Presentation is loading. Please wait.

Presentation is loading. Please wait.

Uppili Srinivasan Oracle Identity Management and Security

Published byRudolf Foster Modified over 6 years ago

Similar presentations

Presentation on theme: "Uppili Srinivasan Oracle Identity Management and Security"— Presentation transcript:

1

2 Uppili Srinivasan Oracle Identity Management and Security
Michael P. Mesaros Uppili Srinivasan Oracle Identity Management and Security Oracle Corporation

3 Planning Your Oracle Identity Management Deployment OracleWorld Paper 40207

4 Agenda Need for identity management
Oracle Identity Management overview Why deploy Oracle Identity Management? Deployment process overview Deployment/planning steps Requirement analysis Logical design Detailed deployment planning Summary and conclusions

5 Need for Identity Management
Oracle Identity Management

6 Web applications are great ...
Inexpensive to develop Easy to deploy Access anywhere BUT ….

7 …but they can be an administrative and usability nightmare!

8 Web application problems
Administrative problems Efficiently provisioning users for applications Limited/no ability to delegate administration Usability problems Different user names/passwords Little/no personalization of portal content Security problems Inconsistent password management policies Fragmented security policy enforcement

9 The identity management solution
Identity management is the process by which Users are provisioned for enterprise applications Application user roles and permissions are managed Users manage profile information such as application preferences, passwords and PINs Applications (such as Portals) are personalized for individual users

10 Oracle application environment
Supply chain mgmt Marketing & sales mgmt Service mgmt Financial mgmt Project mgmt HR mgmt Vertical applications … Mail Voic Calendar Files iMeeting etc. HTTP server Web services Portal Web cache Forms Reports etc. Oracle Database Oracle Label Security

11 Oracle Identity Management requirements
Enterprise integration High availability Scalability Security Integration with the Oracle product stack Support for standards

12 Oracle Identity Management infrastructure
Directory Directory Integration Provisioning Integration Oracle Identity Management Delegated Administration Single Sign-On Certificate Authority

13 Oracle Internet Directory
Scalability Millions of user entries on single server 1000’s of simultaneous clients High availability Multimaster replication Oracle9i hot backup/recovery Security Sophisticated security model based on access control lists Standards-based Native LDAPv3 implementation LDAP Clients Oracle Internet Directory Server LDAP over SSL Oracle Net Connections Directory Administration Oracle Database

14 Directory Integration and Provisioning
Provisioned Applications Portal iFS iAS Wireless Legacy apps. PL/SQL over Oracle Net Provisioning Integration Services Event Connected Directories ADS iPlanet etc Directory Synch. Services LDAP or File Poll Oracle Internet Directory

15 Oracle Delegated Administration Services
New directory feature with Oracle9iAS V2 Provides a consistent interface for directory content administration Administrative tool: supports application administration delegation End-user tool: Set passwords, preferences, whitepages

16 Oracle Application Server Single Sign-On
Provides single sign-on capability for all Oracle web-based applications Partner API, Keberos support permits integration with other authentication services Built on Oracle technology HA deployments Leverages Oracle Internet Directory, Delegated Administration Services

17 Oracle Application Server Certificate Authority
Key features Out-of-the-box PKI solution; allows Oracle customers to secure their deployments Easy provisioning of X.509v3 digital certificates Web Based certificate management and administration Seamless integration with Oracle Application Server Single Sign-On High availability and scalability with Oracle10g and Oracle Internet Directory

18 Grid computing model Topology Policy Manager Workload & Manager QOS
Cross-Tier Routing Resource Manager BLADE FARM (Local Grid) High Speed Interconnect Dynamically Provisioned & Registered BLADES

19 Oracle Identity Management’s role in grid computing
Provisioning hardware in the network Provisioning applications on the grid Provisioning users for grid applications Identity Management is essential to realizing the grid computing vision!

20 Oracle Identity Management – customer benefits
Scalable, robust and integrated infrastructure Out-of-the-box deployment for Oracle products Single point of integration between Oracle and other identity management applications Open, standards-based infrastructure

21 Why Deploy Oracle Identity Management?

22 Identity management deployment options
No infrastructure Deploy “local” infrastructure for Oracle applications Deploy enterprise-wide Oracle Identity Management infrastructure

23 No infrastructure All user identities managed locally by applications
Suitable for development deployments Can be migrated to identity management infrastructure for production e.g. OracleAS OC4J instance with JAAS/XML

24 Deploy “local” infrastructure for Oracle applications
Many Oracle products (e.g. Single Sign-On) require components of identity management infrastructure to be installed Possible scenarios Pilot deployments Integrating an isolated Oracle community with enterprise identity management services Semi-independent departments OracleAS 10g has features to support this deployment model Administration privilege model Partial/fan-out replication

25 Deploy enterprise-wide infrastructure
Recommended for supporting production enterprise deployments More planning typically required, however: Faster deployment of additional applications Centralized “professional” infrastructure administration Centralized identity management across all Oracle applications in the enterprise Standards-based identity management platform which is leveraged by other (non-Oracle) applications

