Friday Nov 08, 2013

Webinar: Effective Planning for Oracle Identity Management 11gR2?

 Is your organization just starting your planning for Identity Management 11gR2?  Are you unsure what the technical and business value gains are, in upgrading to Oracle's 11gR2?  Or are you planning for the upgrade and just unsure of what to expect?

In this webinar, experts from Oracle and AmerIndia will discuss the new features of 11gR2, latest market trends, and how IAM transforms organizations. In addition, planning and implementation strategy of the upgrade process will be discussed. The presenters will also share success stories and highlight challenges faced by organizations belonging to different verticals and how Oracle’s solutions and AmerIndia’s services addressed those challenges.

Topics include:

  • Market trends and 11gR2
  • Planning an upgrade
  • Approach and Implementation Strategy
  • Success stories

Registration is now open for this Webinar for December 5th from 2pm - 3pm EST.

  • https://blogs.oracle.com/OracleIDM/resource/amerindia-logo.png

Tuesday Jul 16, 2013

The Art of the Possible: Real Life Case Study in Oracle IAM 11gR2 Performance Tuning by Alex Bolante (Accenture)

In our last post, we walked through a handful of practical tips and tricks to fine tune your Oracle Identity Management 11gR2 deployment.  This week we look at a real life case study, focused on Oracle Directory Services, where we applied our pragmatic approach and solutions.

Case study: a multinational financial services corporation.  With presence in over 200 countries, this financial services company enables consumers, businesses, financial institutions and governments to use digital currency instead of cash and checks through one of the world’s most advanced processing networks, capable of handling more than 20,000 transactions per second.  Like many legacy customers, the company sought Accenture’s help to strategically plan, design and upgrade to an improved version of Oracle Directory Services that provided:

• Improved directory services performance
• Multi-user topology support
• Enhanced replication
• Increased security

The implementation comprised of approximately 50 servers located across multiple, geographically distributed data centers supporting over 100 applications and more than 250,000 users – included financial institutions, payment product processors and others doing business with this financial services company. 

Environment design specification

Our environment design specification was initially developed to support legacy applications, but given a new set of business and technical requirements, we needed to modify and scale the solution to support future business services with enough capacity to grow up to 40% year over year.  Key performance requirements included:

• Optimized for reads, writes and replication across data centers located across the globe
• Performs 1000 operations per second
• Supports response time of 0.05 milliseconds for single user id searches
• Supports response time of 0.15 milliseconds for single user attribute writes
• Supports 200 concurrent searches
• Supports growth rate of 10,000 objects per month over the next 5 years
• Provides real time password replication using prioritization

Modifying and scaling the solution:
Our process for modifying and scaling the solution included  engaging Oracle product managers and engineers directly to validate our hardware configuration.

Product: Oracle Directory Services
Operating System: 64-bit Solaris 10 Update 10 or higher
Hardware: SPARC T-series
Memory: 64 GB
Disk Space: 270 GB
Swap Space: 15 GB
Tmp Space: 10 GB
File Descriptor Limit: 8192
Replication Topology: Multi-master with no restrictions on the number of masters

We made several recommended configuration changes and tuned the Operating System, Database Cache, Entry Cache, Import Cache, File System Cache and Indexes. 

Disable schema check for fast replication
$dsconfpath/dsconf set-server-prop -p portNum check-schema-enabled:off

Set DB cache size to 1000M
$dsconfpath/dsconf set-server-prop -p portNum db-cache-size:1000M

Set entry cache size to 1000M
$dsconfpath/dsconf set-suffix-prop -p portNum suffixDN entry-cache-size:1000M

Import-cache-size
$dsconfpath/dsconf set-server-prop -p portNum import-cache-size:200M

Set all-ids-threshold
$dsconfpath/dsconf set-server-prop -p portNum all-ids-threshold:8000

Set repl-purge-delay to 1 days
$dsconfpath/dsconf set-server-prop -p portNum repl-purge-delay:1d

Change log path
dsconf set-log-prop -p portNum ACCESS path:/var/ldaplogs/access
dsconf set-log-prop -p portNum AUDIT path:/var/ldaplogs/audit
dsconf set-log-prop -p portNum ERROR path:/var/ldaplogs/error

Enable Audit log
dscond f set-log-prop -p portNum AUDIT enabled:on

The outcome:

After we applied our performance tunings, we performed our tests in production-like environments, verified and documented our results, profiled and monitored our solution, tweaked and tuned our environment and cycled through this step-by-step process until we were satisfied that we had met all requirements.  We shared the results with our Oracle peers to validate – including our testing approach which included search rates and modification rates based on 100 users and 200 users connecting concurrently – and the numbers were right on point with our expectations from the Directory Services upgrade.


How can you apply this to your environment? 

