Identity and Access Management (IAM) has become more visible as a business requirement across all industries and affects organizations of all sizes. In the current environment a security breach has the potential to impact a business’ bottom line - damaging its reputation, customer loyalty and profitability.
Furthermore, compliance, governance and privacy regulations have put an unprecedented executive level focus on the need for strong security controls. This becomes a challenging task in a constantly changing environment where granting appropriate and timely access to information is critical.
IAM systems are indispensable to the security, governance, and risk mitigation of organizations. Whether for authentication, user lifecycle management, or access certification, Identity is at the core of making business processes function. Some of the key issues customers face include:
Maintaining high performance Identity Systems
Full visibility of complete IAM systems in context
Ability for proactive Monitoring
Lack of specificity of information for performance troubleshooting
Lack of data and insight into access request transnational latency and throughput
Oracle Management Cloud is a comprehensive suite of next-generation integrated monitoring, management, security and analytics services. Built on a Unified Data platform, Oracle Management Cloud integrates a comprehensive set of capabilities that spans, Application Performance Monitoring, Infrastructure Monitoring, IT Analytics, Log Analytics, Security Monitoring and Analytics, Configuration and Compliance, and Orchestration services. With this integrated solution, businesses can leverage Oracle Management Cloud's Machine Learning algorithms to provide a more intelligent and efficient management experience with its advanced clustering, anomaly detection, correlation and forecasting capabilities.
Operational data is automatically analyzed and correlated across all of Oracle Management Cloud services, and the resulting insights are made instantly available through intuitive dashboards to give operational teams a true picture of what's happening within their IT estates. Real-time diagnostics, IT resource capacity planning, operational forecasting, and business analytics are all built into the product.
Oracle Management Cloud's services leverage an unified platform when it comes to collecting and analyzing all the various system files and logs. For example, log data can be used to provide context for performance metrics and troubleshooting.
The deep understanding that results from Machine Learning enables customers to make intelligent decisions and execute those decisions with full-featured automation. Customers can thus maintain visibility across rapidly changing, cutting-edge, cloud-native or cross-cloud integration, prevent outages across the entire application portfolio, collect and analyze business and IT data on the entire stack, from end-user devices and browsers, through application, middleware, and database services, and all the way down to hardware, hosts, virtual machines, containers, and clouds.
Oracle Management Cloud provides the following features specifically in support of Identity and Access Management (IAM):
Automated purpose-built collection, analytics and remediation of IAM system components, underlying infrastructure and diagnostic logs
Pre-built intuitive dashboards optimized for IAM Applications
Unified operational data includes application metrics, application and server logs and configuration information
Oracle Management Cloud is a heterogeneous, Hybrid Cloud solution so it can receive and analyze data from any, or combination of sources: whether on-premises, or in Oracle Cloud Infrastructure, or other 3rd party Cloud platforms such as, Amazon AWS or Microsoft Azure or Google Cloud Platform. We also provide the ability to manage hybrid environments including Oracle's Cloud@Customer. Additionally, the solution supports non-Oracle entities out-of-the-box as well, such as Microsoft Windows, SQLServer, IIS, SAP, several NoSQL databases, etc. The full list is here. We offer services to all of the IAM components including:
Oracle Access Manager
Oracle Identity Manager
Oracle Identity Governance
Oracle Directory Server (Enterprise Edition)
Oracle Unified Directory
[Note, this is based on the latest IAM offering, other components, available in previous releases are also supported and have been merged into these offerings]
Creating Identity and Access Management specific Dashboards is one of the out-of-the-box highlight for this solution. Several are available, making it easy to get started quickly. Lets start with the Executive Overview Dashboard.
This Dashboard is for executive management to show the overall health of the system. You can easily get answers to common but critical questions such as, are my IAM services up or down, how are some of the key performance indicators (KPIs) looking for the environment? The KPIs included items such as the number of users created, updated and deleted in OIM organized by department, number of authentications and authorizations including failures and so on.
Right below is an interesting metric, the volume of logs processed. You can clearly see that Oracle Management Cloud processed about half a billion log records in total, generated from just one week of activity. That's not a great issue in itself. If you setup a large infrastructure and invest lot of money in hardware and software you can do that too. The power of Oracle Management Cloud comes in analyzing that volume of data and leveraging the power of not just Oracle Cloud to scale up but also use the power of Machine Learning to find patterns in that data. As you can see Oracle Management Cloud identified roughly 500 or so distinct issues within the environment. All of these are clickable so that if the executives choose to do so, they can click through to get to that next level of detail.
The idea here is that the executive or C-Level team gets the right level of details that they care about in a single place and if any of them are interested, they can drill down further.
OAM Owner Dashboard
The OAM owner here gets a more detailed breakdown of the authentications and authorizations happening in the system along with the different errors. The executive team wanted to know when authentications and authorizations are taking longer than 5 seconds. So the Access owner asked to be notified when authentications are taking more than 3 seconds and authorizations are taking more than ½ second. They want to be notified before their boss gets an alert. The OAM owner wants to see a further breakdown of authentication and authorization failures by users, or by policies that caused those failures. Note here that Oracle Management Cloud is not only processing the logs, but that it understands the system that is generating those logs and so can provide valuable insight into how OAM is working instead of just being any other log aggregator. This is the power of Oracle Management Cloud, understanding and providing insights into the solutions you are monitoring
OIM Owner Dashboard
Just like the OAM dashboard, the OIM one gives that next level of detail that an OIM owner would want to know. For example, if you wanted to know, where are my errors happening, when are provisioning exceptions occurring and so on.
ODSEE Analytics Dashboard
The ODSEE Analytics dashboard shows important information like the IP addresses the clients are coming from, top users, top unindexed searches, that will cause huge performance hit on any LDAP, top filters used for searches, what search bases are used in LDAP queries to understand if the search operations are being optimal or if they are just searching the entire directory tree unnecessarily.
Other Dashboards are also available, eg ODSEE Health Dashboard, SOA Infrastructure Dashboard, OIM Scheduled Jobs, OIM Admin Role (Application Access, Access Policies, etc) but for brevity of this blog, I didnt include them here.
Oracle Management Cloud provides readily available, easy to understand dashboards that help pinpoint issues quickly. It allows you to easily troubleshooting Identity Applications across the entire estate. There are several advantages to this uniquely broad view of the entire IT estate, particularly when Machine Learning techniques are applied on top of such a vast amount of unified data.
Oracle Management Cloud enables you to:
Maximize Performance of Identity and Access Management Applications
Minimize operational effort to identify, diagnose and remediate performance issues across hybrid clouds
Plan accurately for future resource capacity needs to prevent shortfalls or unplanned outages
Provide real-time diagnostics, operational forecasting and business analytics
In a subsequent blog, I will show how Oracle Management Cloud can tackle interesting IAM-related use cases, such as:
Rapidly troubleshooting outages (root-cause analysis)
Setting up proactive alerts (before something bad happens)
Anomaly alerts (find the needle in the hay stack)
Resource utilization and capacity planning (Forecasting)
SOA Infrastructure monitoring (deep visibility)
The application domain is broad and Oracle Management Cloud can help manage all aspects of Identity and Access Management applications. Whether it's on-premises, or in Oracle Cloud (eg with IDCS), or in someone else's Cloud, if you are considering a lift-and-shift scenario, you will need to track all of the critical metrics. With Oracle Management Cloud this task can be done for you automatically. It is a terrific service for all of these mentioned use cases.