Con9573 managing the oim platform with oracle enterprise manager

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.1

CON9573Managing the Oracle Identity Management Platform with Oracle Enterprise Manager Ravi Meda, Qualcomm, Inc.Nadine Siddell, Qualcomm, Inc.Perren Walker, Oracle


The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.

The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Program Agenda

Enterprise Manager 12c Platform Management– Benefits of Platform Management Approach

– Implementing Enterprise Manager 12c

Qualcomm: Situation, Challenges, Solutions, Results

Management Use-Case

Demonstration


65% 20% 15%

Run theBusiness

Grow theBusiness

Transform theBusiness


Access Request

Certification Review

Help DeskTickets

Access Control

OffBoarding

UserProvisioning

POINT SOLUTIONS

are FRAGMENTEDand DIFFICULT

TO MANAGE On-boarding

ComplianceValidation

End UserExperience

SSO Availability

Service Level Agreements

Change Management

Scalability


Total Cloud Control

Complete Cloud Lifecycle Management

Integrated Cloud Stack Management

Business-Driven Application Management

Self-Service IT Simple and Automated Business Driven | |


Consolidate Management

• Manage IdM and enterprise applications from a single pane of glass:

• Metric Thresholding and Alerting• Service Level Management• Configuration Management• Security & Best Practice Health

Checks

•Identify and resolve IdM problems across the stack•Improved Compliance through role based access.

With a Single Pane of Glass: Enterprise Manager 12c


9

Benefits of the EM12c Platform


Complete and Integrated

Compliance & Security

Better User Experience

A Complete and Integrated Platform Approach for IdM Services and Management

Scalability & Availability

• Risk Based Access

• Oracle Privileged Account

Management

• Compliance Rules &

Compliance Dashboard

• Configuration Change

Tracking

• Role-based access & auditing

• 3x/5x Performance Gain

Optimized on T5 hardware

• 200+ million users on

Exalogic

• 500k+ targets managed in Oracle Public Cloud on Exalogic

• Highly availability and Disaster Recovery Configurations

• Shopping Cart UI

• Easy Customization

• Social Identity Log-in

• Real User Experience

Insight

• Service Level Management

Dashboarding and

Reporting

• User Provisioning & Identity Governance

• Access Management

• Directory Services

• Single Management Dashboard

• Manage IdM application, host, & Oracle Hardware

• Understand Runtime Relationships with Topology Views

Identity AccessManagement


BUSINESS DRIVEN MANAGEMENT WITH EM12C

User Experience Mgmt

Seperate Applicationand Access Problems

MW & DBDiagnostics

Are my customers happy? How is the order intake doing?

Is it an application

problem or SSO?

What is the root cause of the

problem?


BUSINESS REPORTS DASHBOARDS

•Restricted access policy possible• Overview of key reports like Geo location, User Flow completion and KPI results• “Drag and drop”• Can be stored as ‘templates’


Unified IdM Dashboard

Assess Health Across IdM Components– Unified dashboard of status, alerts and

incidents

– Quickly drill down and perform deep target management and diagnostics

Top Utilization by Resource IdM System Management Service Level Management

Health Status at a Glance


Service Level ManagementManage IT from a business perspective

• Model services and underlying systems

• Monitor availability, performance and service level compliance of critical services

• Define SLA compliance as flexible set of objectives on top of a variety of metric indicators

• Proactively monitor end-user experience from remote locations via service tests


Compare IdM ConfigurationsUnderstand differences across environments quickly

• Track IdM configuration changes for diagnostic and regulatory purposes

• Compare latest configurations (e.g. stage vs production)

• Compare latest Identity and Access configuration with previously saved configuration


Enforce Compliance and Security ConfigurationsEnsure compliance to best practices, industry standards

• IdM Specific Compliance Rules• Rules: checks/tests performed against

specific target types

• Standards: collection of rules associated to multiple targets

• Frameworks: conceptual ‘folders’ map standards to real-world structure of compliance frameworks (PCI, COBIT, HIPAA, CIS, etc.)


•When critical errors occur in IAM you can collect diagnostic data and send it to Oracle Support

•Greatly reduces resolution time for external bugs related to IAM Server

Insert Chart Here

Support Workbench & My Oracle SupportStream-line interaction with Oracle Support for IAM issues


Oracle Identity Management

Provisioning & IdentityAdministration

Access Management Directory Services

Oracle Identity Manager

Oracle Access Manager

-Mobile and Social

-Oracle Identity Federation

Oracle Adaptive Access Manager

Oracle Enterprise Single Sign-On

Oracle Web Services Manager

Oracle OpenSSO Secure Token Service

Oracle Internet Directory

Oracle Virtual Directory

Oracle Directory Server Enterprise Edition

Oracle Unified Directory

Management Pack Plus for Identity Management

Manageability

• Automated Discovery of Identity Management Components

• Performance and Availability Monitoring

• Service Level Management

• Configuration Management


19

Implementing EM12c


EM12c Implementation Roadmap

EM12c inProduction

HardwareProcurement

Sizing, Growth &

Architecture

Implementation& Testing


Enterprise Manager 12c Implementation Blueprint

Architecture

Number & Growth rate of:

• Application Targets

• Middleware Targets

• Database Targets

1. High Availability& Load Balancing

2. High Availability + Disaster Recovery

Target Sizing


EM12c Sample Architecture and Sizing

EM 12c Target SizingEM12c Size Agent Count Target CountSmall < 100 < 1000Medium >= 100, < 1000 >= 1000, < 10,000Large >= 1000 >= 10,000

Size

OMS Machine Count*

Cores per OMS

Memory per OMS (GB)

Database Machine Count*

Cores per Database Machine

Memory per Database Machine

Small 1 2 6 1 2 6(GB)Medium 2 4 8 2 (Oracle

RAC)4 8(GB)

Large2 8 16 2 (Oracle

RAC)8 16(GB)

Large4 4 8 2 (Oracle

RAC)8 16(GB)


Improve operations and compliance through role-based access: Passwords are stored in the EM12c key store, not exposed to administratorsIAM, System, NOC and Database administrators get their own logical view restricted to their targets.User and job auditing.

