Tuesday Nov 13, 2012

Developing and Enforcing a BYOD Policy

On October 23, SANS released Part 1 of their Mobile Access Policy Survey (webcast link) and Part 2 was presented on October 25th (webcast link).

Join us this Thursday, November 15th as SANS and Oracle present a follow up webcast that will review the survey findings and present guidance on how to create a mobile access policy for employee owned devices, and how to enforce it using Oracle IDM.

Click this link to register: Developing and Enforcing a BYOD Policy

This will be an excellent opportunity to get the latest updates on how organizations are handling BYOD policies and managing mobile access.

We will have 3 speakers:

Tony DeLaGrange a Security Expert from Secure Ideas will review the main findings of the SANS Mobile Access Survey

Ben Wright, a SANS instructor, attorney and technology law expert will present guidance on how to create BYOD policy

Lee Howarth from Oracle Product Managment will review IDM techology that can be used to support and enforce BYOD policies.

Join us Thursday to hear about best practices and to get your BYOD questions answered. 

Monday Oct 29, 2012

SANS Mobility Policy Survey Webcast follow up

Hello Everyone!  If you missed the SANS mobility survey webcast on October 23 - here is a link to the replay and to the slides: [Warning -  you have to register to see the replay and to get the slides]


The webcast had a lot of great information about how organizations are setting up and managing their mobile access policies.  Here are a couple of key takeaways:

1.  Who is most concerned about mobile access policy?

Security Analysts >> CISOs >> CIOs - the focus is coming from the risk and security office - so what does that mean for the IT teams?

2. How important is mobile policy?

77% said "Critical" or "Extremely Important" - so this means mobile access policies will get a lot of attention.

 3. When asked about the state of their mobile policies:

Over 35% said they didn't have a mobile access policy and another 35% said they simply ask their employees to sign a usage agreement.  So basically ~70% of the respondents were not actively managing or monitoring mobile access.

Be sure to watch the webcast replay for all of the details.

Box, Oracle and RSA were all co-sponsors of the survey and webcast and all were invited to give a brief presentation at the end.

Monday Oct 22, 2012

Free SANS Mobility Policy Survey Webcast - October 23rd @10:00 am PST

Join us for a free webcast tomorrow, October 23 @ 10:00 am PST as SANS presents the findings from their mobility policy survey.

-- Register here for Part 1: https://www.sans.org/webcasts/byod-security-lists-policies-mobility-policy-management-survey-95429

This is a great opportunity to see where companies are with respect to mobile access policies and overall mobile application management.

This first part is entitled: BYOD Wish Lists and Policies.  Part 2 will be run on October 25th and is entitled: BYOD security practices.

-- Register here for Part 2: https://www.sans.org/webcasts/byod-security-practices-2-mobility-policy-management-survey-95434

Friday Oct 19, 2012

Oracle presentations at the CIPS ICE Conference, November 5 - 7, Edmonton, Alberta, Canada

Oracle will be presenting at the CIPS ICE conference the last week of October in Calgary and the first week of November in Edmonton.

Here is a list of the presentations for Edmonton: SHAW Conference Centre

• Session Title: Identity and Access Management Integrated; Analyzing the Platform vs Point Solution Approach
• Speaker: Darin Pendergraft
• Monday, November 5th @ 10:45 AM - 12:00 PM

• Session Title: Is Your IT Security Strategy Putting Your Institution at Risk?
• Speaker: Spiros Angelopoulos
• Monday, November 5th @ 1:45 PM - 3:00 PM

Three sessions under the TRAIN: Practical Knowledge Track

• Monday, November 5th @ 10:45 AM, 1:45 PM, 3:30 PM
• Title: What's new in the Java Platform
   Presenter: Donald Smith
• Title: Java Enterprise Edition 6
   Presenter: Shaun Smith
• Title: The Road Ahead for Java SE, JavaFX and Java EE
   Presenters: Donald Smith and Shaun Smith

To learn more about the conference, and to see the other sessions go to the conference website.

Wednesday Oct 17, 2012

Oracle on Oracle: How Oracle IT uses Oracle IDM

Sometimes, the toughest customers are your own employees.  Chirag Andani runs the Product Development Security IT Group - which means that his group is responsible for internal Identity Management and Security inside Oracle.

Like a lot of large, global companies, Oracle has a complicated and dynamic IT infrastructure which continues to change as the company grows and acquires companies.

