Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
OpenWorld 2015 Simplify deployment and Monitoring of Identity and Access Management System
Shrenik Jain: Senior Manager, Product Management, Oracle Manish Gulati: Master Principal Sales Consultant, Oracle Perren Walker: Senior Product Strategy Manager, Oracle Oracle Identity and Access Management October 26, 2015
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
Business Driver
Initial Deployment
Ongoing IT Operations
Management by Exception
1
2
3
3
4
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
Business Driver
Initial Deployment
Ongoing IT Operations
Management by Exception
1
2
3
4
4
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Customer’s Needs Today
• Simplified install/upgrade/patching experience
• Operational automation and configuration management
• Simplified management of the entire deployment
• Critical need to reduce direct and indirect operational cost and maintenance
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Spent on innovation
6
25% 75% Spent on maintenance, integration, and routine tasks
Unfortunately For Most Organizations…
Source: “Debunking Two Myths About Tech Budgets,” Forrester Research, 2014.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 7
Initial Deployment
Ongoing IT Operations
Exception Management
Life-Cycle
Receive Exception From Ongoing Operations
Return from Exception Management
Deployment lifecycle of IDM Products
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle IDM Key Investment Themes
8
Automated tool for initial deployment
Automated tool for ongoing upgrade, Patching and healthcheck
Proactive Monitoring and Management with Enterprise Manager
Simplicity Usability Manageability Outcome
- Reduce complexity of deployment -Automate as many manual steps as possible. - Simplify automated tools for installs, upgrade and patching
For Provisioning, Patching and Upgrade - Support for Production ready topologies on multiple hosts. - Drastic reduction in deployment time
For Provisioning, Patching and Upgrade - Pre and post install health checks - Flexible deployment
- Runtime monitoring and diagnosibility
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 9
Initial Deployment
Ongoing IT Operations
Exception Management
Life-Cycle
Receive Exception From Ongoing Operations
Return from Exception Management
Recommendation for managing IDM deployments
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
Business Driver
Initial Deployment
Ongoing IT Operations
Management by Exception
1
2
3
10
4
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Initial Deployment Lifecycle
11
Hardware Sizing & Architecture
Production ready HA deployment using IDM Automated LCM
Pre-install Healthcheck of the IDM system
Configuration and of IDM products
Day 0 Patching application
Operational Environment
1
2
3 4
4
5 Post-install Healthcheck of the IDM system
7
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Introducing Automated Lifecycle Management (LCM)
12
Automated lifecycle management is a framework to govern the automated install, upgrade and patching of IDM product suite for standalone (e.g. Identity Manager only) and integrated products (e.g. Identity Manager, Access Manager and Directory together) in a production and a non-production environment with minimal human interaction and drastic reduction in deployment times.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Automated Installer Key Highlights • Install using automated installer boils down to two simple steps
– Planning: A UI based wizard to choose the products
– Deployment: Automated deployment of product on multiple machines
• All steps post DB install, are fully automated – Database Schema, WebLogic, SOA Suite, IAM creation and domain configuration. Customer not required to know these technologies.
• Integrated with healthcheck. Saves weeks of efforts for customer to figure out the appropriate system
• Support for “Production Ready ” High Availability enabled topologies on multiple machine
– OIM (with BIP)
– OAM (with OMSS) with existing OUD/OID/AD
– OIM (with BIP)+OAM(with OMSS) with existing OUD/OID/AD
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Efficiency attained with Automated LCM in R2PS3
– Deployment time reduced from Weeks to Hours for single and integrated products
– 97% + reduction in manual steps
– Automatic invocation of Health Checks during installs and upgrades
– All steps for installing IAM Platform after DB install Fully Automated
Install
Upgrade
Patch
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Automated LCM – Installer
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
Business Driver
Initial Deployment
Ongoing IT Operations
Management by Exception
1
2
3
16
4
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Ongoing IT Operations Lifecycle
17
Ongoing healthcheck of IDM deployments
Application and validation patches using Automated LCM Patching
Upgrade of IDM products using Automated LCM Upgrade
1
2
3
4
5
6
8
EM13c Always on Monitoring and Diagnostics.
EM13c Ongoing Configuration Gold Standard Drift Notification
EM13c Ongoing IT Compliance evaluation (STIG, HIPA, PCI, etc).
