Upload
others
View
15
Download
0
Embed Size (px)
Citation preview
Oracle® Adaptive Access Manager
SQL Server Maintenance Guide
10g (10.1.4.3.0)
December 2007
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 2
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0)
Copyright © 2007, Oracle. All rights reserved.
The Programs (which include both the software and documentation) contain proprietary information;
they are provided under a license agreement containing restrictions on use and disclosure and are also
protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering,
disassembly, or decompilation of the Programs, except to the extent required to obtain interoperability
with other independently created software or as specified by law, is prohibited.
The information contained in this document is subject to change without notice. If you find any
problems in the documentation, please report them to us in writing. This document is not warranted to
be error-free. Except as may be expressly permitted in your license agreement for these Programs, no
part of these Programs may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose.
If the Programs are delivered to the United States Government or anyone licensing or using the
Programs on behalf of the United States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and
technical data delivered to U.S. Government customers are "commercial computer software" or
"commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-
specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of
the Programs, including documentation and technical data, shall be subject to the licensing restrictions
set forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rights
set forth in FAR 52.227-19, Commercial Computer Software--Restricted Rights (June 1987). Oracle
USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other
inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-
safe, backup, redundancy and other measures to ensure the safe use of such applications if the Programs
are used for such purposes, and we disclaim liability for any damages caused by such use of the
Programs.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be
trademarks of their respective owners.
The Programs may provide links to Web sites and access to content, products, and services from third
parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web
sites. You bear all risks associated with the use of such content. If you choose to purchase any products
or services from a third party, the relationship is directly between you and the third party. Oracle is not
responsible for: (a) the quality of third-party products or services; or (b) fulfilling any of the terms of
the agreement with the third party, including delivery of products or services and warranty obligations
related to purchased products or services. Oracle is not responsible for any loss or damage of any sort
that you may incur from dealing with any third party.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 3
Contents
Preface........................................................................................................................................4
Documentation .......................................................................................................................4
Introduction .................................................................................................................................6
Setup the Oracle Adaptive Access Manager Maintenance Plan ................................................7
Purge and Archive Scripts ........................................................................................................26
cr_purge_tables_sqlserver.sql...........................................................................................26 cr_sp_arch_purge_tracker_data.sql ..................................................................................26 cr_archive_purge_tracker_data.sql ...................................................................................27 cr_sp_arch_purge_rules_log.sql .......................................................................................27 cr_archive_purge_rule_log.sql...........................................................................................27 cr_sp_purge_vcrypt_users.sql...........................................................................................27 cr_archive_purge_vcrypt_users.sql ...................................................................................27
Verification and Validation.........................................................................................................29
Maintenance Frequency and Archive and Purge Period...........................................................30
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 4
Preface The Oracle® Adaptive Access Manager SQL Server Maintenance Guide provides instructions to set up the Oracle Adaptive Access Manager Maintenance Plan to purge and archive scripts in the Oracle Adaptive Access Manager database tables of Microsoft SQL Server 2005. The manual also discusses in detail how to trigger the scripts and provides information on the verification and validation of script results.
Documentation
The Oracle Adaptive Access Manager 10g documentation includes the following:
• The Oracle® Adaptive Access Manager API Integration Guide, which provides
information on natively integrating the client portion of the Adaptive Access Manager
solutions. In an API integration, the client application invokes the Oracle Adaptive
Access Manager APIs directly and manages the authentication and challenge flows.
• The Oracle® Adaptive Access Manager Database Installation Guide (Oracle), which
provides information about installing the Adaptive Access Manager schema into an
Oracle database. Access to the Adaptive Access Manager schema is a requirement of
the Adaptive Access Manager Application Server, which hosts the Adaptive Strong
Authenticator and the Adaptive Risk Manager. Note that the Adaptive Manager
Access Manager schema needs to be installed into the Oracle database before
proceeding to the installation of the proxy.