I caught up with Chirag and asked him what kinds of problems his team faces, and asked him what he thinks about Oracle IDM, and 11gR2 in particular.

Listen to the podcast interview here: podcast link and check out his presentation below.


Thursday Oct 11, 2012

Guest Blog: Secure your applications based on your business model, not your application architecture, by Yaldah Hakim

Today’s businesses are looking for new ways to engage their customers, embrace mobile applications, while staying in compliance, improving security and driving down costs.  For many, the solution to that problem is to host their applications with a Cloud Services provider, but concerns that a hosted application will be less secure continue to cause doubt.

Oracle is recognized by Gartner as a leader in the User Provisioning and Identity and Access Governance magic quadrants, and has helped thousands of companies worldwide to secure their enterprise applications and identities.  Now those same world class IDM capabilities are available as a managed service, both for enterprise applications, as well has Oracle hosted applications.

--- Listen to our IDM in the cloud podcast to hear Yvonne Wilson, Director of the IDM Practice in Cloud Service, explain how Oracle Managed Services provides IDM as a service ---

Selecting OracleManaged Cloud Services to deploy and manage Oracle Identity Management Services is a smart business decision for a variety of reasons.

Oracle hosted Identity Management infrastructure is deployed securely, resilient to failures, and supported by Oracle experts. In addition, Oracle  Managed Cloud Services monitors customer solutions from several perspectives to ensure they continue to work smoothly over time. Customers gain the benefit of Oracle Identity Management expertise to achieve predictable and effective results for their organization.

Customers can select Oracle to host and manage any number of Oracle IDM products as a service as well as other Oracle’s security products, providing a flexible, cost effective alternative to onsite hardware and software costs.

Security is a major concern for all organizations- making it increasingly important to partner with a company like Oracle to ensure consistency and a layered approach to security and compliance when selecting a cloud provider.  Oracle Cloud Service makes this possible for our customers by taking away the headache and complexity of managing Identity management infrastructure and other security solutions.

For more information:



Facebook - http://www.facebook.com/OracleCloudComputing

Thursday Sep 27, 2012

Chock-full of Identity Customers at Oracle OpenWorld


Oracle Openworld (OOW) 2012 kicks off this coming Sunday. Oracle OpenWorld is known to bring in Oracle customers, organizations big and small, from all over the world. And, Identity Management is no exception.

If you are looking to catch up with Oracle Identity Management customers, hear first-hand about their implementation experiences and discuss industry trends, business drivers, solutions and more at OOW, here are some sessions we recommend you attend:

Monday, October 1, 2012

CON9405: Trends in Identity Management
10:45 a.m. – 11:45 a.m., Moscone West 3003

Subject matter experts from Kaiser Permanente and SuperValu share the stage with Amit Jasuja, Snior Vice President, Oracle Identity Management and Security to discuss how the latest advances in Identity Management are helping customers address emerging requirements for securely enabling cloud, social and mobile environments.

CON9492: Simplifying your Identity Management Implementation
3:15 p.m. – 4:15 p.m., Moscone West 3008

Implementation experts from British Telecom, Kaiser Permanente and UPMC participate in a panel to discuss best practices, key strategies and lessons learned based on their own experiences. Attendees will hear first-hand what they can do to streamline and simplify their identity management implementation framework for a quick return-on-investment and maximum efficiency.

CON9444: Modernized and Complete Access Management
4:45 p.m. – 5:45 p.m., Moscone West 3008

We have come a long way from the days of web single sign-on addressing the core business requirements. Today, as technology and business evolves, organizations are seeking new capabilities like federation, token services, fine grained authorizations, web fraud prevention and strong authentication. This session will explore the emerging requirements for access management, what a complete solution is like, complemented with real-world customer case studies from ETS, Kaiser Permanente and TURKCELL and product demonstrations.

Tuesday, October 2, 2012

CON9437: Mobile Access Management
10:15 a.m. – 11:15 a.m., Moscone West 3022

With more than 5 billion mobile devices on the planet and an increasing number of users using their own devices to access corporate data and applications, securely extending identity management to mobile devices has become a hot topic. This session will feature Identity Management evangelists from companies like Intuit, NetApp and Toyota to discuss how to extend your existing identity management infrastructure and policies to securely and seamlessly enable mobile user access.

