- OracleInsert Picture Here> ... Oracle Enterprise Manager Grid Control M a n age m e n t P ac ......
Transcript of - OracleInsert Picture Here> ... Oracle Enterprise Manager Grid Control M a n age m e n t P ac ......
1
<Insert Picture Here>
Oracle Identity Management Administration Best Practices
Amjad AfanahAmjad AfanahSenior Product Manager
Program Agenda
<Insert Picture Here>• Introduction to Enterprise Managerg
• Best Practices for Managing Oracle Identity Management
N F t i O l E t i• New Features in Oracle Enterprise Manager 11g Grid Control
• DemoDemo
3
Introduction
4
Business-Driven IT Management
5© 2010 Oracle Corporation
Oracle Identity Management
Provisioning & Access DirectorygIdentityAdministration
Managementy
Services
Roles-based User Provisioning
Authentication, SSO & Fraud Prevention
LDAP StorageProvisioning
Password Management
Self Service Request & Approval
Fraud Prevention
Authorization & Entitlements
Web Services Security
Virtualized Identity Access
Information Rights Management
ManageabilityIdentity Analytics
Reporting Attestation SoD Mining Monitoring SLM Config Management
Oracle Identity Management
Provisioning & Access DirectorygIdentityAdministration
Managementy
Services
Oracle Identity Manager Oracle Access Manager
Oracle Adaptive Access Manager
Oracle Internet Directory
Oracle Adaptive Access Manager
Oracle Enterprise Single Sign-On
Oracle Identity Federation
Oracle Entitlements Server
y
Oracle Virtual Directory
Oracle Directory Server EnterpriseOracle Entitlements Server
Oracle Web Services Manager
Oracle OpenSSO Secure Token Service
Server Enterprise Edition
Identity Analytics Manageability
Oracle Identity Analytics Management Pack Plus for Identity Management
Oracle Enterprise Manager Grid ControlManagement Pack Plus for Identity Management – Overviewa age e t ac us o de t ty a age e t O e e
• Automated Discovery of Identity
10g Oracle Internet Directory
10g Oracle Access Manager
Management Components
• Performance and Availability Monitoring
10g Oracle Identity Federation
10g Oracle Identity Manager
• Performance and Availability Monitoring
• Service Level Management
11g Oracle Internet Directory
11g Oracle Virtual Directory
• Configuration Management
11g Oracle Identity Federation
11g Oracle Directory Integration Platfrom
11g Oracle Identity Manager
11g Oracle Access Manager
11g Oracle Adaptive Access
8
g pManager
Oracle Enterprise Manager Management Pack Plus for Identity Management Key BenefitsManagement Pack Plus for Identity Management – Key Benefits
• Reduce CostsEliminate disparate monitoring tools– Eliminate disparate monitoring tools
– Automated discovery and tracking of Identity Management configurations
• Improve Service Levels– Proactive monitoring of end-user performance and availability
M it k Id tit M t f t i– Monitor key Identity Management performance metrics
• Align with Business Demands– Understand impact of Identity Management services on other
applications
– Create Service Level Agreements and Dashboards
9
Best Practices
10
Best Practices for…
1. Service Level Management
2. Monitoring Identity Management Components
3. End User Monitoring
4 Log File Monitoring4. Log File Monitoring
11
Best Practices for…1. Service Level Management Se ce e e a age e t
• Centralize management of SLA’ d i t iSLA’s and gain an enterprise-wide view of IT performance
• Model services from end-to-endto end
• Define Service Levels based on business services
• Agree business hours and expected service levels
• Include usage and performance metrics
12
Best Practices for…1. Service Level ManagementSe ce e e a age e t
• Use Service Monitoring D hb d d R t tDashboards and Reports to summarize KPI’s and service levels achieved
13
Best Practices for…2. Monitoring Identity Management Componentso to g de t ty a age e t Co po e ts
• Monitor the health of all critical O l Id tit M tOracle Identity Management components.
• Perform historical trending analysis to identify issues oranalysis to identify issues or anomalies
• How to set up alerts?
• Use warning/critical Use a g/c t cathresholds based on metric baselines or internal best practices
• What notification methods to use?
SNMP T
14
• SNMP Traps
Best Practices for…2. Monitoring Identity Management Componentso to g de t ty a age e t Co po e ts
• Alerts on key performance metrics h l i di tican help in diagnostics
• Monitor both application and infrastructure metrics
• Load # of Sessions• Load – # of Sessions, LDAP Operations, Provisioning Requests, Authentication Requests
• Resource – CPU & Memory Utilization
15
Best Practices for…2. Monitoring Identity Management Componentso to g de t ty a age e t Co po e ts
• Use metric baselines when your kl d fil f ll lworkload profile follows a cycle over
a given time period (ie. Daily, weekly, etc)
• Statistics are computed over theStatistics are computed over the baseline period for specific target metrics.
