Configure connections with TLS and authentication

From Genesys Documentation
Jump to: navigation, search

Learn how to configure Transport Layer Security and authentication for connections to third-party services and non-containerized Genesys servers.

Genesys Web Services and Applications (GWS) supports secure connections to third-party services and legacy Genesys servers using Transport Layer Security (TLS) version 1.2.

To enable TLS, you must download and unpack the gws-services Helm chart locally. Next, create any required certificates for the services and put the truststores under the gws-services directory of the unpacked chart. For example: gws-services/crts/gwsPlatformSettingPostgresTrustore.p12. Following this example, the setting for the PostgreSQL truststore would be: secretsTls.postgres.truststores.gws-plaftom-setting-postgres-truststore: crts/gwsPlatformSettingPostgresTrustore.p12
Important
When you Deploy GWS Services, make sure to point to your local files during the installation.
Next, configure TLS by overriding Helm chart values in the values.yaml file. See TLS for third-party services and TLS for legacy Genesys servers for details.

TLS for third-party services

GWS supports TLS connections to the third-party services Redis, PostgreSQL, and Elasticsearch. To enable TLS for these services, set the following parameters in the values.yaml file:

You must also define the following truststore paths and passwords in the values.yaml file:

Redis

Parameter Description Valid values Default
secretsTls.redis.enabled Specifies whether a Kubernetes secret is created for the TLS connection to the Redis cluster. true or false false
secretsTls.redis.truststores.gws-platform-datacollector-redis-truststore The Redis client truststore path for the GWS Data Collector Service. A valid path to the truststore file, relative to the gws-services directory. ""
secretsTls.redis.truststores.gws-platform-ixn-redis-truststore The Redis client truststore path for the GWS Interaction Service. A valid path to the truststore file, relative to the gws-services directory. ""
secretsTls.redis.truststores.gws-app-workspace-redis-truststore The Redis client truststore path for the GWS Workspace Service. A valid path to the truststore file, relative to the gws-services directory. ""
secretsTls.redis.truststores.gws-app-provisioning-redis-truststore The Redis client truststore path for Agent Setup. A valid path to the truststore file, relative to the gws-services directory. ""
secretsTls.redis.truststores.gws-platform-voice-redis-truststore The Redis client truststore path for the GWS Voice Service. A valid path to the truststore file, relative to the gws-services directory. ""
secretsTls.redis.passwords.gws-platform-datacollector-redis-truststore-password The Redis client truststore password for the GWS Data Collector Service. A valid password ""
secretsTls.redis.passwords.gws-platform-ixn-redis-truststore-password The Redis client truststore password for the GWS Interaction Service. A valid password ""
secretsTls.redis.passwords.gws-app-workspace-redis-truststore-password The Redis client truststore password for the GWS Workspace Service. A valid password ""
secretsTls.redis.passwords.gws-app-provisioning-redis-truststore-password The Redis client truststore password for Agent Setup. A valid password ""
secretsTls.redis.passwords.gws-platform-voice-redis-truststore-password The Redis client truststore password for the GWS Voice Service. A valid password ""

PostgreSQL

Parameter Description Valid values Default
secretsTls.postgres.enabled Specifies whether a Kubernetes secret is created for the TLS connection to PostgreSQL. true or false false
secretsTls.postgres.truststores.gws-platform-setting-postgres-truststore The PostgreSQL client truststore path for the GWS Setting Service. A valid path to the truststore file, relative to the gws-services directory. ""
secretsTls.postgres.passwords.gws-platform-setting-postgres-truststore-password The PostgreSQL client truststore password for the GWS Setting Service. A valid password ""
secretsTls.postgresprovisioning.enabled Specifies whether a Kubernetes secret is created for the Agent Setup TLS connection to PostgreSQL. true or false false
secretsTls.postgresprovisioning.truststores.gws-app-provisioning-postgres-truststore The PostgreSQL client truststore path for Agent Setup. A valid path to the truststore file, relative to the gws-services directory. ""
secretsTls.postgresprovisioning.passwords.gws-app-provisioning-postgres-truststore-password The PostgreSQL client truststore password for Agent Setup. A valid password ""