CON9491: Enhancing the End-User Experience with Oracle Identity Governance applications
11:45 a.m. – 12:45 p.m., Moscone West 3008

As organizations seek to encourage more and more user self service, business users are now primary end users for identity management installations.  Join experts from Visa and Oracle as they explore how Oracle Identity Governance solutions deliver complete identity administration and governance solutions with support for emerging requirements like cloud identities and mobile devices.

CON9447: Enabling Access for Hundreds of Millions of Users
1:15 p.m. – 2:15 p.m., Moscone West 3008

Dealing with scale problems? Looking to address identity management requirements with million or so users in mind? Then take note of Cisco’s implementation. Join this session to hear first-hand how Cisco tackled identity management and scaled their implementation to bolster security and enforce compliance.

CON9465: Next Generation Directory – Oracle Unified Directory
5:00 p.m. – 6:00 p.m., Moscone West 3008

Get the 360 degrees perspective from a solution provider, implementation services partner and the customer in this session to learn how the latest Oracle Unified Directory solutions can help you build a directory infrastructure that is optimized to support cloud, mobile and social networking and yet deliver on scale and performance.

Wednesday, October 3, 2012

CON9494: Sun2Oracle: Identity Management Platform Transformation
11:45 a.m. – 12:45 p.m., Moscone West 3008

Sun customers are actively defining strategies for how they will modernize their identity deployments. Learn how customers like Avea and SuperValu are leveraging their Sun investment, evaluating areas of expansion/improvement and building momentum.

CON9631: Entitlement-centric Access to SOA and Cloud Services
11:45 a.m. – 12:45 p.m., Marriott Marquis, Salon 7

How do you enforce that a junior trader can submit 10 trades/day, with a total value of $5M, if market volatility is low? How can hide sensitive patient information from clerical workers but make it visible to specialists as long as consent has been given or there is an emergency? How do you externalize such entitlements to allow dynamic changes without having to touch the application code? In this session, Uberether and HerbaLife take the stage with Oracle to demonstrate how you can enforce such entitlements on a service not just within your intranet but also right at the perimeter.

CON3957 - Delivering Secure Wi-Fi on the Tube as an Olympics Legacy from London 2012
11:45 a.m. – 12:45 p.m., Moscone West 3003

In this session, Virgin Media, the U.K.’s first combined provider of broadband, TV, mobile, and home phone services, shares how it is providing free secure Wi-Fi services to the London Underground, using Oracle Virtual Directory and Oracle Entitlements Server, leveraging back-end legacy systems that were never designed to be externalized. As an Olympics 2012 legacy, the Oracle architecture will form a platform to be consumed by other Virgin Media services such as video on demand.

CON9493: Identity Management and the Cloud
1:15 p.m. – 2:15 p.m., Moscone West 3008

Security is the number one barrier to cloud service adoption.  Not so for industry leading companies like SaskTel, ConAgra foods and UPMC. This session will explore how these organizations are using Oracle Identity with cloud services and how some are offering identity management as a cloud service.

CON9624: Real-Time External Authorization for Middleware, Applications, and Databases
3:30 p.m. – 4:30 p.m., Moscone West 3008

As organizations seek to grant access to broader and more diverse user populations, the importance of centrally defined and applied authorization policies become critical; both to identify who has access to what and to improve the end user experience.  This session will explore how customers are using attribute and role-based access to achieve these goals.

CON9625: Taking control of WebCenter Security
5:00 p.m. – 6:00 p.m., Moscone West 3008

Many organizations are extending WebCenter in a business to business scenario requiring secure identification and authorization of business partners and their users. Leveraging LADWP’s use case, this session will focus on how customers are leveraging, securing and providing access control to Oracle WebCenter portal and mobile solutions.

Thursday, October 4, 2012

CON9662: Securing Oracle Applications with the Oracle Enterprise Identity Management Platform
2:15 p.m. – 3:15 p.m., Moscone West 3008

Oracle Enterprise identity Management solutions are designed to secure access and simplify compliance to Oracle Applications.  Whether you are an EBS customer looking to upgrade from Oracle Single Sign-on or a Fusion Application customer seeking to leverage the Identity instance as an enterprise security platform, this session with Qualcomm and Oracle will help you understand how to get the most out of your investment.

And here’s the complete listing of all the Identity Management sessions at Oracle OpenWorld.