• Include metrics such as:
• Load – # of Sessions, LDAP Operations, Provisioning Requests, Authentication RequestsRequests
• Resource – CPU & Memory Utilization
16
Best Practices for…3. End User Monitoring3 d Use o to g
• Monitor performance from an end-ti iuser perspective using:
• Web Transactions
• LDAP Operations
• Include Service Tests for:
• Authentication requests using dedicated test users againstdedicated test users against specific WebGates or Access Gates
• Simple LDAP operationsSimple LDAP operations against OID or OVD
17
Best Practices for…3. End User Monitoring3 d Use o to g
• Place Beacons strategically:
• At locations that are representative of end-user geography
At l ti th t h• At locations that have experienced the most outages of performance issues
18
Best Practices for…3. End User Monitoring
• The first step in diagnosing problems i h ki th d d i t t
3 d Use o to g
is checking the recorded service tests.
• Is it a Network Problem? The problem may be confined to a certain region/beaconcertain region/beacon
• Is the Service Test Available?The recorded request may be failing or have a long response time.
19
Best Practices for…4. Log File Monitoringog e o to g
• Log File Alerts: Log files are scanned for the occurrence of desired patterns or derror codes.
• Oracle Access Manager: Logs collect a program execution data so that you can troubleshoot system performance issuesyou can troubleshoot system performance issues
• Log data can be stored in a log file or in the system file
• Oracle Identity Federation: Log files are maintained in the• Oracle Identity Federation: Log files are maintained in the $ORACLE_HOME/fed/log directory: federation.log, federation-error.log, federation-msg.log, etc.
• federation-error.log – contains error messages generated by thefederation error.log contains error messages generated by the Oracle Identity Federation server.
20
Best Practices for… 4. Log File Monitoringog e o to g
• Audit Reports: In addition to logs, audit reports can be used for diagnostic llpurposes as well.
• The auditing feature in Oracle Access Manager collects and presents data pertaining to policy and profile settings system events and usage patternspertaining to policy and profile settings, system events, and usage patterns.
• Oracle Identity Manager also provides a number of reports including: Resource Activity Password Reset Success Failure Users Created Users Deleted UsersActivity, Password Reset Success Failure, Users Created, Users Deleted, Users Disabled, and Users Unlocked
21
New Features
22
New Features in Oracle Enterprise Manager 11gNew Identity and Access Page
• A new Identity and Access page providing:
• Centralized overview of all monitored IdM components (including both 10g and 11g components)components)
• Improved discovery wizards
• Simplified system creation wizardswizards
• Monitoring for 11g IdM components
Identity and Access Page
co po e tsImproved Discovery Wizards
Simplified System Creation
23
Simplified System Creation
New Features in Oracle Enterprise Manager 11g Configuration Collection for 11g Identity Management Components
• Track configuration changes for di ti d l tdiagnostic and regulatory purposes
• Supports versioning and comparisons of configurationcomparisons of configuration parameters
• Ensure that configuration settings• Ensure that configuration settings amongst components are consistent.
24
New Features in Oracle Enterprise Manager 11g Oracle Access Manager
Oracle Enterprise Manager 10g Oracle Enterprise Manager 11g
S f l A h i i D ill D i O l A M Cli d• Successful Authentications
• Failed Authentications
• Successful Authorizations
• Failed Authorizations
• Drill-Down into Oracle Access Manager Clients and Domains – showing authentication and authorization frequency, latency and success to fail ratio
• Enhanced Metrics
Average Authentication & Authorization• Requests Processed • Average Authentication & Authorization Latency
• LDAP Operations/Sec
• Average LDAP Operation Latency
LDAP Operation Success Rate• LDAP Operation Success Rate
• Log Operation Latency
• Audit Operations/Sec
• Queue Size
• Cache Operations Ratio & Average Latency
25
New Features in Oracle Enterprise Manager 11g Oracle Identity Federation
Oracle Enterprise Manager 10g Oracle Enterprise Manager 11g
Id tit P id & S i P id D ill D i t O l Id tit F d ti P id• Identity Provider & Service Provider Metrics
• Request Sent, Response Received Metrics for Authentication and Authorization
• Drill-Down into Oracle Identity Federation Providers – showing authentication requests and responses, HTTP and SOAP requests and responses, and authentication response processing time
• Enhanced MetricsAuthorization
• Federation Termination Requests
• Enhanced Metrics
• Active Federation Creation/Deletion/Retrieval Time
• Time to Persist Session Data
• Open Server Connections• Open Server Connections
• Local User Authentication Time
• Logout Error Requests/Responses
• Requests Encrypted/Signed
XML Decryption Successes/Failures• XML Decryption Successes/Failures
• XML Signatures Generated
• XML Message Signing Time
26
New Features in Oracle Enterprise Manager 11g Oracle Adaptive Access Manager
Oracle Enterprise Manager 10g Oracle Enterprise Manager 11g
N/A • Metrics for
• Login Count – Total, Successful, Failed & Blocked
• Alert Count – High, Medium, & Low
• Rules, Models & Runtime Executions
• API Call Metrics
• Update Log,
• Update Authorization Status
• Process Rules
• Create/Update Transaction, etc.
