Successfully reported this slideshow.

Con9573 managing the oim platform with oracle enterprise manager

1,530 views

Published on

Perren Walker (Oracle), Ravi Meda (Qualcomm) & Nadine Siddell (Qualcomm) presentation at OOW2013

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Con9573 managing the oim platform with oracle enterprise manager

  1. 1. 1 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  2. 2. CON9573 Managing the Oracle Identity Management Platform with Oracle Enterprise Manager Ravi Meda, Qualcomm, Inc. Nadine Siddell, Qualcomm, Inc. Perren Walker, Oracle
  3. 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle‟s products remains at the sole discretion of Oracle. 3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  4. 4. Program Agenda  Enterprise Manager 12c Platform Management – Benefits of Platform Management Approach – Implementing Enterprise Manager 12c  Qualcomm: Situation, Challenges, Solutions, Results  Management Use-Case  Demonstration 4 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  5. 5. 65% 15% Run the Business 5 20% Grow the Business Transform the Business Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  6. 6. User Provisioning POINT SOLUTIONS are and Change Management Access Control Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Help Desk Tickets Off Boarding SSO Availability Service Level Agreements End User Experience Compliance Validation Certification Review 6 Access Request Scalability On-boarding
  7. 7. Total Cloud Control Integrated Cloud Stack Management Complete Cloud Lifecycle Management Self-Service IT 7 | Simple and Automated Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Business-Driven Application Management | Business Driven
  8. 8. Consolidate Management With a Single Pane of Glass: Enterprise Manager 12c • Manage IdM and enterprise applications from a single pane of glass: • Metric Thresholding and Alerting • Service Level Management • Configuration Management • Security & Best Practice Health Checks • Identify and resolve IdM problems across the stack • Improved Compliance through role based access. 8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  9. 9. Benefits of the EM12c Platform 9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  10. 10. A Complete and Integrated Platform Approach for IdM Services and Management • Access Management Identity Access Management • 3x/5x Performance Gain • Shopping Cart UI Optimized on T5 hardware • Easy Customization Management • 200+ million users on • Directory Services • Single Management Dashboard • Manage IdM application, host, & Oracle Hardware • Understand Runtime Relationships with Topology Views 10 • Risk Based Access • Oracle Privileged Account • User Provisioning & Identity Governance Copyright © 2013, Oracle and/or its affiliates. All rights reserved. • Social Identity Log-in Exalogic • Compliance Rules & Compliance Dashboard • Configuration Change Tracking • Role-based access & auditing • 500k+ targets managed in Oracle Public Cloud on Exalogic • Highly availability and Disaster Recovery Configurations • Real User Experience Insight • Service Level Management Dashboarding and Reporting
  11. 11. BUSINESS DRIVEN MANAGEMENT WITH EM12C Are my customers happy? How is the order intake doing? Is it an application problem or SSO? What is the root cause of the problem? MW & DB Diagnostics Seperate Application and Access Problems User Experience Mgmt 11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  12. 12. BUSINESS REPORTS DASHBOARDS •Restricted access policy possible • Overview of key reports like Geo location, User Flow completion and KPI results • “Drag and drop” • Can be stored as „templates‟ 12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  13. 13. Unified IdM Dashboard Health Status at a Glance  Assess Health Across IdM Components – Unified dashboard of status, alerts and incidents – Quickly drill down and perform deep target management and diagnostics  Top Utilization by Resource  IdM System Management  Service Level Management 13 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  14. 14. Service Level Management Manage IT from a business perspective • Model services and underlying systems • Monitor availability, performance and service level compliance of critical services • Define SLA compliance as flexible set of objectives on top of a variety of metric indicators • Proactively monitor end-user experience from remote locations via service tests 14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  15. 