Wednesday Sep 26, 2012

Meet and Greet with IDM Executives at Oracle OpenWorld

Oracle’s Identity Management Team

Invites You to

Learn How to Secure The New Digital Experience

Come see how the Oracle Identity Management platform can position your company to take
advantage of the emerging business opportunities.

  • Leverage Social Identities for web authentication
  • Enable customers and employees to interact through their mobile devices
  • Deploy Self Service User Provisioning for quick role changes based on business needs

We look forward to seeing you there!

Wednesday, October 3rd 
3:30-4:30 PM  Meeting
4:30-5:30 PM  Cocktail Reception

Four Seasons Hotel

Yerba Buena Room

757 Market Street
San Francisco, CA 94103



Copyright © 2012, Oracle and/or its affiliates. 
All rights reserved.

Contact Us | Legal Notices and Terms of Use | Privacy Statement

11gR2: BETA Customer perspective with special guest, Ravi Meduri from Kaiser Permanente

Before Oracle IDM 11gR2 launched, we had a very successful BETA program. Kaiser was one of many great companies that participated, and I caught up with Ravi Meduri, IAM Systems Engineering Manager to ask him what he thought of the new release.

Listen to our podcast interview here: podcast interview  to hear Ravi talk about scalability and high availability features in 11gR2.

Thursday Sep 20, 2012

Sun2Oracle: Upgrading from DSEE to the next generation Oracle Unified Directory - webcast follow up

Thanks to all of the guest speakers on our Sun2Oracle webcast: Steve from Hub City Media, Albert from UCLA and our own Scott Bonell.

If you missed the webcast here is a link: Webcast Replay

During the webcast, we tried to answer as many questions as we could, but there were a few that we needed a bit more time to answer.  Albert from UCLA sent me the following information:

Alternate Directory Evaluation

We were happy with Sun DSEE. OUD, based on the research we had done, was a logical continuation of DSEE.  If we moved away, it was to to go open source.

UCLA evaluated OpenLDAP, OpenDS, Red Hat's 389 Directory. We also briefly entertained Active Directory.

Ultimately, we decided to stay with OUD for the Enterprise Directory, and adopt OpenLDAP for the non-critical edge directories.


For Enterprise Directory, UCLA runs 3 Dell PowerEdge R710 servers. Each server has 12GB RAM and 2 2.4GHz Intel Xeon E5 645 processors. We run 2 of those servers at UCLA's Data Center in a semi active-passive configuration. The 3rd server is located at UCLA Berkeley. All three are multi master replicated. At run time, the bulk of LDAP query requests go to 1 server. Essentially, all of our authn/authz traffic is being handled by 1 server, with the other 2 acting as redundant back ups.

You mentioned federation, was that an important requirement for UCLA?

Yes. UCLA collaborates heavily with other higher education institutions around the country/world. We often have researchers wanting to sign into services provided by fellow higher ed institutions. We also have plenty of visiting scholars or collaborating researchers from other institutions accessing UCLA services. Higher education communities around the world have deployed Shibboleth/SAML-based federated IDM solutions to facilitate these collaborations:





And a more comprehensive listing of federations around the world:


What was the net change in hardware footprint?

Not much actually. We kept the same server/network topology: 

  • two servers at our local data center, one at our remote DR data center. 
  • the servers replicate in real time via multi-master replication. 
  • 1 of the servers at our local data center serves as the primary access server serving all query traffic. The other servers serve as hot standby.
  • On our old Sun DSEE servers - we ran Red Hat Enterprise Linux AS release 4 (Nahant Update 8) - 32bit.  On the new OUD servers - Red Hat Enterprise Linux Server release 5.7 (Tikanga) - 64bit

The only changes we made during the upgrade were that we upgraded the software from DSEE 6.3, upgraded Linux, and that we bought new servers. The old servers were Dell PowerEdge 2850's. The new ones are Dell PowerEdge R710's.

What is your hardware specification for one OUD 11g server…

Can you explain the HA/DR architecture a bit more?

RAM size, CPU type, and number?

We runs 3 Dell PowerEdge R710 servers. Each server has 12GB RAM and 2 2.4GHz Intel Xeon E5 645 processors. 2 of those servers run at UCLA's Data Center in a semi active-passive configuration. The 3rd server is located at UCLA Berkeley. All three are multi master replicated. At run time, the bulk of LDAP query requests go to 1 server. Essentially, all of our authn/authz traffic is being handled by 1 server, with the other 2 acting as redundant back ups. 