27
New Features in Oracle Enterprise Manager 11g Oracle Identity Manager
Oracle Enterprise Manager 10g Oracle Enterprise Manager 11g
• Application Response Time • Drill-Down into Oracle Identity Manager Adapters –
• Active Invocations, Active Session Count
• JDBC, JMS, JTA & JVM Metrics
• Active Thread Count, CPU Load, Heap
showing completed executions and average/maximum/minimum execution time
• Enhanced Metrics
• Reconciliations - Jobs Completed & Jobs St t dUsage, Used Physical Memory
• Number of Running Jobs along with key statistics on Running Jobs
• Load Metrics like Number of Users C t d N b f R ili ti
Started
• Role Grant Requests - Completed, Pending & Failed Role Grant Requests, Completed, Pending & Failed Role Grant Requests Rate (Sec)Created, Number of Reconciliation
Events Initiated, and Number of Requests Initiated
• Provisioning Metrics like Number of Provisioned Users Number of Users
(Sec)
• Self-Service Requests - Completed, Pending & Failed Self Service Requests
• Datasource Metrics – Available Connections, Cached Statements Used, Connection Pool Provisioned Users, Number of Users
Deleted/Disabled/Locked
,Size, etc.
• Java EE Web Service Metrics –Authentication/Authorization Faults & Successes, Confidentiality/Integrity Faults & S t
28
Successes, etc.
New Features in Oracle Enterprise Manager 11g Oracle Internet Directory
Oracle Enterprise Manager 10g Oracle Enterprise Manager 11g
R LDAP S R E h d M i• Response - LDAP Server Response
• Resource Utilization
• CPU & Memory
• Memory Growth Rate
• Enhanced Metrics
• Average Memory Growth (%)
• Replication Metrics – Replication Server CPU/Memory, Number of Threads per Supplier Replication Supplier Details• Load
• LDAP Server Load
• Total Users Sessions
• Failed & Successful LDAP Super User Login
Supplier, Replication Supplier Details (Name, New/Retry Change-log Count), etc.
• Audit Log Metrics – Number of Audit Log Objects/Health Statistics/Security Refresh
• Errors: 3113 & 3114 Occurrences
• Active & Open Database Sessions
• LDAP Operations (Real-Time)
• Add, Compare, Delete, Login, Modify,
Objects/Health Statistics/Security Refresh Events/System Resource Events in Purge Queue, etc.
• Change-logs Metrics – Number of Local/Remote ChangeLogs, Number of Add, Compare, Delete, Login, Modify,
Search, Abandon & Unbind New/Retry/HIQ ChangeLogs, etc.
