- OracleInsert Picture Here> ... Oracle Enterprise Manager Grid Control M a n age m e n t P ac ......

<Insert Picture Here>

Oracle Identity Management Administration Best Practices

Amjad AfanahAmjad AfanahSenior Product Manager

Program Agenda

<Insert Picture Here>• Introduction to Enterprise Managerg

• Best Practices for Managing Oracle Identity Management

N F t i O l E t i• New Features in Oracle Enterprise Manager 11g Grid Control

• DemoDemo

3

Introduction

4

Business-Driven IT Management

5© 2010 Oracle Corporation

Oracle Identity Management

Provisioning & Access DirectorygIdentityAdministration

Managementy

Services

Roles-based User Provisioning

Authentication, SSO & Fraud Prevention

LDAP StorageProvisioning

Password Management

Self Service Request & Approval

Fraud Prevention

Authorization & Entitlements

Web Services Security

Virtualized Identity Access

Information Rights Management

ManageabilityIdentity Analytics

Reporting Attestation SoD Mining Monitoring SLM Config Management

Oracle Identity Management

Provisioning & Access DirectorygIdentityAdministration

Managementy

Services

Oracle Identity Manager Oracle Access Manager

Oracle Adaptive Access Manager

Oracle Internet Directory

Oracle Adaptive Access Manager

Oracle Enterprise Single Sign-On

Oracle Identity Federation

Oracle Entitlements Server

y

Oracle Virtual Directory

Oracle Directory Server EnterpriseOracle Entitlements Server

Oracle Web Services Manager

Oracle OpenSSO Secure Token Service

Server Enterprise Edition

Identity Analytics Manageability

Oracle Identity Analytics Management Pack Plus for Identity Management

Oracle Enterprise Manager Grid ControlManagement Pack Plus for Identity Management – Overviewa age e t ac us o de t ty a age e t O e e

• Automated Discovery of Identity

10g Oracle Internet Directory

10g Oracle Access Manager

Management Components

• Performance and Availability Monitoring

10g Oracle Identity Federation

10g Oracle Identity Manager

• Performance and Availability Monitoring

• Service Level Management

11g Oracle Internet Directory

11g Oracle Virtual Directory

• Configuration Management

11g Oracle Identity Federation

11g Oracle Directory Integration Platfrom

11g Oracle Identity Manager

11g Oracle Access Manager

11g Oracle Adaptive Access

8

g pManager

Oracle Enterprise Manager Management Pack Plus for Identity Management Key BenefitsManagement Pack Plus for Identity Management – Key Benefits

• Reduce CostsEliminate disparate monitoring tools– Eliminate disparate monitoring tools

– Automated discovery and tracking of Identity Management configurations

• Improve Service Levels– Proactive monitoring of end-user performance and availability

M it k Id tit M t f t i– Monitor key Identity Management performance metrics

• Align with Business Demands– Understand impact of Identity Management services on other

applications

– Create Service Level Agreements and Dashboards

9

Best Practices

10

Best Practices for…

1. Service Level Management

2. Monitoring Identity Management Components

3. End User Monitoring

4 Log File Monitoring4. Log File Monitoring

11

Best Practices for…1. Service Level Management Se ce e e a age e t

• Centralize management of SLA’ d i t iSLA’s and gain an enterprise-wide view of IT performance

• Model services from end-to-endto end

• Define Service Levels based on business services

• Agree business hours and expected service levels

• Include usage and performance metrics

12

Best Practices for…1. Service Level ManagementSe ce e e a age e t

• Use Service Monitoring D hb d d R t tDashboards and Reports to summarize KPI’s and service levels achieved

13

Best Practices for…2. Monitoring Identity Management Componentso to g de t ty a age e t Co po e ts

• Monitor the health of all critical O l Id tit M tOracle Identity Management components.

• Perform historical trending analysis to identify issues oranalysis to identify issues or anomalies

• How to set up alerts?

• Use warning/critical Use a g/c t cathresholds based on metric baselines or internal best practices

• What notification methods to use?

• Email

SNMP T

14

• SNMP Traps


• Alerts on key performance metrics h l i di tican help in diagnostics

• Monitor both application and infrastructure metrics

• Load # of Sessions• Load – # of Sessions, LDAP Operations, Provisioning Requests, Authentication Requests

• Resource – CPU & Memory Utilization

15


• Use metric baselines when your kl d fil f ll lworkload profile follows a cycle over

a given time period (ie. Daily, weekly, etc)

• Statistics are computed over theStatistics are computed over the baseline period for specific target metrics.

