Con9573 managing the oim platform with oracle enterprise manager
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Con9573 managing the oim platform with oracle enterprise manager

on

  • 779 views

Perren Walker (Oracle), Ravi Meda (Qualcomm) & Nadine Siddell (Qualcomm) presentation at OOW2013

Perren Walker (Oracle), Ravi Meda (Qualcomm) & Nadine Siddell (Qualcomm) presentation at OOW2013

Statistics

Views

Total Views
779
Views on SlideShare
779
Embed Views
0

Actions

Likes
0
Downloads
25
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Slide Transition: I.T. budgets tell the same story.In 2012, organizations estimate that they will spend 63 percent of their IT resources to run the business, 21 percent to grow the business, and 16 percent to transform the business. (Source: “IT Metrics: IT Spending and Staffing Report, 2012,” Gartner, 2012.)In other words, businesses are spending four times as much to maintain the status quo as they are to innovate.
  • IDM has only been 10% in enterprises out dated is out dated… tech is unable to meet with the demands of the change and velocity.
  • The problem with Application and Data Security is that it is fragmented:As an example - many organizations will try to lock down root access at the OS level while at the same time granting SQL DBA privileges to developers to access the data base. Most of the audit issues and excessive access is caused by many systems and no automated way to propagate access changes across systems.Example:Lots of first generation identity management solutions or home grown solutions that have stalled or not providing enough coverage. The result is: Poor Reporting and Audit Exposure. It becomes impossible to reconcile who has access to what data and applications without a way to reconcile the information. It hurts forensics since we cant tell which accounts belong to specific users. It Makes the enterprise more vulnerable to breaches Two examples: 1. In the Wiki Leaks Scandal when they examined Bradley Manning’s access they found that his access was excessive and if regular certification reviews were done the excessive access would have been detected.2. Security is about latency of changing access consistently and quickly – and Fragmentation increases the latency of changing access. Most organizations rely on help desks to change access which can take weeks. The UBS banking fraud case describes a rogue inside trader who uses his excessive access to his advantage.The Impact is Missed Opportunities * Without a grasp on security and compliance new business initiatives stall. In many organizations new business initiatives are slowed because they can’t overcome the compliance burdens.
  • What’s so NEW about Oracle’s Cloud Service? We provide a comprehensive, modern approach to cloud applications services that is complete and integrated -not silo’d - so that you can solve end-to-end business problems faster and more effectively, with greater security and control. Leveraging the Oracle Cloud Environment, customers can:  Quickly execute complete and integrated business processes Solve end-to-end business problems, coupled with unified execution, visibility, and control Innovate faster with less risk Role out solutions faster with less burden on IT and accelerate time to value and flexibly responding to changing market conditions Transform user experiences and insight Deliver greater value to their teams and their own customers with advanced, Embedded Business Intelligence, Social capabilities, and enterprise data accessible anywhere, any time, on any device
  • This is how you resolve the issues and answer the business questions:This slide is a focus on the topic to discuss, Oracle APM solutions are based on an integrated, best of breed number of solutions.To ensure you know what problems to investigate you need to figure out what your users are doing, when they hit problems, etc.Once a problem manifests itself you deem important enough you should be able to define what component(s) forms the bottle neck, to do so you need visibility in what services invoked, in what order and what the individual services offer in terms of performance.Finally, if you’ve identified the bottle neck you’ll need deep investigation in both jvm’s and DB.All these processes and capabilities are translated in the products mentioned in this slide.We’ll focus on the first item in this presentation: user experience, though we’ll run through the entirely diagnostics cycle too.
  • Lets take an example of a true business key metrics: did my users complete a pre-defined business flow? Other reports : Where are people coming from? And small top 5-10 lists in usage and performance
  • Slide Transition: Let me tell you about OnStar, a wholly owned subsidiary of General Motors and industry leader in vehicle telematics services. OnStar keeps over six million subscribers safely connected while in their vehicle. Services include automatic crash response, navigation, roadside assistance and hands-free calling. Five years ago, OnStar mapped out ambitious plans to expand into the Chinese market, launch several new services and offer customers more functionality via the Web and mobile devices. In addition, GM decided to offer the OnStar system to retailers and other carmakers. OnStar needed a flexible IT architecture if it was going to deliver this roadmap.
  • Slide Transition: Problem was, OnStar’s IT architecture lacked the necessary flexibility. In the past, whenever IT added a new OnStar service, they had to create an application for it. So, they ended up coding the same basic functionality—of how to contact the vehicle, how to store information about the vehicle, what features were available on the vehicle—over and over again. This meant that system changes were a nightmare. Imagine a new hardware release: every application behind every OnStar service (i.e. emergency services, in-vehicle communication, vehicle diagnostics, security, navigation) had to be manually upgraded to support the new hardware, even if the changes involved the same code in each application.With an average of 36 system releases and 8,000 IT changes per year, OnStar knew it needed to replace the numerous point-to-point interfaces with a more flexible IT infrastructure.
  • Slide Transition: In mid-2007, OnStar’s Chief Architect and his team began a year of planning and designing a new SOA platform.In this platform, what used to be software code -- for storing data and contacting the vehicle – became services that could be reused by multiple systems. OnStar had a longstanding relationship with Oracle, relying on Oracle WebLogic server to run its safety critical services 24 hours a day, 7 days a week, with zero down time in the past 10 years.It’s not surprising then that OnStar chose Oracle SOA Suite to help them bring new services to market faster and connect subscribers in ways they never thought possible. This complete and integrated suite of best-of-breed products included a business rules engine, a BPEL engine, an enterprise service bus, and monitoring and management tools.
  • Slide Transition: The result is that OnStar achieved the goals it set out for itself 5 years ago. Shanghai OnStar, based on Oracle SOA Suite, launched on time in December 2009 and now has 275,000 registered users.The new SOA-based infrastructure has helped OnStar deliver new services to market faster. The company was able to add warranty, wear, and maintenance information to its monthly subscriber emails in just 6 weeks, whereas before this change would have taken 6 months.In fact, IT has reduced application development and deployment costs by 40 percent. In addition, OnStar delivered the first mobile application of its kind in the automotive space and has won several innovation awards. The OnStar Mobile App allows drivers to control vehicle functions such as locking and unlocking doors from their smartphones, and provides them with up-to-date vehicle information such as oil level, tire pressure, fuel level and lifetime miles per gallon.
  • Oracle’s cloud solutions solve the problems with your current environment.Vertically integrated solutionComplete platform, including integration, management and security for cloud, across the complete stack.Complete through the stack, from applications to disk.

