Download presentation
Presentation is loading. Please wait.
Published byRudolf Foster Modified over 6 years ago
2
Uppili Srinivasan Oracle Identity Management and Security
Michael P. Mesaros Uppili Srinivasan Oracle Identity Management and Security Oracle Corporation
3
Planning Your Oracle Identity Management Deployment OracleWorld Paper 40207
4
Agenda Need for identity management
Oracle Identity Management overview Why deploy Oracle Identity Management? Deployment process overview Deployment/planning steps Requirement analysis Logical design Detailed deployment planning Summary and conclusions
5
Need for Identity Management
Oracle Identity Management
6
Web applications are great ...
Inexpensive to develop Easy to deploy Access anywhere BUT ….
7
…but they can be an administrative and usability nightmare!
8
Web application problems
Administrative problems Efficiently provisioning users for applications Limited/no ability to delegate administration Usability problems Different user names/passwords Little/no personalization of portal content Security problems Inconsistent password management policies Fragmented security policy enforcement
9
The identity management solution
Identity management is the process by which Users are provisioned for enterprise applications Application user roles and permissions are managed Users manage profile information such as application preferences, passwords and PINs Applications (such as Portals) are personalized for individual users
10
Oracle application environment
Supply chain mgmt Marketing & sales mgmt Service mgmt Financial mgmt Project mgmt HR mgmt Vertical applications … Mail Voic Calendar Files iMeeting etc. HTTP server Web services Portal Web cache Forms Reports etc. Oracle Database Oracle Label Security
11
Oracle Identity Management requirements
Enterprise integration High availability Scalability Security Integration with the Oracle product stack Support for standards
12
Oracle Identity Management infrastructure
Directory Directory Integration Provisioning Integration Oracle Identity Management Delegated Administration Single Sign-On Certificate Authority
13
Oracle Internet Directory
Scalability Millions of user entries on single server 1000’s of simultaneous clients High availability Multimaster replication Oracle9i hot backup/recovery Security Sophisticated security model based on access control lists Standards-based Native LDAPv3 implementation LDAP Clients Oracle Internet Directory Server LDAP over SSL Oracle Net Connections Directory Administration Oracle Database
14
Directory Integration and Provisioning
Provisioned Applications Portal iFS iAS Wireless Legacy apps. PL/SQL over Oracle Net Provisioning Integration Services Event Connected Directories ADS iPlanet etc Directory Synch. Services LDAP or File Poll Oracle Internet Directory
15
Oracle Delegated Administration Services
New directory feature with Oracle9iAS V2 Provides a consistent interface for directory content administration Administrative tool: supports application administration delegation End-user tool: Set passwords, preferences, whitepages
16
Oracle Application Server Single Sign-On
Provides single sign-on capability for all Oracle web-based applications Partner API, Keberos support permits integration with other authentication services Built on Oracle technology HA deployments Leverages Oracle Internet Directory, Delegated Administration Services
17
Oracle Application Server Certificate Authority
Key features Out-of-the-box PKI solution; allows Oracle customers to secure their deployments Easy provisioning of X.509v3 digital certificates Web Based certificate management and administration Seamless integration with Oracle Application Server Single Sign-On High availability and scalability with Oracle10g and Oracle Internet Directory
18
Grid computing model Topology Policy Manager Workload & Manager QOS
Cross-Tier Routing Resource Manager BLADE FARM (Local Grid) High Speed Interconnect Dynamically Provisioned & Registered BLADES
19
Oracle Identity Management’s role in grid computing
Provisioning hardware in the network Provisioning applications on the grid Provisioning users for grid applications Identity Management is essential to realizing the grid computing vision!
20
Oracle Identity Management – customer benefits
Scalable, robust and integrated infrastructure Out-of-the-box deployment for Oracle products Single point of integration between Oracle and other identity management applications Open, standards-based infrastructure
21
Why Deploy Oracle Identity Management?
