Con8833 access at scale for hundreds of millions of users final

1

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.

Access at Scale for
Hundreds of Millions of
Users
Venugopal Shastri
Senior Principal Product Manager, IDM
Selva Neelamegam
PMTS, IDM Performance

The following is intended to outline our general product direction. It is intended
for information purposes only, and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or functionality, and should
not be relied upon in making purchasing decisions. The development, release,
and timing of any features or functionality described for Oracle’s products remains
at the sole discretion of Oracle.

3


Program Agenda
 Overview & Key Capabilities
 Architecture & Deployment

 Best Practices
 250 Million User Benchmark

 Customer Panel

4


Overview & Key
Capabilities

5


Why Is Scalability So Crucial For Access?

 Large enterprises with global work-force.
 Massive Internet deployments – E-Commerce, Government Services

etc
 Access is mission-critical. Authentication is often the first, critical step.
 Device Multiplier Effect. Hit the same access infrastructure.
 Enabling social media further increases traffic.

6


Oracle Access Management

ORACLE ACCESS MANAGEMENT 11G
IS THE MOST COMPREHENSIVE AND
SCALABLE ACCESS MANAGEMENT
SOLUTION IN THE MARKET TODAY

7


Access for NextGen Extranet
Federation
& Social
Identity

 Scales to hundreds of millions of

external users
 Ability to secure mobile access for

Mobile
Security

Extranet
User Mgmt

external users
 Support for federated users as well

as leading social providers
 Real-time risk analytics & fraud

prevention
 Light weight user management and

self service

8


Internet
Scalability

Self Service
FOCUS

Architecture & Deployment

9


Architecture & Deployment

 Server infrastructure – 100 % Java Solution
 Deployed on a J2EE Container like Oracle WebLogic Cluster
 Coherence provides distributed caching within a cluster
 Horizontal Scalability achieved via
– Addition of Nodes to the Cluster within a data center
– Multi-data center Deployment

 Tuned and benchmarked on Oracle Exa platform

10


Deployment Overview
Resource

Tries to access

User

Webgates on
webservers
(acting as PEP)

Access Mgmt cluster

Allow
Or
Deny

Stores Audit Info

Audit Logs

Intercepts &
Enforces
Policies

Authenticates against

OAP

User Store

Access Manager Runtime
Servers (acting as PDP)
Reads
Policies

Manages Policies

Administrator

11


Stores Policies

Access Mgmt Admin Server
(acting as PAP)

Policy Store

Deployment Overview – With Mobile
Client Layer
Web Gates

Access Mgmt cluster
Stores Audit Info

Audit Logs
Authenticates against

User Store

Access Manager Runtime
Servers (acting as PDP)
Reads
Policies

OWSM

Mobile
SDK

Stores Policies

Mobile clients accessing same
server infrastructure

12


Access Mgmt Admin Server
(acting as PAP)

Policy Store

Scaling up within a Data Center
Webgate 1

Webgate 2

SDK Client 1

SDK Client 2

...

Client N

Clients

Primary
Server

Secondary
Server

Access Mgmt deployed on a
WebLogic Cluster
Access Mgmt -Node 1

Admin Console on
Admin Server

Access Mgmt -Node 2

Read Policies

...

Access Mgmt -Node N

Authenticate
against

Stores Policies
Policy Store

13


User Store

Scaling up within a Data Center
Webgate 1

Webgate 2

SDK Client 1

SDK Client 2

...

Client N

Clients

Load
Balancer

Access Mgmt deployed on a
WebLogic Cluster
Access Mgmt -Node 1

Admin Console on
Admin Server

Access Mgmt -Node 2

Read Policies

...

Access Mgmt -Node N

Authenticate
against

Stores Policies
Policy Store

14


User Store

Coherence for Distributed Caching
Coherence
 Completely integrated with

Access Management
 Provides high-performance

distributed caching
 Keeps user session data in

sync across cluster nodes

15


Session Management & Performance
Server Session Management

Client Session Management

 Advanced Session Management across nodes
via Coherence-based caching.

 Essentially stateless. Session managed via
browser cookies.

 Excellent Reliable performance

 Higher performance compared to Coherencebased approach. Lightweight.

 Recommended for most deployments,
especially internal ones where rich session
management features are desirable.

16


 May be appropriate for very large internet
deployments where advanced server-side
session management may not be required.