Step 1:
Talk to Oracle Product Management, Development and Engineering directly
,get them involved in your project as early as possible and keep them engaged throughout your project.  It helps to have knowledgeable subject matter experts who can bring your implementation up to par with leading implementations.  Some guidelines for checkpoints include:

Checkpoint 1: Before statement of work (SOW) is signed:
• Is the SOW clearly defined?
• Is the described product functionality feasible?
• Are measurable and achievable success criteria defined?

Checkpoint 2: Before requirements, architecture and project plan are delivered:
• Can the product fulfill the defined requirements?
• Is the architecture and solution design sound and scalable?
• Is the customer's environment ready?

Checkpoint 3: Before the design is delivered:
• Is the design technically sound?
• Can the design be implemented, migrated and supported?
• Are the test plans and approach reasonable?

Step 2:
Define specific, measurable objectives for performance tunings based on your requirements.
  To start with, you can use Accenture’s predefined set of key attributes for developing “good” requirements that are measurable.

• Necessary – an important capability or element of a solution which cannot be compensated for if absent
• Understandable – stated in a context which conveys the essence of what is needed
• Complete – stated in a standalone context which does not rely upon supplemental and/or assumed definitions
• Consistent – does not contradict by context or terminology nor is contradicted by other statements (e.g. is not mutually exclusive)
• Unambiguous – cannot have more than one interpretation
• Attainable – a capability which can be implemented within the constraints of available resources and technology (e.g. product, cost, schedule)
• Verifiable – can establish that the statement has been satisfied through specific measurements, test, demonstration, inspection, and/or analysis

Step 3:
Determine how you plan to implement performance tunings.
There is more than one way to skin a cat.  In addition to the tuning configuration changes made to the environment, you also have to consider hardware sizing and configurations, middleware technologies, application and data samples used for testing and how you measure/analyze results.  For example, hardware sizing guides are meant to provide you with a baseline for your deployment, but they are not exact specifications for your Oracle Identity & Access Management deployment. 

The same applies for a vendor certification matrix – while Oracle’s Identity & Access Management product might be certified or supported on another vendor’s middleware or platform stack, that does not automatically imply it is the ‘optimal’ configuration for your deployment.  Most organizations already have infrastructure standards (e.g. we use WebSphere Application Server for our J2EE apps), but you need to carefully consider that your Oracle Identity & Access Management deployment may be harder to tweak and tune if implemented on top of multiple vendor stacks.  In fact, the more unique your configuration design is, the more challenging it will be to support and the less likely your deployment will be up to par with common practices.

Step 4:
Apply your performance tunings, perform your tests, verify and document your results, profile and monitor your solution, tweak and tune it – wash, rinse and repeat.
  Consider the testing tools you will use to conduct your performance tests and their limitations.  We used both SLAMD and HP LoadRunner for our Directory Services deployment.  SLAMD had resource limitations on the number of connections and threads we could test, especially if it was not running off a dedicated server.  HP LoadRunner had a limitation with testing multiple attribute updates until we applied a hot fix that the vendor eventually provided.

Also, most deployments are two- to three-tier architectures, so you have to tune the database/directory server, middleware/application server, web servers and every component in between each tier (e.g. load balancers for SSL acceleration).  In fact, each tier requires its own performance tuning, pruning, cleaning, care, feeding and regular maintenance.  At its core, there are several performance bottlenecks to consider:

• Start with your server or system resources (e.g. over clocked CPU, maxed out memory, resource contention, insufficient space)
• Tune your way up from data tier to application/web tier (e.g. database/directory servers typically require specific optimizer tunings, predefined indexes and table pruning while application servers typically require proper JVM heap size allocation, connection pooling and message queue thresholds)

Step 5:
Share your experiences with the Oracle Security community at large.
  By now, your Oracle Identity & Access Management solution should be designed to support not only your legacy applications, but also scaled to support future business services!

Stay tuned for our next post on No Where to go but up: Extending the benefits of accelerated IAM to enable new solutions and features where we highlight interesting trends in Security and Identity & Access Management.

References:
Oracle Directory Services: Overview
http://www.oracle.com/us/products/middleware/identity-management/directory-services/resources/index.html

Oracle Directory Services: Discussion Forums https://forums.oracle.com/community/developer/english/fusion_middleware/identity_management/oracle_directory_server_enterprise_edition_sun_dsee/content?start=0

Friday Oct 12, 2012

Mobile Identity Management at SuperValu

While organizations are fast embracing BYOD (Bring Your Own Device) culture to attract and retain best talent, improve productivity, bring agility and drive down costs, SuperValu coined their own term (and trend): TYDH – Take Your Device Home.

Yes, SuperValu, a Minn based, 18,000 employees strong, food retailer handed out 2,200 iPads to store directors at locations across the country. The motivation behind this reverse trend? Phillip Black, Director of Identity & Access Management at SuperValu, shared the reasoning behind this trend in his talk at last week’s Oracle OpenWorld 2012. "It gives them productivity tools to better manage their store," says Black.

Intrigued? Find out more in this recently published news article. And learn more about Oracle Identity Management 11gR2 mobile- and social- ready sign-on features today.

