Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Managing Large-Scale Identity Management Deployments - CON8045
Gebhard Herget Bundesagentur fur Arbeit Architect Chirag Andani Vice President, Identity Management Services Perren Walker Senior Principal Product Manager Enterprise Manager
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Program Agenda
1
2
3
Introduction to Oracle Enterprise Manager
User Experience Monitoring & Latency Analysis
Manage By Exception: Proactive Infrastructure Resource & Application Health Alerting
Always on Diagnostics, Configuration Mgt. & Reporting
Product Demonstration
4
4
5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Total Cloud Control
Optimized, Efficient Agile, Automated | |
Expanded Cloud Stack Management
Scalable, Secure
Superior Enterprise-Grade Management
Complete Cloud Lifecycle Management
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 6
Feature EM Fusion Middleware Control EM Cloud Control
Primarily for configuring Identity and Access Management Yes No
Multi-Domain Management No Yes
Middleware and Database System Mgt. (Relationship Topologies) No Yes
On-call schedule based alerting No Yes
Incident Mgt & Helpdesk Integration (Remedy, IBM Tivoli, HP) No Yes
Configuration Compare and Drift Analysis No Yes
Synthetic tests No Yes
Service Level Management No Yes
My Oracle Support Integration & Automatic Service Request No Yes
Metrics (Warning, Critical Alerting, Corrective Actions) Not historical Real time and historical
Base Functionality (Hardware Monitoring, Host Monitoring, ect.) No Yes
Self Service Portal with metering chargeback and reporting No Yes
Hardware Alerts (Temp, Fan, Disk) No Yes
Reporting: vCPU, service levels, top incidents No Yes
Why customers use EMCC in addition to Fusion Middleware Control
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Identity and Access Management
Provisioning & Identity Administration and Governance
Access Management Directory Services
Oracle Identity Manager
Oracle Access Manager
- Mobile and Social
- Oracle Identity Federation
- Secure Token Service
Oracle Adaptive Access Manager
Oracle Web Services Manager
Oracle Internet Directory
Oracle Virtual Directory
Oracle Directory Server Enterprise Edition
Oracle Unified Directory
Management Pack Plus for Identity Management
Manageability
• Automated
Discovery of
Identity
Management
Components
• Performance
and Availability
Monitoring
• Service Level
Management
• Configuration
Management
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 8
Management Pack Plus for Identity Management BUSINESS DRIVEN MANAGEMENT WITH EM12C
User Experience Mgmt
Separate Application and Access Problems
MW, JVM & DB Diagnostics and Configuration Mgt.
Are my customers happy? How are my business processes
doing?
Is it an application problem or SSO?
What is the root cause of the
problem?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Seite 9
Bundesagentur für Arbeit – Who we are
PaaS with OFMW, September 2014, © Bundesagentur für Arbeit
• BA (Bundesagentur für Arbeit) = Federal Employment Agency
– Largest provider of labor market services in Germany – Social insurance, social welfare – Network of more than 700 agencies and branch offices nationwide
• Germany‘s largest governmental authority
– Revenue 2014: 43,30 Billion $
• IT of Bundesagentur für Arbeit
– 160.000 clients, 11.500 self-information-desks – 10.000+ servers – 1.800 locations, 20.000 network-components
• Monthly output
– 50 Million printed pages – 17 million money transfers, 8 Billion Euros – 35 Million Emails
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Seite 10
Bundesagentur für Arbeit - Main Duties
PaaS with OFMW, September 2014, © Bundesagentur für Arbeit
• High degree of visibility due to services for about 80 Mio. customers
– Placement in training places and workplaces
– Vocational guidance
– Employer counselling
– Promotion of vocational training and further training
– Promotion of professional integration of people with disabilities
– Benefits to retain and create workplaces and
– Compensations for reduced income, e.g. unemployment benefit or insolvency payments
– Child benefit
– Largest provider of labor market services in Germany
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Seite 11 PaaS with OFMW, September 2014, © Bundesagentur für Arbeit
• The BA-information technology is the most effective and efficient IT service provider in the public sector
– Fast and flexible implementation of business requirements
– Efficient and effective IT support to the operational segments
– Provision of IT services and services based on SLA
– Ensuring highly available, high-performant IT-Applications
Our Vision and our Strategy
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 12
Management Pack Plus for Identity Management User Experience Monitoring & Latency Analysis
• Manage by exception: Service level testing breaks down end-
user processing time to identify inter-application problems.
Manage Proactively: Infrastructure Resource & Application
Health Alerting
• Receive alerts when critical Oracle Identity Management
resources deviate from normal limits.
