Managing Large-Scale Identity Management Deployments - CON8045 Gebhard Herget Bundesagentur fu r Arbeit Architect Chirag Andani Vice President, Identity Management Services Perren Walker Senior Principal Product Manager Enterprise Manager Copyright 2014, Oracle and/or its affiliates. All rights reserved.
Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. Copyright 2014, Oracle and/or its affiliates. All rights reserved.
Program Agenda 1 2 3 4 5 Introduction to Oracle Enterprise Manager User Experience Monitoring & Latency Analysis Manage By Exception: Proactive Infrastructure Resource & Application Health Alerting Always on Diagnostics, Configuration Mgt. & Reporting Product Demonstration Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 4
Total Cloud Control Complete Cloud Lifecycle Management Expanded Cloud Stack Management Superior Enterprise-Grade Management Agile, Automated Optimized, Efficient Scalable, Secure Copyright 2014, Oracle and/or its affiliates. All rights reserved.
Why customers use EMCC in addition to Fusion Middleware Control Feature EM Fusion Middleware Control EM Cloud Control Primarily for configuring Identity and Access Management Yes No Multi-Domain Management No Yes Middleware and Database System Mgt. (Relationship Topologies) No Yes On-call schedule based alerting No Yes Incident Mgt & Helpdesk Integration (Remedy, IBM Tivoli, HP) No Yes Configuration Compare and Drift Analysis No Yes Synthetic tests No Yes Service Level Management No Yes My Oracle Support Integration & Automatic Service Request No Yes Metrics (Warning, Critical Alerting, Corrective Actions) Not historical Real time and historical Base Functionality (Hardware Monitoring, Host Monitoring, ect.) No Yes Self Service Portal with metering chargeback and reporting No Yes Hardware Alerts (Temp, Fan, Disk) No Yes Reporting: vcpu, service levels, top incidents No Yes Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 6
Oracle Identity and Access Management Provisioning & Identity Administration and Governance Oracle Identity Manager Access Management Oracle Access Manager - Mobile and Social - Oracle Identity Federation - Secure Token Service Oracle Adaptive Access Manager Oracle Web Services Manager Directory Services Oracle Internet Directory Oracle Virtual Directory Oracle Directory Server Enterprise Edition Oracle Unified Directory Automated Discovery of Identity Management Components Performance and Availability Monitoring Service Level Management Configuration Management Manageability Management Pack Plus for Identity Management Copyright 2014, Oracle and/or its affiliates. All rights reserved.
Management Pack Plus for Identity Management BUSINESS DRIVEN MANAGEMENT WITH EM12C Are my customers happy? How are my business processes doing? Is it an application problem or SSO? What is the root cause of the problem? User Experience Mgmt Separate Application and Access Problems MW, JVM & DB Diagnostics and Configuration Mgt. Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 8
Bundesagentur für Arbeit Who we are BA (Bundesagentur für Arbeit) = Federal Employment Agency Largest provider of labor market services in Germany Social insurance, social welfare Network of more than 700 agencies and branch offices nationwide Germany s largest governmental authority Revenue 2014: 43,30 Billion $ IT of Bundesagentur für Arbeit 160.000 clients, 11.500 self-information-desks 10.000+ servers 1.800 locations, 20.000 network-components Monthly output 50 Million printed pages 17 million money transfers, 8 Billion Euros 35 Million Emails PaaS with OFMW, September Copyright 2014, Oracle Bundesagentur and/or its affiliates. All für rights Arbeit reserved. Seite 9
Bundesagentur für Arbeit - Main Duties High degree of visibility due to services for about 80 Mio. customers Placement in training places and workplaces Vocational guidance Employer counselling Promotion of vocational training and further training Promotion of professional integration of people with disabilities Benefits to retain and create workplaces and Compensations for reduced income, e.g. unemployment benefit or insolvency payments Child benefit Largest provider of labor market services in Germany PaaS with OFMW, September Copyright 2014, Oracle Bundesagentur and/or its affiliates. All für rights Arbeit reserved. Seite 10
Our Vision and our Strategy The BA-information technology is the most effective and efficient IT service provider in the public sector Fast and flexible implementation of business requirements Efficient and effective IT support to the operational segments Provision of IT services and services based on SLA Ensuring highly available, high-performant IT-Applications PaaS with OFMW, September Copyright 2014, Oracle Bundesagentur and/or its affiliates. All für rights Arbeit reserved. Seite 11
Management Pack Plus for Identity Management User Experience Monitoring & Latency Analysis Manage by exception: Service level testing breaks down enduser processing time to identify inter-application problems. Manage Proactively: Infrastructure Resource & Application Health Alerting Receive alerts when critical Oracle Identity Management resources deviate from normal limits. Always on Diagnostics, Configuration Mgt. & Reporting Use Topologies, JVM, and Database diagnostics to view service & system dependencies and to perform root cause analysis. Automate KPI business reports via email. Manage at Scale: Automate Operational Best Practices Enforce Compliance, automate patches, Service Level Management Dashboards and Reports. Enhance Security EM12c Role Based Access, Key Store with Auditing. Enterprise Manager Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 12