15. Compare IdM Configurations Understand differences across environments quickly • Track IdM configuration changes for diagnostic and regulatory purposes • Compare latest configurations (e.g. stage vs production) • Compare latest Identity and Access configuration with previously saved configuration 15 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  16. 16. Enforce Compliance and Security Configurations Ensure compliance to best practices, industry standards • IdM Specific Compliance Rules • Rules: checks/tests performed against specific target types • Standards: collection of rules associated to multiple targets • Frameworks: conceptual „folders‟ map standards to real-world structure of compliance frameworks (PCI, COBIT, HIPAA, CIS, etc.) 16 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  17. 17. Support Workbench & My Oracle Support Stream-line interaction with Oracle Support for IAM issues •When critical errors occur in IAM you can collect diagnostic data and send it to Oracle Support •Greatly reduces resolution time for external bugs related to IAM Server 17 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  18. 18. Oracle Identity Management Provisioning & Identity Administration Access Management Directory Services Oracle Internet Directory -Mobile and Social Oracle Identity Manager Oracle Access Manager Oracle Virtual Directory -Oracle Identity Federation Oracle Directory Server Enterprise Edition Oracle Adaptive Access Manager Oracle Enterprise Single Sign-On Oracle Unified Directory Oracle Web Services Manager Oracle OpenSSO Secure Token Service Manageability Management Pack Plus for Identity Management 18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. • Automated Discovery of Identity Management Components • Performance and Availability Monitoring • Service Level Management • Configuration Management
  19. 19. Implementing EM12c 19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  20. 20. EM12c Implementation Roadmap Sizing, Gro wth & Architecture 20 Hardware Procurement Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Implementation & Testing EM12c in Production
  21. 21. Target Sizing Architecture Number & Growth rate of: 1. High Availability & Load Balancing • Application Targets • Middleware Targets • Database Targets 2. High Availability + Disaster Recovery Enterprise Manager 12c Implementation Blueprint 21 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  22. 22. EM12c Sample Architecture and Sizing EM 12c Target Sizing Agent Count < 100 >= 100, < 1000 >= 1000 EM12c Size Small Medium Large Size Small Medium OMS Cores Machine per Count* OMS 1 2 2 4 2 8 4 4 Large Large 22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Target Count < 1000 >= 1000, < 10,000 >= 10,000 Memory Memory Database Cores per per per OMS Machine Database Database (GB) Count* Machine Machine 6 1 2 6(GB) 8 2 (Oracle 4 8(GB) RAC) 16 2 (Oracle 8 16(GB) RAC) 8 2 (Oracle 8 16(GB) RAC)
  23. 23. 12c Role Based Access, Key Store with Auditing Improve operations and compliance through rolebased access:  Passwords are stored in EM Users Privileges Jobs, DPs, MEs, Preferred Credentials Refer to the EM12c key store, not exposed to administrators IAM, System, NOC and Database administrators get their own logical view restricted to their targets.  User and job auditing. 23 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. EM User1 EM User2 Centralized Credential Store
  24. 24. Qualcomm & Enterprise Manager 12c 24 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  25. 25. Qualcomm Background COMPANY OVERVIEW • Qualcomm designs, manufactures, and markets digital wireless telecommunications products and services based on its CDMA and other technologies • Industry: High Tech Segment: Semiconductors • Employees: 26,000 • Revenue: $19.12 billion in FY12 CHALLENGES/OPPORTUNITIES Provide high IAM & Database SLA levels, monitor and report on them. NOC operators have restricted delegated privileges to act on alerts and not immediately contact the IAM or Database target administrator as the first response to an incident. Quickly move from SLA violations to diagnostics and root cause analysis. SOLUTIONS Replacing home grown solution OIM for company wide user provisioning and de-provisioning with iPlanet LDAP, AD & Exchange. Weblogic, Demantra, EBS, SOA Suite, and Agile •Database 1500+ targets •Application •Middleware 25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. CUSTOMER PERSPECTIVE Oracle Enterprise Manager allows us to delegate varying levels of operational privileges among 24x7 NOC administrators, Identity and Access administers and database administrators. This streamlines operations and internal compliance in response to management incidents on a global 24x7 basis. RESULTS • Manage OIM, Applications and Database with a highly available and DR configured Enterprise Manager. • Improve compliance by giving appropriate management permissions for all internal stakeholders • Proactive Monitoring & faster time to resolution through the empowerment of NOC operators.
