Embed Size (px)
Citation preview
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1
How Oracle Uses Identity Management
Chirag Andani Director,Identity Management Services
26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Identity and Access Management Project: Why Did We Do It? • Security
• Establish Single Sign On
• Zero downtime!period
27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
• Internal applications deployed included • 1000+ partner applications • SSO, Email, Beehive, Files (Content), Portals, eBiz, SSA,
WebCenter !
• External applications deployed included • www.oracle.com, OTN, Oracle Partner Network, Oracle Forums,
eBiz, My Oracle Support (MOS)/Sun Support !
Scope of Identity Management Requirements
28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Access Manager 11g
• Replace Oracle Single Sign-On 10g (OSSO) and converge Oracle Access Manager 10g (OAM) and Sun Open Single Sign-On (OSO)
What We Set Out to Do
!"#$%&'()*+%&'()+*,!*'-.+' !"#$%&'
/$$&00'1#*#+&"'
--+'!"#$%&'/$$&00'1#*#+&"'-.+'
(2*'!3&*'((!'
29 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
How We Did It Without Disruption Architected for zero downtime
30 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Rollout in Phased Approach!
• Phase 1 : Pilot User rollout (200 Users)
• Phase 2 : Pilot applications (2 applications)
• Phase 3 : 10% of all production traffic
• Phase 4 : 20% of all production traffic
• Phase 5 : 50% of all production traffic
• Phase 6 : 100% of all production traffic
31 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
!With Immediate Rollback if Required
• 35 application-based issues
• Zero downtime Rollback plan:
– 10g SSO servers available via LBR – Live traffic to flip to 100% 10g SSO
32 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Measurement of Operational Success Oracle Access Manager Application Stats
Item Metric
Total Partner Apps 1000
Total Monthly OAM Operations (External)
23.1 M
Total Monthly OAM Operations (Internal)
16 M
33 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Internet Directory
• Create a single identity store
• Reduce cost • Eliminate data discrepancies
34 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Internet Directory • Internal Environment
• 2 MMR Replicas, 2 Fan-outs • Each MMR Replica is 4-node OID and 4-node RAC cluster, two
geographic sites • OID 11.1.1.1.0, RDBMS 11.2.0.2
• External Environment • 2 MMR Replicas, cluster configuration, two geographic sites • OID 11.1.1.1.0, RDBMS 11.2.0.2
Configuration Topology
35 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Internet Directory Global Oracle Identity Management Architecture
36 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
• 54 Million LDAP ops/day on single replica
• 5 Billion operations/month
• Expanded LDAP footprint • Internal – 2.5 Million entries • External – 14.5 Million users • Groups – 250K+ static groups, up to 1M members/group, 600+
dynamic groups
How Much Traffic Does Our OID Handle?
37 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
What’s Next: Oracle Identity Manager 11g
• Consolidate internal user and access provisioning
• Expand scalability
• Reduce provisioning cost and lead times
38 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Identity Manager 11g Oracle Identity Manager Architecture
39 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
The story continues!
Provisioning /migrating to OIM 25% complete
40 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Fusion Middleware 11g application infrastructure foundation
Complete – Integrated
Hot-pluggable – Best-of-breed