Management Pack Plus for Identity Management Synthetic Test Monitoring Include Service Tests for: Web Transactions LDAP Operations Database Connectivity Measure bind latency with LDAP operations against OID, ODSEE, OUD or OVD Authentication requests using dedicated test users against specific WebGates or Access Gates Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 13
Oracle Identity and Access Management Architecture Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 14
Management Pack Plus for Identity Management Synthetic Test Monitoring The first step in diagnosing problems is checking the recorded service tests. Is it a network problem? The problem may be confined to a certain region/beacon Which component is the problem related to? Create multiple services tests against IdM platform, application and database Monitor from locations that are representative of end-user geography Monitor from locations that have experienced the most outages or performance issues Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 15
Management Pack Plus for Identity Management Topology Views Use Configuration Topology to view service & system dependencies and to perform root cause analysis. Automated, daily collection of configuration data Customize frequency of collection View metrics and alerts on each topology component Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 16
Management Pack Plus for Identity Management User Experience Monitoring & Latency Analysis Manage by exception: Service level testing breaks down enduser processing time to identify inter-application problems. Manage Proactively: Infrastructure Resource & Application Health Alerting Receive alerts when critical Oracle Identity Management resources deviate from normal limits. Always on Diagnostics, Configuration Mgt. & Reporting Use Topologies, JVM, and Database diagnostics to view service & system dependencies and to perform root cause analysis. Automate KPI business reports via email. Manage at Scale: Automate Operational Best Practices Enforce Compliance, automate patches, Service Level Management Dashboards and Reports. Enhance Security EM12c Role Based Access, Key Store with Auditing. Enterprise Manager Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 17
Centralized Mgmt & Out-of-box Monitoring Monitor all applications, all domains from one console View of all deployed Identity Management components including both 10g and 11g components Out-of-box regions that display the most critical metrics for each type of component including OAM, OAAM, ODSEE, OIM, OID, OUD and OVD Predefined metrics: Performance and availability Database Performance (OIM, OAM) Log file monitoring Historical monitoring for trending and reporting Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 18
Management Pack Plus for Identity Management Performance Monitoring & Diagnostics Monitor the health of all critical Oracle Identity Management components. Perform historical trending analysis to identify issues or anomalies How to set up alerts? Use warning/critical thresholds based on metric baselines or internal best practices Corrective Actions automate problem response and remediation What notification methods to use? Email, Helpdesk Systems, SNMP Traps Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 19
12c Role Based Access, Key Store with Auditing Improve operations and compliance through rolebased access: Passwords are stored in the EM12c key store, not exposed to administrators IAM, System, NOC and Database administrators get their own logical view restricted to their targets. User and job auditing. Privileges EM User1 EM User2 EM Users Jobs, DPs, MEs, Preferred Credentials Refer to Centralized Credential Store Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 20
Management Pack Plus for Identity Management User Experience Monitoring & Latency Analysis Manage by exception: Service level testing breaks down enduser processing time to identify inter-application problems. Manage Proactively: Infrastructure Resource & Application Health Alerting Receive alerts when critical Oracle Identity Management resources deviate from normal limits. Always on Diagnostics, Configuration Mgt. & Reporting Use Topologies, JVM, and Database diagnostics to view service & system dependencies and to perform root cause analysis. Automate KPI business reports via email. Manage at Scale: Automate Operational Best Practices Enforce Compliance, automate patches, Service Level Management Dashboards and Reports. Enhance Security EM12c Role Based Access, Key Store with Auditing. Enterprise Manager Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 21
Log Viewer Gain access to log files regardless of where they reside Access to OIM and OAM log files active and archived from single console Search and correlate messages across log files based on time, severity or Execution Context ID (ECID) When critical errors occur, Support Workbench collects OIM and OAM diagnostic data and simplifies process of sending data to Oracle Support Copyright 2014, Oracle and/or its affiliates. All rights reserved. 22
