Wednesday Jul 31, 2013

Oracle Waveset to Oracle Identity Manager: A Case Study in Higher Education (Deloitte)

Deloitte is excited about the opportunity to introduce the first blog in a series of four blogs that will look at real world case studies involving Oracle Identity and Access Management (IAM). Our future blogs will expand on relevant IAM topics including: 1) Oracle Waveset to Oracle Identity Manager, 2) Oracle IAM in Telematics, 3) Oracle IAM with Governance Risk and Compliance, and 4) Oracle Identity & Access Governance with Database Security. Throughout this blog series, readers are encouraged to submit questions or comments which will feed into a roundtable type Q&A blog responding to selected comments and questions received.

In this edition of the Oracle IAM blog, we’ll look at a case study for migration from Oracle Waveset to Oracle Identity Manager for a higher education statewide system of community colleges, state universities and technical colleges. This also highlights how the flexibility of Oracle’s IAM product landscape contributed to creating a dynamic and sustainable solution for a public-facing system with nearly 500,000 users.

Current State Evaluation and Replication

The legacy Oracle Waveset instance connected to numerous institutional directories and provided end-user functionalities such as user self-service, account activation and password management as well as administrative help-desk functions with a highly customized interface and set of workflows.

As we analyzed these functions, we identified that a majority of these were available within Oracle Identity Manager (OIM) 11g R2 which simplified their replication. Further, the User Interface (UI) enhancements in OIM 11g R2 allowed for significant customization to the end-user pages, such as the ‘My Information’ page, with minimal custom code.  Initial replication of the core functionalities was crucial to the overall project and allowed for the replacement of Waveset as an end-user facing solution on Day 1 of the OIM go-live. However, this did not cover the numerous resource integrations that Waveset had behind the scenes that would also need to be migrated. Several functionalities such as account activation and password reset/forgot password that required specific workflows and service integration were replicated in separate Oracle ADF-based applications that were split away from the OIM managed servers. This allowed for the highly used end-user functions to run separate of the OIM instances to provide for increased flexibility in load management and tuning.

Resource Migration Approach

As the numerous resources requiring migration would take significant time and effort, it was decided that these resources would be moved over in a phased manner requiring both OIM and Waveset to operate in parallel for a period of time. This approach reduced risk, as a single cutover would have been highly complex with multiple moving parts across colleges and campuses. To enable this to be possible, OIM and Waveset would need to operate together as we migrated each campus from the old Waveset platform to the new OIM platform. To help accomplish this, a custom connector between OIM and Waveset was built to synchronize certain user attributes so that Waveset could update and maintain those attributes on the resources that remained to be managed by it.

Overall, this approach turned out to be highly beneficial as it allowed the team time to ease into using the new identity solution, reduced the risks that would have been present in a single “big bang” cutover event and allowed for a quick win which displays critical progress and success to solution stakeholders. 
 

Figure A – Oracle Waveset to Oracle Identity Manager resource migration approach

Additional Important Success Factors

Throughout the migration, we encountered a number of items that were deemed critical for meeting project goals that primarily focused on the following:

User Experience

As the solution’s primary users were public individuals that would likely not have significant training or usage guidance, focusing on a refined and calculated user experience such as clear verbiage, font sizing and coloring as well as succinct and detailed error messages was important. While these items may seem minor or insignificant to some readers, they, as expected, ended up being extremely beneficial to end-users and reduced support needs.

Performance and Tuning

With our highly active user-base, performance of the solution was critical to success. Use of the existing Oracle Fusion Middleware Performance and Tuning Guide as well as the OIM 11g R2 Reconciliation Tuning Whitepaper were critical for maintaining performance and ongoing stability of a solution with this size. Also important were key architectural decisions around load balancing, managed server clustering, as well as database clustering (e.g. RAC). Providing enough horsepower behind the solution and conducting due diligence around performance testing will reduce the amount of performance-related issues encountered in production.