12c Role Based Access, Key Store with Auditing

Centralized Credential Store

EM User1

EM User2

EM Users

Privileges

Jobs, DPs, MEs,Preferred Credentials

Refer to

SSH Keys

Digital

CertKerberos Ticket


24

Qualcomm & Enterprise Manager 12c


Qualcomm Background

CUSTOMER PERSPECTIVE

Oracle Enterprise Manager allows us to delegate varying levels of operational privileges among 24x7 NOC administrators, Identity and Access administers and database administrators. This streamlines operations and internal compliance in response to management incidents on a global 24x7 basis.

COMPANY OVERVIEW• Qualcomm designs, manufactures, and markets digital wireless

telecommunications products and services based on its CDMA and other technologies

• Industry: High Tech Segment: Semiconductors• Employees: 26,000• Revenue: $19.12 billion in FY12

CHALLENGES/OPPORTUNITIES

Provide high IAM & Database SLA levels, monitor and report on them.

NOC operators have restricted delegated privileges to act on alerts and not immediately contact the IAM or Database target administrator as the first response to an incident.

Quickly move from SLA violations to diagnostics and root cause analysis.

SOLUTIONS

Replacing home grown solution OIM for company wide user provisioning and de-provisioning with iPlanet LDAP, AD & Exchange.

Weblogic, Demantra, EBS, SOA Suite, and Agile• Database 1500+ targets• Application • Middleware

RESULTS• Manage OIM, Applications and Database with a

highly available and DR configured Enterprise Manager.

• Improve compliance by giving appropriate management permissions for all internal stakeholders

• Proactive Monitoring & faster time to resolution through the empowerment of NOC operators.


Leader in designing, manufacturing, and marketing digital wireless telecommunications products and services based on its CDMA and other technologies

Provide company-wide user provisioning/de-provisioning with high service levels, service level monitoring and reporting.

Expose management services to Network Operations Center, Database and IAM administrators.

Situation

Qualcomm StreamlinesOperations and Management


Identity and Access Management:

Proactively monitor OIM for SLA performance and outages.

Provide health dash boarding in Qualcomm’s 24x7 NOC and take action based with restricted start/stop role-based access.

IT Governance & compliance and change management.

Best Practice Configuration validation & change management.

From a management perspective:

Provide multiple management views for DBAs, NOC operators, Identity and Access, Application and Middleware Administrators with role based access and auditing.

Enhanced diagnostics with by SLA alerts, root cause analysis and SLA reporting.

Need for scalable, highly available, and multi-site disaster recovery management for packaged applications, middleware, Identity Management and database.

Challenges



SERVICE ORIENTED ARCITECTURE

Enterprise Manager 12c R3 in a highly available and disaster recovery configuration.

Identity and Access Management Oracle Identity Manager 11g.

Oracle Database 11g Internal customers include Oracle

Applications and Databases.

Solutions



The following six steps were used by Qualcomm to configure Enterprise Manager 12c in order to give Identity and Access management permissions to IAM administrators while restricting other targets such as database.

IAM administers and DB administrators have role separation with their targets, however, they are using a single EM infrastructure providing common management services in high availability and disaster recovery configuration.

Configuring EM12c

Steps for Creating EM12c Roles and Groups

1 Create privilege-propagating dynamic group (FMWHOSTS) where membership criteria is: targets on. myhost.qualcomm.com

2 Create privilege-propagating dynamic group (DBHOSTS) where membership criteria is: targets on myhost.qualcomm.com

3 Create role Qualcomm_FMW. Grant this role: Full privilege on FMWHOSTS, View on DBHOSTS

4 Create role Qualcomm_DB. Grant this role: Group Administration, Full privilege on DBHOSTS, View on FMWHOSTS

5 Grant role Qualcomm_FMW to the EM users who are part of the Qualcomm FMW team.

6 Grant role Qualcomm_DB to the EM users who are part of the Qualcomm DB team.


Single day EM12c role configuration, agent deployment, & target discovery.

Improved compliance through streamlined operations allowing NOC,IAM and DB administers role based permission views with the same target.

Faster incident response and resolution through role delegation and operational collaboration.

Results



Nadine SiddellQualcomm

“Oracle Enterprise Manager allows us to improve compliance by delegating varying levels of operational privilege among 24x7 NOC administrators, Identity and Access administrators and Database administrators. This streamlines operations in response to incidents on a global 24x7 basis.”



32

Demonstration


Credits

Special Thanks to:– Babu Rallapalli, Consulting Solutions Architect

Architect Team


Graphic Section Divider




COMPLETE GOVERNANCE

IDENTITY GOVERNANCE

OPERATING SYSTEMS

DIRECTORYSERVICES

APPS

APPLICATIONS

COMMON REPOSITORY

DATABASES SINGLE USERVIEW

ACCESS REQUEST

ENTITLEMENTCATALOG

PRIVILEGEDACCOUNTMANAGEMENT

ACCESS CERTIFICATION

COMPLETE MANAGEMENT

Technology

Con9573 managing the oim platform with oracle enterprise manager