Our IDM architecture is highly modular. All external access to the enterprise directory run through a service layer. This layer is consists of Shibboleth, a set of data update web services and loading programs, and a number of edge directories. All service layer components can be easily configured (some automatically) to seek out the secondary directory servers when the primary goes down. We take advantage of this capability during maintenance to keep the services available.  

FYI, our servers are hosted in a tier 2.5 data center (We have tier 3-like capability for critical servers such as OUD, but we don't have that for all servers in the data center).

What was the cost of the migration?

 Because of the labor and equipment cost differences, I don't think my numbers will be all that accurate. I can say the following:

  • We engaged Hub City Media for just about 1.5 months worth of work.
  • We had one system engineer working full time on the project throughout the 4 month period. He also managed the project.
  • We had fractional support/transition coordination from our Infrastructure Services team (sys admin, operations, networking), probably about 80 hours
  • We purchased 3 of the servers described above.
  • We purchased the OUD software.

How much testing did you do? Did you do load testing?

Yes. We conducted several passes of data loading/validation tests. In addition, we ran security vulnerability scans and ran multi stress tests ranging from peak stress tests to sustained, multi-day simulations. Sorry. We can't release test result data, but I can say that OUD passed with flying colors.

We only had one engineer working on the project. Between test prep, run, and analysis, testing did take about a month.

Was the OUD Proxy used at UCLA?

No. We considered it, and might still consider it as we revise our architecture. But for the migration, we did not introduce the Proxy.

Can OUD Server and DSEE replicate each other?

Yes, but with caveats. There is no direct replication between OUD 11g and Sun DSEE 6.3. You need to place Oracle DSEE in between. In addition, there is an undisclosed cap on the replication rate. All of this may have changed since we worked on the project though. :-)

Wednesday Sep 19, 2012

Security Newsletter – September Edition is Out Now


The September issue of Security Inside Out Newsletter is out now. This month’s edition offers a preview of Identity Management and Security events and activities scheduled for Oracle OpenWorld. Oracle OpenWorld (OOW) 2012 will be held in San Francisco from September 30-October 4. Identity Management will have a significant presence at Oracle OpenWorld this year, complete with sessions featuring technology experts, customer panels, implementation specialists, product demonstrations and more. In addition, latest technologies will be on display at OOW demogrounds. Hands-on-Labs sessions will allow attendees to do a technology deep dive and train with technology experts.

Executive Edge @ OpenWorld also features the very successful Oracle Chief Security Officer (CSO) Summit. This year’s summit promises to be a great educational and networking forum complete with a contextual agenda and attendance from well known security executives from organizations around the globe.

This month’s edition also does a deep dive on the recently announced Oracle Privileged Account Manager (OPAM). Learn more about the product’s key capabilities, business issues the solution addresses and information on key resources. OPAM is part of Oracle’s complete and integrated Oracle Identity Governance solution set.

And if you haven’t done so yet, we recommend you subscribe to the Security Newsletter to keep up to date on Security news, events and resources.

As always, we look forward to receiving your feedback on the newsletter and what you’d like us to cover in the upcoming editions.

Tuesday Sep 18, 2012

Webcast Reminder: Implementing IDM in Healthcare, September 19th @10:00 am PST

Join me and Rex Thexton from PwC tomorrow (September 19th) as we review an IDM project that Rex and his team completed for a large healthcare organization.  Rex will talk through the IT environment and business drivers that lead to the project, and then we will go through planning, design and implementation of the Oracle Identity Management products that PwC and the customer chose to complete the project.

This will be a great opportunity to hear about the trends that are driving IT Healthcare, and to get your Identity Management questions answered.

If you haven't already registered - Register Here!

Monday Sep 17, 2012

New in 11gR2: Oracle Optimized System for Oracle Unified Directory (OOS4OUD) Podcast

There have been a lot of cool new features in the IDM 11gR2 related to new functionality: social log-in capability, mobile application security, and self service access requests, just to name a few.  But what about performance?

In the 11gR2 release we announced the availability of an Optimized System configuration for Unified Directory.  Oracle is very focused on software with matching hardware that is configured and tuned to get the best performance possible.  I caught up with Nick Kloski, Infrastructure Solutions Manager and asked him to talk me through the new Optimized System for OUD.