• Include metrics such as:

• Load – # of Sessions, LDAP Operations, Provisioning Requests, Authentication RequestsRequests

• Resource – CPU & Memory Utilization

16

Best Practices for…3. End User Monitoring3 d Use o to g

• Monitor performance from an end-ti iuser perspective using:

• Web Transactions

• LDAP Operations

• Include Service Tests for:

• Authentication requests using dedicated test users againstdedicated test users against specific WebGates or Access Gates

• Simple LDAP operationsSimple LDAP operations against OID or OVD

17

Best Practices for…3. End User Monitoring3 d Use o to g

• Place Beacons strategically:

• At locations that are representative of end-user geography

At l ti th t h• At locations that have experienced the most outages of performance issues

18

Best Practices for…3. End User Monitoring

• The first step in diagnosing problems i h ki th d d i t t

3 d Use o to g

is checking the recorded service tests.

• Is it a Network Problem? The problem may be confined to a certain region/beaconcertain region/beacon

• Is the Service Test Available?The recorded request may be failing or have a long response time.

19

Best Practices for…4. Log File Monitoringog e o to g

• Log File Alerts: Log files are scanned for the occurrence of desired patterns or derror codes.

• Oracle Access Manager: Logs collect a program execution data so that you can troubleshoot system performance issuesyou can troubleshoot system performance issues

• Log data can be stored in a log file or in the system file

• Oracle Identity Federation: Log files are maintained in the• Oracle Identity Federation: Log files are maintained in the $ORACLE_HOME/fed/log directory: federation.log, federation-error.log, federation-msg.log, etc.

• federation-error.log – contains error messages generated by thefederation error.log contains error messages generated by the Oracle Identity Federation server.

20

Best Practices for… 4. Log File Monitoringog e o to g

• Audit Reports: In addition to logs, audit reports can be used for diagnostic llpurposes as well.

• The auditing feature in Oracle Access Manager collects and presents data pertaining to policy and profile settings system events and usage patternspertaining to policy and profile settings, system events, and usage patterns.

• Oracle Identity Manager also provides a number of reports including: Resource Activity Password Reset Success Failure Users Created Users Deleted UsersActivity, Password Reset Success Failure, Users Created, Users Deleted, Users Disabled, and Users Unlocked

21

New Features

22

New Features in Oracle Enterprise Manager 11gNew Identity and Access Page

• A new Identity and Access page providing:

• Centralized overview of all monitored IdM components (including both 10g and 11g components)components)

• Improved discovery wizards

• Simplified system creation wizardswizards

• Monitoring for 11g IdM components

Identity and Access Page

co po e tsImproved Discovery Wizards

Simplified System Creation

23

Simplified System Creation

New Features in Oracle Enterprise Manager 11g Configuration Collection for 11g Identity Management Components

• Track configuration changes for di ti d l tdiagnostic and regulatory purposes

• Supports versioning and comparisons of configurationcomparisons of configuration parameters

• Ensure that configuration settings• Ensure that configuration settings amongst components are consistent.

24

New Features in Oracle Enterprise Manager 11g Oracle Access Manager

Oracle Enterprise Manager 10g Oracle Enterprise Manager 11g

S f l A h i i D ill D i O l A M Cli d• Successful Authentications

• Failed Authentications

• Successful Authorizations

• Failed Authorizations

• Drill-Down into Oracle Access Manager Clients and Domains – showing authentication and authorization frequency, latency and success to fail ratio

• Enhanced Metrics

Average Authentication & Authorization• Requests Processed • Average Authentication & Authorization Latency

• LDAP Operations/Sec

• Average LDAP Operation Latency

LDAP Operation Success Rate• LDAP Operation Success Rate

• Log Operation Latency

• Audit Operations/Sec

• Queue Size

• Cache Operations Ratio & Average Latency

25

New Features in Oracle Enterprise Manager 11g Oracle Identity Federation


Id tit P id & S i P id D ill D i t O l Id tit F d ti P id• Identity Provider & Service Provider Metrics

• Request Sent, Response Received Metrics for Authentication and Authorization

• Drill-Down into Oracle Identity Federation Providers – showing authentication requests and responses, HTTP and SOAP requests and responses, and authentication response processing time

