Managing Large-Scale Identity - Oracle€¦ · – Integrate tightly with Oracle Enterprise Manager (OEM) for OOTB monitoring a system-specific Metric Extensions – Eyes On The Dash

Managing Large-Scale Identity Management Deployments - CON8045

Gebhard Herget Bundesagentur fur Arbeit Architect Chirag Andani Vice President, Identity Management Services Perren Walker Senior Principal Product Manager Enterprise Manager

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

https://oracleus.activeevents.com/2014/content/sessionDetail.do?SESSION_ID=8045








Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Program Agenda

1

2

3

Introduction to Oracle Enterprise Manager

User Experience Monitoring & Latency Analysis

Manage By Exception: Proactive Infrastructure Resource & Application Health Alerting

Always on Diagnostics, Configuration Mgt. & Reporting

Product Demonstration

4

4

5


Total Cloud Control

Optimized, Efficient Agile, Automated | |

Expanded Cloud Stack Management

Scalable, Secure

Superior Enterprise-Grade Management

Complete Cloud Lifecycle Management

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 6

Feature EM Fusion Middleware Control EM Cloud Control

Primarily for configuring Identity and Access Management Yes No

Multi-Domain Management No Yes

Middleware and Database System Mgt. (Relationship Topologies) No Yes

On-call schedule based alerting No Yes

Incident Mgt & Helpdesk Integration (Remedy, IBM Tivoli, HP) No Yes

Configuration Compare and Drift Analysis No Yes

Synthetic tests No Yes

Service Level Management No Yes

My Oracle Support Integration & Automatic Service Request No Yes

Metrics (Warning, Critical Alerting, Corrective Actions) Not historical Real time and historical

Base Functionality (Hardware Monitoring, Host Monitoring, ect.) No Yes

Self Service Portal with metering chargeback and reporting No Yes

Hardware Alerts (Temp, Fan, Disk) No Yes

Reporting: vCPU, service levels, top incidents No Yes

Why customers use EMCC in addition to Fusion Middleware Control


Oracle Identity and Access Management

Provisioning & Identity Administration and Governance

Access Management Directory Services

Oracle Identity Manager

Oracle Access Manager

- Mobile and Social

- Oracle Identity Federation

- Secure Token Service

Oracle Adaptive Access Manager

Oracle Web Services Manager

Oracle Internet Directory

Oracle Virtual Directory

Oracle Directory Server Enterprise Edition

Oracle Unified Directory

Management Pack Plus for Identity Management

Manageability

• Automated

Discovery of

Identity

Management

Components

• Performance

and Availability

Monitoring

• Service Level

Management

• Configuration

Management


Management Pack Plus for Identity Management BUSINESS DRIVEN MANAGEMENT WITH EM12C

User Experience Mgmt

Separate Application and Access Problems

MW, JVM & DB Diagnostics and Configuration Mgt.

Are my customers happy? How are my business processes

doing?

Is it an application problem or SSO?

What is the root cause of the

problem?

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Seite 9

Bundesagentur für Arbeit – Who we are

PaaS with OFMW, September 2014, © Bundesagentur für Arbeit

• BA (Bundesagentur für Arbeit) = Federal Employment Agency

– Largest provider of labor market services in Germany – Social insurance, social welfare – Network of more than 700 agencies and branch offices nationwide

• Germany‘s largest governmental authority

– Revenue 2014: 43,30 Billion $

• IT of Bundesagentur für Arbeit

– 160.000 clients, 11.500 self-information-desks – 10.000+ servers – 1.800 locations, 20.000 network-components

• Monthly output

– 50 Million printed pages – 17 million money transfers, 8 Billion Euros – 35 Million Emails