22
Identity management deployment options
No infrastructure Deploy “local” infrastructure for Oracle applications Deploy enterprise-wide Oracle Identity Management infrastructure
23
No infrastructure All user identities managed locally by applications
Suitable for development deployments Can be migrated to identity management infrastructure for production e.g. OracleAS OC4J instance with JAAS/XML
24
Deploy “local” infrastructure for Oracle applications
Many Oracle products (e.g. Single Sign-On) require components of identity management infrastructure to be installed Possible scenarios Pilot deployments Integrating an isolated Oracle community with enterprise identity management services Semi-independent departments OracleAS 10g has features to support this deployment model Administration privilege model Partial/fan-out replication
25
Deploy enterprise-wide infrastructure
Recommended for supporting production enterprise deployments More planning typically required, however: Faster deployment of additional applications Centralized “professional” infrastructure administration Centralized identity management across all Oracle applications in the enterprise Standards-based identity management platform which is leveraged by other (non-Oracle) applications
26
Deployment Process Overview
Oracle Identity Management
27
Distributed systems security reference architecture
Users Application Audit Protected Resources Authentication Authorization Privacy Application Security Services Identity & Policy Store Policy Decision Services Identity & Profile Assertion Services What specific problem area or customer pain point does this product address ? For example -- Businesses need to: Scale their Web sites and applications to accommodate growth Improve performance to meet rising customer expectations for user-driven, dynamic content (improve QoS) Maximize Hardware ROI and manage costs Identity Management Infrastructure Administration & Provisioning
28
Infrastructure usage overview
29
Deployment process overview
Enterprise Requirements Requirement Analysis Logical Deployment Plan Deployment Planning Physical Deployment Plan New requirements Based on Deployment Experience Implementation and Deployment Administration
30
Deployment example: Oracle Data Center
Services for 40K employees worldwide Application environment Employee portal, Oracle E-Business Suite, Oracle Collaboration Suite Extranet environment Initial requirements Unified identity management Single sign-on across applications
31
Deployment Planning Steps
Oracle Identity Management
32
Requirements Analysis Phase
Plan, deploy and administer responsibility Which components to deploy Information model Centralized security management Enterprise application Administrative autonomy Security Isolation Third-party identity management integration High availability, scalability and performance
33
Requirement example: Oracle’s extranet environment
Inside Outside Customers Company Portal (my.oracle.com) Employees Employees Partners Internal App. Internal App. Internal App. Shared App. Shared App. Shared App.
34
Logical deployment plan
Translation of the enterprise requirements Answers questions such as: How many identity management infrastructures to deploy? Which components will be deployed, and where? Deployment of replicated local instances? How is it going to integrate with other enterprise repositories, provisioning systems and single sign-on services?
35
Logical deployment planning issues
Standard enterprise model Serving internal and external users Administrative autonomy for departmental applications Integration with other identity management systems
36
Example: Security isolation using two infrastructures
Internal User External User OracleAS Portal Oracle Collaboration Suite Extranet Identity Management Internal Identity Management Single Sign-On Delegated Administration Single Sign-On Directory Integration Delegated Administration Directory Directory Directory Synch.
37
Example: User provisioning from Windows
OracleAS Portal OracleAS Single Sign-On Windows Environment 4 - User provisioned in Oracle environment Oracle E-Business Suite Release 11i 3- User synchronized with OID 1 - “Add user” 2 - User created in ADS Microsoft ADS Delegated Administration Console Oracle Internet Directory
38
Detailed deployment planning
Directory information model (DIT) Identity Management Realms Physical network topologies High availability considerations Geographic distribution Certificate authority deployment
39
Example: Oracle Internet Directory Information Tree
root dc=com dc=oracle dc=amer dc=emea dc=apac dc=moc
40
Example: Physical Network Topology
Clients BigIP iAS904 mid tier SSO/DAS 902 mid tier, sso/das, webmail/voice OCSv2 sso/ das for GIT OCSv2 GIT webmail/voice DMZ Netscape (thick) client web217 web218 web90 web91 web239 web240 web241 gmsso db rgmldap0 rgmldap3 rgmldap1 Fail-over server rgmldap4 2node RAC HA iAS904 stldap rgmldap20 rgmldap21 OID fan out rep SSO periodic exp/imp when new partner apps added 9023 GITldap CFC rgmum7 rgmum11 GITSSO OID plugin OID ASR rep NetAPP storage OID plugin ( /passwd) SSO periodic exp/imp when new partner apps added OCSv1 imap/ smtp for ST rgmum20 rgmum21 OCSv1 imap/smtp for amer, etc. OCSv2 imap/ smtp for GIT rgmum14 rgmum15 rgmdbs1 rgmdbs2 rgmdbs3 2node RAC apac db emea db GIT db 3node RAC amer db STMAIL db 2node RAC
41
Summary and Conclusions
42
Summary Identity management is critical for the deployment and management of enterprise applications and essential to grid computing Oracle includes a robust, scalable and integrated infrastructure for managing Oracle environments and more Oracle Identity Management provides a single point of integration to other identity management environments
43
For More Information See the forthcoming Oracle Identity Management Concepts and Deployment Planning Guide Released with Oracle Application Server 10g (9.0.4) Oracle Technology Network
44
Q & Q U E S T I O N S A N S W E R S A
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.