Advanced
- Application Server
|
|
|
|
‘An eye for eye
only ends up making the whole world blind.’ Gandhi |
Introduction
to Enterprise Identity Management
(LESSON09)
SUMMARY
Managing
Customized Oracle Application Server Topologies
(Deployment
Topologies)
Oracle
Application Server Components:
Oracle
provides great flexibility in deploying an application server.
-
Installation
options:
-
Installation
of Oracle Identity Management (IM) only with an existing
OracleAS Metadata Repository on a same or different host.
-
Installation
of OracleAS Metadata Repository only to not register it with the
Oracle Internet Directory (OID) in an IM installation.
-
Installation
of multiple IM installations pointing to the same Metadata
Repository (Rack-Mounted Directory Server Configuration)
-
Topology
options:
-
Java
Developers (General Development Topologies)
-
Portal
and Wireless developers
-
Install
Portal and Wireless - HOME1
-
Install
Identity Management (OID, SSO, and Metadata Repository) –
HOME2 *** Metadata Repository is a collection of the PORTAL,
OID, and SSO schemas.
-
Forms
and Reports developers
-
Install
Business Intelligence and FORMS (BI) - HOME1
-
Install
Identity Management (OID, SSO, and Metadata Repository) –
HOME2
-
Integration
architects and process modelers
-
Install
J2EE and Web Cache (OC4J) - HOME1
-
Install
Identity Management (OID, SSO, and Metadata Repository) –
HOME2
-
Enterprise
Data Center Topology – Multiple departments share the same
data center.
-
Departmental
Topology – each department hosts their application with more
servers.
-
Development
Life Cycle Support topology (Development, test and production)
-
Cold
Fialover Cluster (Special Topologies)
-
Real
Application Clusters (RAC)
-
Identity
Management Replication
Why
Identity Management
Identity
management is the set of steps by which users are created or managed
in an enterprise. A user can access to the web application, database,
operating system, legacy system, and directory. You can also:
-
Provision
users for an application (creation, suspension, and deletion)
-
Manage
user permissions in applications
-
Manage
profile information such as application preferences, passwords,
and personal identification numbers (PINs)
-
Personalize
applications for individual users such as portals.
Synchronization
and Provisioning
Oracle
Identity Management use directory integration to integrate OIM with
other third party identity management. It provides two different
integration services such as synchronization
and provisioning. With
synchronization service, you can synchronize the Oracle Internet
Directory (OID) server with other third-party directories. With
provisioning services, you can notify the Lightweight Directory Access
Protocol (LDAP)-enabled applications of any changes in the OID server.
Oracle
Identity Management: Terminology
Identity,
Entitlements, Authentication, Authorization, Identity database,
Security principals, Identity management policies, Centralized
assertion services, Identity provisioning, Account provisioning,
Authorization policies, Identity administration, Policy decision
services, Identity management realms, Identity policy assertion
services
Tools
to manage the Oracle Identity Management (LDAP)
-
Oracle
Enterprise Manager Application Server Control (http://host:7777)
-
Oracle
Delegated Administration Services (DAS) (http://host:7777/oiddas)
-
Oracle
Enterprise Manager Control (http://host:1156)
-
Oracle
Application Server Portal (http://host:7777/pls/portal)
-
Oracle
Application Server Discoverer (http://host:7777/discoverer/plus)
-
Oracle
Enterprise Manager Database (http://host:7777/em)
-
Check
the ports at the $ORACLE_HOME/install/portlist.ini file
-
Oracle
Internet Directory Tool ($ ./dmadmin)
-
Oracle
Process Management and Notification Server ($ORALCE_HOME/opmn/bin/opmnctl)
-
Oracle
Distributed Configuration Management ($ORACLE_HOME/dcm/bin/dcmctl)
Enterprise
Data Center Topology:
External
Client from internet access to intranet – outside of DMZ Firewall
(De-Militarized Zone)
Important
Questions to know about Identity Management
Why
does an administrator need to use identity management?
-
Lower costs of user administration
-
Improves user provisioning
-
Centralizes management of security policies and authorizations
-
Provides better security using Centralized processing
-
Scalable administration through delegation
What
are the users’ benefits for using identity management?
-
Improves productivity by using quick access to an application
-
Improves usability with a single user identity and credentials,
and application personalization
Name
the different components of Oracle Identity management.
-
Oracle Internet Directory
-
OracleAS Single Sign-On Server
-
Delegated Administration Services
-
OracleAS Certificate Authority
-
Directory Integration Service
-
Directory Provisioning Service
What
does the “Authentication”
term mean in OID?
It
is the process by which an application or a security system ascertains
whether the entity is one what it claims to be.
What
does the “Authorization”
term mean in OID?
It
is the process by which an application or a security system ascertains
the entitlements of a network entity or a user.
What
does the “Account
Provisioning” mean in OID?
It
is the process of creating an account for a given application and
managing the account’s entitlements to allow and control its access
to the resources managed by the application.
What
does the “Identity Management
Realm” mean in OID?
It
is a collection of identities and associated policies, which is
typically used when enterprises want to isolate user populations and
enforce different identity management policies for each population.
The various identity management realms created are not hierarchical
but are at the same level.
How
can a user get a certificate from the OCA server?
A
user can get a certificate from the OCA server by using any of the
following methods:
-
Authenticating using Oracle AS Single Sign-On username and
password
-
Authenticating using secure sockets layer (SSL), by using an
existing certificate issued by the CA
-
Traditional administrative review and approval
What
is the “Delegated Administration Services (DAS)” web?
It is a set of individual, predefined Web-based services
called Delegated Administration Service units. Delegated
Administration Service units perform directory operations on behalf of
a user. DAS makes it easier to develop and deploy administration
solutions for OID-enabled applications. You can use DAS to delegate
certain functions to an administrator or a user.
|