1. An Oracle White Paper
Oracle Identity Management Leveraging
Oracle’s Engineered Systems
High Performance, Scalability, Simplified Deployment
2. Oracle Identity Management Leveraging Oracle Engineered Systems
The following is intended to outline our general product direction. It is intended for information purposes
only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making purchasing decisions. The development, release, and
timing of any features or functionality described for Oracle’s products, remains at the sole discretion of
3. Oracle Identity Management Leveraging Oracle Engineered Systems
Executive Overview ............................................................................ 2
Introduction ......................................................................................... 3
Oracle’s Engineered Systems......................................................... 3
Oracle Identity Management........................................................... 4
Oracle Exalogic / Oracle Exadata Benefits ......................................... 5
Installing Oracle Identity Management on Oracle Exalogic ................ 5
250 Million User Benchmark ............................................................... 6
Customer Case Studies ...................................................................... 7
Turkey’s Ministry of Education ........................................................ 7
Western US State ........................................................................... 8
Conclusion .......................................................................................... 9
4. Oracle Identity Management Leveraging Oracle Engineered Systems
Enterprises deploy Information Technology (IT) applications in various ways today. They may
use on-premise physical servers, virtualization, private clouds, public clouds, or a combination
thereof. In all cases, the main goals include improving the ease of application deployment,
increasing system performance, providing security across the enterprise, and ensuring
With an inclusive “in-a-box” strategy, Oracle’s engineered systems combine best-of-breed
hardware and software components with game-changing technical innovations. Designed,
engineered, and tested to work best together, Oracle’s engineered systems power the cloud or
streamline data center operations to make IT deployments more efficient. The components of
Oracle’s engineered systems are preassembled for targeted functionality and then, as a
complete system, optimized for extreme performance, translating into less risk and cost for
your organization. Oracle’s engineered systems integrate seamlessly with existing IT
environments, and provide the kind of customer experience that helps your users do what they
need to do faster, better, and more efficiently.
With Oracle’s engineered systems as the foundation for running your mission-critical
applications, you get fully integrated servers, storage and networking that will save you months
of integrating, testing, and benchmarking time. Oracle’s engineered systems deployment also
gives you the ability to manage the entire system—from applications to servers to storage—
from a single console.
Oracle Identity Management enables organizations to effectively manage the end-to-end
lifecycle of user identities across all enterprise resources, both within and beyond the firewall
and into the cloud. The Oracle Identity Management platform delivers highly scalable solutions
for identity governance, access management, and directory services, helping organizations
strengthen security and capture business opportunities around mobile and social access.
This document presents the business benefits of leveraging Oracle’s engineered systems for
deploying and running Oracle Identity Management.
5. Oracle Identity Management Leveraging Oracle Engineered Systems
This section introduces Oracle’s engineered systems and Oracle Identity Management.
Oracle’s Engineered Systems
Oracle’s engineered systems include the following products, designed for specific purposes:
• Oracle Exadata Database Machine: The only database machine that provides extreme performance
for both data warehousing and online transaction processing (OLTP) applications.
• Oracle Exalogic Elastic Cloud: Designed, optimized, and certified for running Oracle applications
(such as Oracle Identity Management). Exalogic is ideal for mission-critical middleware and
applications from Oracle and third-party vendors. It delivers lower total cost of ownership (TCO),
reduces risk, and offers unprecedented levels of performance, reliability, and scalability.
• Oracle SuperCluster T5-8: A complete engineered system that delivers extreme performance and the
highest availability and efficiency for databases and applications. Oracle SuperCluster T5-8 is ideal
for consolidation and private clouds.
• Oracle Database Appliance: An engineered system of software, servers, storage and networking that
offers a simple, reliable, low-cost package for mid-range database workloads.
• Oracle Exalytics: The first engineered system featuring in-memory software and hardware and an
optimized business intelligence platform with advanced visualization.
• Oracle Big Data Appliance: An engineered system optimized for acquiring, organizing and loading
unstructured data into Oracle Database.