Ongoing Reporting to Lines of Business
Ongoing IT Operations Life-Cycle
Receive Exception From Ongoing Operations
Return from Exception Management
1. Horizontal Management At Scale 2. Operational Automation At Scale 3. Management of Dev, Test, UAT and Production
Exception Management
Life-Cycle
7 User experience monitoring
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Automated upgrade boils down to three simple steps :
– Pre validations: This performs validations before upgrade
– Upgrades: This performs binary +configuration upgrades
– Post validations: This performs validations after upgrade
• Automated upgrades perform a Full Stack Upgrade on multiple machines. Includes: WebLogic, SOA and the supporting components upgrade as well.
• Automated upgrade supports EDG (multi-node) deployment upgrade from R2PS2 (11.1.2.2.0) to R2PS3(11.1.2.3.0)
Automated LCM Upgrades Overview
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Automated patching has primarily two simple steps
– Patch plan creation: Overview of the complete plan based on which patching will be executed.
– Execute Patcher: Execution of patching
• Automated patching performs a Full Stack Patching.
• Automated patching does the conflict resolution and post patch validations
• Automated patching happens with parallel sessions for reduced patch apply time.
• EMCC can invoke automated patching, to perform GUI-driven patch sourcing (via MOS integration) and application.
Automated LCM Patching Overview
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Introducing SINGLE healthcheck tool for monitoring IAM
• A single solution which will enable IAM customers to take preventive actions on a proactive basis
• Runtime monitoring of OIM, OAM and OUD on a 11gR2PS2 and 11gR2PS3 environments
• The tool will not make any changes/updates to the target environment and so can be executed to monitor the production systems
• Based on ORAchk framework (well know for Database!)
• The overall solution has mainly three components
– Discovery of the customer’s configuration through EM FMW control using IDM discovery tool
– Execution of ORAchk for IAM on multiple nodes in parallel
– Collection of the results into a single HTML report/Collection manager
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Integrated with ORAchk framework
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Pre-install and Post-install checks
– System hardware resources and configuration (e.g. RAM, CPU)
– Software configuration (e.g. OS packages missing)
– URL validations
– Product configurations
• OIM checks
– Provisioning, Notification and Certification
– Reconciliation
– Access request and Catalog
– Workflow engine
– Scheduler
– SSO Integration
– Auditing and Identity Analytics
– OIM-OAM Integration
– Database checks
• OAM checks
– Authentication
– Authorization
– Federation
– Webgates
– Database checks
• OUD checks
– OUD replication
– OUD performance - Index health
Checks categorization for the healthcheck tool
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Interaction phases of health check tool
Orachk execution on all machines and results
consolidation
1 Download IDM health tool from support.oracle.com
Execution of ORAchk based checks on multiple machines
2 2.1 Auto discovery of IDM Environment
Final report
IAM ORAchk execution kick off
3
2.2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Benefits of Single health-check tool
• No installation required
• Less than 35 Mb downloadable size
• Automatic execution of checks on all machines
• Auto consolidation of results from multi nodes
• New checks released every three months
• Can be executed on command line and will be integrated with Enterprise Manager 13.1.x release as well
24
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
IAM Healthcheck
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
From a Basel II regulatory perspective:
• Basel II operational risk includes fraud, security, privacy protection, legal risks, physical (e.g. infrastructure shutdown) or environmental risks.
– How can this is the Operational Risk be mitigated in relationship to directory?
• Manage Compliance Exceptions though an Enterprise Dashboard
• Out-of-the-Box and user-defined compliance libraries:
– Real-time change detection templates: Out-of-the-box and customizable.
– Frameworks: conceptual ‘folders’ map standards to real-world structure of compliance frameworks (STIG, PCI, COBIT, HIPAA, CIS, etc.)
26
Management Pack Plus for Identity Management Compliance & Operational Risk
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Development, Test, UAT, Production Horizontal Management at Scale
27
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 28
•Search for and download one-off patches, critical patch updates & patch set updates from MOS
•Receive patch recommendations
•Automate applying patches to all servers across multiple domains via Patch Plan
•Eliminate downtime by applying patches in rolling mode (parallel mode also supported)
•Rollback already applied patches in cases where new problems occur
Management Pack Plus for Identity Management Apply Patches to OAM, OIM and OUD
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 29
Management Pack Plus for Identity Management Configuration Management
• Track configuration drift from a gold standard
• Support versioning and comparisons of configuration parameters
• Ensures configuration settings among components are consistent
• Notification on configuration changes
• Comparison of production and test environments possible in case event problems are not reproducible
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Line of Business For Example: DCTS
CIO
XML
Reporting Portals For Example: OAM
XML Application Groups For Example: EITO
HTML
Different Templates For different Output Formats
XSL
BI Publisher
Email Service Level Availability reports over a variety of historical time periods to multiple stakeholders.
