Application(s) in the Enviornment Section and click on the Security Tab - then navigate to the "Log On As" section and update the "SYSTEM Account" to "This Account" and select the Username [i]Multimedia Only[/i].
RESULTS EXPECTED:
The end effect is that the Applications for Voice should only be servicing Voice components and the data throughput is greatly reduced, since it is not "aware" of Multimedia components/objects - and vice versa for Multimedia Applications.
This, overall, shoud add a massive amount of stability to the overall Platform by ensuring the Framework and Solution Applications are constrained to their own Solution objects and statistics, etc. - and are not operating with a high volume of messaging for objects and statistics which it does not use.
- Let me know if this makes sense, anyone...? lol
TT
-
Everything looks good. Some notes:
1. If applications are "behind" CSProxy, you can set this specific account as "Log on as" only on CSProxy application. Less work, the same effect. All applications behind CSP will see only those objects, that this specific account will have access to.
2. Sometimes, even with complex configurations, it's better to play around with CU after all, than to do everything with subfolders. From day-to-day maintenance perspective, work done to configure CUs will prospect in the future with simpler management. For example if you'll need to change persmissions on all Voice objects, with subfolders you will have to do it in several places in CME (possibility of forgetting something). With CU this can be achieved simpler.
3. You are right on expected results. No matter which method do you use (Subfolders or CU) permissions allow to reduce data throughput and network traffic, improve stability and efficiency of Genesys applications. Of course this is very dependant on configuration.
-
Tony
Configuration units are special folders created under Environment and Resources. These can then hold the same folders you would normally find under Environment or Resources. In a sense they start to create a multi tenant CME inside a single tenant one. Unlike multi tenant, were tenant A cannot see or use another tenant's objects, the restrictions are controlled only by permissions and can be less strict.
So in a single tenant CME for one customer (My Bank) you have a series of config units for each division (Loans, Mortgages, Savings). Within these config units you can add folders to hold whatever objects that division has, its own switch, t-server and persons for example. You can even have config units inside config units!
It is then very easy to grant permissions on the Loans config units to only the Loans access group (which lives inside the Loans CU).
Whilst writing this I found a new config option "Site" when I select new at the Environment and Resources level.
Sites can exist inside config units too. Something to play with in a model :)
-
After a period of R&D (also known as "trial and error"... ;) ) I've found the best method to reduce "traffic" on a non-blended Platform to be;
>Create new Users for your Voice Interactions (ICR) and Mutlimedia Interactions (MCR).
>Give the new Users FULL Permissions to [b]all [/b] Environment and Resource assets in CME (The same as the "default" Username) and apply the changes to propogate throughout all Sections.
>Identify and separate your ICR and MCR assets in the CME Resources section by adding sub-Folders and moving items into those. For example; move your GAD/MCR Agents to a sub-Folder called Persons>MCR...
>Set restricted Permissions to the sub-Folders for your new Users;
>>For MCR assets, add the ICR Username to the Permissions for the CME sub-Folder and apply "No Access" and repeat the process for Agent Groups, DN Groups, Persons, Place Groups, Places, Skills and Switches.
>Take a look at your CME Applications in the Environments section and determine which are [b]solely [/b] ICR and which are [b]solely [/b] MCR. For example; a Voice Interaction StatServer which serves a Voice URS/TServer is [b]solely [/b] ICR... (<this can include, but is not limited to, Configuration Proxies...)
>Change the Security settings of the Application, so that it starts up using your Solution-specific Username. In my example, "[i][b]Log On As[/b][/i]" would be changed from "default" to the ICR Username.
>Restart your Application(s).
>Test your Application by adding/amending/deleting assets in your new CME Resources sub-Folder structure - if you add a Skill to the Skills>ICR sub-Folder, check your ICR and MCR StatServer logs - you should find that the update propogated to ICR StatServer - but does not appear in the MCR StatServer log...
- In my own studies, I have proved that this method reduces the amount of irrelevant messaging/notifications by up to 50% for MCR assets - and up to 30% for the ICR assets. A huge uplift in processing and stability! :)
TT
-
Some notes to go with this...
CSP's may have Clients which themselves have Clients which require Full Access to CME. In my studies, I found that some Applications using a CSP threw up errors due to the fact that their own Cleints required updates for Objects which the CSP does not have acess to... :(
So - in my latest notes I am suggesting that individual Applications should be updated through Permissions - and my advice is to be very careful of the knock-on effect updating the Permissions a CSP might have...
:)
TT
[quote author=borkokrz link=topic=5486.msg24081#msg24081 date=1272985850]
Everything looks good. Some notes:
1. If applications are "behind" CSProxy, you can set this specific account as "Log on as" only on CSProxy application. Less work, the same effect. All applications behind CSP will see only those objects, that this specific account will have access to.
2. Sometimes, even with complex configurations, it's better to play around with CU after all, than to do everything with subfolders. From day-to-day maintenance perspective, work done to configure CUs will prospect in the future with simpler management. For example if you'll need to change persmissions on all Voice objects, with subfolders you will have to do it in several places in CME (possibility of forgetting something). With CU this can be achieved simpler.
3. You are right on expected results. No matter which method do you use (Subfolders or CU) permissions allow to reduce data throughput and network traffic, improve stability and efficiency of Genesys applications. Of course this is very dependant on configuration.
[/quote]