• Oracle’s Sun ZFS Storage Appliances: Provide robust application and data storage for Oracle’s SPARC
SuperCluster and Exalogic Elastic Cloud, and offer immediate benefits for customers using
network-attached storage (NAS) for enterprise applications, virtualization, cloud, storage
consolidation, and data protection.
• Oracle Network Application Platform: An engineered system for carrier-grade application development
that enables network equipment providers and communications service providers to dramatically
improve cost, time to market, and capacity to innovate.
6. Oracle Identity Management Leveraging Oracle Engineered Systems
Oracle Identity Management
Over the last decade, the mission of identity and access management (IAM) has expanded to include a
wide range of business objectives. Whereas early identity systems essentially served to simplify user
account management, organizations are now building IAM functionality into their controls
infrastructure (according to IT market intelligence firm IDC, the IAM market size for 2014 is
estimated at around US$4billion). As applications outgrow traditional network boundaries through
cloud and mobile channels, organizations are using IAM to create a secure, integrated user experience.
The constant specter of insider threats and consumer fraud also necessitates identification-based access
controls throughout the enterprise. IAM systems are now at the backbone of e-government services,
commercial websites, telecommunications networks, social networking, and healthcare information
Figure 1: Oracle Identity and Access Management Logical View
Oracle Identity Management is a fully integrated suite of IAM functionality. Oracle Identity
Management protects enterprise resources and manages the processes acting on those resources.
Oracle Identity Management functionality is delivered as a unified, integrated security services platform
designed to administer user identities, provision resources to users, protect access to corporate
resources, enable trusted online business partnerships, and support governance and compliance across
7. Oracle Identity Management Leveraging Oracle Engineered Systems
This document covers Oracle Identity Management running on Oracle Exalogic and Oracle Exadata.
Please refer to the 250 Million-User Benchmark technical white paper for more technical information
regarding the benchmarking of Oracle Identity Management on Oracle Exalogic and Oracle Exadata.
Oracle Exalogic / Oracle Exadata Benefits
The integrated systems trend is on the rise. According to Gartner, “by 2015, 35 percent of total server
shipped value will be as integrated systems.” (Gartner Data Center Conference presentation, “Will
Fabric Computing Change the Concept of the Traditional Server?” December 2011.)
The extreme performance designed into every Oracle engineered system helps reduce risk and lower
costs in your business. Oracle standardizes components in its engineered systems to reduce your risk
and make tasks—such as software and hardware upgrades—automatic and predictable. Consolidating
resources, whether in the data center or in the cloud, is a way to simplify your IT environment.
One of the key business benefits of Oracle’s engineered systems is the savings you make in operations.
According to Gartner and Crédit Suisse, the enterprise IT budget is typically broken down into
facilities (7%), hardware (10%), software (12%), implementation (31%) and staffing (40%). Oracle’s
engineered systems allow you to cut down on IT costs by 70% in implementation and staffing,
including sizing and deployment planning, installation and configuration, deployment and scaling,
patching and maintenance, and platform administration.
Converged Oracle Identity Management platforms running on Oracle’s engineered systems can
consolidate hundreds of servers into a single “box.” For example, a very large US broadband and
telecommunications company runs 200 Oracle Identity Management servers on Oracle Exalogic.
Installing Oracle Identity Management on Oracle Exalogic
Customers install Oracle Identity Management on Oracle Exalogic in the same way they install other
Oracle applications or middleware components.
Typically, after preparing your data center site, commissioning the Oracle Exalogic machine, providing
initial network configuration (e.g., IP address assignments), and setting up the Sun ZFS Storage 7320
(the initial configuration of the storage appliance in your Oracle Exalogic machine is completed at the
time of manufacturing), you’re ready to install Oracle Identity Management on the Oracle middleware
stack (Oracle Linux 5.5 is preinstalled on each of the compute nodes in your Oracle Exalogic machine).
