Monday Sep 17, 2012

New in 11gR2: Oracle Optimized System for Oracle Unified Directory (OOS4OUD) Podcast

There have been a lot of cool new features in the IDM 11gR2 related to new functionality: social log-in capability, mobile application security, and self service access requests, just to name a few.  But what about performance?

In the 11gR2 release we announced the availability of an Optimized System configuration for Unified Directory.  Oracle is very focused on software with matching hardware that is configured and tuned to get the best performance possible.  I caught up with Nick Kloski, Infrastructure Solutions Manager and asked him to talk me through the new Optimized System for OUD.

Listen to the podcast interview here. Podcast Interview

Wednesday Aug 29, 2012

Sun2Oracle: Upgrading from DSEE to the next generation Oracle Unified Directory

OUD is part of Directory Services

Mark your calendars and register to join this webcast featuring Steve Giovanetti from Hub City Media, Albert Wu from UCLA and our own Scott Bonnell as they discuss a directory upgrade project from Sun DSEE to Oracle Unified Directory.

Date: Thursday, September 13, 2012
Time: 10:00 AM Pacific

Join us for this webcast and you will:

  • Learn from one customer that has successfully upgraded to the new platform
  • See what technology and business drivers influenced the upgrade
  • Hear about the benefits of OUD’s elastic scalability and unparalleled performance
  • Get additional information and resources for planning an upgrade

Register Now!

Monday Jul 23, 2012

Introducing the Optimized Solution for Oracle Unified Directory

The announcement of Oracle 11g R2 brings with it some really interesting new features. One of those new features focused on optimizing performance is the Oracle Optimized Solution for Oracle Unified Directory (OOS4OUD). OOS4OUD is a pairing of SPARC T4-1 hardware with dedicated storage and Oracle Unified Directory software in a redundant and highly scalable configuration.

Oracle engineers conducted a series of load tests to determine the optimum configuration for LDAP directory performance on this hardware and documented the configuration in an Implementation Guide.

The hardware consists of 3 x T4-1 SPARC servers, each with dedicated Sun Storage 2500 FC array, linked with 10GbE networking. All servers are running Solaris 11, and one server is configured to use the integrated load balancer. The Java Keystore and the Solaris Cryptographic Framework were installed and configured. Oracle Unified Directory software was then installed on all 3 machines.

The performance of the Optimized Solution was impressive. During testing the system was able to scale up to 180,000 simultaneous directory searches/second using a 15M record LDAP directory.

Because the OOS4OUD implementation guide takes most of the guesswork out of configuration and tuning, customers can expect a 1 – 2 week implementation and testing cycle, rather than a traditional 5 - 6 week project.

For more information about the Oracle Optimized Solution for Oracle Unified Directory go to our website at http://www.oracle.com/us/solutions/oos-oracle-unified-directory-1571310.html

Tuesday May 08, 2012

Hardware and Software engineered to work together: Oracle Optimized System for Oracle Unified Directory

The Oracle Optimized System for Oracle Unified Directory (OOS4OUD) is a matched and tuned set of SPARC hardware and OUD software configured by the Optimized Systems Team and the Directory Team to deliver top performance.

The hardware consists of three SPARC T4-1 servers running Solaris 11 and using the integrated load balancer for redundancy and throughput.  Each T4-1 machine uses a Sun Storage 2500-M2 array connected using two fiber channel cards.

The team then tuned the Solaris OS configuration to take full advantage of the hardware and to support advanced features of the OUD software.

The resulting combination of high performance hardware, storage, next generation directory software and expert tuning is a highly scalable, redundant and secure directory platform.

You can read more on our OTN page here and on our solution page here.

Tuesday Jul 26, 2011

Oracle Unified Directory Webcast Q & A

Thanks to everyone who joined our webcast on OUD. Because we ran out of time, several questions were un- answered. I have captured answers to all of the questions asked for your reference. You can also view the webcast on demand.

      Question: If you are currently using OID, OVD 10.1.4.2 and EUS, what should be the future direction in terms of upgrade    paths, roadmap etc?

· Answer: Support of OUD as another option for EUS deployment is on our future roadmap, but the support of OID and OVD for EUS will not change, so no upgrade needed.

· Question: How is OUD different from OUD and OID

· Answer: Architecturally, OID is based on an external Oracle database, and OUD is based on an embedded Berkeley database. Scalability wise, they have different approaches to support extremely large deployments, OID provides monolithic scalability in a single DIT and even leverages ExaData for large scale deployments, while OUD provides horizontal scalability by adding more instances with data partition and global index for performance and scalability on commodity hardware. These solutions provide options to customers to meet their different requires and preferences.