Always on Diagnostics, Configuration Mgt. & Reporting
• Use Topologies, JVM, and Database diagnostics to view
service & system dependencies and to perform root cause
analysis. Automate KPI business reports via email.
Manage at Scale: Automate Operational Best Practices
• Enforce Compliance, automate patches, Service Level
Management Dashboards and Reports.
• Enhance Security EM12c Role Based Access, Key Store with
Auditing. Enterprise Manager
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 13
Management Pack Plus for Identity Management Synthetic Test Monitoring
• Include Service Tests for:
• Web Transactions
• LDAP Operations
• Database Connectivity
• Measure bind latency with LDAP operations against OID, ODSEE, OUD or OVD
• Authentication requests using dedicated test users against specific WebGates or Access Gates
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Identity and Access Management Architecture
14
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 15
Management Pack Plus for Identity Management Synthetic Test Monitoring
• The first step in diagnosing problems is checking the recorded service tests.
• Is it a network problem? The problem may be confined to a certain region/beacon
• Which component is the problem related to? Create multiple services tests against IdM platform, application and database
• Monitor from locations that are representative of end-user geography
• Monitor from locations that have experienced the most outages or performance issues
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 16
Management Pack Plus for Identity Management Topology Views
• Use Configuration Topology to view service & system dependencies and to perform root cause analysis. • Automated, daily collection of configuration data • Customize frequency of collection • View metrics and alerts on each topology component
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 17
Management Pack Plus for Identity Management User Experience Monitoring & Latency Analysis
• Manage by exception: Service level testing breaks down end-
user processing time to identify inter-application problems.
Manage Proactively: Infrastructure Resource & Application
Health Alerting
• Receive alerts when critical Oracle Identity Management
resources deviate from normal limits.
Always on Diagnostics, Configuration Mgt. & Reporting
• Use Topologies, JVM, and Database diagnostics to view
service & system dependencies and to perform root cause
analysis. Automate KPI business reports via email.
Manage at Scale: Automate Operational Best Practices
• Enforce Compliance, automate patches, Service Level
Management Dashboards and Reports.
• Enhance Security EM12c Role Based Access, Key Store with
Auditing. Enterprise Manager
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 18
Centralized Mgmt & Out-of-box Monitoring Monitor all applications, all domains from one console
• View of all deployed Identity Management components – including both 10g and 11g components
• Out-of-box regions that display the most critical metrics for each type of component – including OAM, OAAM, ODSEE, OIM, OID, OUD and OVD
•Predefined metrics: •Performance and availability
•Database Performance (OIM, OAM)
•Log file monitoring
•Historical monitoring for trending and
reporting
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 19
Management Pack Plus for Identity Management Performance Monitoring & Diagnostics
• Monitor the health of all critical Oracle Identity Management components.
• Perform historical trending analysis to identify issues or anomalies
• How to set up alerts?
• Use warning/critical thresholds based on metric baselines or internal best practices
• Corrective Actions automate problem response and remediation
• What notification methods to use?
• Email, Helpdesk Systems, SNMP Traps
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 20
• Improve operations and compliance through role-based access:
Passwords are stored in the EM12c key store, not exposed to administrators
IAM, System, NOC and Database administrators get their own logical view restricted to their targets.
User and job auditing.
12c Role Based Access, Key Store with Auditing
Centralized Credential Store
EM User1
EM User2
EM Users
Privileges
Jobs, DPs, MEs, Preferred Credentials
Refer to
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 21
Management Pack Plus for Identity Management User Experience Monitoring & Latency Analysis
• Manage by exception: Service level testing breaks down end-
user processing time to identify inter-application problems.
Manage Proactively: Infrastructure Resource & Application
Health Alerting
• Receive alerts when critical Oracle Identity Management
resources deviate from normal limits.
Always on Diagnostics, Configuration Mgt. & Reporting
• Use Topologies, JVM, and Database diagnostics to view
service & system dependencies and to perform root cause
analysis. Automate KPI business reports via email.
Manage at Scale: Automate Operational Best Practices
• Enforce Compliance, automate patches, Service Level
Management Dashboards and Reports.