26 Deployment Process Overview
Oracle Identity Management

27 Distributed systems security reference architecture
Users Application Audit Protected Resources Authentication Authorization Privacy Application Security Services Identity & Policy Store Policy Decision Services Identity & Profile Assertion Services What specific problem area or customer pain point does this product address ? For example -- Businesses need to: Scale their Web sites and applications to accommodate growth Improve performance to meet rising customer expectations for user-driven, dynamic content (improve QoS) Maximize Hardware ROI and manage costs Identity Management Infrastructure Administration & Provisioning

28 Infrastructure usage overview

29 Deployment process overview
Enterprise Requirements Requirement Analysis Logical Deployment Plan Deployment Planning Physical Deployment Plan New requirements Based on Deployment Experience Implementation and Deployment Administration

30 Deployment example: Oracle Data Center
Services for 40K employees worldwide Application environment Employee portal, Oracle E-Business Suite, Oracle Collaboration Suite Extranet environment Initial requirements Unified identity management Single sign-on across applications

31 Deployment Planning Steps
Oracle Identity Management

32 Requirements Analysis Phase
Plan, deploy and administer responsibility Which components to deploy Information model Centralized security management Enterprise application Administrative autonomy Security Isolation Third-party identity management integration High availability, scalability and performance

33 Requirement example: Oracle’s extranet environment
Inside Outside Customers Company Portal (my.oracle.com) Employees Employees Partners Internal App. Internal App. Internal App. Shared App. Shared App. Shared App.

34 Logical deployment plan
Translation of the enterprise requirements Answers questions such as: How many identity management infrastructures to deploy? Which components will be deployed, and where? Deployment of replicated local instances? How is it going to integrate with other enterprise repositories, provisioning systems and single sign-on services?

35 Logical deployment planning issues
Standard enterprise model Serving internal and external users Administrative autonomy for departmental applications Integration with other identity management systems

36 Example: Security isolation using two infrastructures
Internal User External User OracleAS Portal Oracle Collaboration Suite Extranet Identity Management Internal Identity Management Single Sign-On Delegated Administration Single Sign-On Directory Integration Delegated Administration Directory Directory Directory Synch.

37 Example: User provisioning from Windows
OracleAS Portal OracleAS Single Sign-On Windows Environment 4 - User provisioned in Oracle environment Oracle E-Business Suite Release 11i 3- User synchronized with OID 1 - “Add user” 2 - User created in ADS Microsoft ADS Delegated Administration Console Oracle Internet Directory

38 Detailed deployment planning
Directory information model (DIT) Identity Management Realms Physical network topologies High availability considerations Geographic distribution Certificate authority deployment

39 Example: Oracle Internet Directory Information Tree
root dc=com dc=oracle dc=amer dc=emea dc=apac dc=moc

40 Example: Physical Network Topology
Clients BigIP iAS904 mid tier SSO/DAS 902 mid tier, sso/das, webmail/voice OCSv2 sso/ das for GIT OCSv2 GIT webmail/voice DMZ Netscape (thick) client web217 web218 web90 web91 web239 web240 web241 gmsso db rgmldap0 rgmldap3 rgmldap1 Fail-over server rgmldap4 2node RAC HA iAS904 stldap rgmldap20 rgmldap21 OID fan out rep SSO periodic exp/imp when new partner apps added 9023 GITldap CFC rgmum7 rgmum11 GITSSO OID plugin OID ASR rep NetAPP storage OID plugin ( /passwd) SSO periodic exp/imp when new partner apps added OCSv1 imap/ smtp for ST rgmum20 rgmum21 OCSv1 imap/smtp for amer, etc. OCSv2 imap/ smtp for GIT rgmum14 rgmum15 rgmdbs1 rgmdbs2 rgmdbs3 2node RAC apac db emea db GIT db 3node RAC amer db STMAIL db 2node RAC

41 Summary and Conclusions

42 Summary Identity management is critical for the deployment and management of enterprise applications and essential to grid computing Oracle includes a robust, scalable and integrated infrastructure for managing Oracle environments and more Oracle Identity Management provides a single point of integration to other identity management environments

43 For More Information See the forthcoming Oracle Identity Management Concepts and Deployment Planning Guide Released with Oracle Application Server 10g (9.0.4) Oracle Technology Network

44 Q & Q U E S T I O N S A N S W E R S A

45

Download ppt "Uppili Srinivasan Oracle Identity Management and Security"

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Building Enterprise Information Portal using Oracle Portal 3

Building Enterprise Information Portal using Oracle Portal 3
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.

Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.
ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.

ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.
Understanding Active Directory

Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution www.cognizancesecurity.com.

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
BMC Software confidential. BMC Performance Manager Will Brown.

BMC Software confidential. BMC Performance Manager Will Brown.
Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.

Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.
Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.

Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.

Similar presentations

Ads by Google