Keeping user information safe is of utmost priority for any brand or organization. In the Unica family of products, partitions provide a way to secure the data that is associated with different groups of users. When you configure Unica Campaign or a related Unica application to operate with multiple partitions, users can see each partition as a separate instance of the application. There is no indication that other partitions exist on the same computer.
How multiple partitions work?
For the Unica applications that operate with Unica Campaign, you can configure the application within the partitions where you have configured an instance of Unica Campaign. Application users within each partition can access the Unica Campaign functions, data, and customer tables that are configured for Unica Campaign in the same partition.
Multiple partitions are useful for setting up strong security between groups of users because each partition has its own set of Unica Campaign system tables. Multiple partitions cannot be used when groups of users must share data.
Each partition has its own set of configuration settings, and Unica Campaign can be customized for each group of users. However, all partitions share the same installation binaries. With the same binaries for all partitions, you can minimize the installation and upgrade efforts for multiple partitions.
Partition user assignment
Access to partitions is managed through membership in Unica Platform groups. Except for the partition superuser (platform_admin), each HCL user can belong to one partition. A user who requires access to multiple partitions must have a separate user account for each partition.
If there is only one partition, users do not have to be explicitly assigned to that partition to access the Unica Campaign.
Partition data access
In a multi-partition configuration, partitions have the following security characteristics:
- A user cannot access a partition if the user is not a member of a group that is assigned to a partition.
- A user of one partition cannot view or change data in another partition.
- Users cannot navigate the Unica Campaign file system above their partition’s root directory from the browse dialog boxes in the Unica Campaign. For example, if two partitions, named partition1 and partition2, exist, and you belong to the group that is associated with partition1, you cannot navigate the directory structure for partition2 from a dialog box.
How to set up new partitions in HCL Unica Suite?
HCL Unica Campaign and Optimize.
Following steps need to be followed to add a new partition for Unica Campaign and Optimize.
1. Every partition will have its own set of system tables. A separate database (or schema) needs to be created in your system table’s house for the new partition to meet this requirement.
2. Configure JDBC and ODBC (or native connection, whichever is applicable) to access your data source.
3. Run the following scripts to create and populate the system table schema:
NOTE: These are the names of the scripts when Oracle ® is used for System tables. Appropriate scripts need to be selected based on the type of system table.
4. The next task is to create the required folder structure under the partitions directory. For that, the existing folder structure for ‘partition1’ (default created by the installer) can be duplicated. If there are any existing files under any of the sub-folder of ‘partition1’, those files (or sub-folders) should be deleted so that an empty folder structure would be available for a new partition. Consider that you have created ‘partition2’ as a new folder under the partitions directory.
5. Then, the cloning of the default partition has to done using partitionTool utility, which is available under <Platform_Home>/tools/bin. Following is the syntax to execute this utility:
./partitionTool.sh -c -s partition1 -n partition2
Here ‘partition1’ provided along with ‘-s’ is the name of the source partition, and ‘partition2’ provided along with ‘-n’ is the name of the target partition that would be created once cloned.
6. After successful execution of the above command, a restart of the web application server where Unica Platform is deployed. Once restarted, the newly created group (partition2) and admin user (partition2AdminUser) would be visible if logged in using the ‘platform_admin’ user.
7. The next action is to create a partition structure on the ‘Configuration’ page so that administrator can configure a new partition. To do that, the ‘partitionTemplate’ option has to be used. For this, navigate to Campaign ➡️ partitions on the ‘Configuration’ page and then click on ‘partitionTemplate’ as below:
Just in case, if this option is not available, then administrator can use the following command to import the partition template:
configTool.sh(bat) -i -p “Affinium|Campaign|partitions” -f <CAMPAIGN_HOME>/conf/partitionTemplate.xml
8. Once the ‘(partitionTemplate)’ option is clicked, on the right page, you will see partitionTemplate pane with an empty ‘New category name’ field as below, where you will have to provide the name which has been used while creating the empty file system in step 4 and cloning the partition as mentioned in step 5 and then click on ‘Save Changes’:
9. This action will create the new partition structure, with the same categories and properties as in the partition template.