Oracle TD Bank Confidential
Management Pack Plus for Identity Management Reporting Benefits
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
Business Driver
Initial Deployment
Ongoing IT Operations
Management by Exception
1
2
3
31
4
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Solving the Dual Lifecycle Management Challenge
32
Generate Exception From Ongoing
Operations
Return from Exception
Management
Problem Remediation
Exception Management
Life-Cycle
1
2
3 4
5 6 EM Incident
Management federated into 3rd Party Help Desk
Validation of Configuration Changes, applied patches, & Healthchecks
Dashboard Triage
Always on Cross Tier Java, Middleware, Database Diagnostics
Test Validation
1. Horizontal Management At Scale 2. Operational Automation At Scale 3. Management of Dev, Test, UAT and Production
1. Fast Problem Triage Through Dash-boarding 2. Always on Full Stack Diagnostics 3. Proactively or Reactively Exception Remediating
Ongoing healthcheck of IDM deployments
Application and validation of patches using Automated LCM Patching
1
2
3 4
5
6
7
Always on Monitoring and Diagnostics.
Ongoing Configuration Gold Standard Drift Notification
Ongoing IT Compliance evaluation (STIG, HIPA, PCI, etc).
Ongoing Reporting to Lines of Business
Ongoing IT Operations Life-Cycle
Validation of patch consistency across cluster members
User Experience Monitoring
8
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Proactive Management By Exception Use Case: Full Stack Problem Analysis Flow Operations and Diagnostics
My Oracle Support Remediation Notes & Patches
Remediate Problem & Validate Resolution Through Testing
Correlate User Experience with Infrastructure Health
Deep Target Operational Management
Review Configuration Changes & Standards
Understand & Monitor End User Business Process Experience
1
2
Receive Exceptions
and Understand their Impact
3
5
Always on Full Stack Database and Middlware Diagnostics
6 7 4
8
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Customizable Business and Operational Dashboards
Complete Service visibility :
• View Availability, Performance, and Security incidents for all components: Host, SSO, Database, Network, ect.
• Business Metrics
• Infrastructure Metrics
• Monitor and Threshold Service Levels of Dependent Services
Directory, Database, Network Services
• Drill down into Incidents, Problem Analysis, Log viewing on a component basis for remediation.
Oracle Customer Confidential 34
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 35
• Improve operations and compliance through role-based access:
• Passwords are stored in the EM12c key store, not exposed to administrators
• IAM, System, NOC and Database administrators get their own logical view restricted to their targets. • User and job auditing.
12c Role Based Access, Key Store with Auditing
Centralized Credential Store
EM User1
EM User2
EM Users
Privileges
Jobs, DPs, MEs, Preferred Credentials
Refer to
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 36
The Value of Consolidated Management
S E C U R I T Y
S E C U R I T Y
S E C U R I T Y
S E C U R I T Y
S E C U R I T Y
S E C U R I T Y
S E C U R I T Y
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Total Cloud Control
Optimized, Efficient | |
Integrated Cloud Stack Management
Agile, Automated
Complete Cloud Lifecycle Management
Scalable, Secure
Superior Enterprise-Grade Management
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Next Release Builds on a Solid Foundation
Optimized, Efficient | |
Integrated Cloud Stack Management
Agile, Automated
Complete Cloud Lifecycle Management
Scalable, Secure
Superior Enterprise-Grade Management
NEW: Continuous Monitoring
NEW: Infrastructure Management
NEW: Improved
Hybrid Cloud Management
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 39
Changing the 25% Innovation vs. 75% Maintenance Paradigm
Proactive IAM System Monitoring
Improved Compliance & Security
Automation, Consistency & Simplification
Maintenance costs
Downtime costs Operational & Business Risk
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Enterprise Deployment
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Session Surveys
Help us help you!! • The [Program Committee J1] [organizing committee OW] would like to
invite you to take a moment to give us your session feedback. Your feedback will help us to improve your conference.
• Please be sure to add your feedback for your attended sessions by using the Mobile Survey or in Schedule Builder.
42
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 43
Classroom Training
Learning Subscription
Live Virtual Class
Training On Demand
Keep Learning with Oracle University
education.oracle.com
Cloud
Technology
Applications
Industries
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Automated LCM customers