· Question: How does the tool work with OES 11g

· Answer: Supported as identity store

· Question: Will Identity synch be available in OUD Is there a feature compare between other OpenDS offerings

· Answer: Yes, refer to our differentiators slides

· Question: Can OUD Synch or replicate with AD

· Answer: Yes, using Directory Integration Platform (DIP) from Oracle

· Question: Is referential integrity for objects / attributes such as groups / roles and members provided OOTB, or would custom plugins be required?

· Answer: Available in product – must be enabled

· Question: What is the level of interoperability with 3rd party directories such as AD or Edirectory?

· Answer: Supported using DIP

· Question: Is it possible to include OID in a OUD replication agreement?

· Answer: Not supported

· Question: but if I don't have ODSEE deployed, do you recommend a pure OUD deployment, to cover all of my directory (and virtual directory) needs?

· Answer: Yes. ODSEE is not a pre-requisite in anyway. However, virtual directory capability is not available in current OUD 11g, so you need to use both OUD and OVD together.

· Question: Does OUD run on WebSphere?

· Answer: OUD server is a J2SE app and runs on any JVM. However its admin console ODSM and monitoring interface Enterprise Manager require J2EE container and are currently only supported on WLS.

· Question: How about Novell eDirectory?

· Answer: You can replace eDirectory with OUD and you can sync them with DIP.

· Question: Is OVD ever useful/needed for replication in an OUD-oriented deployment?

· Answer: Not needed for replication, but only when you need to virtualize a directory environment that has other LDAPs or databases.

· Question: Is OUD a LDAP v3 implementation?

· Answer: Yes

· Question: Looks like this is intended to completely replace ODSEE, right?

· Answer: OUD can completely replace DSEE – customers are not required to replace DSEE

· Question: I'm a Sun DS 5.2 customer and I'm really confused. Is Unified Directory the future? Or should be I migrating to DSEE 11g (7.0)?

· Answer: OUD is the future directory, but we will continue to enhance and support ODSEE. We encourage you to upgrade to OUD, but you still have the option to upgrade to ODSEE 11g.

· Question: Does the OUD replication gateway work with ODSEE 6.3.1? Or is it mandatory to upgrade to ODSEE 11g first?

· Answer: currently only works with ODSEE 11g. However, it is on the roadmap to make it work with ODSEE 6.3.x directly.

· Question: What's the future for ODS and OID?

· Answer: OID will continue and be an option in addition to OUD.

· Question: ODSEE provided a plugin API. Does OUD provide a similar plugin API? Will existing plugins convert easily?

· Answer: OUD does not yet have a plug-in API. But because OUD is in Java and DSEE is in C- plug-ins will most likely have to be rewritten. However, before rewriting – investigate OUD and OVD features – could be features that required customization in DSEE – are now standard features.

· Question: understand OVD will be converged into this product. Is this correct?

· Answer: Yes. Once it is converged in the future, you’ll have a new OVD with full-functioning and powerful local store.

· Question: What is the future of Oracle/Sun Directory Server?

· Answer: If you are asking about ODSEE, we will continue to enhance and support it, though OUD is the future focus of innovation and already fully compatible with ODSEE.

· Question: How do you get such great performance improvement using OUD vs. ODSEE, considering ODSEE is arguably the best of breed in terms of read performance in the enterprise DS market?

· Answer: Exactly, ODSEE has great performance and is already the best on the market. We further enhanced OUD with new threading model and other architectural improvements to make it perform even better.

· Question: Does synchronization include the ability to sync identity data to SaaS applications?

· Answer: Depends on what SaaS applications you are using, as long as we have a DIP connector, it will work.

· Question: Is the replication gateway a separate install?

· Answer: not a separate install, but a configuration step.

· Question: Any justification to replace non-Oracle LDAP directory products by OUD?

· Answer: Absolutely. There are many reasons I can list, but a few quick points – 1. Oracle is the only vendor with a complete and unified directory solution, so you have one strategic vendor to work with and get the integrated solution and experience. 2. OUD provides high performance and scales elastically according to your needs which will reduce TCO. 3. We provide tools to help you migrate. 4. You can count on Oracle to continue to innovate as we have demonstrated with the OUD release.

· Question: will there be a best practices for migrating sun dir 5.x , 6.x, and 7.x users?

· Answer: yes, we will have a whitepaper available on this.

· Question: Will this have synch with AD

· Answer: Yes, through DIP

· Question: How does licensing work? Is it per server?

· Answer: Per CPU

· Question: In terms of synchronization with other stores, do you have some sort of connectors or framework we can use to build integration with stores on mainframe and other types of application which has their own store..

· Answer: There is a custom API for DIP

· Question: How much do the stated performance numbers for OUD depends on datasets being cached in memory?

· Answer: Full cache. As with any database product – maximum performance requires to reduce the amount of disk IO and thus the more data in memory cache – the better the performance

· Question: Can OIM use OUD as a native user repository? (It can currently use OID, but not ODSEE).

