Shared system integration guide
Overview
OpenTV Video Platform allows a single instance to be used for multiple operators. In this scenario, there is one primary tenant and multiple sub-tenants.
The customers of both the primary and the sub-tenants all use the same application, ION, which is provided and published to the app stores by NAGRAVISION. (There is also the option to have an operator-specific version of ION, but in this case, the operator is responsible for publishing the app to the app stores.)
When a user first signs in to ION, their user ID is matched to the correct tenant and the app downloads the appropriate configuration and assets so that its appearance will match the tenant's branding.
Each sub-tenant must supply NAGRAVISION with the required assets to enable their branding to be applied to ION.
Such deployments can (but do not have to) use NAGRAVISION's Security Services Platform in addition to its OpenTV Video Platform.
The differences between the two scenarios are explained in Differences between SSP and non-SSP deployments below.
Roles and responsibilities
The roles and responsibilities of the various parties are as follows:
NAGRAVISION
NAGRAVISION is responsible for:
Setting up the OpenTV Video Platform instance
Providing access credentials for CRM access
NAGRAVISION can also do the following (though they can also be done by the primary tenant):
Adding sub-tenants
Setting up an account profile that will apply to all users
The account profile defines things like the maximum number of devices and maximum concurrent sessions for each account, as well as content targeting.
Primary tenant
The primary tenant is responsible for:
Setting up user recording (NPVR) profiles, which determine quota sizes and automatic deletion policies
Configuring the products that are available to users (that is, bundles of channels, VOD offerings, and so on)
Configuring the rails templates for the sub-tenants. These determine how content is presented in ION.
(A single shared template can be used for all sub-tenants, or tenant-specific templates can be created.)
The primary tenant can also use OpCon to do the following (though they can also be done by NAGRAVISION):
Adding sub-tenant users and assigning roles to them
Setting up an account profile that will apply to all users
The account profile defines things like the maximum number of devices and maximum concurrent sessions for each account, as well as content targeting.Managing entitlements
Sub-tenant
Each sub-tenant is responsible for:
Providing the required branding and assets to NAGRAVISION for the ION application.
API access
Sub-tenants have access to a limited subset of the available API endpoints. These are listed in Service endpoint categories.
Prerequisites
Before doing any of the use cases described below, you must set up accounts in Keycloak to enable services and individual to access the required API endpoints.
See:
Limitations and notes
Default tenant
In shared system deployments, the default tenant ("nagra") must not be used.
Adding a new sub-tenant
When a new sub-tenant is added, both Account and Device Manager (ADM) and Rights Manager (RMG) must be restarted.
Naming conventions
Tenant naming convention
When adding a sub-tenant, use the following convention for the tenant name (ID):
<primary-tenant-name>_<sub-tenant-name>This helps to ensure that each sub-tenant can only access the accounts and other entities that belong to them, and not those belonging to other sub-tenants.
Product naming convention
When creating a product, use the following convention for the product name:
<tenant-id>_<product-name>Only ASCII characters are allowed.
See:
Account profile naming convention
When creating an account profile, if the account profile for the primary tenant is called <primary-tenant-name>_AccountProfile, a sub-tenant account profile should be named:
<primary-tenant-name>_<sub-tenant-name>_AccountProfileSee Account profiles.
Recording (quota) profile naming convention
When creating a recording (quota) profile, if the recording profile for the primary tenant is called <primary-tenant-name>_QuotaProfile, a sub-tenant account profile should be named:
<primary-tenant-name>_<sub-tenant-name>_QuotaProfileSee Creating a recording profile.
Setting account and sign-on IDs
When creating an account, the operator's CRM:
Must not set the ID for the account. Instead, it should allow the Account and Device Manager (ADM) to generate the account ID.
Must set the user's email address as the sign-on ID.
Channel lineup
All tenants sharing a deployment also share the same channel lineup.
Content targeting, ad insertion, and blackout are managed via shared account profiles.
See:
Differences between SSP and non-SSP deployments
In deployments that use SSP, the primary tenant's CRM must:
Use CRM Gateway for creating entitlements.
Make two calls for each account management request – one to OPF and one to SSP.
In deployments that do not use SSP, the CRM must:
Send all account management calls to Account and Device Manager (ADM).
Send all entitlement creation requests directly to Rights Manager (RMG).
Use cases
The following use cases are specifically for shared system deployments:
See also
This guide covers the use cases that are specific to a shared system deployment or that are different in such a deployment from in a single-operator deployment.
Other use cases are covered in other sections of the documentation. Important use cases include:
Creating a product:
Creating a product and adding content to it using APIs – see Creating a product and Creating product links.
Creating a product using OpCon – see Products
Managing channels:
Through API calls, see:
In OpCon, see Managing Live channels
Ingesting content and channels – see:
Ingest issues and analytics: