Thursday Jul 08, 2010

Oracle IRM deployment planning

With lots of partners now starting to work with the Oracle IRM 11g release with customers, i'm often asked about the tasks involved in an initial IRM deployment. What do customers need to be prepared for? What timescales are involved for getting the service up and running?

 

Overview


Oracle IRM has out of the box a classification system which represents best practice learned from our customers using the technology over 10 years. This classification system is called the "context rights model" and allows an organization to quickly build an IRM service, configure it for the first few use cases and most importantly, easily scale the service to millions of documents and thousands of users.

 

As a technology, Oracle IRM has many pieces of functionality, is very flexible/scalable and numerous integration possibilities. There have been some very complex deployments and integrations of Oracle IRM but they have all started with a simple design.

No matter if you are a small company wishing to protect the small number of board level documents for 20 people or a large enterprise rolling out IRM for 150,000 users, the following project outline is typical at the start of most IRM engagements. You should always keep the following in mind.

  • Start with a use case that represents real business use, but at the same time is not critical to the ongoing operation of the business. For example, if you are using Oracle IRM to secure your research documents, then the first use case might be to protect just a few research documents from a project last year. This way you get to learn how to use IRM without impacting current research.
  • Keep It Simple. For the first foray into IRM document security, keep the use case simple. Oracle IRM is very flexible and allows you to change rights and roles after you've secured content. So keep it simple and then add in complexity when you've learned how your business is going to use it.

 

 

Typical project outline


There are four typical stages of rolling out an IRM service. Note the time scales below are very general and usually reflect the deployment of a service for 1-2 well understood use cases.
DeploymentArrows.png

Preparation (1-2 weeks)


Before you install any software or secure a single document, you need to be well prepared. Oracle IRM is a classic client & server type architecture, therefore you need to ensure the following is ready before the service can be configured for use.
  • Hardware: Acquire adequate hardware for hosting the IRM service.
  • Rack and power: If you have a data center to run the service from, ensure that you have rack space and power and that the server is in the rack ready to go.
  • Operating system and database licenses/installation: IRM requires an operating system to run on and a database to talk to. These may already be in place, but you need to ensure you've got licenses for use. Another important issue is to ensure you know the database administrator and have them ready to make changes. I've been on site with a customer paying good money for a few days consulting and we are just sat around whilst someone tries to find the DBA so we can create the IRM schema accounts.
  • Network addresses and host names: Very important to an IRM service is the host name used for the clients to communicate back to the IRM server. Most IRM servers are also publicly accessible from the internet, therefore make sure you have a publicly routeable static IP.
  • Be ready to make firewall changes: In the same light that you need to identify the database adminsitrator, then you will also need to ensure you can make changes to the firewalls around the IRM service to allow traffic into and out of the system.

 

Any one of the above tasks can sometimes take a long time. Getting hardware sometimes comes with lots of process and lead time, so be sure you are well prepared. Nothing is worse than paying for a consultant to be onsite and then have them sat down drinking coffee and surfing Facebook whilst they wait for you to find someone to create database accounts and make firewall changes.

 

Training and consulting (2-4 weeks)


This is the most important phase of IRM deployment and it is highly recommended you have an IRM expert consultant on site to take you through this part of the deployment.

 

The best way to start any IRM deployment is with a Oracle IRM foundation workshop. This a day of hands on training intended for the whole project team and involves using IRM on virtual machines that have been setup to represent a best practice organization that have been using IRM successfully for 12+ months.

This workshop then leads you into the business consulting where over a week or two you talk to the business users who drove the IRM purchase and clarify their requirements and constraints. This activity should start by identifying a large scope of how IRM can be used within the business but then focus on a small set (1-3) of use cases that you decide to initially pilot with. This consulting should also identify the roles and responsibilities of users in both the business and the IT organization. For example, who owns the classification? Who managers the server? Who supports the business in using IRM?

This business consulting will then help you understand how to configure the IRM server to meet the needs of your use cases. A good document on Oracle IRM classification design can be found here.

Another key aspect to this initial consulting is devising the communication & awareness strategy for all involved. When deploying an IRM technology to secure documents you must think through how to communicate the impact of this to the end users and business owners.

This stage may, for very large and complex security deployments be several months and this depends on how complex the use cases are, how well organized your business is and how many other technologies are involved. I have also seen this stage take under a week. There are some Oracle IRM customers who have gone from a blank server to a running system protecting documents in under a week!

The second type of consulting during this phase is the technical assistance to install, configure and customize the IRM service. For a well planned out deployment, the installation phase should take only a day. Configuration such as SSL, integrating with LDAP, using HotFolders can then take a few more days. This technical consulting time should also include training of the operational and support staff who will be managing the IRM service. For help on what is involved in installing an IRM service, please refer to the quick guide.

 

Test & Pilot (2-4 weeks)


Prudent organizations will go through a test and pilot phase before introducing the service to your larger community of real business users. This phase usually requires little to no assistance from an Oracle IRM partner, you should by this stage have a fully working IRM service, have identified a few use cases and started to protect some documents.

 

This phase is a good chance to go through some basic functional testing and cover areas such as;

  • Use the IRM service with a small number of users who are amenable to the initiative and understand the use cases you are trying to solve.
  • If external users are going to access sealed content, involve a few in the pilot to ensure accessing sealed content externally works as expected.
  • Rehearse end user training. Send out the introduction emails and see how your pilot users respond and how well they understand them.
  • Give the operations and support staff some time to get accustomed to the service. Test and support processes and try failing over the IRM server to make sure monitoring and alerting works as expected.

 

 

Go Live & Ongoing Operation (~)


At this stage you should now be well versed in IRM and be ready to launch the service for more use cases, more users and across the business. The Go Live point is typically where the service is prompted from a testing/pilot phase to production. If your preparation, design and pilot phases have been done well, Go Live should be uneventful.

 

Ongoing operation is then the continued live use of Oracle IRM within your business. You may find that other areas of the company start presenting use cases and asking for their own classifications. It is good practice to re-engage with an Oracle IRM partner a few months after you go live to go over any new requests and get a little more help on continuing the use of the technology. This should only be a few days of work but there is a lot of experience these partners can give you that will ensure your ongoing and future use of Oracle IRM is successful.

About

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today