8. Oracle Identity Management Leveraging Oracle Engineered Systems
Figure 2: Oracle Identity Management on Oracle Exalogic
250 Million User Benchmark
The goal of the 250 million-user benchmark is to demonstrate the ability of a selection of Oracle
Identity Management components to support extreme loads when deployed on Oracle Exalogic and
Oracle Exadata. The Oracle Identity Management components involved in this benchmark are Oracle
Access Manager (OAM), a web single sign-on (SSO) solution, and Oracle Adaptive Access Manager
(OAAM), a strong, multifactor authentication and fraud detection platform, together with Oracle
Internet Directory (OID), one of the LDAP directory servers offered by Oracle with the Oracle
Directory Services platform, used in this case to seed test user data.
The 250 million-user benchmark (1) shows the ability of the environment to support up to 250 million
users (based on specific use cases described in the 250 Million-User Benchmark technical white paper), (2)
demonstrates the scalability of OAM and OAAM on Oracle Exalogic and Oracle Exadata, and (3)
identifies optimal settings for each tier (operating system, middleware, and database) as well as optimal
settings for each Cloud Application Foundation component (Java Virtual Machine, web tier, Oracle
Traffic Director (OTD), OAM, OAAM, OID, and the Oracle Database).
Figure 3: 250M User Benchmark Configuration
The Oracle Exalogic / Oracle Exadata platforms used for this benchmark include an Oracle Exalogic
machine (X3-2 Quarter Rack) and an Oracle Exadata machine (X3-2 Quarter Rack). The Oracle
Exalogic machine comes with 8 compute nodes (Intel Xeon CPU E5-2690; 2x8 cores at 2.90 GHz (or
9. Oracle Identity Management Leveraging Oracle Engineered Systems
a total of 128 compute cores), 256GB of RAM, one ZFS Storage 7320 clustered configuration, and the
high-speed InfiniBand internal network. The Oracle Exadata machine comes with 2 compute nodes
(Intel Xeon CPU E5-2690; 2x8 cores at 2.90 GHz), and three Oracle Exadata storage servers X3-2
with 36 CPU cores for SQL processing.
The benchmark topology is as follows: The OAM and OAAM servers are installed on Oracle Exalogic
nodes. The OAM and OAAM database servers are installed on Oracle Exadata. OID is installed on
Oracle Exalogic nodes, and OID’s database is installed on Oracle Exadata. The web tier including
Oracle HTTP Server (OHS) with OAM’s WebGates (web filters communicating with the OAM server
in the application tier, as shown in Figure 1), and Oracle Traffic Director are on Oracle Exalogic
nodes. The Load Runner Controller used for the benchmark is installed on an external Microsoft
Windows machine, and load generators are installed on miscellaneous external machines.
The benchmark results are indicative of how much performance is gained by running Oracle Identity
Management on Oracle Exalogic / Oracle Exadata. OAM shows extreme performance, linear scale up
and scale out. OAM can support 7.7 million, 12.5 million, and 16.4 million logins per hour with one,
two, and three Oracle Exalogic nodes respectively. OAAM can support up to 12 million transactions
per hour with one Oracle Exalogic node, and 2 Oracle Exalogic nodes can support up to 20 million
transactions per hour.
Customer Case Studies
Following are two examples of customers that have deployed (or are in the process of deploying)
Oracle Identity Management on Oracle Exalogic / Oracle Exadata machines.
Turkey’s Ministry of Education
Turkey has over 25 million children in K-12 public schools. FATIH, a project commissioned by the
Turkish Ministry of Education, is designed to advance the use of modern technology to support
teaching in over 42,000 schools (570,000 classes) throughout Turkey. Technology includes smart
boards, tablets for teachers, rich content, and a central governance structure. Oracle has been chosen
by the Turkish Ministry of Education to provide a solution to identity-related challenges.
