Journey Manager (JM)
The transaction engine for the platform. |
System Manager / DevOps | All versions
This feature is related to all versions.
Manager has a high volume of user transactions associated with forms and their resources, such as data records and log files. This amounts to significant data even during a rather short period of operation. This can have a detrimental effect on the overall system performance, which, in turn, can negatively impact user experience and various third party integrations. To maintain the system optimal performance over time, Manager provides data storage, retention and purging capabilities that you can adjust according to your company’s data policies. This is instrumental in achieving the following:
Control the growth of database tables
In Manager, the Transaction table is a heavy weight table used to store a lot of information about in progress transactions and is not designed for long term storage. When a transaction is completed an entry is created in the Transaction History table which is designed to provide a long term audit trail. Purging data and records quickly from the Transaction table will help maintain high system performance.
Reduced Exposure of PII
Purge transaction form data which contains sensitive information
If you back up a database that is external to Manager, you must ensure that the back-ups are encrypted and securely stored.
Manager purges the following data:
Transaction data: the forms XML, Data Extracts, Attachments and Receipts. This will include the majority of the users personal information.
Transaction records: the actual record from the Transaction table. The main reason to keep this record in place for short period of time is for troubleshooting.
Transaction history records: the audit log of transaction activities. For systems with high throughput there is a argument for archiving these records for long term storage and purging these records from Manager.
System logs: numerous areas of system logs whose purge time can the controlled separately for troubleshooting purposes.
Manager collects data retention information for each transaction including whether any PII data has been purged or is due to be purged and details about the data retention stage reached in the life cycle of this transaction.
Manager allows you to configure data retention on the global (system), organization and form levels that gives you flexibility in overriding important settings for individual organizations. Let's look at this in more detail.
Global Level
You can define data retention on the global (system) level, which is applicable to an entire server or environment, including all server nodes. This configuration is initially set to default values that depend on your environment’s data retention policy mode: strict or relaxed.
In addition to data retention, you can also configure submission data storage. This means that you can choose how and where submission-related data, such as submission data, attachments and submission history data for saved forms, is stored and retrieved by Manager.
By default, submission-related data is stored in a Manager database. However, it can be configured and changed at runtime as well. The functionality is encapsulated in a set of service definitions of type Submission Data Storage. The storage service that is marked as the default for this service type is used when storing submission data.
The data retention policies you can configure are the maximum age of form submissions in general as well as delivered (including undeliverable) and saved (including abandoned) submission data.
You can also set the data storage encoding for the organization if it is different to the system-wide setting. We recommend that you use the Compressed / Encrypted option for maximum security and minimal storage space requirements. For more information, see File System Submission Data Storage Service.
Finally, for additional security you can set a rollover interval for the security key for the organization. The security key is used by Manager to encrypt submission-related data. All encrypted data is associated with its security key, so data encrypted before a security key change will still be accessible. If you choose a value other than Never, a new security key will be automatically generated by a background job when required.
Manager has two modes of data retention policy, strict and relaxed, that determines the length of time transactional data is retained. The selected policy can be customized at the environment organization, or form levels.
Note
It's recommended to use the strict policy mode, which enforces less transactional, historical and log data retention as opposed to the relaxed policy mode.
Manager uses various scheduled jobs that automatically purge transactions that have reached their maximum age.
The diagram below summarizes all this functionality.
You can check the data retention summary, which is useful for monitoring the overall performance of the data retention management and assists in diagnosing and tuning of any data retention management issues.