How to Use the PowerPoint Template · Introducing Automated Lifecycle Management (LCM) 12 Automated lifecycle management is a framework to govern the automated install, upgrade and

OpenWorld 2015 Simplify deployment and Monitoring of Identity and Access Management System

Shrenik Jain: Senior Manager, Product Management, Oracle Manish Gulati: Master Principal Sales Consultant, Oracle Perren Walker: Senior Product Strategy Manager, Oracle Oracle Identity and Access Management October 26, 2015

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |


Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

2


Program Agenda

Business Driver

Initial Deployment

Ongoing IT Operations

Management by Exception

1

2

3

3

4


Program Agenda

Business Driver

Initial Deployment



1

2

3

4

4


Customer’s Needs Today

• Simplified install/upgrade/patching experience

• Operational automation and configuration management

• Simplified management of the entire deployment

• Critical need to reduce direct and indirect operational cost and maintenance


Spent on innovation

6

25% 75% Spent on maintenance, integration, and routine tasks

Unfortunately For Most Organizations…

Source: “Debunking Two Myths About Tech Budgets,” Forrester Research, 2014.

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 7

Initial Deployment


Exception Management

Life-Cycle

Receive Exception From Ongoing Operations

Return from Exception Management

Deployment lifecycle of IDM Products


Oracle IDM Key Investment Themes

8

Automated tool for initial deployment

Automated tool for ongoing upgrade, Patching and healthcheck

Proactive Monitoring and Management with Enterprise Manager

Simplicity Usability Manageability Outcome

- Reduce complexity of deployment -Automate as many manual steps as possible. - Simplify automated tools for installs, upgrade and patching

For Provisioning, Patching and Upgrade - Support for Production ready topologies on multiple hosts. - Drastic reduction in deployment time

For Provisioning, Patching and Upgrade - Pre and post install health checks - Flexible deployment

- Runtime monitoring and diagnosibility


Initial Deployment



Life-Cycle



Recommendation for managing IDM deployments


Program Agenda

Business Driver

Initial Deployment



1

2

3

10

4


Initial Deployment Lifecycle

11

Hardware Sizing & Architecture

Production ready HA deployment using IDM Automated LCM

Pre-install Healthcheck of the IDM system

Configuration and of IDM products

Day 0 Patching application

Operational Environment

1

2

3 4

4

5 Post-install Healthcheck of the IDM system

7


Introducing Automated Lifecycle Management (LCM)

12

Automated lifecycle management is a framework to govern the automated install, upgrade and patching of IDM product suite for standalone (e.g. Identity Manager only) and integrated products (e.g. Identity Manager, Access Manager and Directory together) in a production and a non-production environment with minimal human interaction and drastic reduction in deployment times.


Automated Installer Key Highlights • Install using automated installer boils down to two simple steps

– Planning: A UI based wizard to choose the products

– Deployment: Automated deployment of product on multiple machines

• All steps post DB install, are fully automated – Database Schema, WebLogic, SOA Suite, IAM creation and domain configuration. Customer not required to know these technologies.

• Integrated with healthcheck. Saves weeks of efforts for customer to figure out the appropriate system

• Support for “Production Ready ” High Availability enabled topologies on multiple machine

– OIM (with BIP)

– OAM (with OMSS) with existing OUD/OID/AD

– OIM (with BIP)+OAM(with OMSS) with existing OUD/OID/AD


Efficiency attained with Automated LCM in R2PS3

– Deployment time reduced from Weeks to Hours for single and integrated products

– 97% + reduction in manual steps

– Automatic invocation of Health Checks during installs and upgrades

– All steps for installing IAM Platform after DB install Fully Automated

Install

Upgrade

Patch


Automated LCM – Installer


Program Agenda

Business Driver

Initial Deployment



1

2

3

16

4


Ongoing IT Operations Lifecycle

17

Ongoing healthcheck of IDM deployments

Application and validation patches using Automated LCM Patching

Upgrade of IDM products using Automated LCM Upgrade

1

2

3

4

5

6

8

EM13c Always on Monitoring and Diagnostics.

EM13c Ongoing Configuration Gold Standard Drift Notification

EM13c Ongoing IT Compliance evaluation (STIG, HIPA, PCI, etc).