• Enhanced MetricsAuthorization

• Federation Termination Requests


• Active Federation Creation/Deletion/Retrieval Time

• Time to Persist Session Data

• Open Server Connections• Open Server Connections

• Local User Authentication Time

• Logout Error Requests/Responses

• Requests Encrypted/Signed

XML Decryption Successes/Failures• XML Decryption Successes/Failures

• XML Signatures Generated

• XML Message Signing Time

26

New Features in Oracle Enterprise Manager 11g Oracle Adaptive Access Manager


N/A • Metrics for

• Login Count – Total, Successful, Failed & Blocked

• Alert Count – High, Medium, & Low

• Rules, Models & Runtime Executions

• API Call Metrics

• Update Log,

• Update Authorization Status

• Process Rules

• Create/Update Transaction, etc.

27

New Features in Oracle Enterprise Manager 11g Oracle Identity Manager


• Application Response Time • Drill-Down into Oracle Identity Manager Adapters –

• Active Invocations, Active Session Count

• JDBC, JMS, JTA & JVM Metrics

• Active Thread Count, CPU Load, Heap

showing completed executions and average/maximum/minimum execution time


• Reconciliations - Jobs Completed & Jobs St t dUsage, Used Physical Memory

• Number of Running Jobs along with key statistics on Running Jobs

• Load Metrics like Number of Users C t d N b f R ili ti

Started

• Role Grant Requests - Completed, Pending & Failed Role Grant Requests, Completed, Pending & Failed Role Grant Requests Rate (Sec)Created, Number of Reconciliation

Events Initiated, and Number of Requests Initiated

• Provisioning Metrics like Number of Provisioned Users Number of Users

(Sec)

• Self-Service Requests - Completed, Pending & Failed Self Service Requests

• Datasource Metrics – Available Connections, Cached Statements Used, Connection Pool Provisioned Users, Number of Users

Deleted/Disabled/Locked

,Size, etc.

• Java EE Web Service Metrics –Authentication/Authorization Faults & Successes, Confidentiality/Integrity Faults & S t

28

Successes, etc.

New Features in Oracle Enterprise Manager 11g Oracle Internet Directory


R LDAP S R E h d M i• Response - LDAP Server Response

• Resource Utilization

• CPU & Memory

• Memory Growth Rate


• Average Memory Growth (%)

• Replication Metrics – Replication Server CPU/Memory, Number of Threads per Supplier Replication Supplier Details• Load

• LDAP Server Load

• Total Users Sessions

• Failed & Successful LDAP Super User Login

Supplier, Replication Supplier Details (Name, New/Retry Change-log Count), etc.

• Audit Log Metrics – Number of Audit Log Objects/Health Statistics/Security Refresh

• Errors: 3113 & 3114 Occurrences

• Active & Open Database Sessions

• LDAP Operations (Real-Time)

• Add, Compare, Delete, Login, Modify,

Objects/Health Statistics/Security Refresh Events/System Resource Events in Purge Queue, etc.

• Change-logs Metrics – Number of Local/Remote ChangeLogs, Number of Add, Compare, Delete, Login, Modify,

Search, Abandon & Unbind New/Retry/HIQ ChangeLogs, etc.

29

New Features in Oracle Enterprise Manager 11g Oracle Virtual Directory


N/A M t i fN/A • Metrics for

• Response

• Resource Utilization

• CPU & Memory & Memory Growth Rate

• Load

• OVD Load

• Total Users Sessions

• Active & Open Sessions

• Current & Total Connections (IP’s & Users)

• Min./Max./Average Time to Complete a Search Request (ms)

• LDAP Operations (Real-Time)

• Add, Compare, Delete, Login, Modify, Search, Abandon & Unbind

30

Demo

31

Oracle Enterprise Manager Management Pack Plus for Identity Management SummaryManagement Pack Plus for Identity Management – Summary

• Centralized Systems Management solution for Oracle Identity MManagement

– Automated Discovery of IdM components

– Performance and Availability Monitoring

Service Level Management– Service Level Management

– Configuration Management

• Significant Enhancements in Enterprise Manager 11gNew Targets– New Targets

– Additional Metrics

– Identity and Access Homepage

• BenefitsBenefits– Lower Costs

– Better Service Levels

32

Oracle Enterprise Manager 11gResource Center

Access Videos, Webcasts, White Papers, and More

Oracle com/enterprisemanager11gOracle.com/enterprisemanager11g

33

Oracle Enterprise Manager Hands On LabsMonday September 20 2010Monday September 20, 2010