Elasticsearch

Parameter Description Valid values Default
secretsTls.elasticsearch.enabled Specifies whether a Kubernetes secret is created for the TLS connection to the Elasticsearch cluster. true or false false
secretsTls.elasticsearch.truststores.gws-platform-datacollector-elasticsearch-truststore The Elasticsearch client truststore path for the GWS Data Collector Service. A valid path to the truststore file, relative to the gws-services directory. ""
secretsTls.elasticsearch.passwords.gws-platform-datacollector-elasticsearch-truststore-password The Elasticsearch client truststore password for the GWS Data Collector Service. A valid password ""

TLS for legacy Genesys servers

GWS supports TLS connections to legacy Genesys servers in a mixed mode environment. GWS uses the Platform SDK to connect to legacy Genesys servers, such as Configuration Server, Interaction Server, T-Server, Universal Contact Server, Stat Server, Chat Server, and Outbound Contact Server.

GWS services use upgrade mode ports for TLS connections between Platform SDK and legacy Genesys services, which means you cannot enable TLS in the GWS values.yaml file. Instead, configure the TLS parameters in Configuration Server.

You must also define the following truststore paths and passwords in the GWS values.yaml file:

Truststore paths

Parameter Description Valid values Default
psdk.enabled Specifies whether a Kubernetes secret is created for TLS connections to legacy Genesys servers. true or false false
psdk.truststores.gws-platform-configuration-psdk-truststore The PSDK client truststore path for the GWS Configuration Service. A valid path to the truststore file, relative to the gws-services directory. ""
psdk.truststores.gws-platform-ixn-psdk-truststore The PSDK client truststore path for the GWS Interaction Service. A valid path to the truststore file, relative to the gws-services directory. ""
psdk.truststores.gws-platform-chat-psdk-truststore The PSDK client truststore path for the GWS Chat Service. A valid path to the truststore file, relative to the gws-services directory. ""
psdk.truststores.gws-platform-ucs-psdk-truststore The PSDK client truststore path for the GWS UCS Service. A valid path to the truststore file, relative to the gws-services directory. ""
psdk.truststores.gws-platform-voice-psdk-truststore The PSDK client truststore path for the GWS Voice Service. A valid path to the truststore file, relative to the gws-services directory. ""
psdk.truststores.gws-platform-statistics-psdk-truststore The PSDK client truststore path for the GWS Statistics Service. A valid path to the truststore file, relative to the gws-services directory. ""
psdk.truststores.truststores.gws-platform-datacollector-psdk-truststore The PSDK client truststore path for the GWS Data Collector Service. A valid path to the truststore file, relative to the gws-services directory. ""
psdk.gws-platform-ocs-psdk-truststore The PSDK client truststore path for the GWS OCS Service. A valid path to the truststore file, relative to the gws-services directory. ""

Truststore passwords

Parameter Description Valid values Default
psdk.passwords.gws-platform-configuration-psdk-truststore-password The PSDK client truststore password for the GWS Configuration Service. A valid password ""
psdk.passwords.gws-platform-ixn-psdk-truststore-password The PSDK client truststore password for the GWS Interaction Service. A valid password ""
psdk.passwords.gws-platform-chat-psdk-truststore-password The PSDK client truststore password for the Chat Service. A valid password ""
psdk.passwords.gws-platform-ucs-psdk-truststore-password The PSDK client truststore password for the UCS Service. A valid password ""
psdk.passwords.gws-platform-voice-psdk-truststore-password The PSDK client truststore password for the GWS Voice Service. A valid password ""
psdk.passwords.gws-platform-statistics-psdk-truststore-password The PSDK client truststore password for the GWS Statistics Service. A valid password ""
psdk.passwords.gws-platform-datacollector-psdk-truststore-password The PSDK client truststore password for the GWS Data Collector Service. A valid password ""
psdk.passwords.gws-platform-ocs-psdk-truststore-password The PSDK client truststore password for the GWS OCS Service. A valid password ""