//upload.wikimedia.org/wikipedia/commons/0/0d/Germany_location_map.svg

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Seite 10

Bundesagentur für Arbeit - Main Duties

PaaS with OFMW, September 2014, © Bundesagentur für Arbeit

• High degree of visibility due to services for about 80 Mio. customers

– Placement in training places and workplaces

– Vocational guidance

– Employer counselling

– Promotion of vocational training and further training

– Promotion of professional integration of people with disabilities

– Benefits to retain and create workplaces and

– Compensations for reduced income, e.g. unemployment benefit or insolvency payments

– Child benefit

– Largest provider of labor market services in Germany

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Seite 11 PaaS with OFMW, September 2014, © Bundesagentur für Arbeit

• The BA-information technology is the most effective and efficient IT service provider in the public sector

– Fast and flexible implementation of business requirements

– Efficient and effective IT support to the operational segments

– Provision of IT services and services based on SLA

– Ensuring highly available, high-performant IT-Applications

Our Vision and our Strategy


Management Pack Plus for Identity Management User Experience Monitoring & Latency Analysis

• Manage by exception: Service level testing breaks down end-

user processing time to identify inter-application problems.

Manage Proactively: Infrastructure Resource & Application

Health Alerting

• Receive alerts when critical Oracle Identity Management

resources deviate from normal limits.


• Use Topologies, JVM, and Database diagnostics to view

service & system dependencies and to perform root cause

analysis. Automate KPI business reports via email.

Manage at Scale: Automate Operational Best Practices

• Enforce Compliance, automate patches, Service Level

Management Dashboards and Reports.

• Enhance Security EM12c Role Based Access, Key Store with

Auditing. Enterprise Manager


Management Pack Plus for Identity Management Synthetic Test Monitoring

• Include Service Tests for:

• Web Transactions

• LDAP Operations

• Database Connectivity

• Measure bind latency with LDAP operations against OID, ODSEE, OUD or OVD

• Authentication requests using dedicated test users against specific WebGates or Access Gates


Oracle Identity and Access Management Architecture

14


Management Pack Plus for Identity Management Synthetic Test Monitoring

• The first step in diagnosing problems is checking the recorded service tests.

• Is it a network problem? The problem may be confined to a certain region/beacon

• Which component is the problem related to? Create multiple services tests against IdM platform, application and database

• Monitor from locations that are representative of end-user geography

• Monitor from locations that have experienced the most outages or performance issues


Management Pack Plus for Identity Management Topology Views

• Use Configuration Topology to view service & system dependencies and to perform root cause analysis. • Automated, daily collection of configuration data • Customize frequency of collection • View metrics and alerts on each topology component






Health Alerting













Centralized Mgmt & Out-of-box Monitoring Monitor all applications, all domains from one console

• View of all deployed Identity Management components – including both 10g and 11g components

• Out-of-box regions that display the most critical metrics for each type of component – including OAM, OAAM, ODSEE, OIM, OID, OUD and OVD

•Predefined metrics: •Performance and availability

•Database Performance (OIM, OAM)

•Log file monitoring

•Historical monitoring for trending and

reporting


Management Pack Plus for Identity Management Performance Monitoring & Diagnostics

• Monitor the health of all critical Oracle Identity Management components.

• Perform historical trending analysis to identify issues or anomalies

• How to set up alerts?

• Use warning/critical thresholds based on metric baselines or internal best practices

• Corrective Actions automate problem response and remediation

• What notification methods to use?

• Email, Helpdesk Systems, SNMP Traps


• Improve operations and compliance through role-based access:

Passwords are stored in the EM12c key store, not exposed to administrators

IAM, System, NOC and Database administrators get their own logical view restricted to their targets.

User and job auditing.

