Before you begin

This topic is part of the manual Genesys Customer Experience Insights Private Edition Guide for version Current of Reporting.

Limitations and assumptions

Not applicable

Download the Helm charts

GCXI containers and Helm chart are available for download in the registry defined in Docker Production Pipeline and Registries. You can find the GCXI files in the registry by looking for containers with the name gcxi/gcxi, and Helm charts with the name gcxi-$version.

GCXI Containers

GCXI Helm chart makes use of the following containers.
- gcxi - main GCXI container, runs as a StatefulSet. This container is roughly 12 GB; ensure that you have enough space to allocate it.
- gcxi-control - supplementary container, used for GCXI first-install initialization and for cleanup

For information about how to download the Helm charts in Jfrog Edge, see the suite-level documentation: Downloading your Genesys Multicloud CX containers

GCXI Helm Chart Download the latest yaml files from the repository, or examine the attached files: Sample GCXI yaml files

Third-party prerequisites

GCXI requires the following services, which are common across the platform:

Kubernetes 1.17+
Helm 3.0+
Postgres 12 RDBMS to handle service databases.

In addition, GCXI requires the following:

The MicroStrategy server instance that runs in the container includes a temporary pre-activated key, which is required for the operation of MicroStrategy. Request a replacement key from the Genesys Licensing team (or your Genesys Customer Care representative), and apply it once deployment is complete.
Google Authenticator (GAuth). Alternatively, GCXI includes a native internal login, which you can use to authorize users, instead of GAuth. This document assumes you are using GAuth (the recommended solution), which gives ConfigServer users access to GCXI.

Storage requirements

GCXI installation requires a set of local Persistent Volumes (PVs). Kubernetes 'local' volumes are simply directories on the host, with specific properties: https://kubernetes.io/docs/concepts/storage/volumes/#local

Example usage: https://zhimin-wen.medium.com/local-volume-provision-242affd5efe2

Kubernetes provides a powerful volume plugin system that enables Kubernetes workloads to use a wide variety of block and file storage to persist data.

The GCXI Helm chart offers a simples solution that you can use to set up your own PVs, or you can configure PV Dynamic Provisioning in your cluster (so that PVs are created automatically by Kubernetes).

Volumes Design

GCXI installation is going to use the following PVC.

Mount Name	Mount Path (inside container)	Description	Access Type	Approx Size	Default Mount Point on Host (may be changed thru values) NB: These dirs MUST pre-exist on your host. That is how the local provisioner works.	Must be Shared across Nodes?	Required Node Label (applies to deafult Local PVs setup)
gcxi-backup	/genesys/gcxi_shared/backup	Backups Used by control container / jobs.	RWX	Depends on backup frequency. 5gb+	/genesys/gcxi/backup May be overwritten by: Values.gcxi.local.pv.backup.path	Only in multiple concurrent installs scenarios.	gcxi/local-pv-gcxi-backup = "true"
gcxi-log	/mnt/log	MSTR logs Used by main container. The GCXI Helm chart allows log volumes of legacy `hostPath` type. This scenario is the default and used in examples below.	RWX	Depends on rotation scheme. 5gb+	/mnt/log/gcxi subPathExpr: $(POD_NAME) May be overwritten by: Values.gcxi.local.pv.log.path	Not necessarily.	gcxi/local-pv-gcxi-log = "true" You don't need node label if you are using hostPath volumes for logs.
gcxi-postgres	/var/lib/postgresql/data (if using Postgres in container) or disk space in Postgres RDBMS	Meta DB volume Used by Postgres container, if deployed.	RWO	Depends on usage. 10gb+	/genesys/gcxi/shared May be overwritten by: Values.gcxi.local.pv.postgres.path	Yes, unless you tie Postgres container to some particular node.	gcxi/local-pv-postgres-data = "true"
gcxi-share	/genesys/gcxi_share	MSTR shared caches and cubes Used by main container.	RWX	Depends on usage. 5gb+	/genesys/gcxi/data subPathExpr: $(POD_NAME) May be overwritten by: Values.gcxi.local.pv.share.path	Yes.	gcxi/local-pv-gcxi-share = "true"

Network requirements

Ingress

Session stickiness is desired for better user experience. Ingress annotations are supported in values.yaml#L317:

ingress:
    # http path and annotations may be overriden for external and internal access separately
    annotations:
      kubernetes.io/ingress.class: "nginx"
      nginx.ingress.kubernetes.io/affinity: cookie
      nginx.ingress.kubernetes.io/affinity-mode: persistent
      nginx.ingress.kubernetes.io/proxy-body-size: "50m"
      nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
      nginx.ingress.kubernetes.io/ssl-redirect: "false"
    domain:
    external:
      annotations:
      host:
      tls:
        enabled: false
        secretName:
    internal:
      annotations:
      host:
      tls:
        enabled: false
        secretName:
    path: /

Allowlisting is required for GCXI.

