Oracle Identity Management Leveraging Oracle’s Engineered Systems


Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Oracle Identity Management Leveraging Oracle’s Engineered Systems

  1. 1. An Oracle White Paper August 2013 Oracle Identity Management Leveraging Oracle’s Engineered Systems High Performance, Scalability, Simplified Deployment
  2. 2. Oracle Identity Management Leveraging Oracle Engineered Systems Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products, remains at the sole discretion of Oracle.
  3. 3. Oracle Identity Management Leveraging Oracle Engineered Systems Executive Overview ............................................................................ 2   Introduction ......................................................................................... 3   Oracle’s Engineered Systems......................................................... 3   Oracle Identity Management........................................................... 4   Oracle Exalogic / Oracle Exadata Benefits ......................................... 5   Installing Oracle Identity Management on Oracle Exalogic ................ 5   250 Million User Benchmark ............................................................... 6   Customer Case Studies ...................................................................... 7   Turkey’s Ministry of Education ........................................................ 7   Western US State ........................................................................... 8   Conclusion .......................................................................................... 9  
  4. 4. Oracle Identity Management Leveraging Oracle Engineered Systems 2 Executive Overview Enterprises deploy Information Technology (IT) applications in various ways today. They may use on-premise physical servers, virtualization, private clouds, public clouds, or a combination thereof. In all cases, the main goals include improving the ease of application deployment, increasing system performance, providing security across the enterprise, and ensuring contained costs. With an inclusive “in-a-box” strategy, Oracle’s engineered systems combine best-of-breed hardware and software components with game-changing technical innovations. Designed, engineered, and tested to work best together, Oracle’s engineered systems power the cloud or streamline data center operations to make IT deployments more efficient. The components of Oracle’s engineered systems are preassembled for targeted functionality and then, as a complete system, optimized for extreme performance, translating into less risk and cost for your organization. Oracle’s engineered systems integrate seamlessly with existing IT environments, and provide the kind of customer experience that helps your users do what they need to do faster, better, and more efficiently. With Oracle’s engineered systems as the foundation for running your mission-critical applications, you get fully integrated servers, storage and networking that will save you months of integrating, testing, and benchmarking time. Oracle’s engineered systems deployment also gives you the ability to manage the entire system—from applications to servers to storage— from a single console. Oracle Identity Management enables organizations to effectively manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall and into the cloud. The Oracle Identity Management platform delivers highly scalable solutions for identity governance, access management, and directory services, helping organizations strengthen security and capture business opportunities around mobile and social access. This document presents the business benefits of leveraging Oracle’s engineered systems for deploying and running Oracle Identity Management.
  5. 5. Oracle Identity Management Leveraging Oracle Engineered Systems 3 Introduction This section introduces Oracle’s engineered systems and Oracle Identity Management. Oracle’s Engineered Systems Oracle’s engineered systems include the following products, designed for specific purposes: • Oracle Exadata Database Machine: The only database machine that provides extreme performance for both data warehousing and online transaction processing (OLTP) applications. • Oracle Exalogic Elastic Cloud: Designed, optimized, and certified for running Oracle applications (such as Oracle Identity Management). Exalogic is ideal for mission-critical middleware and applications from Oracle and third-party vendors. It delivers lower total cost of ownership (TCO), reduces risk, and offers unprecedented levels of performance, reliability, and scalability. • Oracle SuperCluster T5-8: A complete engineered system that delivers extreme performance and the highest availability and efficiency for databases and applications. Oracle SuperCluster T5-8 is ideal for consolidation and private clouds. • Oracle Database Appliance: An engineered system of software, servers, storage and networking that offers a simple, reliable, low-cost package for mid-range database workloads. • Oracle Exalytics: The first engineered system featuring in-memory software and hardware and an optimized business intelligence platform with advanced visualization. • Oracle Big Data Appliance: An engineered system optimized for acquiring, organizing and loading unstructured data into Oracle Database. • Oracle’s Sun ZFS Storage Appliances: Provide robust application and data storage for Oracle’s SPARC SuperCluster and Exalogic Elastic Cloud, and offer immediate benefits for customers using network-attached storage (NAS) for enterprise applications, virtualization, cloud, storage consolidation, and data protection. • Oracle Network Application Platform: An engineered system for carrier-grade application development that enables network equipment providers and communications service providers to dramatically improve cost, time to market, and capacity to innovate.
  6. 6. Oracle Identity Management Leveraging Oracle Engineered Systems 4 Oracle Identity Management Over the last decade, the mission of identity and access management (IAM) has expanded to include a wide range of business objectives. Whereas early identity systems essentially served to simplify user account management, organizations are now building IAM functionality into their controls infrastructure (according to IT market intelligence firm IDC, the IAM market size for 2014 is estimated at around US$4billion). As applications outgrow traditional network boundaries through cloud and mobile channels, organizations are using IAM to create a secure, integrated user experience. The constant specter of insider threats and consumer fraud also necessitates identification-based access controls throughout the enterprise. IAM systems are now at the backbone of e-government services, commercial websites, telecommunications networks, social networking, and healthcare information exchanges. Figure 1: Oracle Identity and Access Management Logical View Oracle Identity Management is a fully integrated suite of IAM functionality. Oracle Identity Management protects enterprise resources and manages the processes acting on those resources. Oracle Identity Management functionality is delivered as a unified, integrated security services platform designed to administer user identities, provision resources to users, protect access to corporate resources, enable trusted online business partnerships, and support governance and compliance across the enterprise.