10. The next step is to import the dataSource template(s) which are required to connect the system tables for this newly create partition as below:
./configTool.sh (bat) -i -p “Affinium|Campaign|partitions|partition2|dataSources” -f <CAMPAIGN_HOME>/conf/OracleTemplate.xml
11. Once the required database template is available, the next step is to create a data source for Campaign System tables (UA_SYSTEM_TABLES) for the new partition. In this data source, you should use the new schema where you have run the script outlined in point 2 above. Additionally, the administrator needs to create dataSource(s) for the user tables from where new partition campaigns would source the data.
12. Complete the following actions to set up system users for Unica Campaign for the new partition:
- Use an existing or a new user account created for a new partition to save credentials for the following data sources:
– Campaign system tables
– Customer data mart (user tables)
- If Unica is installed on the non-windows operating system, for the Alternate Login attribute of the system user, enter the UNIX name for a user in a group that shares privileges with the UNIX users of the Unica Campaign.
13. Once all these steps are complete, you can try login in with a user who belongs to the newly created partition (with appropriate privileges to access Campaign for new partition). This user would be able to access Campaign and will be able to perform the activities for this partition based on the access permission it has.
14. Also, perform certain activities in Optimize like the creation of Optimize Session, running the session with the user who belongs to the new partition. You will notice that all the ‘Optimize’ related data is populated in the new partition database (or schema).
HCL Unica Plan
For Unica Plan, multi-partitioning comes into the picture only when Unica Plan is integrated with Unica Campaign. Otherwise, there is no impact. In the case of Plan-Campaign integration, the following configurations need to be done:
1. Login to Unica using ‘platform_admin’ user and navigate to “Affinium|Campaign|partitions|<New_partition_name>|server|internal” and mark ‘MO_UC_integration’ to ‘Yes’ as below:
2. For new partition, separate Project templates (of Campaign type) should be created. While creating those templates, ‘Partition ID’ should the partition ID of newly created partitions like below:
3. This way when, a new project is created using such templates, and when a linked Campaign is created from such a project, that Campaign would be created in a different partition (in ‘partition2’ in this case).
HCL Unica Centralized Offer Management (COM)
When you configure Unica Centralized Offer Management or a related Unica application to operate with multiple partitions, users can see each partition as a separate instance of the application. There is no indication that other partitions exist on the same computer. As Centralized Offer Management modules utilize the same data source as Campaign, there is no requirement of any additional data source to be created to make Centralized Offer Management functional in a multi-partition environment. There are only a few configuration parameters those need to be done to order to enable this.
Following configurations need to be done to enable multi-partition for Centralized Offer Management:
1. Login to Unica using the ‘platform_admin’ user and navigate to “Affinium|Offer|partitions.” At this location, you will find ‘paritionTemplate,’ which is used to add a new partition for Centralized Offer Management.
2. Here, you need to provide ‘New category name,’ which is the name for your new partition like below:
3. Once saved, it will create partition specific configurations for Centralized Offer Management. You will have to navigate to “Affinium|Offer|partitions|partition2|dataSources|UA_SYSTEM_TABLES” to update JndiName and type which is specific to the new partition like below:
4. Next step is to provide the Centralized Offer Management specific roles to users who below to new partition.
5. Once these configurations are done, and roles are given, users belonging to a new partition can log in and create new offer attributes, offer templates and offers for which the data would go into appropriate tables of the new partition.
HCL Unica Deliver
- Each partition requires a separate Unica Hosted Services account and access credentials. So, make sure that you got a separate account for hosted services.
- Create a system user that can access the Unica Deliver system tables that you will create in the Unica Campaign schema for the partition.
- Create a partition in Unica Campaign to operate with the partition that you are creating for Unica Deliver. Note the name of the partition.
- Run the scripts meant to create and populate Unica Deliver system tables. These scripts are available under <CAMPAIGN_HOME>/Deliver/ddl. These should be run against Campaign system tables for this partition.
- To configure multiple partitions in Unica Deliver, you must configure corresponding partitions in Unica Campaign.
Once pre-requisites are complete, you can follow the below steps to enable a new partition for Unica Deliver:
1. Login to Unica using ‘platform_admin’ and navigate to “Affinium|Deliver|partitions.” Here, you will see ‘(partition),’ which is used to create a new partition specific to Deliver:
For ‘New category name,’ provide the name to the new partition for Deliver. Because Unica Deliver operates with Unica Campaign within a specific partition, the Unica Deliver and Unica Campaign partition structures must specify the same name. The partition names must match exactly.