29
New Features in Oracle Enterprise Manager 11g Oracle Virtual Directory
Oracle Enterprise Manager 10g Oracle Enterprise Manager 11g
N/A M t i fN/A • Metrics for
• Response
• Resource Utilization
• CPU & Memory & Memory Growth Rate
• Load
• OVD Load
• Total Users Sessions
• Active & Open Sessions
• Current & Total Connections (IP’s & Users)
• Min./Max./Average Time to Complete a Search Request (ms)
• LDAP Operations (Real-Time)
• Add, Compare, Delete, Login, Modify, Search, Abandon & Unbind
30
Demo
31
Oracle Enterprise Manager Management Pack Plus for Identity Management SummaryManagement Pack Plus for Identity Management – Summary
• Centralized Systems Management solution for Oracle Identity MManagement
– Automated Discovery of IdM components
– Performance and Availability Monitoring
Service Level Management– Service Level Management
– Configuration Management
• Significant Enhancements in Enterprise Manager 11gNew Targets– New Targets
– Additional Metrics
– Identity and Access Homepage
• BenefitsBenefits– Lower Costs
– Better Service Levels
32
Oracle Enterprise Manager 11gResource Center
Access Videos, Webcasts, White Papers, and More
Oracle com/enterprisemanager11gOracle.com/enterprisemanager11g
33
Oracle Enterprise Manager Hands On LabsMonday September 20 2010Monday September 20, 2010
3:30 p.m. ‐ 4:30 p.m. Database Performance Diagnostics and Tuning Marriott Hotel,Salon 12/13, YB Level
5:00 p.m. ‐ 6:00 p.m. Provisioning, Patch Automation, and Configuration Management Pack Marriott Hotel,Salon 12/13, YB Level
l li i k f l i i i / l i i b ill5:00 p.m. ‐ 6:00 p.m. Oracle Application Mgmt. Pack for Oracle E‐Business Suite: Monitor/Clone Marriott Marquis, Nob Hill
Tuesday September 21, 2010
11:00 a.m.‐12:00 p.m. Using Oracle Application Change Management Pack for Oracle E‐Business Suite Marriott Marquis, Nob Hill
12:30 p.m.‐1:30 p.m. Database and Application Testing Marriott Hotel, Salon 12/13, YB Level/ ,
2:00 p.m. ‐ 3:00 p.m. Oracle Fusion Middleware Management Marriott Hotel,Salon 12/13, YB Level
3:30 p.m. ‐ ‐4:30 p.m. Provisioning, Patch Automation, and Configuration Management Pack Marriott Hotel,Salon 12/13, YB Level
Wednesday September 22, 2010
4:45 p.m. ‐ 5:45 p.m. Database and Application Testing Marriott Hotel,Salon 12/13, YB Level
4:45 p.m. ‐ 5:45 p.m. Oracle Application Mgmt. Pack for Oracle E‐Business Suite: Monitor/Clone Marriott Marquis, Nob Hill
Thursday September 23, 2010
9:00 a.m. ‐ 10:00 a.m. Database Performance Diagnostics and Tuning Marriott Hotel,Salon 12/13, YB Level
10:30 a.m. ‐ 11:30 a.m. Oracle Fusion Middleware Management Marriott Hotel,Salon 12/13, YB Level
34
Salon 12/13, YB Level
Oracle Enterprise Manager DemogroundsD E M O T I T L E L O C A T I O ND E M O T I T L E L O C A T I O N
Oracle Real Application Testing: Database Replay Moscone West
Oracle Real Application Testing: SQL Performance Analyzer Moscone West
Self‐Managing Database: Automatic Performance Diagnostics Moscone West
Self Managing Database: Automatic Fault Diagnostics Moscone WestSelf‐Managing Database: Automatic Fault Diagnostics Moscone West
Self‐Managing Database: Automatic Application and SQL Tuning Moscone West
Application Quality Management: Application Testing Suite Moscone South ‐ S022
Real User Monitoring with Oracle Enterprise Manager Moscone South ‐ S021
Si b l C li i S h S02Siebel CRM Application Management Moscone South ‐ S024
Real User Monitoring with Oracle Enterprise Manager Moscone West
Oracle WebLogic Server Management and Java Diagnostics Moscone West
SOA Management with Oracle Enterprise Manager Moscone West
Oracle Business Transaction Management Moscone West
Push Button Provisioning and Patch Automation Moscone West
Smart Configuration Management Moscone West
Oracle Enterprise Manager Ops Center Moscone West
Managing the Enterprise Private Cloud Moscone West
System Management, My Oracle Support, and Oracle Enterprise Manager Moscone West
Self Managing Database: Change Management for DBAs Moscone West
Oracle Enterprise Manager: Complete Datacenter Management Moscone West
35
Self‐Managing Database: Data Masking for DBAs Moscone West
Oracle Enterprise Manager Grid ControlManagement Pack Plus for Identity Management – Key Benefits
• Reduce Costs & Centralize Systems ManagementCentralize systems management to eliminate time intensive, manual tasks and disparate IT monitoring tools.
a age e t ac us o de t ty a age e t ey e e ts
• Accelerate Problem Resolution & Reduce Performance/Availability Issues
Gain insight into the end-users experienceg pGain the ability to monitor performance metrics to find root causes of problems that could potentially slow performance or create outages
• Configuration ManagementConfiguration ManagementTrack and maintain configuration changes to reduce operational management costs
• Centralize Service Level Management, Improve Application Service Levels & Reduce DowntimeLevels & Reduce Downtime
Centralize monitoring and management of service level agreements and gain an enterprise-wide view of IT performance.
36