How
to plan to deploy an Oracle Identity management (Planning Oracle
Identity management Deployment)
LESSON13
Common
Logical deployment models
-
A central
identity management system
-
A model
serving internal and external user
-
A model of
providing administrative autonomy for departmental applications
-
A model of
integrating OIM in a Windows environment
When
do you deploy two identity management realms?
-
Security
isolation: It
provides security environment isolation between groups of applications
that require isolation among them, such as extranet and internet
environment.
-
Accessibility:
Applications are accessible to internal and external users and are
served by two identity management infrastructures.
-
Data
synchronization:
Application-required data is synchronized between the two identity
management infrastructures.
-
Availability:
A separate identity management infrastructure is available for
internal and external users.
Why do you need to
have OID multi-master replication?
Multi-master
OID replication provides the following benefits:
-
No
single point of failure:
Multiple identical replicas prevent the directory service from
becoming a single point of failure for applications In the network.
-
Transparent
failover:
Achieved by front-ending the network of replicas with appropriate load
balancers or routing elements that can be configured such that if any
Oracle Internet Directory node becomes unavailable, the applications
are transparently failed-over to alternative nodes In the network
-
Load
balnce: Achieved
by employing load balancers to distribute application and user access
requests among Oracle Internet Directory nodes In the replication
network so that no one node is overloaded leading to performance
degradation
What
security mechanisms should you use to secure your OCA deployment?
The
OracleAS Certificate Authority host system should be secured with at
least the following mechanisms, such as:
-
Physical
access to the OracleAS Certificate Authority system must be strictly
controlled.
-
The operating
system must be hardened, and user accounts In the system must be
limited.
-
The
repository for OracleAS Certificate Authority must be secured with
database securing guidelines.
-
Oracle
Application Server must be secured.
-
Repository
database auditing must be turn on.