2. Once saved, the configuration structure for the new partition would be created. Then navigate to “Affinium|Deliver|partitions|partition2|hostedAccountInfo”. At the location, change ‘amUserForAcctCredentials’ pointing to an admin user who belongs to a new partition like below:
3. Then navigate to “Affinium|Deliver|partitions|partition2|dataSources|systemTables” and update the highlighted parameters based on your configuration:
4. As Deliver specific configurations are done, you need to enable Unica Deliver for the new Campaign partition. To do that, navigate to “Affinium|Campaign|partitions|partition2|server|internal” and change ‘deliverInstalled’ to ‘yes.’
5. The next step is to update ‘deliverPluginJarFile’ at “Affinium|Campaign|partitions|partition2|Deliver”. The value for this property is the full path to the plugin file (deliverplugin.jar) that operates as the RLU. You can copy the value of this property from your existing partition as well.
6. After you change the Unica Deliver and Unica Campaign configurations, you must restart the Unica Campaign web application server, the Response and Contact Tracker (RCT), and the Unica Campaign listener.
7. To test your newly created partition, run the RLU script provided by Unica Deliver to verify the partition configuration and its connection to HCL Unica. You must also confirm if you can access the mailing interface from the partition.
HCL Unica Interact
The concept of multiple partitions for Unica Interact is a bit different than other Campaign family products. The Unica Interact runtime environment does not support multiple partitions. You cannot configure the Unica Interact runtime environment to work in multiple partitions, nor can one Interact runtime environment work with multiple partitions from a design time.
If you set up multiple partitions with Unica Campaign, you set up multiple partitions for Interact. You must configure each partition in the design-time environment to communicate with a separate Unica Interact runtime environment, including separate Unica Platform and runtime tables. If you set up multiple partitions with Campaign, you must configure each partition to communicate with a separate Interact runtime environment. The following diagram shows multiple partitions configured for Interact:
To enable multi partitions for Interact, the following configuration changes need to be done in Interact Design Time (Campaign) environment:
1. You must manually enable Unica Interact for each partition by setting the ‘interactInstalled’ configuration property at Campaign ➡️ partitions ➡️ partition(n) ➡️ server ➡️ internal➡️
2. Complete the following configuration steps for each partition:
- Configure the test run data source
- Add server group(s)
- Select a server group for interactive flowchart test runs
- Configure the contact and response history module
HCL Unica Journey
Unlike other Unica Campaign family products, Unica Journey is not partition aware. There are no configurations in Journey that needs to be done, but when Campaign with multiple partitions is integrated with Journey and Link, then there are certain configurations those need to be done in Campaign configuration so that all Campaign partitions would be able to communicate with Journey and Link for sending audience related data for further processing. Follow the below steps to achieve this:
1. First step is to enable Link for a new partition. For that, navigate to “Affinium|Campaign|partitions|partition2|server|internal” and change ‘linkInstalled’ to ‘yes.’
2. Navigate to “Affinium|Campaign|partitions|partition2|Link” and perform the configurations as below:
LinkConnectionURL: Link instance URL which will be utilized by a new partition
LinkProjectName: Project name defined in Link
Application: Application name defined in Link
AsmUserForLinkCredentials: New partition admin user which will hold the credentials for Link
DataSourceWithLinkCredentials: DataSource Name created under new partition user to store Link credentials.
LinkSharedLocation: Shared folder where Campaign would send the data
LinkRuntimeServerURL: Link Runtime instance URL
3. Navigate to “Affinium|Campaign|partitions|partition2|Kafka|Journey” and perform the configurations as below:
KafkaBrokerURL: It is the broker URL for Kafka to be used by a new partition
CommunicationMechanism: Communication mechanism to connect to Kafka
UserForKafkaDataSource: New partition admin user which will hold credentials for Kafka instance.
KafkaDataSource: DataSource name to be created under new partition user to store Kafka credentials
4. Create required dataSources as outlined in points 1 and 2.
5. Upon completing these steps, you need to restart your web application server to reflect changes.
Once the above steps are complete, the new partition user would be able to send audience data to Journey (via Journey process box) and to Link (via Link process box). You can reach out to us for any more queries, and we will be happy to help.