Con9573 managing the oim platform with oracle enterprise manager Presentation Transcript

  • 1. 1 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 2. CON9573 Managing the Oracle Identity Management Platform with Oracle Enterprise Manager Ravi Meda, Qualcomm, Inc. Nadine Siddell, Qualcomm, Inc. Perren Walker, Oracle
  • 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle‟s products remains at the sole discretion of Oracle. 3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 4. Program Agenda  Enterprise Manager 12c Platform Management – Benefits of Platform Management Approach – Implementing Enterprise Manager 12c  Qualcomm: Situation, Challenges, Solutions, Results  Management Use-Case  Demonstration 4 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 5. 65% 15% Run the Business 5 20% Grow the Business Transform the Business Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 6. User Provisioning POINT SOLUTIONS are and Change Management Access Control Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Help Desk Tickets Off Boarding SSO Availability Service Level Agreements End User Experience Compliance Validation Certification Review 6 Access Request Scalability On-boarding
  • 7. Total Cloud Control Integrated Cloud Stack Management Complete Cloud Lifecycle Management Self-Service IT 7 | Simple and Automated Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Business-Driven Application Management | Business Driven
  • 8. Consolidate Management With a Single Pane of Glass: Enterprise Manager 12c • Manage IdM and enterprise applications from a single pane of glass: • Metric Thresholding and Alerting • Service Level Management • Configuration Management • Security & Best Practice Health Checks • Identify and resolve IdM problems across the stack • Improved Compliance through role based access. 8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 9. Benefits of the EM12c Platform 9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 10. A Complete and Integrated Platform Approach for IdM Services and Management • Access Management Identity Access Management • 3x/5x Performance Gain • Shopping Cart UI Optimized on T5 hardware • Easy Customization Management • 200+ million users on • Directory Services • Single Management Dashboard • Manage IdM application, host, & Oracle Hardware • Understand Runtime Relationships with Topology Views 10 • Risk Based Access • Oracle Privileged Account • User Provisioning & Identity Governance Copyright © 2013, Oracle and/or its affiliates. All rights reserved. • Social Identity Log-in Exalogic • Compliance Rules & Compliance Dashboard • Configuration Change Tracking • Role-based access & auditing • 500k+ targets managed in Oracle Public Cloud on Exalogic • Highly availability and Disaster Recovery Configurations • Real User Experience Insight • Service Level Management Dashboarding and Reporting
  • 11. BUSINESS DRIVEN MANAGEMENT WITH EM12C Are my customers happy? How is the order intake doing? Is it an application problem or SSO? What is the root cause of the problem? MW & DB Diagnostics Seperate Application and Access Problems User Experience Mgmt 11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 12. BUSINESS REPORTS DASHBOARDS •Restricted access policy possible • Overview of key reports like Geo location, User Flow completion and KPI results • “Drag and drop” • Can be stored as „templates‟ 12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 13. Unified IdM Dashboard Health Status at a Glance  Assess Health Across IdM Components – Unified dashboard of status, alerts and incidents – Quickly drill down and perform deep target management and diagnostics  Top Utilization by Resource  IdM System Management  Service Level Management 13 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 14. Service Level Management Manage IT from a business perspective • Model services and underlying systems • Monitor availability, performance and service level compliance of critical services • Define SLA compliance as flexible set of objectives on top of a variety of metric indicators • Proactively monitor end-user experience from remote locations via service tests 14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 15. Compare IdM Configurations Understand differences across environments quickly • Track IdM configuration changes for diagnostic and regulatory purposes • Compare latest configurations (e.g. stage vs production) • Compare latest Identity and Access configuration with previously saved configuration 15 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 