Multi Data Center Deployment - Conceptual
 Supports Active - Active, Active - Passive or Active - Hot Standby

deployments
 Enables seamless User SSO across data centers with session continuity
 Independent but identical WebLogic domains in each data center
 Follows Master-Clone configuration. Policy and configuration changes
synchronized from Master to Clones.
 Behavior is configurable based on Session Adoption Policy
– Re-authentication Required
– Remote Session Invalidation
– On-Demand Session Data Retrieval

17


User 1
(Based in US)

User 2
(Based in Europe)

OAM ID Cookie
Cluster=NYCluster

OAM ID Cookie
Cluster=LonCluster

Global Load Balancer
Active
Active

Access Mgmt Cluster in
New York Data-Center
(Master)

18


Stand-by

Stand-by

Synchronized

London Data-Center
(Clone)

User 1
(Based in US)

GLB routes to London Data-Center
OAM ID Cookie
Cluster=NYCluster
Cluster=LonCluster

User 2
(Based in Europe)
OAM ID Cookie
Cluster=LonCluster

Global Load Balancer

Re-authenticate User ?
New York Data-Center is
overloaded or down

New York Data-Center
(Master)

Back-channel OAP call
Retrieve Remote Session Data ?

Continue if retrieval fails ?
Invalidate Remote Session ?

19


London Data-Center
(Clone)

Multi Data Center Deployment - Detailed

20


Multi Data Center Deployment - Detailed

21


Scaling across Data Centers

22


Best Practices for Large
Deployments

23


Best Practices for Large Deployments
 Modeling resources appropriately
– Use Excluded over Anonymous, HTTP caching directives etc

 Using Agent Caches to improve latency
– 11g Agents significantly improve on 10g

 Ensuring fast network connections between Web, Middleware and Data Tiers
– Scale out requires matching Web Tier scale out and tuning

 Tuning the default Agent and Server settings
– OAP/LDAP Connection Mgmt, Caching

24


Best Practices for Large Deployments
 Follow MAA Deployment Patterns
 Use of Load Balancers for HTTP, OAP and LDAP
– Leverage hardware acceleration of Crypto and SSL, if available

 Leveraging metrics to proactively address issues
– DMS Metrics, EM Grid Control Monitoring

25


250 Million User
Benchmark

26


Benchmark Summary
 Oracle Access Manager (OAM) and Oracle Adaptive Access Manager (OAAM) were

tested to serve extreme loads with 250 million users seeded in the Oracle Internet
Directory (OID) and Oracle Database
 Mid-tiers were deployed on Oracle Exalogic hardware with Oracle Exalogic Elastic Cloud

Software (EECS) and Database on Oracle Exadata hardware.
 Demonstrated the ability of the IDM products to serve extreme loads when deployed on

Exalogic(EL) and Exadata(ED) hardware.
 Identified the scalability characteristics for OAM and OAAM on EL and ED.

27


OAM Test Cases & Topology
Test Cases
 To demonstrate the linear scale out, one, two

and three server tests were run.
 To demonstrate the linear scale up, controlled

tests with 4, 8, 16 physical cores as well as 32
logical cores (16 physical cores with hyperthreading) were run on a single server.

28


OAM Scale Out Benchmark
OAM Login Scale Test

Results
enhancements, OAM showed great performance
and linear scaling on multi EL nodes.
 3 EL nodes can support up to 16.4 Million

Logins/Hour

16.4M

16
Logins/Hour in Millions

 Besides the strong functional improvements and

18

14

12.5M

12
10
8

7.7M

6
4
2

0
One Server

29


Two Server

Three Server

OAM Scale Up Benchmark
Results

2200
2000
1800

available to the operating system on a single
Exalogic server.
 OAM shows a linear scale up in 4, 8,16 and 32*

core testing.

1600
Logins/Seconds

 This test was run by limiting the number of cores

1400
1200

32 Core*

1000

16 Core

800

8 Core

600

4 Core

400
200
0
0

20

40

60
CPU %

* - 16 Physical cores with hyper-threading to 32 Logical cores

30


80

100

OAAM Test Cases & Topology
Test Cases
 To demonstrate the linear scale out, one and two

server tests were run
 Tests were also run with one OAAM server and

two OAAM servers in the same EL node.

