More Related Content Similar to How oracle-uses-idm-chirag-v2 Similar to How oracle-uses-idm-chirag-v2 (20) How oracle-uses-idm-chirag-v21. How Oracle Uses
Identity Management
Chirag Andani
Director,Identity Management Services
1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
2. Oracle Identity and Access Management
Project:
Why Did We Do It?
• Security
• Establish Single Sign On
• Zero downtime period
26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
3. Scope of Identity Management Requirements
• Internal applications deployed included
• 1000+ partner applications
• SSO, Email, Beehive, Files (Content), Portals, eBiz, SSA,
WebCenter
• External applications deployed included
• www.oracle.com, OTN, Oracle Partner Network, Oracle Forums,
eBiz, My Oracle Support (MOS)/Sun Support
27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
4. Oracle Access Manager 11g
What We Set Out to Do
• Replace Oracle
Single Sign-On 10g ( $
(OSSO) and
$6$ = (
converge Oracle ))
Access Manager 10g
-$ $ 5. $(
(OAM) and Sun Open ==
( ))
Single Sign-On 6. $( =
(OSO)
28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
7. How We Did It Without Disruption
Architected for zero downtime
29 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
8. Rollout in Phased Approach
• Phase 1 : Pilot User rollout (200 Users)
• Phase 2 : Pilot applications (2 applications)
• Phase 3 : 10% of all production traffic
• Phase 4 : 20% of all production traffic
• Phase 5 : 50% of all production traffic
• Phase 6 : 100% of all production traffic
30 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
9. With Immediate Rollback if Required
• 35 application-based issues
• Zero downtime
Rollback plan:
– 10g SSO servers available via LBR
– Live traffic to flip to 100% 10g SSO
31 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
10. Measurement of Operational Success
Oracle Access Manager Application Stats
Item Metric
Total Partner Apps 1000
Total Monthly OAM 23.1 M
Operations (External)
Total Monthly OAM 16 M
Operations (Internal)
32 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
11. Oracle Internet Directory
• Create a single identity store
• Reduce cost
• Eliminate data discrepancies
33 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
12. Oracle Internet Directory
Configuration Topology
• Internal Environment
• 2 MMR Replicas, 2 Fan-outs
• Each MMR Replica is 4-node OID and 4-node RAC cluster, two
geographic sites
• OID 11.1.1.1.0, RDBMS 11.2.0.2
• External Environment
• 2 MMR Replicas, cluster configuration, two geographic sites
• OID 11.1.1.1.0, RDBMS 11.2.0.2
34 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
13. Oracle Internet Directory
Global Oracle Identity Management Architecture
35 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
14. How Much Traffic Does Our OID Handle?
• 54 Million LDAP ops/day on single replica
• 5 Billion operations/month
• Expanded LDAP footprint
• Internal – 2.5 Million entries
• External – 14.5 Million users
• Groups – 250K+ static groups, up to 1M members/group, 600+
dynamic groups
36 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
15. What’s Next: Oracle Identity Manager 11g
• Consolidate internal user and access provisioning
• Expand scalability
• Reduce provisioning cost and lead times
37 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
16. Oracle Identity Manager 11g
Oracle Identity Manager Architecture
38 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
18. Oracle Fusion Middleware 11g
application infrastructure foundation
Complete – Integrated
Hot-pluggable – Best-of-breed
40 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.