16. Enforce Compliance and Security Configurations Ensure compliance to best practices, industry standards • IdM Specific Compliance Rules • Rules: checks/tests performed against specific target types • Standards: collection of rules associated to multiple targets • Frameworks: conceptual „folders‟ map standards to real-world structure of compliance frameworks (PCI, COBIT, HIPAA, CIS, etc.) 16 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 17. Support Workbench & My Oracle Support Stream-line interaction with Oracle Support for IAM issues •When critical errors occur in IAM you can collect diagnostic data and send it to Oracle Support •Greatly reduces resolution time for external bugs related to IAM Server 17 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 18. Oracle Identity Management Provisioning & Identity Administration Access Management Directory Services Oracle Internet Directory -Mobile and Social Oracle Identity Manager Oracle Access Manager Oracle Virtual Directory -Oracle Identity Federation Oracle Directory Server Enterprise Edition Oracle Adaptive Access Manager Oracle Enterprise Single Sign-On Oracle Unified Directory Oracle Web Services Manager Oracle OpenSSO Secure Token Service Manageability Management Pack Plus for Identity Management 18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. • Automated Discovery of Identity Management Components • Performance and Availability Monitoring • Service Level Management • Configuration Management
  • 19. Implementing EM12c 19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 20. EM12c Implementation Roadmap Sizing, Gro wth & Architecture 20 Hardware Procurement Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Implementation & Testing EM12c in Production
  • 21. Target Sizing Architecture Number & Growth rate of: 1. High Availability & Load Balancing • Application Targets • Middleware Targets • Database Targets 2. High Availability + Disaster Recovery Enterprise Manager 12c Implementation Blueprint 21 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 22. EM12c Sample Architecture and Sizing EM 12c Target Sizing Agent Count < 100 >= 100, < 1000 >= 1000 EM12c Size Small Medium Large Size Small Medium OMS Cores Machine per Count* OMS 1 2 2 4 2 8 4 4 Large Large 22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Target Count < 1000 >= 1000, < 10,000 >= 10,000 Memory Memory Database Cores per per per OMS Machine Database Database (GB) Count* Machine Machine 6 1 2 6(GB) 8 2 (Oracle 4 8(GB) RAC) 16 2 (Oracle 8 16(GB) RAC) 8 2 (Oracle 8 16(GB) RAC)
  • 23. 12c Role Based Access, Key Store with Auditing Improve operations and compliance through rolebased access:  Passwords are stored in EM Users Privileges Jobs, DPs, MEs, Preferred Credentials Refer to the EM12c key store, not exposed to administrators IAM, System, NOC and Database administrators get their own logical view restricted to their targets.  User and job auditing. 23 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. EM User1 EM User2 Centralized Credential Store
  • 24. Qualcomm & Enterprise Manager 12c 24 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 25. Qualcomm Background COMPANY OVERVIEW • Qualcomm designs, manufactures, and markets digital wireless telecommunications products and services based on its CDMA and other technologies • Industry: High Tech Segment: Semiconductors • Employees: 26,000 • Revenue: $19.12 billion in FY12 CHALLENGES/OPPORTUNITIES Provide high IAM & Database SLA levels, monitor and report on them. NOC operators have restricted delegated privileges to act on alerts and not immediately contact the IAM or Database target administrator as the first response to an incident. Quickly move from SLA violations to diagnostics and root cause analysis. SOLUTIONS Replacing home grown solution OIM for company wide user provisioning and de-provisioning with iPlanet LDAP, AD & Exchange. Weblogic, Demantra, EBS, SOA Suite, and Agile •Database 1500+ targets •Application •Middleware 25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. CUSTOMER PERSPECTIVE Oracle Enterprise Manager allows us to delegate varying levels of operational privileges among 24x7 NOC administrators, Identity and Access administers and database administrators. This streamlines operations and internal compliance in response to management incidents on a global 24x7 basis. RESULTS • Manage OIM, Applications and Database with a highly available and DR configured Enterprise Manager. • Improve compliance by giving appropriate management permissions for all internal stakeholders • Proactive Monitoring & faster time to resolution through the empowerment of NOC operators.