In Conclusion

The phased migration of Oracle Waveset to Oracle Identity Manager 11g R2 allowed for a quick win in the initial cutover of end-user functions, a lower risk migration path and well as constant stream of “good news” as various campuses were migrated from the old solution to the new one in a phased manner. A focus on user experience and performance tuning also helped to create an effective environment for end-user interaction and contributed to achieving the goals of the initiative. Finally, the new OIM architecture will provide a solid infrastructure for future enhancements and a greatly increased user base that the prior Waveset environment could no longer support.

About the Author

Derek Dahlen is a Manager in Deloitte & Touche LLP’s Security & Privacy practice with over eight years of experience in information security. He specializes in managing, designing and architecting large-scale identity and access management projects with a focus on the Oracle product stack. He has worked with various clients across the financial services and state government sectors.

Thursday Apr 18, 2013

How to Mitigate Risk in the Cloud

Yesterday we talked about how risk varies with the type of cloud deployment with public clouds posing greater risk than hybrid or private. Thankfully, a built-in security approach offers you protection for either of those deployments. Irfan Saif, Principal at Deloitte goes through the top 5 things you need to consider to mitigate the risk in the cloud and bolster security.

Watch the 3rd in the series of CIO Insights video and get the experts’ insights to find out how to build security in your cloud strategy. Mark Sunday, Oracle’s CIO hosts the executive panel.

Monday Oct 10, 2011

Identity Management Seminar - Coming to a City Near You

Safeguarding a business has never been more challenging. The number of security breaches has increased significantly around the world. In addition, regulatory requirements have become more demanding. Businesses are under growing pressure to not only enforce granular access privileges and monitor access certifications, but also to demonstrate that their controls can detect and prevent security policy violations, which can be an expensive and time-consuming task.

At Oracle, our industry leading Identity Management solutions offer a unique approach called "Entitlement-Driven" Identity Management.  Just like an atom is the fundamental element of all matter, we believe that entitlements are the fundamental elements of security. Since entitlements are at the core of all security requirements, enterprises should really think about enforcing security on the basis of entitlements rather than just relying on user identities.  An entitlement-driven approach to identity management ensures that security policies can be consistently applied, quickly deployed, and easily managed to help reduce risk, reduce costs, provide transparency, and satisfy compliance mandates.

Want to learn all about identity management and the benefits of an entitlement-based approach?  Oracle Identity Management is coming to a city near you with half-day seminars that give you an opportunity to experience learning with fun.  Here is the list of cities and dates. Stay tuned to this page as we update this with more venues in the near future. Register today and don't miss the opportunity to learn how you can benefit with Oracle Identity Management.

Friday Aug 12, 2011

Layering Enterprise Security with Access Management

As a security professional, one of the surveys I look forward to every year is the Data Breach Investigations Report published by Verizon. In the 2011 edition of the report, there were several glaring statistics. Verizon reports that 76% of all breaches compromised back end servers, 92% of attacks were not highly difficult and an alarming 96% of all security breaches were preventable through simple or intermediate controls. At Oracle, we could not agree more.

Across the enterprise security landscape there are several factors which are increasing risk for organizations. Traditional security has relied on defending the perimeter. But the proliferation of sophisticated attacks internally and externally demands sophisticated defense mechanisms that factor risk into the security equation. Secondly, the modern workforce is increasingly dynamic and mobile. When employees, partners, contractors, customers, suppliers etc all need access to critical applications, access to sensitive information should be restricted to authorized users. Finally, recent IT trends like cloud computing, and mobility have resulted in a proliferation of applications that employees need access to. Applications come in many different flavors (packaged, homegrown, SaaS, mobile apps etc) and when each app has its own notion of the user, how they connect and what they are authorized to do, this increases costs and complexity of integrating security for applications.

At Oracle, our Access Management solutions offer holistic security to help organizations safeguard against security threats, reduce risk, ensure compliance and security for applications, web services and data. In our upcoming webcast on Aug 23 sponsored by IOUG, Eric Leach from Oracle will discuss the latest innovations in Oracle Access Management solutions and how they can help you address your enterprise security and compliance goals.

Register here for the Aug 23 Webcast.

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
3
4
5
6
7
8
11
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today