Listen to the podcast interview here. Podcast Interview

Thursday Sep 13, 2012

Usability enhancements for Users and Administrators in 11gR2 with Rex Thexton from PwC

In addition to the inviting customers to participate in the 11gR2 BETA program, a select number of partners were invited as well.  Rex Thexton, Managing Director of PwC's Advisory/Technology practice and his team were part of the BETA program.  I caught up with Rex recently to ask him about the new features that he liked most in the latest release.

 Listen to our interview here:  podcast link

Tuesday Sep 11, 2012

Sun2Oracle: Hub City Media Webcast Reminder - Thursday, September 13, 2012

Our Sun2Oracle webcast featuring Steve Giovanetti from Hub City Media is this Thursday, September 13th at 10:00 am PST. 

If you haven't registered yet, there is still time: Register Here.

Scott Bonell, Sr. Director of Product Management will be talking to Steve about their recent project to upgrade a large University from Sun DSEE Directory to Oracle Unified Directory.  Scott and Steve will talk through details of the project, from planning through implementation.

In addition to this webcast, Steve Giovanetti will also be participating in two sessions at Oracle OpenWorld 2012:

CON9465 - Next-Generation Directory: Oracle Unified Directory
 Etienne Remillon, Principal Product Manager, Oracle
 Steve Giovanetti, CTO Hub City Media
 Warren Leung, Sr. Architect, UCLA
 Tuesday, Oct 2, 5:00 PM – 6:00 PM
 Moscone West – 3008

CON5749 - Solutions for Migration of Oracle Waveset to Oracle Identity Manager
Steve Giovanetti, CTO Hub City Media
Kevin Moulton, Senior Sales Consulting  Manager, Oracle
Thursday, Oct 4, 11:15 AM - 12:15 PM
Moscone West - 3008

Tuesday Sep 04, 2012

ISACA Webcast follow up: Managing High Risk Access and Compliance with a Platform Approach to Privileged Account Management

Last week we presented how Oracle Privileged Account Manager (OPAM) could be used to manage high risk, privileged accounts.  If you missed the webcast, here is a link to the replay: ISACA replay archive (NOTE: you will need to use Internet Explorer to view the archive)

For those of you that did join us on the call, you will know that I only had a little bit of time for Q&A, and was only able to answer a few of the questions that came in.  So I wanted to devote this blog to answering the outstanding questions.  Here they are.

1. Can OPAM track admin or DBA activity details during a password check-out session?

Oracle Audit Vault is monitoring these activities which can be correlated to check-out events.

2. How would OPAM handle simultaneous requests?

OPAM can be configured to allow for shared passwords.  By default sharing is turned off.

3. How long are the passwords valid?  Are the admins required to manually check them in?

Password expiration can be configured and set in the password policy according to your corporate standards.  You can specify if you want forced check-in or not.

4. Can 2-factor authentication be used with OPAM?

Yes - 2-factor integration with OPAM is provided by integration with Oracle Access Manager, and Oracle Adaptive Access Manager.

5. How do you control access to OPAM to ensure that OPAM admins don't override the functionality to access privileged accounts?

OPAM provides separation of duties by using Admin Roles to manage access to targets and privileged accounts and to control which operations admins can perform.

6. How and where are the passwords stored in OPAM?

OPAM uses Oracle Platform Security Services (OPSS) Credential Store Framework (CSF) to securely store passwords.  This is the same system used by Oracle Applications.

7. Does OPAM support hierarchical/level based privileges?  Is the log maintained for independent review/audit?

Yes. OPAM uses the Fusion Middleware (FMW) Audit Framework to store all OPAM related events in a dedicated audit database.

 8. Does OPAM support emergency access in the case where approvers are not available until later?

Yes.  OPAM can be configured to release a password under a "break-glass" emergency scenario.

9. Does OPAM work with AIX?

Yes supported UNIX version are listed in the "certified component section" of the UNIX connector guide at:

10. Does OPAM integrate with Sun Identity Manager?

Yes.  OPAM can be integrated with SIM using the REST  APIs.  OPAM has direct integration with Oracle Identity Manager 11gR2.

11. Is OPAM available today and what does it cost?

Yes.  OPAM is available now.  Ask your Oracle Account Manager for pricing.

12. Can OPAM be used in SAP environments?

Yes, supported SAP version are listed in the "certified component section" of the SAP  connector guide here: http://docs.oracle.com/cd/E22999_01/doc.111/e25327/intro.htm#autoId0

13. How would this product integrate, if at all, with access to a particular field in the DB that need additional security such as SSN's?