• The Oracle® Adaptive Access Manager Database Installation Guide for SQL Server
2005, which provides information about installing the Adaptive Access Manager
schema into SQL Server 2005. Access to the Adaptive Access Manager schema is a
requirement of the Adaptive Access Manager Application Server, which hosts the
Adaptive Strong Authenticator and the Adaptive Risk Manager. Note that the Adaptive
Manager Access Manager schema needs to be installed into SQL Server 2005 before
proceeding to the installation of the proxy.
• The Oracle® Adaptive Access Manager Proxy Integration Guide, which provides
programming information and instructions on the installation of the Adaptive Access
Manager proxy, one of the components in the Adaptive Access Manager UIO
deployment. The Oracle Adaptive Access Manager's Universal Installation Option
(UIO) offers multi-factor authentication to Web applications without requiring any
change to the application code. The Oracle® Adaptive Access Manager Proxy and
The Oracle® Adaptive Access Manager Proxy Web Publishing Configuration are
guides specific to the UIO deployment.
• The Oracle® Adaptive Access Manager Proxy Web Publishing Configuration, which
provides information on creating web publishing rules and listeners so that Web
applications and the WebUIO can be accessible from the Internet. The Oracle
Adaptive Access Manager's Universal Installation Option (UIO) offers multi-factor
authentication to Web applications without requiring any change to the application
code. The Oracle® Adaptive Access Manager Proxy and The Oracle® Adaptive
Access Manager Proxy Web Publishing Configuration are guides specific to the UIO
deployment.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 5
• The Oracle® Adaptive Risk Manager Online Installation Guide, which provides
information on the installation of the administration user interface of Oracle Adaptive
Access Manager. Adaptive Risk Manager Online is the administration user interface of
Oracle Adaptive Access Manager, a set of web-based administration tools that
provides sophisticated fraud monitoring, analysis, and tracking by user location,
device, time of day, type of transaction, as well as a host of other factors, and
evaluates these factors against a set of customizable rules.
• The Oracle® Adaptive Access Manager LDAP Configuration Guide, which provides
information on how to configure the Oracle Adaptive Access Manager Application
Server to allow a user to be authenticated via a user identifier and password. The
intended audience of this manual are users of WebLogic and Tomcat who want to use
LDAP to set up users instead of the functionality in WebLogic and Tomcat.
• The Oracle® Adaptive Access Manager Import/Export Manual, which provides
information importing groups, rule templates, and models from the Adaptive Access
Manager schema.
• The Oracle® Adaptive Risk Manager Online Customer Care API Guide, which
provides information about the Adaptive Risk Manager Online Customer Care API and
provides the XML definition for each of the APIs.
• The Oracle® Adaptive Access Manager Database Tables Archiving and Purging
Procedure, which provides information on the purge and archive scripts in the Oracle
Adaptive Access Manager Database Tables of Microsoft SQL Server 2005. The
procedure to trigger the scripts and information on verification and validation of script
results are also provided.
• The Oracle® Adaptive Access Manager SQL Server Maintenance Guide, which
provides instructions to set up The Oracle Adaptive Access Manager Maintenance
Plan to purge and archive scripts in the Oracle Adaptive Access Manager database
tables of Microsoft SQL Server 2005. The manual also discusses in detail how to
trigger the scripts and provides information on the verification and validation of script
results.
• The Oracle® Adaptive Risk Manager™ Administrator's Guide, which provides step-by-
step instructions for creating and managing groups, creating models that contain
rules, and customizing and managing rules.
• The Oracle® Adaptive Risk Manager™ Dashboard and Reporting Guide, which
provides detailed instructions on how to use the dashboard and reporting functionality
within the Oracle® Adaptive Risk Manager Online. The Oracle® Adaptive Risk
Manager Online includes a dashboard that provides a high-level overview of users
and devices that have generated alerts and the alerts themselves, and it contains a
comprehensive collection of reports on users, locations, devices, and security alerts.