3:30 p.m. ‐ 4:30 p.m. Database Performance Diagnostics and Tuning Marriott Hotel,Salon 12/13, YB Level

5:00 p.m. ‐ 6:00 p.m. Provisioning, Patch Automation, and Configuration Management Pack Marriott Hotel,Salon 12/13, YB Level

l li i k f l i i i / l i i b ill5:00 p.m. ‐ 6:00 p.m. Oracle Application Mgmt. Pack for Oracle E‐Business Suite: Monitor/Clone Marriott Marquis, Nob Hill

Tuesday September 21, 2010

11:00 a.m.‐12:00 p.m. Using Oracle Application Change Management Pack for Oracle E‐Business Suite Marriott Marquis, Nob Hill

12:30 p.m.‐1:30 p.m. Database and Application Testing Marriott Hotel, Salon 12/13, YB Level/ ,

2:00 p.m. ‐ 3:00 p.m. Oracle Fusion Middleware Management Marriott Hotel,Salon 12/13, YB Level

3:30 p.m. ‐ ‐4:30 p.m. Provisioning, Patch Automation, and Configuration Management Pack Marriott Hotel,Salon 12/13, YB Level

Wednesday September 22, 2010

4:45 p.m. ‐ 5:45 p.m. Database and Application Testing Marriott Hotel,Salon 12/13, YB Level

4:45 p.m. ‐ 5:45 p.m. Oracle Application Mgmt. Pack for Oracle E‐Business Suite: Monitor/Clone Marriott Marquis, Nob Hill

Thursday September 23, 2010

9:00 a.m. ‐ 10:00 a.m. Database Performance Diagnostics and Tuning Marriott Hotel,Salon 12/13, YB Level

10:30 a.m. ‐ 11:30 a.m. Oracle Fusion Middleware Management Marriott Hotel,Salon 12/13, YB Level

34

Salon 12/13, YB Level

Oracle Enterprise Manager DemogroundsD E M O T I T L E L O C A T I O ND E M O T I T L E L O C A T I O N

Oracle Real Application Testing: Database Replay Moscone West

Oracle Real Application Testing: SQL Performance Analyzer Moscone West

Self‐Managing Database: Automatic Performance Diagnostics Moscone West

Self Managing Database: Automatic Fault Diagnostics Moscone WestSelf‐Managing Database: Automatic Fault Diagnostics Moscone West

Self‐Managing Database: Automatic Application and SQL Tuning Moscone West

Application Quality Management: Application Testing Suite Moscone South ‐ S022

Real User Monitoring with Oracle Enterprise Manager Moscone South ‐ S021

Si b l C li i S h S02Siebel CRM Application Management Moscone South ‐ S024

Real User Monitoring with Oracle Enterprise Manager Moscone West

Oracle WebLogic Server Management and Java Diagnostics Moscone West

SOA Management with Oracle Enterprise Manager Moscone West

Oracle Business Transaction Management Moscone West

Push Button Provisioning and Patch Automation Moscone West

Smart Configuration Management Moscone West

Oracle Enterprise Manager Ops Center Moscone West

Managing the Enterprise Private Cloud Moscone West

System Management, My Oracle Support, and Oracle Enterprise Manager Moscone West

Self Managing Database: Change Management for DBAs Moscone West

Oracle Enterprise Manager: Complete Datacenter Management Moscone West

35

Self‐Managing Database: Data Masking for DBAs Moscone West

Oracle Enterprise Manager Grid ControlManagement Pack Plus for Identity Management – Key Benefits

• Reduce Costs & Centralize Systems ManagementCentralize systems management to eliminate time intensive, manual tasks and disparate IT monitoring tools.

a age e t ac us o de t ty a age e t ey e e ts

• Accelerate Problem Resolution & Reduce Performance/Availability Issues

Gain insight into the end-users experienceg pGain the ability to monitor performance metrics to find root causes of problems that could potentially slow performance or create outages

• Configuration ManagementConfiguration ManagementTrack and maintain configuration changes to reduce operational management costs

• Centralize Service Level Management, Improve Application Service Levels & Reduce DowntimeLevels & Reduce Downtime

Centralize monitoring and management of service level agreements and gain an enterprise-wide view of IT performance.

36

- OracleInsert Picture Here> ... Oracle Enterprise Manager Grid Control M a n age m e n t P ac ......

Documents

Transcript of - OracleInsert Picture Here> ... Oracle Enterprise Manager Grid Control M a n age m e n t P ac ......