Hello - I have a requirement where an application wants to store user profile data for an authenticated application. I am analyzing how compliant we are to store this info.
Volume of Data
Users - 50,000
User Type - Health care professional.
User Data - May contain information such as HCP Medical number, medical license number etc. which might be available to public some where but should not be available from our systems.
Fields per user - 20
Possible JCR queries to retrieve data while user accessing application: 5 - 20
When we proposed external database to store this user profile information considering few issues with JCR such as below, I was challenged "why not JCR" when AEM has the capability to store information.
1. Data security. How secure the data in AEM as compared to an external database.
2. Number of queries might slow down the system.
3. Scalability of AEM is costly if application needs system infrastructure to be upgraded due to number of users and JCR queries.
Any guidance and adobe's recommendation would be helpful.
As you have mentioned you can store the user data on AEM as nodes and add the fields as property, but you will need to consider few items before you finalize the approach:
You will be storing HCP information along with PII details.
Ensure your organization has the correct data security policy in place and check the data retention policy.
What is the architecture you have in place, i.e. how many publish instances will be there? If it's 1:1 mapping with 1 publish and 1 dispatcher it will be easier to maintain the data whereas if it's multiple publish insatnces you need to ensure the data is available across all the publish instances and all the instances are in sync. Sticky connection also will be required here during authentication.
The number of queries that you have mentioned should not be an issue here in a large scale application.
We had similar requirement where we wanted to keep HCP information and handle the authentication mechanism and we preferred to use Third party API (OKTA) to manage and handle the data which will be pretty straight forward.