• The Oracle® Adaptive Risk Manager™ Customer Care Administration Guide, which
provides information on creating new customer cases and administering them.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 6
Introduction This document provides instructions to set up the Oracle Adaptive Access Manager Maintenance Plan to purge and archive scripts on the Oracle Adaptive Access Manager database tables in Microsoft SQL Server 2005. Also the procedure to trigger the scripts and information on the verification and validation of script results is discussed in detail.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 7
Setup the Oracle Adaptive Access Manager Maintenance Plan To create a maintenance plan by using the wizard
1. Navigate to the Management folder within the SQL Server Management Studio,
right-click the "Maintenance Plans" folder and choose Maintenance Plan
Wizard.
Note that SQL Server Agent service must be running while you're creating a database maintenance plan.
The initial wizard screen allows you to choose the target server and specify the security credentials necessary for connecting to the server.
Next, you can choose the maintenance tasks you wish to perform, as shown in the screen below:
The Microsoft SQL Server Management Studio screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 8
2. Navigate to Maintenance Plan
The Microsoft SQL Server Management Studio screen with Maintenance Plan selected is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 9
3. Create Bharosa_Maintenance Plan
The SQL Server Maintenance Plan Wizard welcome screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 10
The Maintenance Plan Wizard’s Select a Target Server is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 11
4. Choose maintenance tasks.
The screen gives you a brief overview of what you can accomplish with each type of maintenance task. So please select Check Database Integrity, Reorganize Index, Rebuild Index and Update Statistics.
The Maintenance Plan Wizard’s Select Maintenance Tasks screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 12
5. Next you can define the order of execution for the maintenance plan tasks.
Move Check Database Integrity to end of the list.
The Maintenance Plan Wizard’s Select Maintenance Task Order screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 13
6. Select database vcrypt_db_v35 for the Define Reorganize Index Task and click
the Next tab.
The Maintenance Plan Wizard’s Define Reorganize Index Task screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 14
7. Select database vcrypt_db_v35 for Rebuild Index Task. Ensure that the “Keep
index online while reindexing” box is checked.
The Maintenance Plan Wizard’s Define Rebuild Index Task screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 15
The Maintenance Plan Wizard’s Define Rebuild Index Task is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 16
8. Select database vcrypt_db_v35 for Update Statistics option and click Next.
The Maintenance Plan Wizard’s Define Update Statistics Task screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 17
The Maintenance Plan Wizard’s Define Update Statistics Task screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 18
9. Select database vcrypt_db_v35 for Check Database Integrity Task and click
Next.
The Maintenance Plan Wizard’s Define Database Check Integrity Task is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 19
The Maintenance Plan Wizard’s Define Database Check Integrity Task screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 20
The Maintenance Plan Wizard’s Select Plan Properties screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 21
10. Next, define the schedule for executing your maintenance plan
• Name : “Bharosa_maint_sched”
• Enabled : Check
• Schedule type: Recurring
• Occurs:Weeky
• Recurs Every: 1 Week
• Day : Sunday
• Occurs: 12.00 AM
The New Job Schedule panel is shown below.
11. Click Next.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 22
The Maintenance Plan Wizard’s Select Plan Properties screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 23
12. Select the destination for the report: i.e. “E:\bharosa.”
The Maintenance Plan Wizard’s Select Report Options screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 24
The Maintenance Plan Wizard’s Complete the Wizard screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 25
The Maintenance Plan Wizard’s Progress screen is shown below.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 26
Purge and Archive Scripts Scripts to create Archive Tables and Stored Procedures are
• cr_purge_tables_sqlserver.sql
• cr_sp_arch_purge_tracker_data.sql
• cr_sp_arch_purge_rules_log.sql
• cr_sp_purge_vcrypt_users_sql
These scripts are to be applied on the Oracle Adaptive Access Manager Database as one time operation to create archive tables and stored procedures for scheduled scripts.
Scripts to be scheduled or triggered for archiving based on database management and business requirement policies are
• cr_archive_purge_tracker_data.sql
• cr_archive_purge_rule_log.sql
• cr_archive_purge_vcrypt_users.sql
cr_purge_tables_sqlserver.sql
This sql creates the archiving tables for all the tables which will be purged during archiving and purging process. Following tables will be created.