31


OAAM Benchmark Results
Results
feature set to help organizations prevent fraud
and misuse, OAAM shows very robust
performance.
 2 EL nodes can support up to 20.6 Million

Transactions/Hour

Transactions / Hour in Millions

 Besides providing an innovative, comprehensive

20.6M
20

18.3M

15
12.3M
11M
10

5

0
1EL - 1OAAM

32


1EL - 2OAAM

2EL - 2OAAM

2EL - 4OAAM

Software
• OS: Oracle Linux Server release 5.8 (Tikanga)
• Exalogic Elastic Cloud Software (EECS) 2.0.4.0.0
• Exalogic Optimized WebLogic Server 10.3.6.0

• JRockit jdk1.6.0_37-R28.2.5-4.1.0
• Oracle Traffic Director (OTD) 11.1.1.7.0
• Oracle Http Server (OHS) 11.1.1.7
• OAM 11.1.2.1
• OAAM 11.1.2.1
• Oracle Internet Directory (OID) 11.1.1.7

33


Hardware
Exalogic (X3-2) - ¼ Rack

Exadata (X3-2) - ¼ Rack

•Eight Compute Nodes (Intel® Xeon® CPU E52690; 2x8 core @ 2.90GHz; 256GB RAM)

•Two Compute Nodes (Intel® Xeon® CPU E5-2690; 2x8 core
@ 2.90GHz; 256GB RAM)
•Total 512GB Memory
•Disk Controller HBA with 512MB Battery Backed Write Cache
•4 x 300 GB 10,000 RPM Disks
•2 x QDR (40Gb/s) Ports
•2 x 10 Gb Ethernet Ports based on the Intel 82599 10GbE
Controller
•3 x Exadata Storage Servers X 3-2 with 36 CPU cores for
SQL processing, 12 x PCI
•flash card with 4.8 TB Exadata Smart Flash Cache and, 36 x
600 GB 15,000 RPM
•High Performance disks or 3 TB High Capacity disks

•Total 128 Compute Cores
•Total 2TB Compute Node Memory
•One ZFS Storage 7320 Clustered Configuration
•High-Speed InfiniBand Internal Network
•42RU Rack Exposure

34


Conclusion
 The OAM & OAAM Scale Up & Scale Out benchmark tests showcased the extreme

scalability and performance over a huge user base of over 250 million users.
 Illustrated the linear scalability characteristics for OAM and OAAM on EL and ED

hardware.

35


Customer Panel Discussion

36


Customer Panel
 Nirmal Rahi
– Solution Architect, College Board

 Chirag Andani
– Senior Director, Identity Management Services, Oracle IT

37


Q&A

38


Oracle Fusion Middleware
Business Innovation Platform for the Enterprise and Cloud
 Complete and Integrated
Web

Social

Mobile

 Best-in-class

User Engagement
Business
Process
Management

 Open standards
Content
Management

Service Integration

Business
Intelligence

Data Integration

Identity Management
Development
Tools

39

Cloud Application
Foundation


Enterprise
Management

 On-premise and Cloud
 Foundation for Oracle Fusion
Applications and Oracle Cloud

Innovation Awards
18 Winners Across Eight Categories

Lam Research Theater (Next to Moscone North)
Session ID: CON8082
Session Title: Oracle Fusion Middleware: Meet This
Year’s Most Impressive Innovators
Venue / Room: YBCA - Lam Research Theater
Date and Time: Monday Sep 23, 4:45 - 5:45 p.m.

40


Join the Oracle IDM Community
Twitter
twitter.com/OracleIDM
Facebook
facebook.com/OracleIDM
Blog
blogs.oracle.com/OracleIDM

oracle.com/identity

41


Don’t miss these IDM Sessions
CON4535

Monday 09/23,
4:45PM

CON8834

Tuesday, 09/24,
3:45PM

CON8837

Wednesday 09/25,
11:45AM

CON8836

Thursday 09/26,
11:00AM

CON9024

Thursday 09/26,
2:00PM

42

Moscone West,
Room 2012

Moscone West,
Room 2018

Moscone West,
Room 2018
Moscone West,
Room 2018

Moscone West,
Room 2018


200M: Real World Large Scale Access
and Directory Deployment at Verizon
Attract new customer and users by
leveraging Bring Your Own Identity
(BYOI)
Leverage Authorization to Monetize
Content and Media Subscriptions
Leveraging the Cloud to simplify your
Identity Management
implementation
Next Generation Optimized Directory
- Oracle Unified Directory

Verizon Wireless

Forest Yin, Oracle

Roger Wigenstam,
Oracle
Guru Shashikumar,
Oracle
Etienne Remillon, Oracle

43


44


Con8833 access at scale for hundreds of millions of users final

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Con8833 access at scale for hundreds of millions of users final

Similar to Con8833 access at scale for hundreds of millions of users final (20)

More from OracleIDM

More from OracleIDM (20)

Recently uploaded

Recently uploaded (20)

Con8833 access at scale for hundreds of millions of users final

Editor's Notes