12c Role Based Access, Key Store with Auditing

Centralized Credential Store

EM User1

EM User2

EM Users

Privileges

Jobs, DPs, MEs, Preferred Credentials

Refer to






Health Alerting













Log Viewer Gain access to log files regardless of where they reside

• Access to OIM and OAM log files – active and archived – from single console

• Search and correlate messages across log files based on time, severity or Execution Context ID (ECID)

• When critical errors occur, Support Workbench collects OIM and OAM diagnostic data and simplifies process of sending data to Oracle Support

22


Management Pack Plus for Identity Management JVM diagnostics: accelerate production problem analysis

• Always on, real-time and historical monitoring and diagnostics

• No application instrumentation or server restarts required

• Complete visibility into the JVM stack heap and threads

• Analyze impact bi-directionally JVM to DB, DB to JVM

• Deploy on any JVM (i.e. Sun, JRockit, IBM)



View Database Performance: •Database growth •Throughput transaction metrics on reads, •Database Writes and commits •DB wait time analysis •View top SQL and their CPU consumption by SQL ID

DB Performance for OIM and OAM



• Track configuration drift from a gold standard for diagnostic and regulatory purposes

• Supports versioning and comparisons of configuration parameters

• Ensure that configuration settings amongst components are consistent

• Receive notifications on configuration changes

• Compare production and test environments in the event problems are not reproducible.

Configuration Management






Health Alerting












Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Copyright 2010 Oracle Corporation. All rights reserved.

Enterprise IDM Goal for System Availability

• Mandate: 100% Uptime for all Identity Management Solutions

– Fairly seamless Disaster Recovery methodology

– Leverage Global Traffic Manager (GTM) to update the DNS entry of critical VIPs with an IP in DR data center

– Integrate tightly with Oracle Enterprise Manager (OEM) for OOTB monitoring a system-specific Metric Extensions

– Eyes On The Dash model for engineers to be made aware of service-impacting issues as soon as possible

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Copyright 2010 Oracle Corporation. All rights reserved.

EM Dashboard


Identity Management for Cloud

29

¼ Exadata

+

¼ Exalogic

+

Sun X4170


Identity Management for Cloud •Shared Identity Management

30

Copyright © 2014, Oracle and/or its affiliates. All rights reserved 31

Management Pack Plus for Identity Management Enforce Compliance for OIM, OAM and OID

• Oracle Identity Manager Compliance

• Rules: checks/tests performed against OIM targets

• Standards: collection of rules associated to multiple targets

• Industry Specific Frameworks: conceptual ‘folders’ map standards to real-world structure of compliance frameworks (PCI, COBIT, HIPAA, CIS, etc.)

• Create user-defined compliance


Apply Patches to OAM and OIM Automate application of patches to servers across domains

•Search for and download one-off patches, critical patch updates & patchset updates from MOS

•Receive patch recommendations

•Automate applying patches to all servers across multiple domains via Patch Plan

•Eliminate downtime by applying patches in rolling mode (parallel mode also supported)

•Rollback already applied patches in cases where new problems occur


Management Pack Plus for Identity Management Service Level Management Dashboards and Reports

• Use Service Monitoring Dashboards and Reports to summarize KPI’s and service levels achieved

• Email SLM business availability reports over a variety of historical time periods.


Management Pack Plus for Identity Management BUSINESS DRIVEN MANAGEMENT WITH EM12C

User Experience Mgmt

Separate Application and Access Problems

MW, JVM & DB Diagnostics and Configuration Mgt.

Are my customers happy? How are my business processes

doing?

Is it an application problem or SSO?

What is the root cause of the

problem?


Management Pack Plus for Identity Management Management Pack Plus for Identity Management Benefits

• Automated discovery and tracking of Identity Management configurations

• Reduce mean time to resolution though diagnostics and configuration management

Reduce Costs

• Proactive monitoring of end-user performance and availability

• Monitor key Identity business performance metrics

Improve Service Levels

• Understand impact of Identity Management services on other applications

• Create Service Level Agreements and Dashboard

• Report on SLA’s over time with business reports

Align with Business Demands

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 36

EM12c Demonstration



Complimentary eBook Register Now

www.mhprofessional.com/mobsec

http://www.mhprofessional.com/mobsec

Documents

Managing Large-Scale Identity - Oracle€¦ · – Integrate tightly with Oracle Enterprise Manager (OEM) for OOTB monitoring a system-specific Metric Extensions – Eyes On The Dash