Ongoing Reporting to Lines of Business

Ongoing IT Operations Life-Cycle



1. Horizontal Management At Scale 2. Operational Automation At Scale 3. Management of Dev, Test, UAT and Production


Life-Cycle

7 User experience monitoring


• Automated upgrade boils down to three simple steps :

– Pre validations: This performs validations before upgrade

– Upgrades: This performs binary +configuration upgrades

– Post validations: This performs validations after upgrade

• Automated upgrades perform a Full Stack Upgrade on multiple machines. Includes: WebLogic, SOA and the supporting components upgrade as well.

• Automated upgrade supports EDG (multi-node) deployment upgrade from R2PS2 (11.1.2.2.0) to R2PS3(11.1.2.3.0)

Automated LCM Upgrades Overview


• Automated patching has primarily two simple steps

– Patch plan creation: Overview of the complete plan based on which patching will be executed.

– Execute Patcher: Execution of patching

• Automated patching performs a Full Stack Patching.

• Automated patching does the conflict resolution and post patch validations

• Automated patching happens with parallel sessions for reduced patch apply time.

• EMCC can invoke automated patching, to perform GUI-driven patch sourcing (via MOS integration) and application.

Automated LCM Patching Overview


Introducing SINGLE healthcheck tool for monitoring IAM

• A single solution which will enable IAM customers to take preventive actions on a proactive basis

• Runtime monitoring of OIM, OAM and OUD on a 11gR2PS2 and 11gR2PS3 environments

• The tool will not make any changes/updates to the target environment and so can be executed to monitor the production systems

• Based on ORAchk framework (well know for Database!)

• The overall solution has mainly three components

– Discovery of the customer’s configuration through EM FMW control using IDM discovery tool

– Execution of ORAchk for IAM on multiple nodes in parallel

– Collection of the results into a single HTML report/Collection manager


Integrated with ORAchk framework


• Pre-install and Post-install checks

– System hardware resources and configuration (e.g. RAM, CPU)

– Software configuration (e.g. OS packages missing)

– URL validations

– Product configurations

• OIM checks

– Provisioning, Notification and Certification

– Reconciliation

– Access request and Catalog

– Workflow engine

– Scheduler

– SSO Integration

– Auditing and Identity Analytics

– OIM-OAM Integration

– Database checks

• OAM checks

– Authentication

– Authorization

– Federation

– Webgates

– Database checks

• OUD checks

– OUD replication

– OUD performance - Index health

Checks categorization for the healthcheck tool


Interaction phases of health check tool

Orachk execution on all machines and results

consolidation

1 Download IDM health tool from support.oracle.com

Execution of ORAchk based checks on multiple machines

2 2.1 Auto discovery of IDM Environment

Final report

IAM ORAchk execution kick off

3

2.2


Benefits of Single health-check tool

• No installation required

• Less than 35 Mb downloadable size

• Automatic execution of checks on all machines

• Auto consolidation of results from multi nodes

• New checks released every three months

• Can be executed on command line and will be integrated with Enterprise Manager 13.1.x release as well

24


IAM Healthcheck


From a Basel II regulatory perspective:

• Basel II operational risk includes fraud, security, privacy protection, legal risks, physical (e.g. infrastructure shutdown) or environmental risks.

– How can this is the Operational Risk be mitigated in relationship to directory?

• Manage Compliance Exceptions though an Enterprise Dashboard

• Out-of-the-Box and user-defined compliance libraries:

– Real-time change detection templates: Out-of-the-box and customizable.

– Frameworks: conceptual ‘folders’ map standards to real-world structure of compliance frameworks (STIG, PCI, COBIT, HIPAA, CIS, etc.)

26

Management Pack Plus for Identity Management Compliance & Operational Risk


Development, Test, UAT, Production Horizontal Management at Scale

27


•Search for and download one-off patches, critical patch updates & patch set updates from MOS

•Receive patch recommendations

•Automate applying patches to all servers across multiple domains via Patch Plan

•Eliminate downtime by applying patches in rolling mode (parallel mode also supported)

•Rollback already applied patches in cases where new problems occur

Management Pack Plus for Identity Management Apply Patches to OAM, OIM and OUD


Management Pack Plus for Identity Management Configuration Management

• Track configuration drift from a gold standard

• Support versioning and comparisons of configuration parameters

• Ensures configuration settings among components are consistent

• Notification on configuration changes

• Comparison of production and test environments possible in case event problems are not reproducible


Line of Business For Example: DCTS

CIO

XML

Reporting Portals For Example: OAM

XML Application Groups For Example: EITO

Email

HTML

PDF

Different Templates For different Output Formats

XSL

BI Publisher

Email Service Level Availability reports over a variety of historical time periods to multiple stakeholders.