• Enhance Security EM12c Role Based Access, Key Store with
Auditing. Enterprise Manager
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Log Viewer Gain access to log files regardless of where they reside
• Access to OIM and OAM log files – active and archived – from single console
• Search and correlate messages across log files based on time, severity or Execution Context ID (ECID)
• When critical errors occur, Support Workbench collects OIM and OAM diagnostic data and simplifies process of sending data to Oracle Support
22
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 23
Management Pack Plus for Identity Management JVM diagnostics: accelerate production problem analysis
• Always on, real-time and historical monitoring and diagnostics
• No application instrumentation or server restarts required
• Complete visibility into the JVM stack heap and threads
• Analyze impact bi-directionally JVM to DB, DB to JVM
• Deploy on any JVM (i.e. Sun, JRockit, IBM)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 24
Management Pack Plus for Identity Management
View Database Performance: •Database growth •Throughput transaction metrics on reads, •Database Writes and commits •DB wait time analysis •View top SQL and their CPU consumption by SQL ID
DB Performance for OIM and OAM
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 25
Management Pack Plus for Identity Management
• Track configuration drift from a gold standard for diagnostic and regulatory purposes
• Supports versioning and comparisons of configuration parameters
• Ensure that configuration settings amongst components are consistent
• Receive notifications on configuration changes
• Compare production and test environments in the event problems are not reproducible.
Configuration Management
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 26
Management Pack Plus for Identity Management User Experience Monitoring & Latency Analysis
• Manage by exception: Service level testing breaks down end-
user processing time to identify inter-application problems.
Manage Proactively: Infrastructure Resource & Application
Health Alerting
• Receive alerts when critical Oracle Identity Management
resources deviate from normal limits.
Always on Diagnostics, Configuration Mgt. & Reporting
• Use Topologies, JVM, and Database diagnostics to view
service & system dependencies and to perform root cause
analysis. Automate KPI business reports via email.
Manage at Scale: Automate Operational Best Practices
• Enforce Compliance, automate patches, Service Level
Management Dashboards and Reports.
• Enhance Security EM12c Role Based Access, Key Store with
Auditing. Enterprise Manager
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Copyright 2010 Oracle Corporation. All rights reserved.
Enterprise IDM Goal for System Availability
• Mandate: 100% Uptime for all Identity Management Solutions
– Fairly seamless Disaster Recovery methodology
– Leverage Global Traffic Manager (GTM) to update the DNS entry of critical VIPs with an IP in DR data center
– Integrate tightly with Oracle Enterprise Manager (OEM) for OOTB monitoring a system-specific Metric Extensions
– Eyes On The Dash model for engineers to be made aware of service-impacting issues as soon as possible
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Copyright 2010 Oracle Corporation. All rights reserved.
EM Dashboard
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Identity Management for Cloud
29
¼ Exadata
+
¼ Exalogic
+
Sun X4170
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Identity Management for Cloud •Shared Identity Management
30
Copyright © 2014, Oracle and/or its affiliates. All rights reserved 31
Management Pack Plus for Identity Management Enforce Compliance for OIM, OAM and OID
• Oracle Identity Manager Compliance
• Rules: checks/tests performed against OIM targets
• Standards: collection of rules associated to multiple targets
• Industry Specific Frameworks: conceptual ‘folders’ map standards to real-world structure of compliance frameworks (PCI, COBIT, HIPAA, CIS, etc.)
• Create user-defined compliance
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 32
Apply Patches to OAM and OIM Automate application of patches to servers across domains
•Search for and download one-off patches, critical patch updates & patchset updates from MOS
•Receive patch recommendations
•Automate applying patches to all servers across multiple domains via Patch Plan
•Eliminate downtime by applying patches in rolling mode (parallel mode also supported)
•Rollback already applied patches in cases where new problems occur
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 33
Management Pack Plus for Identity Management Service Level Management Dashboards and Reports
• Use Service Monitoring Dashboards and Reports to summarize KPI’s and service levels achieved
• Email SLM business availability reports over a variety of historical time periods.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 34
Management Pack Plus for Identity Management BUSINESS DRIVEN MANAGEMENT WITH EM12C
User Experience Mgmt
Separate Application and Access Problems
MW, JVM & DB Diagnostics and Configuration Mgt.
Are my customers happy? How are my business processes
doing?
Is it an application problem or SSO?
What is the root cause of the
problem?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 35
Management Pack Plus for Identity Management Management Pack Plus for Identity Management Benefits
• Automated discovery and tracking of Identity Management configurations
• Reduce mean time to resolution though diagnostics and configuration management
Reduce Costs
• Proactive monitoring of end-user performance and availability
• Monitor key Identity business performance metrics
Improve Service Levels
• Understand impact of Identity Management services on other applications
• Create Service Level Agreements and Dashboard
• Report on SLA’s over time with business reports
Align with Business Demands
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 36
EM12c Demonstration
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 39
Complimentary eBook Register Now
www.mhprofessional.com/mobsec