Secrets

GCXI supports the following ways of secret injection: CSI driver, Kubernetes secrets and Environment Variables. Secret information is defined in values.yaml#L456:

secrets:
  - name: gcxi-secret-pg

  securityContext:
    control:
      fsGroup: 500
      runAsUser: 500
      runAsGroup: 500
    worker:
      fsGroup: 500
      runAsUser: 500
      runAsGroup: 500

And in gcxi-worker-statefulset.yaml#L185:

- name: gcxi-var
        projected:
          sources:
          - secret:
              name: gcxi-secret{{ template "deploymentCode" . }}
              optional: true
          - secret:
              name: gcxi-secret-ext{{ template "deploymentCode" . }}
              optional: true
          {{- range $secret := .Values.gcxi.secrets }}
          - secret:
              name: {{ tpl $secret.name $ }}
              {{- with $secret.items }}
              items:
              {{- range $item := $secret.items }}
              - key: {{ tpl $item.key $ }}
                path: {{ tpl $item.path $ }}
              {{- end }}
              {{- end }}
              optional: true
          {{- end }}

ConfigMaps

Config map information is defined in gcxi-worker-statefulset.yaml#L94:

envFrom:
        - configMapRef:
            name: gcxi-config{{ template "deploymentCode" . }}
            optional: true
        - configMapRef:
            name: gcxi-config-ext{{ template "deploymentCode" . }}
            optional: true
        {{- range $cm := .Values.gcxi.configMaps }}
        - configMapRef:
            name: {{ tpl $cm.name $ }}
            optional: true
        {{- end }}

WAF Rules

WAF rules are defined in variables.tf#L245: https://github.com/genesysengage/azure-core-ingress/blob/fe25338b20093c76eb2e3ed26fe096442d65e1ae/terraform/dev/westus2/variables.tf#L245

Pod Security Policy

GCXI is powered by MicroStrategy software, and as a result has the following requirements/characteristics:

Very large main container (about 12 GB).
Openshift-specific 'arbitrary user id' requirement cannot be met, because it requires anyuid SCC.

The following hostIPC configuration is required on the nodes:

echo "kernel.sem = 250 1024000 250 4096" >> /etc/sysctl.conf
echo "vm.max_map_count = 5242880" >> /etc/sysctl.conf
sysctl -p

The following hostIPC configuration is required in most scenarios:
```
hostIPC: true
```

SMTP

The environment variable EMAIL_SERVER is supported by the GCXI container and Helm chart.

TLS

The GCXI container does not serve TLS natively. Your environment should be configured to use proxy with HTTPS offload.

Browser requirements

MicroStrategy Web is the user interface most often used for accessing, managing, and running the Genesys CX Insights reports. MicroStrategy Web certifies the latest versions, at the time of release, for the following web browsers:

Apple Safari
Google Chrome (Windows and iOS)
Microsoft Edge
Microsoft Internet Explorer (Versions 9 and 10 are supported, but are not certified)
Mozilla Firefox

To view updated information about supported browsers, see the MicroStrategy ReadMe.

Browsers
Name	Version	Notes
Firefox	Current release or one version previous	Genesys also supports the current ESR release. Genesys supports the transitional ESR release only during the time period in which the new ESR release is tested and certified. For more information, see Firefox ESR release cycle. Firefox updates itself automatically. Versions of Firefox are only an issue if your IT department restricts automatic updates.
Microsoft Edge (Legacy)	Current release
Chrome	Current release or one version previous	Chrome updates itself automatically. Versions of Chrome are only an issue if your IT department restricts automatic updates.

Genesys dependencies

GCXI requires the following services:

Reporting and Analytics Aggregates (RAA) is required to aggregate Genesys Info Mart data.
Genesys Info Mart and / or Intelligent Workload Distribution (IWD) Data Mart. GCXI can run without these services, but cannot produce meaningful output without them.
GWS Auth/Environment service
GWS client id/client secret

GDPR support

GCXI can store Personal Identifiable Information (PII) in logs, history files, and in reports (in scenarios where customers include PII data in reports). Genesys recommends that you do not capture PII in reports, however, if you do so, it is your responsibility to remove any such report data within 21 days or less, if required by General Data Protection Regulation (GDPR) standards.

For more information and relevant procedures, see: Genesys CX Insights Support for GDPR and the suite-level Link to come documentation.