Oracle TD Bank Confidential

Management Pack Plus for Identity Management Reporting Benefits


Program Agenda

Business Driver

Initial Deployment



1

2

3

31

4


Solving the Dual Lifecycle Management Challenge

32

Generate Exception From Ongoing

Operations

Return from Exception

Management

Problem Remediation


Life-Cycle

1

2

3 4

5 6 EM Incident

Management federated into 3rd Party Help Desk

Validation of Configuration Changes, applied patches, & Healthchecks

Dashboard Triage

Always on Cross Tier Java, Middleware, Database Diagnostics

Test Validation

1. Horizontal Management At Scale 2. Operational Automation At Scale 3. Management of Dev, Test, UAT and Production

1. Fast Problem Triage Through Dash-boarding 2. Always on Full Stack Diagnostics 3. Proactively or Reactively Exception Remediating

Ongoing healthcheck of IDM deployments

Application and validation of patches using Automated LCM Patching

1

2

3 4

5

6

7

Always on Monitoring and Diagnostics.

Ongoing Configuration Gold Standard Drift Notification

Ongoing IT Compliance evaluation (STIG, HIPA, PCI, etc).

Ongoing Reporting to Lines of Business

Ongoing IT Operations Life-Cycle

Validation of patch consistency across cluster members

User Experience Monitoring

8


Proactive Management By Exception Use Case: Full Stack Problem Analysis Flow Operations and Diagnostics

My Oracle Support Remediation Notes & Patches

Remediate Problem & Validate Resolution Through Testing

Correlate User Experience with Infrastructure Health

Deep Target Operational Management

Review Configuration Changes & Standards

Understand & Monitor End User Business Process Experience

1

2

Receive Exceptions

and Understand their Impact

3

5

Always on Full Stack Database and Middlware Diagnostics

6 7 4

8


Customizable Business and Operational Dashboards

Complete Service visibility :

• View Availability, Performance, and Security incidents for all components: Host, SSO, Database, Network, ect.

• Business Metrics

• Infrastructure Metrics

• Monitor and Threshold Service Levels of Dependent Services

Directory, Database, Network Services

• Drill down into Incidents, Problem Analysis, Log viewing on a component basis for remediation.

Oracle Customer Confidential 34


• Improve operations and compliance through role-based access:

• Passwords are stored in the EM12c key store, not exposed to administrators

• IAM, System, NOC and Database administrators get their own logical view restricted to their targets. • User and job auditing.

12c Role Based Access, Key Store with Auditing

Centralized Credential Store

EM User1

EM User2

EM Users

Privileges

Jobs, DPs, MEs, Preferred Credentials

Refer to


The Value of Consolidated Management

S E C U R I T Y

S E C U R I T Y

S E C U R I T Y

S E C U R I T Y

S E C U R I T Y

S E C U R I T Y

S E C U R I T Y


Total Cloud Control

Optimized, Efficient | |

Integrated Cloud Stack Management

Agile, Automated

Complete Cloud Lifecycle Management

Scalable, Secure

Superior Enterprise-Grade Management


Next Release Builds on a Solid Foundation

Optimized, Efficient | |

Integrated Cloud Stack Management

Agile, Automated

Complete Cloud Lifecycle Management

Scalable, Secure

Superior Enterprise-Grade Management

NEW: Continuous Monitoring

NEW: Infrastructure Management

NEW: Improved

Hybrid Cloud Management


Changing the 25% Innovation vs. 75% Maintenance Paradigm

Proactive IAM System Monitoring

Improved Compliance & Security

Automation, Consistency & Simplification

Maintenance costs

Downtime costs Operational & Business Risk


Enterprise Deployment


Session Surveys

Help us help you!! • The [Program Committee J1] [organizing committee OW] would like to

invite you to take a moment to give us your session feedback. Your feedback will help us to improve your conference.

• Please be sure to add your feedback for your attended sessions by using the Mobile Survey or in Schedule Builder.

42

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 43

Classroom Training

Learning Subscription

Live Virtual Class

Training On Demand

Keep Learning with Oracle University

education.oracle.com

Cloud

Technology

Applications

Industries


Automated LCM customers

Documents

How to Use the PowerPoint Template · Introducing Automated Lifecycle Management (LCM) 12 Automated lifecycle management is a framework to govern the automated install, upgrade and