Introduction to Enterprise Identity
Management
|
SUMMARY
Managing Customized Oracle Application Server Topologies
(Deployment Topologies) |
Oracle Application Server Components:
OracleAS Infrastructure components:
OracleAS Metadata Repository
Oracle Net Listner
OID and the OID monitor
Oracle HTTP server (OHS)
OC4J Delegated Administration Service (DAS) instance
OracleAS Single Sign-On
Distributed Configuration Management (DCM)
Oracle Middle-Tier Components:
HTTP Server
J2EE container (Active servlets, JSPs, EJBs, etc.)
Portal
Wireless
Business Intelligence
Forms
Reports
Oracle provides great flexibility in deploying an application
server.
Installation options:
Installation of Oracle Identity Management (IM) only with an
existing OracleAS Metadata Repository on a same or different host.
Installation of OracleAS Metadata Repository only to not register it
with the Oracle Internet Directory (OID) in an IM installation.
Installation of multiple IM installations pointing to the same
Metadata Repository (Rack-Mounted Directory Server Configuration)
Topology options:
Java Developers (General Development Topologies)
Install the J2EE and Web Cache (OC4J)
Install Oracle JDeveloper
Portal and Wireless developers
Install Portal and Wireless - HOME1
Install Identity Management (OID, SSO, and Metadata Repository) �
HOME2 *** Metadata Repository is a collection of the PORTAL, OID,
and SSO schemas.
Forms and Reports developers
Install Business Intelligence and FORMS (BI) - HOME1
Install Identity Management (OID, SSO, and Metadata Repository) �
HOME2
Integration architects and process modelers
Install J2EE and Web Cache (OC4J) - HOME1
Install Identity Management (OID, SSO, and Metadata Repository) �
HOME2
Enterprise Data Center Topology � Multiple departments share the
same data center.
Departmental Topology � each department hosts their application with
more servers.
Development Life Cycle Support topology (Development, test and
production)
Cold Fialover Cluster (Special Topologies)
Real Application Clusters (RAC)
Identity Management Replication
Why Identity Management
Identity management is the set of steps by which users are created
or managed in an enterprise. A user can access to the web
application, database, operating system, legacy system, and
directory. You can also:
Provision users for an application (creation, suspension, and
deletion)
Manage user permissions in applications
Manage profile information such as application preferences,
passwords, and personal identification numbers (PINs)
Personalize applications for individual users such as portals.
Synchronization and Provisioning
Oracle Identity Management use directory integration to integrate
OIM with other third party identity management. It provides two
different integration services such as synchronization and
provisioning. With synchronization service, you can synchronize the
Oracle Internet Directory (OID) server with other third-party
directories. With provisioning services, you can notify the
Lightweight Directory Access Protocol (LDAP)-enabled applications of
any changes in the OID server.
Oracle Identity Management: Terminology
Identity, Entitlements, Authentication, Authorization, Identity
database, Security principals, Identity management policies,
Centralized assertion services, Identity provisioning, Account
provisioning, Authorization policies, Identity administration,
Policy decision services, Identity management realms, Identity
policy assertion services
Tools to manage the Oracle Identity Management (LDAP)
Oracle Enterprise Manager Application Server Control
(http://host:7777)
Oracle Delegated Administration Services (DAS) (http://host:7777/oiddas)
Oracle Enterprise Manager Control (http://host:1156)
Oracle Application Server Portal (http://host:7777/pls/portal)
Oracle Application Server Discoverer
(http://host:7777/discoverer/plus)
Oracle Enterprise Manager Database (http://host:7777/em)
Check the ports at the $ORACLE_HOME/install/portlist.ini file
Oracle Internet Directory Tool ($ ./dmadmin)
Oracle Process Management and Notification Server ($ORALCE_HOME/opmn/bin/opmnctl)
Oracle Distributed Configuration Management ($ORACLE_HOME/dcm/bin/dcmctl)
Enterprise Data Center Topology:
External Client from internet access to intranet � outside of DMZ
Firewall (De-Militarized Zone)
External Clients can access to OracleAS using Load Balancer by
HTTP/HTTPS through DMZ Firewall
Load Balancer sends the request to the following servers:
(One or more servers) containing Web Cache, Oracle HTTP Server,
mod_oc4j (for load balancing and failover-using J2EE application
only to access to database), mod_plsql (using SQLNet {plsql
programs} to access to database), Business Intelligence and Forms
(using OC4J_PORTAL to access to database).
RAC for customers database
(One or more servers) containing Oracle HTTP Server and OC4J (for
Single Sign-On and Delegated Administration Services {SSO, DAS} to
access to OracleAS Metadata Repository which can be on one or more
separate servers.)
RAC for your Metadata Repository
Important Questions to know about Identity Management
Why does an administrator need to use identity management?
- Lower costs of user administration
- Improves user provisioning
- Centralizes management of security policies and authorizations
- Provides better security using Centralized processing
- Scalable administration through delegation
What are the users� benefits for using identity management?
- Improves productivity by using quick access to an application
- Improves usability with a single user identity and credentials,
and application personalization
Name the different components of Oracle Identity management.
- Oracle Internet Directory
- OracleAS Single Sign-On Server
- Delegated Administration Services
- OracleAS Certificate Authority
- Directory Integration Service
- Directory Provisioning Service
What does the �Authentication� term mean in OID?
It is the process by which an application or a security system
ascertains whether the entity is one what it claims to be.
What does the �Authorization� term mean in OID?
It is the process by which an application or a security system
ascertains the entitlements of a network entity or a user.
What does the �Account Provisioning� mean in OID?
It is the process of creating an account for a given application and
managing the account�s entitlements to allow and control its access
to the resources managed by the application.
What does the �Identity Management Realm� mean in OID?
It is a collection of identities and associated policies, which is
typically used when enterprises want to isolate user populations and
enforce different identity management policies for each population.
The various identity management realms created are not hierarchical
but are at the same level.
How can a user get a certificate from the OCA server?
A user can get a certificate from the OCA server by using any of the
following methods:
- Authenticating using Oracle AS Single Sign-On username and
password
- Authenticating using secure sockets layer (SSL), by using an
existing certificate issued by the CA
- Traditional administrative review and approval
What is the �Delegated Administration Services (DAS)� web?
It is a set of individual, predefined Web-based services called
Delegated Administration Service units. Delegated Administration
Service units perform directory operations on behalf of a user. DAS
makes it easier to develop and deploy administration solutions for
OID-enabled applications. You can use DAS to delegate certain
functions to an administrator or a user.
|