  7. 7. Oracle Identity Management Leveraging Oracle Engineered Systems 5 This document covers Oracle Identity Management running on Oracle Exalogic and Oracle Exadata. Please refer to the 250 Million-User Benchmark technical white paper for more technical information regarding the benchmarking of Oracle Identity Management on Oracle Exalogic and Oracle Exadata. Oracle Exalogic / Oracle Exadata Benefits The integrated systems trend is on the rise. According to Gartner, “by 2015, 35 percent of total server shipped value will be as integrated systems.” (Gartner Data Center Conference presentation, “Will Fabric Computing Change the Concept of the Traditional Server?” December 2011.) The extreme performance designed into every Oracle engineered system helps reduce risk and lower costs in your business. Oracle standardizes components in its engineered systems to reduce your risk and make tasks—such as software and hardware upgrades—automatic and predictable. Consolidating resources, whether in the data center or in the cloud, is a way to simplify your IT environment. One of the key business benefits of Oracle’s engineered systems is the savings you make in operations. According to Gartner and Crédit Suisse, the enterprise IT budget is typically broken down into facilities (7%), hardware (10%), software (12%), implementation (31%) and staffing (40%). Oracle’s engineered systems allow you to cut down on IT costs by 70% in implementation and staffing, including sizing and deployment planning, installation and configuration, deployment and scaling, patching and maintenance, and platform administration. Converged Oracle Identity Management platforms running on Oracle’s engineered systems can consolidate hundreds of servers into a single “box.” For example, a very large US broadband and telecommunications company runs 200 Oracle Identity Management servers on Oracle Exalogic. Installing Oracle Identity Management on Oracle Exalogic Customers install Oracle Identity Management on Oracle Exalogic in the same way they install other Oracle applications or middleware components. Typically, after preparing your data center site, commissioning the Oracle Exalogic machine, providing initial network configuration (e.g., IP address assignments), and setting up the Sun ZFS Storage 7320 (the initial configuration of the storage appliance in your Oracle Exalogic machine is completed at the time of manufacturing), you’re ready to install Oracle Identity Management on the Oracle middleware stack (Oracle Linux 5.5 is preinstalled on each of the compute nodes in your Oracle Exalogic machine).
  8. 8. Oracle Identity Management Leveraging Oracle Engineered Systems 6 Figure 2: Oracle Identity Management on Oracle Exalogic 250 Million User Benchmark The goal of the 250 million-user benchmark is to demonstrate the ability of a selection of Oracle Identity Management components to support extreme loads when deployed on Oracle Exalogic and Oracle Exadata. The Oracle Identity Management components involved in this benchmark are Oracle Access Manager (OAM), a web single sign-on (SSO) solution, and Oracle Adaptive Access Manager (OAAM), a strong, multifactor authentication and fraud detection platform, together with Oracle Internet Directory (OID), one of the LDAP directory servers offered by Oracle with the Oracle Directory Services platform, used in this case to seed test user data. The 250 million-user benchmark (1) shows the ability of the environment to support up to 250 million users (based on specific use cases described in the 250 Million-User Benchmark technical white paper), (2) demonstrates the scalability of OAM and OAAM on Oracle Exalogic and Oracle Exadata, and (3) identifies optimal settings for each tier (operating system, middleware, and database) as well as optimal settings for each Cloud Application Foundation component (Java Virtual Machine, web tier, Oracle Traffic Director (OTD), OAM, OAAM, OID, and the Oracle Database). Figure 3: 250M User Benchmark Configuration The Oracle Exalogic / Oracle Exadata platforms used for this benchmark include an Oracle Exalogic machine (X3-2 Quarter Rack) and an Oracle Exadata machine (X3-2 Quarter Rack). The Oracle Exalogic machine comes with 8 compute nodes (Intel Xeon CPU E5-2690; 2x8 cores at 2.90 GHz (or
  9. 9. Oracle Identity Management Leveraging Oracle Engineered Systems 7 a total of 128 compute cores), 256GB of RAM, one ZFS Storage 7320 clustered configuration, and the high-speed InfiniBand internal network. The Oracle Exadata machine comes with 2 compute nodes (Intel Xeon CPU E5-2690; 2x8 cores at 2.90 GHz), and three Oracle Exadata storage servers X3-2 with 36 CPU cores for SQL processing. The benchmark topology is as follows: The OAM and OAAM servers are installed on Oracle Exalogic nodes. The OAM and OAAM database servers are installed on Oracle Exadata. OID is installed on Oracle Exalogic nodes, and OID’s database is installed on Oracle Exadata. The web tier including Oracle HTTP Server (OHS) with OAM’s WebGates (web filters communicating with the OAM server in the application tier, as shown in Figure 1), and Oracle Traffic Director are on Oracle Exalogic nodes. The Load Runner Controller used for the benchmark is installed on an external Microsoft Windows machine, and load generators are installed on miscellaneous external machines. The benchmark results are indicative of how much performance is gained by running Oracle Identity Management on Oracle Exalogic / Oracle Exadata. OAM shows extreme performance, linear scale up and scale out. OAM can support 7.7 million, 12.5 million, and 16.4 million logins per hour with one, two, and three Oracle Exalogic nodes respectively. OAAM can support up to 12 million transactions per hour