Management Pack Plus for Identity Management JVM diagnostics: accelerate production problem analysis Always on, real-time and historical monitoring and diagnostics No application instrumentation or server restarts required Complete visibility into the JVM stack heap and threads Analyze impact bi-directionally JVM to DB, DB to JVM Deploy on any JVM (i.e. Sun, JRockit, IBM) Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 23
Management Pack Plus for Identity Management DB Performance for OIM and OAM View Database Performance: Database growth Throughput transaction metrics on reads, Database Writes and commits DB wait time analysis View top SQL and their CPU consumption by SQL ID Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 24
Management Pack Plus for Identity Management Configuration Management Track configuration drift from a gold standard for diagnostic and regulatory purposes Supports versioning and comparisons of configuration parameters Ensure that configuration settings amongst components are consistent Receive notifications on configuration changes Compare production and test environments in the event problems are not reproducible. Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 25
Management Pack Plus for Identity Management User Experience Monitoring & Latency Analysis Manage by exception: Service level testing breaks down enduser processing time to identify inter-application problems. Manage Proactively: Infrastructure Resource & Application Health Alerting Receive alerts when critical Oracle Identity Management resources deviate from normal limits. Always on Diagnostics, Configuration Mgt. & Reporting Use Topologies, JVM, and Database diagnostics to view service & system dependencies and to perform root cause analysis. Automate KPI business reports via email. Manage at Scale: Automate Operational Best Practices Enforce Compliance, automate patches, Service Level Management Dashboards and Reports. Enhance Security EM12c Role Based Access, Key Store with Auditing. Enterprise Manager Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 26
Enterprise IDM Goal for System Availability Mandate: 100% Uptime for all Identity Management Solutions Fairly seamless Disaster Recovery methodology Leverage Global Traffic Manager (GTM) to update the DNS entry of critical VIPs with an IP in DR data center Integrate tightly with Oracle Enterprise Manager (OEM) for OOTB monitoring a system-specific Metric Extensions Eyes On The Dash model for engineers to be made aware of service-impacting issues as soon as possible Copyright 2014, Oracle and/or its affiliates. All rights reserved. Copyright 2010 Oracle Corporation. All rights reserved.
EM Dashboard Copyright 2014, Oracle and/or its affiliates. All rights reserved. Copyright 2010 Oracle Corporation. All rights reserved.
Identity Management for Cloud + + ¼ Exadata ¼ Exalogic Sun X4170 29 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted
Identity Management for Cloud Shared Identity Management 30 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted
Management Pack Plus for Identity Management Enforce Compliance for OIM, OAM and OID Oracle Identity Manager Compliance Rules: checks/tests performed against OIM targets Standards: collection of rules associated to multiple targets Industry Specific Frameworks: conceptual folders map standards to real-world structure of compliance frameworks (PCI, COBIT, HIPAA, CIS, etc.) Create user-defined compliance Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 31
Apply Patches to OAM and OIM Automate application of patches to servers across domains Search for and download one-off patches, critical patch updates & patchset updates from MOS Receive patch recommendations Automate applying patches to all servers across multiple domains via Patch Plan Eliminate downtime by applying patches in rolling mode (parallel mode also supported) Rollback already applied patches in cases where new problems occur Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 32
Management Pack Plus for Identity Management Service Level Management Dashboards and Reports Use Service Monitoring Dashboards and Reports to summarize KPI s and service levels achieved Email SLM business availability reports over a variety of historical time periods. Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 33
Management Pack Plus for Identity Management BUSINESS DRIVEN MANAGEMENT WITH EM12C Are my customers happy? How are my business processes doing? Is it an application problem or SSO? What is the root cause of the problem? User Experience Mgmt Separate Application and Access Problems MW, JVM & DB Diagnostics and Configuration Mgt. Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 34
Management Pack Plus for Identity Management Management Pack Plus for Identity Management Benefits Reduce Costs Automated discovery and tracking of Identity Management configurations Reduce mean time to resolution though diagnostics and configuration management Improve Service Levels Proactive monitoring of end-user performance and availability Monitor key Identity business performance metrics Align with Business Demands Understand impact of Identity Management services on other applications Create Service Level Agreements and Dashboard Report on SLA s over time with business reports Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 35
EM12c Demonstration 36 Copyright 2014, Oracle and/or its affiliates. All rights reserved.
Copyright 2014, Oracle and/or its affiliates. All rights reserved.
Complimentary ebook Register Now www.mhprofessional.com/mobsec Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 39