OPAM can work with DB Vault and DB Firewall to provide the fine grained access control for databases.

14. Is VM supported?

As a deployment platform Oracle VM is supported. For further details about supported Virtualization Technologies see Oracle Fusion Middleware Supported System configurations here: http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

15. Where did this (OPAM) technology come from?

OPAM was built by Oracle Engineering.

16. Are all Linux flavors supported?  How about BSD?

BSD is not supported. For supported UNIX version see the "certified component section" of the UNIX connector guide

17. What happens if users don't check passwords in at the end of a work task?

In OPAM a time frame can be defined how long a password can be checked out. The security admin can force a check-in at any given time.

18. is MySQL supported?

Yes, supported DB version are listed in the "certified component section" of the DB connector guide here: http://docs.oracle.com/cd/E22999_01/doc.111/e28315/intro.htm#BABGJJHA

19. What happens when OPAM crashes and you need to use the password?

OPAM can be configured for high availability, but if required, OPAM data can be backed up/recovered.  See the OPAM admin guide.

20. Is OPAM Standalone product or does it leverage other components from IDM?

OPAM can be run stand-alone, but will also leverage other IDM components

Wednesday Aug 29, 2012

Sun2Oracle: Upgrading from DSEE to the next generation Oracle Unified Directory

OUD is part of Directory Services

Mark your calendars and register to join this webcast featuring Steve Giovanetti from Hub City Media, Albert Wu from UCLA and our own Scott Bonnell as they discuss a directory upgrade project from Sun DSEE to Oracle Unified Directory.

Date: Thursday, September 13, 2012
Time: 10:00 AM Pacific

Join us for this webcast and you will:

  • Learn from one customer that has successfully upgraded to the new platform
  • See what technology and business drivers influenced the upgrade
  • Hear about the benefits of OUD’s elastic scalability and unparalleled performance
  • Get additional information and resources for planning an upgrade

Register Now!

Friday Aug 24, 2012

Oracle Magazine Sept/Oct 2012 - Security on the Move

Oracle Magazine

This month's Oracle Magazine cover story is Security on the Move.  In it, two Oracle IDM customers discuss their impressions of the latest IDM release.  Kurt Lieber from Kaiser Permanente and Peter Boyle from BT discuss how they are using Oracle IDM to enable their business.

Click this link to see the latest issue: http://www.oracle.com/technetwork/issue-archive/2012/12-sep/index.html

In addition to the cover article, the Analyst’s Corner features an interview with Sally Hudson from IDC focusing on IDM issues :


And the Partner Perspectives contains information from our IDM partners Hub City Media, aurionPro SENA, and ICSynergy

Friday Aug 17, 2012

Enabling your business with IDM 11gR2

As part of the 11gR2 launch, I caught up with Scott Bonnell, Sr. Director of Product Management and I asked him what he likes most about the 11gR2 release.  Scott is very focused on customer success and so he has a very customer focused view of the new features.

In this interview, Scott and I discuss how IDM can enable the business by providing self service features, personalization and mobile access to corporate resources.

Listen to our interview recorded as a short podcast.

Tuesday Aug 07, 2012

User Interface Changes in Oracle Identity Manager 11gR2

As part of the Oracle Identity Management 11gR2 launch, we were able to talk to some of the key people on the team that are really driving innovation.  Recently, I was able to catch up with Marc Boroditsky, VP of Product Management, and I asked him about the changes that the product team made to the access request user interfaces in the R2 release.

Our interview was captured as a short podcast.  Click here to listen.

Wednesday Aug 01, 2012

Designing the Next Generation Identity Platform with special guest Vadim Lander

As part of our IDM 11gR2 launch, we caught up with several people on the Engineering and Product Management teams and asked them to talk about their favorite new feature in the latest release.  These short interviews were captured as podcasts, and will be released over the next few weeks.

Recently, I was able to catch up with Vadim Lander,  Chief Identity Architect for Oracle, and asked him to talk about the driving factors behind some of the big changes in the new release.

Click to listen to Vadim's interview.

Friday Jul 27, 2012

Identity Management Presentations Scheduled for OpenWorld 2012

The IDM team has been very busy with the IDM 11gR2 launch and now a series of launch events has kicked off worldwide. If you missed our launch webcast, you can view the replay by clicking here.