  26. 26. Qualcomm Streamlines Operations and Management Situation  Leader in designing, manufacturing, and marketing digital wireless telecommunications products and services based on its CDMA and other technologies  Provide company-wide user provisioning/deprovisioning with high service levels, service level monitoring and reporting.  Expose management services to Network Operations Center, Database and IAM administrators. 26 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  27. 27. Qualcomm Streamlines Operations and Management Challenges Identity and Access Management: Proactively monitor OIM for SLA performance and outages. Provide health dash boarding in Qualcomm‟s 24x7 NOC and take action based with restricted start/stop role-based access. IT Governance & compliance and change management. Best Practice Configuration validation & change management. From a management perspective: Provide multiple management views for DBAs, NOC operators, Identity and Access, Application and Middleware Administrators with role based access and auditing. Enhanced diagnostics with by SLA alerts, root cause analysis and SLA reporting. Need for scalable, highly available, and multi-site disaster recovery management for packaged applications, middleware, Identity Management and database. 27 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  28. 28. Qualcomm Streamlines Operations and Management Solutions  Enterprise Manager 12c R3 in a highly available and disaster recovery configuration.  Identity and Access Management Oracle Identity Manager 11g.  Oracle Database 11g  Internal customers include Oracle Applications and Databases. 28 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. SERVICE ORIENTED ARCITECTURE
  29. 29. Steps for Creating EM12c Roles and Groups 1 Create privilege-propagating dynamic group (FMWHOSTS) where membership criteria is: targets on. myhost.qualcomm.com 2 Create privilege-propagating dynamic group (DBHOSTS) where membership criteria is: targets on myhost.qualcomm.com 3 Create role Qualcomm_FMW. Grant this role: Full privilege on FMWHOSTS, View on DBHOSTS 4 Create role Qualcomm_DB. Grant this role: Group Administration, Full privilege on DBHOSTS, View on FMWHOSTS 5 Grant role Qualcomm_FMW to the EM users who are part of the Qualcomm FMW team. 6 Grant role Qualcomm_DB to the EM users who are part of the Qualcomm DB team. Configuring EM12c  The following six steps were used by Qualcomm to configure Enterprise Manager 12c in order to give Identity and Access management permissions to IAM administrators while restricting other targets such as database.  IAM administers and DB administrators have role separation with their targets, however, they are using a single EM infrastructure providing common management services in high availability and disaster recovery configuration. 29 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  30. 30. Qualcomm Streamlines Operations and Management Results  Single day EM12c role configuration, agent deployment, & target discovery.  Improved compliance through streamlined operations allowing NOC,IAM and DB administers role based permission views with the same target.  Faster incident response and resolution through role delegation and operational collaboration. 30 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  31. 31. Qualcomm Streamlines Operations and Management “Oracle Enterprise Manager allows us to improve compliance by delegating varying levels of operational privilege among 24x7 NOC administrators, Identity and Access administrators and Database administrators. This streamlines operations in response to incidents on a global 24x7 basis.” Nadine Siddell Qualcomm 31 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  32. 32. Demonstration 32 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  33. 33. Credits Special Thanks to: – Babu Rallapalli, Consulting Solutions Architect Architect Team 33 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  34. 34. Graphic Section Divider 34 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  35. 35. 35 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  36. 36. 36 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  37. 37. GOVERNANCE COMMON REPOSITORY DATABASES DIRECTORY SERVICES ACCESS REQUEST ACCESS CERTIFICATION APPS SINGLE USER VIEW APPLICATIONS ENTITLEMENT CATALOG OPERATING SYSTEMS COMPLETE GOVERNANCE COMPLETE MANAGEMENT 37 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. PRIVILEGED ACCOUNT MANAGEMENT

×