with one Oracle Exalogic node, and 2 Oracle Exalogic nodes can support up to 20 million transactions per hour. Customer Case Studies Following are two examples of customers that have deployed (or are in the process of deploying) Oracle Identity Management on Oracle Exalogic / Oracle Exadata machines. Turkey’s Ministry of Education Turkey has over 25 million children in K-12 public schools. FATIH, a project commissioned by the Turkish Ministry of Education, is designed to advance the use of modern technology to support teaching in over 42,000 schools (570,000 classes) throughout Turkey. Technology includes smart boards, tablets for teachers, rich content, and a central governance structure. Oracle has been chosen by the Turkish Ministry of Education to provide a solution to identity-related challenges. Every year more than 2 million students enter the K-12 population, and 2 million students graduate from the system annually. More than 20 million students go on to the next grade, 2 million of them move from primary to secondary, and 2 million from secondary to high school thus creating substantial provisioning challenges. Since most end-users are children, the user experience must be very simple
  10. 10. Oracle Identity Management Leveraging Oracle Engineered Systems 8 (authentication, single sign-on, and credentials management). For a project of this scale (25 million students), performance and scalability are key factors. Performance requirements are based on specific use cases. Peaks are expected to happen with a high ratio of the total user population authenticating and starting single sign-on sessions in very short-time periods. Similarly, provisioning happens in bulk with almost all the user population seeing annual “organizational changes” over a few weeks. This includes 10% of the total user population off- boarding and new users on-boarding within the same time frame. Scalability is important because there are many potential usage scenarios that will follow, such as parents accessing the resources after school hours. The FATIH project uses Oracle Access Manager (OAM) for web applications authentication and single sign-on, and Oracle Identity Manager (OIM) for provisioning and user life cycle management. User identities are persisted in Oracle Unified Directory (OUD). Performance and scalability challenges are addressed by running the identity management components on Oracle Exalogic (Oracle performed a preliminary proof of concept on an Oracle Exalogic system which earned the customer’s unequivocal endorsement). Oracle’s engineered systems are hosted at the Turkish Telekom Datacenter in Ankara. This includes Oracle Exalogic and Oracle Exadata, in addition to Oracle Exalytics and Oracle Big Data Appliance, together with a set of machines dedicated to disaster recovery. Running all of the identity management components on Oracle’s engineered systems has made it possible to have natural load switching: OAM and OUD are loaded mainly during school time, whereas OIM is loaded during the summer when OAM/OUD loads are minimal. So, even if all components run on all nodes, the load is naturally balanced since the OAM-OUD and OIM peak times are different. The most important performance impact can be observed on connections, for example directory replication sees zero network friction. The time required to upload directory data from scratch (25 million records in 50 minutes) is almost the same as the time it takes to replicate the whole directory over to a new directory replica. Western US State This western United States state with a potential number of 3M+ users runs its business on Oracle’s engineered systems. Adding Oracle Identity Management components to the existing stack was a natural thing to do. Oracle’s engineered systems are hosted on Oracle On Demand (Oracle On Demand recommends the use of Oracle’s engineered systems). As a result, no customer maintenance staff is necessary, all Oracle’s engineered systems’ maintenance is provided by Oracle itself.
  11. 11. Oracle Identity Management Leveraging Oracle Engineered Systems 9 The customer uses Oracle Access Manager and Oracle Adaptive Access Manager for access control, web single sign-on, strong authentication, and fraud detection, and Oracle Identity Manager for user life cycle management. In addition to Oracle Identity Management components, the customer also uses Oracle PeopleSoft, Enterprise Resource Planning (ERP) applications, and custom applications, all running on Oracle’s engineered systems. In this case, the customer uses Oracle Identity Management to support its Health Information Exchange (HIE). Oracle Consulting Services (OCS) supported the implementation of the identity management components. Oracle Identity Management is a solution well suited to support the customer’s requirements in terms of a very large number of roles and integrated eligibility (e.g., the legal ability to review others’ medical information). Conclusion Oracle engineered systems are optimized to achieve enterprise performance levels that are unmatched in the industry. Whether it’s consolidating business applications on Oracle Exalogic Elastic Cloud and database workloads on Oracle Exadata Database Machine, or consolidating workloads from several machines onto a single system, engineered systems that work faster and that are less expensive just make good sense. Oracle Identity Management is one example of how Oracle Exalogic and Oracle Exadata can help support up to 250 million users and show tremendous improvement over traditional deployments.
  12. 12. Complete and Scalable Access Management August 2013 Author: Marc Chanliau Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark licensed through X/Open Company, Ltd.