240 likes | 359 Views
David Saslav Principal Product Manager Database and Application Server Technologies Oracle Corporation. Oracle and Thor: Identity Management in the Heterogeneous Enterprise. The Business Problem. Managing users is complex Users need to be provisioned for numerous applications
E N D
David SaslavPrincipal Product Manager Database and Application Server Technologies Oracle Corporation
Oracle and Thor: Identity Management in the Heterogeneous Enterprise
The Business Problem • Managing users is complex • Users need to be provisioned for numerous applications • Many types of users: employees, customers, partners, suppliers… • … and hackers • Weak security due to proliferation of accounts, passwords and privileges • Risks from critical business applications and data being online • Legal mandates on protection of sensitive data
IT Challenges • Administrative challenges • Expensive and complex • Usability Problems • For both users and administrators • Security vulnerabilities • Fragmented security • Limited oversight
Identity Management Benefits • Simplifies Administration and Saves Money • Centralized user management is faster, easier to automate and less error-prone • Improves Security • Better security by preventing fragmented security administration • Enhances End User Experience • Single password and Single Sign-on eliminate wasted time by users • Personalizable end user experience
Users Users Security Reference Architecture For Distributed Systems Application Audit Protected Resources Authorization Authentication Privacy Application Security Services Identity & Policy Store Policy Decision Services Identity / Policy Assertion Services Identity Management Infrastructure Administration & Provisioning Administration & Provisioning
Oracle 10g Security Solution • Oracle Identity Management (OIM) Infrastructure for the enterprise • Overall Platform Security enabled by OIM • Individual Platform Components Have High Security Assurance
Oracle E-Business Suite Oracle Collaboration Suite OracleAS Portal & Wireless Application Component Security Responsibilities Roles …. Secure Mail Interpersonal Rights … Roles Privilege Groups … Oracle 10g Platform Security Bindings OracleAS 10g OracleAS 10g OracleAS 10g Oracle DB 10g Oracle 10g Oracle 10g JAAS, WS Security Java2 Permissions, ... JAAS, WS Security Java2 Permissions.. JAAS, WS Security Java2 Permissions.. Enterprise users, VPD, Encryption Label Security Enterprise users VPD, Encryption Label Security, … Enterprise users, VPD, Encryption Label Security External Security Services Access Management Directory Integration & Provisioning OracleAS Single Sign-on OracleAS Certificate Authority Delegated Administration Services Enterprise Security Infrastructure Oracle Internet Directory Oracle Identity Management Oracle Security Architecture Directory Services Provisioning Systems
Xellerate Enterprise Provisioning: Connecting Oracle to the Heterogeneous Enterprise
IdentityManagement Access Rights Provisioning Operational Efficiency Enhanced Security Business Processes Importance of User Access Provisioning Pivotal technology for the enterprise • Focus on the CIO Agenda immediate, quantifiable ROI • Rationalize infrastructure • Streamline operations • Reduce administrative costs • Strengthen security • Enhance user experience • Enables implementation of strategic & tactical initiatives • Enabler of the extended enterprise
I I B B M M I B M Users IT Resources Enterprise Systems Mainframe Client/Server Web The Provisioning Challenge
Day One 35% 65% Day Two (Deep Provisioning) Effort spent within each Lifecycle stage Stages of Provisioning Lifecycle Business function performed within each stage Day One: Grant and revoke access to small set of commonly used applications Day Two: Expand to support evolving business needs and user provisioning requirements -Transactional integrity -High availability -Wide geographic support
Xellerate Features Focus on the requirements of the dynamic enterprise • Ease of Use • Initial installation and configuration • Feature rich JAVA environment definition console • Straightforward Integration with target systems • No coding required • Self documenting • Customer selects agent location - remote or local • Deep Provisioning • Enterprise-class Architecture • Transactional integrity • Delegated Administration • User self-service and delegated IT • Administrative task queues • Adaptable Architecture • Lowest Overall TCO
Day 2 Provisioning Features • Adaptable Architecture • Separates what is done from how it is done • Evolves with business needs • Provisioning task scheduler • Business Process Management (BPM) support • Utilization of existing business rules • Creation of new provisioning specific business rules • Remote or in place rule execution • Business Process modeling
Day 2 Provisioning Features, cont’d. • Extensive Exception Management Capabilities • Customizable messages (error and provision process) • Intelligent error handling • Deep Provisioning • Mission Critical Capabilities • Provisioning Transaction Support • Rollback recovery • Logging • Full reporting and auditing
Oracle Identity Management Benefits • Enables deployment of all Oracle products out of the box • Application Server, Database, Collaboration Suite, E-Business Suite • An enterprise infrastructure that leverages Oracle’s “unbreakable” technology • Reliability, scalability, security, performance • A single point of integration for customer’s existing identity management solutions • Transparent 3rd party integration for OIM-enabled products • Accommodates a wide variety of partner solutions and customer deployments • Open, standards-based infrastructure enables integration with third-party solutions such as Xellerate from Thor Technologies
“The new Xellerate integration will enable our joint customers to provision the entire enterprise from the Oracle10g platform.” - Bill Maimone, Vice President, Oracle Server Technologies
Q & Q U E S T I O N S A N S W E R S A
Next Steps…. • Recommended sessions • NEXT! 3:15 PM, Moscone Room 123 Implementing Identity Management at Lawrence Livermore National Labs • Recommended demos and/or hands-on labs • Thor Xellerate in Security Pod (Exhibition Hall) • Oracle Identity Management in Oracle Campground • See Your Business in Our Software • Visit the DEMOgrounds for a customized architectural review, see a customized demo with Solutions Factory, or receive a personalized proposal. Visit the DEMOgrounds for more information. • Relevant web sites to visit for more information • http://www.thortech.com/
Reminder: Please complete the OracleWorld online session survey at any messaging kiosk. Thank you.