Every year more than 2 million students enter the K-12 population, and 2 million students graduate
from the system annually. More than 20 million students go on to the next grade, 2 million of them
move from primary to secondary, and 2 million from secondary to high school thus creating substantial
provisioning challenges. Since most end-users are children, the user experience must be very simple
10. Oracle Identity Management Leveraging Oracle Engineered Systems
(authentication, single sign-on, and credentials management). For a project of this scale (25 million
students), performance and scalability are key factors. Performance requirements are based on specific
use cases. Peaks are expected to happen with a high ratio of the total user population authenticating
and starting single sign-on sessions in very short-time periods.
Similarly, provisioning happens in bulk with almost all the user population seeing annual
“organizational changes” over a few weeks. This includes 10% of the total user population off-
boarding and new users on-boarding within the same time frame. Scalability is important because there
are many potential usage scenarios that will follow, such as parents accessing the resources after school
The FATIH project uses Oracle Access Manager (OAM) for web applications authentication and
single sign-on, and Oracle Identity Manager (OIM) for provisioning and user life cycle management.
User identities are persisted in Oracle Unified Directory (OUD). Performance and scalability
challenges are addressed by running the identity management components on Oracle Exalogic (Oracle
performed a preliminary proof of concept on an Oracle Exalogic system which earned the customer’s
Oracle’s engineered systems are hosted at the Turkish Telekom Datacenter in Ankara. This includes
Oracle Exalogic and Oracle Exadata, in addition to Oracle Exalytics and Oracle Big Data Appliance,
together with a set of machines dedicated to disaster recovery. Running all of the identity management
components on Oracle’s engineered systems has made it possible to have natural load switching: OAM
and OUD are loaded mainly during school time, whereas OIM is loaded during the summer when
OAM/OUD loads are minimal. So, even if all components run on all nodes, the load is naturally
balanced since the OAM-OUD and OIM peak times are different. The most important performance
impact can be observed on connections, for example directory replication sees zero network friction.
The time required to upload directory data from scratch (25 million records in 50 minutes) is almost
the same as the time it takes to replicate the whole directory over to a new directory replica.
Western US State
This western United States state with a potential number of 3M+ users runs its business on Oracle’s
engineered systems. Adding Oracle Identity Management components to the existing stack was a
natural thing to do. Oracle’s engineered systems are hosted on Oracle On Demand (Oracle On
Demand recommends the use of Oracle’s engineered systems). As a result, no customer maintenance
staff is necessary, all Oracle’s engineered systems’ maintenance is provided by Oracle itself.
11. Oracle Identity Management Leveraging Oracle Engineered Systems
The customer uses Oracle Access Manager and Oracle Adaptive Access Manager for access control,
web single sign-on, strong authentication, and fraud detection, and Oracle Identity Manager for user
life cycle management. In addition to Oracle Identity Management components, the customer also uses
Oracle PeopleSoft, Enterprise Resource Planning (ERP) applications, and custom applications, all
running on Oracle’s engineered systems.
In this case, the customer uses Oracle Identity Management to support its Health Information
Exchange (HIE). Oracle Consulting Services (OCS) supported the implementation of the identity
management components. Oracle Identity Management is a solution well suited to support the
customer’s requirements in terms of a very large number of roles and integrated eligibility (e.g., the
legal ability to review others’ medical information).
Oracle engineered systems are optimized to achieve enterprise performance levels that are unmatched
in the industry. Whether it’s consolidating business applications on Oracle Exalogic Elastic Cloud and
database workloads on Oracle Exadata Database Machine, or consolidating workloads from several
machines onto a single system, engineered systems that work faster and that are less expensive just
make good sense. Oracle Identity Management is one example of how Oracle Exalogic and Oracle
Exadata can help support up to 250 million users and show tremendous improvement over traditional
12. Complete and Scalable Access Management
Author: Marc Chanliau
500 Oracle Parkway
Redwood Shores, CA 94065
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the
contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other
warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or
fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are
formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any
means, electronic or mechanical, for any purpose, without our prior written permission.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and
are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are
trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark licensed through X/Open