Additional Resources:

Press Release: Oracle announces Identity Management 11g Release 2

On-Demand webcast: Identity Management 11gR2 Launch

Oracle Magazine: Security on the Move

Website: Oracle Identity Management

Blog Post: Mobile and Social Sign-on with Oracle Access Management

Wednesday Sep 26, 2012

11gR2: BETA Customer perspective with special guest, Ravi Meduri from Kaiser Permanente

Before Oracle IDM 11gR2 launched, we had a very successful BETA program. Kaiser was one of many great companies that participated, and I caught up with Ravi Meduri, IAM Systems Engineering Manager to ask him what he thought of the new release.

Listen to our podcast interview here: podcast interview  to hear Ravi talk about scalability and high availability features in 11gR2.

Thursday Sep 13, 2012

Usability enhancements for Users and Administrators in 11gR2 with Rex Thexton from PwC

In addition to the inviting customers to participate in the 11gR2 BETA program, a select number of partners were invited as well.  Rex Thexton, Managing Director of PwC's Advisory/Technology practice and his team were part of the BETA program.  I caught up with Rex recently to ask him about the new features that he liked most in the latest release.

 Listen to our interview here:  podcast link

Thursday Aug 30, 2012

Oracle Identity Management 11gR2 Live Event - New York

 

Are you in New York or the vicinity on September 6? If so, come join Amit Jasuja, Senior Vice President, Security and Identity Management at Oracle as he discusses the evolution of Oracle identity Management solutions and the business drivers (and industry trends) behind those. You have heard about some of the new experiences delivered with the latest release of Oracle Identity Management - simplified user experience, enhanced security and seamless enablement for secure cloud and mobile environments. Now come see it in action and hear what customers, your peers, are saying about their implementations.

This forum will also be a great opportunity for you to connect directly with technology experts and network with industry professionals. There is still time left to register so book your space today. Registration details as well as the agenda for the day can be found here.

We look forward to hosting you on Thursday, September 6th.

Oracle Identity Management 11gR2 Live Event – New York

Thursday, September 6, 2012

Oracle NYC Office
101 Park Avenue
4th Floor
New York, NY 10178

Register Here

Not in NY on Sep 6? Find an event near you in North America.

Friday Aug 24, 2012

Oracle Magazine Sept/Oct 2012 - Security on the Move

Oracle Magazine

This month's Oracle Magazine cover story is Security on the Move.  In it, two Oracle IDM customers discuss their impressions of the latest IDM release.  Kurt Lieber from Kaiser Permanente and Peter Boyle from BT discuss how they are using Oracle IDM to enable their business.

Click this link to see the latest issue: http://www.oracle.com/technetwork/issue-archive/2012/12-sep/index.html

In addition to the cover article, the Analyst’s Corner features an interview with Sally Hudson from IDC focusing on IDM issues :

http://www.oracle.com/technetwork/issue-archive/2012/12-sep/o52analyst-1735921.html

And the Partner Perspectives contains information from our IDM partners Hub City Media, aurionPro SENA, and ICSynergy


Friday Aug 17, 2012

Enabling your business with IDM 11gR2

As part of the 11gR2 launch, I caught up with Scott Bonnell, Sr. Director of Product Management and I asked him what he likes most about the 11gR2 release.  Scott is very focused on customer success and so he has a very customer focused view of the new features.

In this interview, Scott and I discuss how IDM can enable the business by providing self service features, personalization and mobile access to corporate resources.

Listen to our interview recorded as a short podcast.

Thursday Jul 19, 2012

Announcing Oracle Identity Management 11gR2: New features for mobile, social & cloud, and new Privileged Account Management.

Today Oracle announces a major new release of its Identity Management offering, and with it comes some very cool new features.

A lot of features in this release are focused on extending Oracle’s expertise in security and IDM to mobile applications, social identities, and cloud applications. New features support native mobile security and single sign-on, social sign-on: to allow customers to log into a website with their social identities, and improved security and integration for cloud applications.

Big improvements have also been made to the self service access request UI to make it more business user friendly, including plain English searching to request application access and roles, and shopping cart style check-out. Automated confirmations and workflows allow business users to get updates and check the status of their requests. In addition, extensive customization is now possible to allow companies to completely control the look and feel of these pages.

More details on the new release here: http://www.oracle.com/us/corporate/press/1708069

Also introduced in this release: Oracle Privileged Account Manager (OPAM) is a whole new set of functionality focused on managing administrative passwords for applications, databases and operating systems. Although it can operate as a stand-alone application, the real value comes from its integration with other IDM components: such as self service password request UI and automated workflow approvals via Oracle Identity Manager, and detailed historical reporting via Oracle’s BI tools.

More details on OPAM here: http://www.oracle.com/us/corporate/press/1707986

Listen to the launch webcast and hear Amit Jasuja and Hassan Rizvi talk about the new features and business value here: http://bit.ly/LYWOB9
About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
3
4
5
6
7
8
11
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today