  • 26. Qualcomm Streamlines Operations and Management Situation  Leader in designing, manufacturing, and marketing digital wireless telecommunications products and services based on its CDMA and other technologies  Provide company-wide user provisioning/deprovisioning with high service levels, service level monitoring and reporting.  Expose management services to Network Operations Center, Database and IAM administrators. 26 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 27. Qualcomm Streamlines Operations and Management Challenges Identity and Access Management: Proactively monitor OIM for SLA performance and outages. Provide health dash boarding in Qualcomm‟s 24x7 NOC and take action based with restricted start/stop role-based access. IT Governance & compliance and change management. Best Practice Configuration validation & change management. From a management perspective: Provide multiple management views for DBAs, NOC operators, Identity and Access, Application and Middleware Administrators with role based access and auditing. Enhanced diagnostics with by SLA alerts, root cause analysis and SLA reporting. Need for scalable, highly available, and multi-site disaster recovery management for packaged applications, middleware, Identity Management and database. 27 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 28. Qualcomm Streamlines Operations and Management Solutions  Enterprise Manager 12c R3 in a highly available and disaster recovery configuration.  Identity and Access Management Oracle Identity Manager 11g.  Oracle Database 11g  Internal customers include Oracle Applications and Databases. 28 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. SERVICE ORIENTED ARCITECTURE
  • 29. Steps for Creating EM12c Roles and Groups 1 Create privilege-propagating dynamic group (FMWHOSTS) where membership criteria is: targets on. myhost.qualcomm.com 2 Create privilege-propagating dynamic group (DBHOSTS) where membership criteria is: targets on myhost.qualcomm.com 3 Create role Qualcomm_FMW. Grant this role: Full privilege on FMWHOSTS, View on DBHOSTS 4 Create role Qualcomm_DB. Grant this role: Group Administration, Full privilege on DBHOSTS, View on FMWHOSTS 5 Grant role Qualcomm_FMW to the EM users who are part of the Qualcomm FMW team. 6 Grant role Qualcomm_DB to the EM users who are part of the Qualcomm DB team. Configuring EM12c  The following six steps were used by Qualcomm to configure Enterprise Manager 12c in order to give Identity and Access management permissions to IAM administrators while restricting other targets such as database.  IAM administers and DB administrators have role separation with their targets, however, they are using a single EM infrastructure providing common management services in high availability and disaster recovery configuration. 29 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 30. Qualcomm Streamlines Operations and Management Results  Single day EM12c role configuration, agent deployment, & target discovery.  Improved compliance through streamlined operations allowing NOC,IAM and DB administers role based permission views with the same target.  Faster incident response and resolution through role delegation and operational collaboration. 30 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 31. Qualcomm Streamlines Operations and Management “Oracle Enterprise Manager allows us to improve compliance by delegating varying levels of operational privilege among 24x7 NOC administrators, Identity and Access administrators and Database administrators. This streamlines operations in response to incidents on a global 24x7 basis.” Nadine Siddell Qualcomm 31 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 32. Demonstration 32 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 33. Credits Special Thanks to: – Babu Rallapalli, Consulting Solutions Architect Architect Team 33 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 34. Graphic Section Divider 34 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 35. 35 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 36. 36 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 37. GOVERNANCE COMMON REPOSITORY DATABASES DIRECTORY SERVICES ACCESS REQUEST ACCESS CERTIFICATION APPS SINGLE USER VIEW APPLICATIONS ENTITLEMENT CATALOG OPERATING SYSTEMS COMPLETE GOVERNANCE COMPLETE MANAGEMENT 37 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. PRIVILEGED ACCOUNT MANAGEMENT