But even with all that activity, we are already starting to prepare for OpenWorld 2012 in San Francisco.  Here are some of the 18 presentations that we have planned:

  • Trends in Identity Management
  • Mobile Access Management
  • Simplifying your Identity Management Implementation
  • Modernized and Complete Access Management
  • Enhancing End User Experience with Oracle Identity Governance
  • Enabling Access for Hundreds of Millions of Users
  • Next Generation Directory - Oracle Unified Directory
  • Eliminate end-user managed passwords while increasing security with Oracle ESSO
  • Sun2Oracle: Identity Management Platform Transformation
  • Identity Management in the Cloud

There is a lot planned, and more to come.  Don't forget to register for OpenWorld 2012 and to get more details about the IDM presentations above or any of the other planned presentations, use this OpenWorld searchable content link.  There are two steps:

1. Choose the Oracle OpenWorld radio button of the left

2. Choose Identity Management (under Middleware) from the Oracle OpenWorld Tracks drop-down on the left (see below)

That will set the content filters to show all of the IDM presentations.

Monday Jul 23, 2012

Introducing the Optimized Solution for Oracle Unified Directory

The announcement of Oracle 11g R2 brings with it some really interesting new features. One of those new features focused on optimizing performance is the Oracle Optimized Solution for Oracle Unified Directory (OOS4OUD). OOS4OUD is a pairing of SPARC T4-1 hardware with dedicated storage and Oracle Unified Directory software in a redundant and highly scalable configuration.

Oracle engineers conducted a series of load tests to determine the optimum configuration for LDAP directory performance on this hardware and documented the configuration in an Implementation Guide.

The hardware consists of 3 x T4-1 SPARC servers, each with dedicated Sun Storage 2500 FC array, linked with 10GbE networking. All servers are running Solaris 11, and one server is configured to use the integrated load balancer. The Java Keystore and the Solaris Cryptographic Framework were installed and configured. Oracle Unified Directory software was then installed on all 3 machines.

The performance of the Optimized Solution was impressive. During testing the system was able to scale up to 180,000 simultaneous directory searches/second using a 15M record LDAP directory.

Because the OOS4OUD implementation guide takes most of the guesswork out of configuration and tuning, customers can expect a 1 – 2 week implementation and testing cycle, rather than a traditional 5 - 6 week project.

For more information about the Oracle Optimized Solution for Oracle Unified Directory go to our website at http://www.oracle.com/us/solutions/oos-oracle-unified-directory-1571310.html

Thursday Jul 19, 2012

Announcing Oracle Identity Management 11gR2: New features for mobile, social & cloud, and new Privileged Account Management.

Today Oracle announces a major new release of its Identity Management offering, and with it comes some very cool new features.

A lot of features in this release are focused on extending Oracle’s expertise in security and IDM to mobile applications, social identities, and cloud applications. New features support native mobile security and single sign-on, social sign-on: to allow customers to log into a website with their social identities, and improved security and integration for cloud applications.

Big improvements have also been made to the self service access request UI to make it more business user friendly, including plain English searching to request application access and roles, and shopping cart style check-out. Automated confirmations and workflows allow business users to get updates and check the status of their requests. In addition, extensive customization is now possible to allow companies to completely control the look and feel of these pages.

More details on the new release here: http://www.oracle.com/us/corporate/press/1708069

Also introduced in this release: Oracle Privileged Account Manager (OPAM) is a whole new set of functionality focused on managing administrative passwords for applications, databases and operating systems. Although it can operate as a stand-alone application, the real value comes from its integration with other IDM components: such as self service password request UI and automated workflow approvals via Oracle Identity Manager, and detailed historical reporting via Oracle’s BI tools.

More details on OPAM here: http://www.oracle.com/us/corporate/press/1707986

Listen to the launch webcast and hear Amit Jasuja and Hassan Rizvi talk about the new features and business value here: http://bit.ly/LYWOB9

Tuesday Jun 12, 2012

Identity Management as a Controls Infrastructure

Identity systems are indispensable to managing online resources, and are becoming increasingly more complex as businesses adapt their current infrastructures to support a broad user population across a wide range of devices. Adding point products to solve problems addresses the short term need, but complicates the longer term management outlook.

Download the latest whitepaper HERE to see how Oracle is taking a platform approach to building a scalable and secure controls infrastructure that enables businesses to engage customers and gives employees secure access to corporate resources from anywhere.


Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.


« April 2014