· Answer: No. OIM requires a database

· Question: Is OUD <-> ODSEE replication perform as well as ODSEE replication? Or are there replication delays to be expected?

· Answer: Should be seamless without delays.

· Question: How is elastic scalability achieved? Also, what other DS is OUD interoperable

· Answer: Elastic scalability is delivered through data partitioning and global index. Sync using DIP support all major LDAPs and Oracle database.

· Question: How does this work with Identity Management/SSO?

· Answer: Oracle IDM 11g certified OUD 11g.

· Question: I know there are a few companies that have taken openDS and built products (e.g. UboundID sp?, forgrock, etc.). How is OUd better since those other guys have been out for years?

· Answer: The real point is that OpenDS was out for a few years. OUD is build on top of OpenDS, but added some other innovative capabilities like proxy, data partition, global index, ODSE web based admin UI, monitoring using Enterprise Manager Grid Control, replication gateway with ODSEE, etc that differentiates us from others.

· Question: Will there be new update versions after ODSEE 11 gR1? or are the customers encouraged to migrate to OUD ?

· Answer: Customers are encouraged to upgrade to OUD, although there will be update versions to ODSEE 11gR1.

· Question: How much control do we have with command line tools or we need to rely on administration console

· Answer: All functions in Admin console are available through commend line

· Question: All of the discussion is around Sun. Does this work on IBM AIX?

· Answer: Yes.

· Question: Where can we download OUD

· Answer: on Oracle Technology Network (OTN).

· Question: Is ODSEE the same as Oracle/Sun Directory Server?

· Answer: Yes.

· Question: Will this product follow the path of OpenDS and provide both an enterprise and and open source version?

· Answer: There will be no equivalent of open source version of OUD as there will be no new functional capabilities committed to the open source.

· Question: We are on Oracle/Sun Directory Server v7. What do you recommend for our future path?

· Answer: You can continue on ODSEE, but we encourage you to test OUD and plan upgrade if you like OUD better.

· Question: You just said there will be "a convergence across products". That sounds like you're saying Unified Directory is the replacement for DSEE and OID. I'm still confused

· Answer: Convergence is more about ODSEE, OVD and OUD. OID is still an alternative solution for customers.

· Question: So OVD remains separate from OUD? Can OUD instantiate LDAP views (like OVD does)?

· Answer: OVD is separate for now until it is converged. OUD currently does not have virtual directory capabilities.

· Question: If a client has Identity and Access Management Suite Plus, does this imply an OUD license?

· Answer: Yes.

· Question: What security certifications has OUD undergone?

· Answer: Following the vigorous Oracle security practice.

· Question: Can OUD provide any OTB connector similar to OID DIP to synchronize with external data sources such as LDAP, Databases, Flat files, etc?

· Answer: It leverages DIP, so with the same connectors.

· Question: Does the replication gateway work with older versions of Sun DS (e.g. 5.2, 6.x) or do you have to be on 11g?

· Answer: Answered above. Only work with ODSEE 11g today, but support for other old versions are on the roadmap.

· Question: Is it possible to access the changelog directly? Or is a plugin like RCL needed to write the changes into a separate subtree?

· Answer: Technically it’s possible to query the Change log – however, OUD to OUD server uses an optimized replication protocol. If needing to synchronize data between OUD and another source – it would be better to use DIP (or OIM) instead of querying the OUD change log.

· Question: If I have OID can I migrate to OUD?

· Answer: Depends on what applications you are using. If you are using OID for Oracle apps that require it, for example, EBS, OSSO, etc, it will not work. If OID is used as an enterprise directory not for specific Oracle apps, you should be able to migrate to OUD.

· Question: Isn't DIP a completely separate product or has it been integrated with Unified Directory as well?

· Answer: Integrated for interoperability.

· Question: When will CA Siteminder be certified w/ OUD?

· Answer: Please ask CA to certify it. We will also proactively work with them.

· Question: What will be driving factor for the enterprise already using Sun directory Server 7 or above to move to OUD?

· Answer: Better performance, more flexible elastic scalability, better availability and unified solution with built-in proxy, complete Java experience with OVD and DIP, improved admin and monitoring experience with ODSM and EMGC.

· Question: Is DIP part of the ODS+ bundle?

· Answer; Yes

· Question: What kind of API is available?

· Answer: There is no API in current version. An API is planned for future version. If needed some type of data transformation for current release – possible to use OVD to do the data transformation before passing to OUD.

· Question: Can I use OUD 11g as user store for both OAM 10g and 11g?

· Answer: Yes.

· Question: How similar is this product with OpenDS?

· Answer: The core LDAP server is similar, but with added innovative functions like proxy, global index, Admin UI as well as monitoring etc.

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
3
4
5
6
7
8
11
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today