• VR_POLICYSET_LOGS_PURGE
• VR_RULE_LOGS_PURGE
• VR_MODEL_LOGS_PURGE
• VR_POLICY_LOGS_PURGE
• VCRYPT_AUTH_ATTEMPTS_PURGE
• VCRYPT_AUTH_SESSIONS_PURGE
• VCRYPT_PIN_RETRIEVALS_PURGE
• VCRYPT_TRACKER_NODE_HISTORY_PURGE
• VCRYPT_TRACKER_NODE_PURGE
• VCRYPT_TRACKER_USERNODE_LOGS_PURGE
• VCRYPT_USER_LOGS_PURGE
• VCRYPT_USERS_PURGE
• VT_USER_DEVICE_MAP_PURGE
• V_USER_QA
cr_sp_arch_purge_tracker_data.sql
This SQL script creates procedure sp_archive_purge_tracker_data. This stored
procedure Archives and purges data from Tracker tables, also this procedure rebuilds the indexes and collects statistics using DBCC Reindex .This SQL script is to be run as one time
operation on The Oracle Adaptive Access Manager Database.
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 27
cr_archive_purge_tracker_data.sql
This SQL script triggers the Stored Procedure sp_archive_purge_tracker_data created
by cr_sp_arch_purge_tracker_data.sql. Triggered stored procedure takes number of
days as input (set inside cr_archive_tracker_data.sql) at run time. The following
tables will be archived and purged when running this script.
• VCRYPT_TRACKER_NODE_HISTORY
• VCRYPT_TRACKER_NODE
• VCRYPT_TRACKER_USERNODE_LOGS
• VT_USER_DEVICE_MAP
cr_sp_arch_purge_rules_log.sql
This SQL script creates procedure sp_archive_purge_rule_log. This stored procedure
Archives and purges data from Rules Engine tables, also this procedure rebuilds the indexes and collects statistics using DBCC Reindex. This SQL script is to be run as one time
operation on The Oracle Adaptive Access Manager Database
cr_archive_purge_rule_log.sql
This SQL script triggers the Stored Procedure sp_archive_purge_rule_log created by
cr_sp_arch_purge_rules_log.sql. Triggered stored procedure takes number of days
as input (set inside cr_archive_purge_rule_log.sql) at run time. Following tables will
be archived and purged when running this script.
• VR_POLICYSET_LOGS
• VR_RULE_LOGS
• VR_MODEL_LOGS
• VR_POLICY_LOGS
cr_sp_purge_vcrypt_users.sql
This SQL script creates procedure sp_purge_vcrypt_users. This stored procedure
Archives and purges data from User Tables. This SQL script is to be run as one time operation on The Oracle Adaptive Access Manager Database
cr_archive_purge_vcrypt_users.sql
This SQL script triggers the Stored Procedure sp_purge_vcrypt_users created by
cr_sp_purge_vcrypt_users.sql. Triggered procedure takes ext_user_id as input
(set inside cr_archive_purge_vcrypt_users.sql) at run time. Following tables will be
archived and purged when running this script.
• VCRYPT_AUTH_ATTEMPTS
• VCRYPT_AUTH_SESSIONS
• VCRYPT_PIN_RETRIEVALS
• VCRYPT_USER_LOGS
• VCRYPT_USERS
• V_USER_QA
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 28
Also the stored procedure sp_purge_vcrypt_users sets the UPDATE_TIME in the following
tables.
• VCRYPT_USERS_HIST
• V_USER_QA_HIST
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 29
Verification and Validation Scripts cr_archive_purge_tracker_data.sql and
cr_archive_purge_rule_log.sql can be validated by querying Fraud Analyzer for the
period of purge which should result in no records to be fetched
Script cr_archive_purge_vcrypt_users.sql can be validated by querying for user to
be present in archive tables and not present user tables
Eg: select * from vcrypt_users_purge where ext_user_id='SAMPLE_USER';
Oracle Adaptive Access Manager SQL Server Maintenance Guide, 10g (10.1.4.3.0) 30
Maintenance Frequency and Archive and Purge Period The schedule for executing your maintenance plan and Archive and purge periods are set based on business requirement specified for retention periods. Refer to release notes for specific archive and purge periods.