Oracle® Access Manager Configuration Manager Installation and Administration Guide 10g (10.1.4.0.1) Part Number B32392-01 |
|
|
View PDF |
Before migrating data, your team must create a document that defines and records a detailed plan for each installed deployment. You also need details about components and data within each deployment. This chapter provides worksheet templates that you can copy and fill in, and checklists you can copy and use to track migration activities:
Worksheet for Policy Manager (release 7.0.4 Access Manager) Instances
Checklist for Deploying and Setting Up the Configuration Manager
Oracle recommends that you copy and fill in the worksheets in this appendix to record the details for each installed deployment. Oracle Access Manager installation or upgrade worksheets provide a starting point. Any details that you can access and print from your deployment will save you time and eliminate the possibility of errors.
Note:
Store worksheets, printed copies, and other recorded details about your installation in a secure location for tracking purposes.This appendix also provides three checklists. You use the first checklist to track application deployment and setup. You use the second checklist to track data migration activities. The third checklist identifies data that is not supported for migration using Oracle Access Manager Configuration Manager.
Use the space in Table A-1 to record general information about your deployment.
Table A-1 Details for Your Overall Deployment
Task | Subtask | Overall Deployment Worksheet |
---|---|---|
0 |
0.1 |
Deployment Name: ________________________________________________________________ Deployment Type (circle all that apply): Identity System Only Joint Identity and Access System Development Test/Demo QA Pre-Production Production Other Master Administrator for this deployment:___________________________________________ Date of the last validation of system operation:________________________________________ |
0.2 |
Total number of each component in this deployment: Identity Servers:____________________________________________________________________ WebPass Instances:_________________________________________________________________ If Joint Identity and Access System, enter, total number of: Policy Managers (release 7.0.4 known as Access Manager component):____________________ Access Servers:____________________________________________________________________ WebGates:________________________________________________________________________ Custom AccessGates:_______________________________________________________________ Application Server Connectors (BEA, IBM, OC4J):______________________________________ |
|
0.3 |
Total number of: Directory Instances for Identity Servers only:__________________________________________ If Joint Identity and Access System: Directory Instances for Policy Managers only:________________________________________ Directory Instances used by Identity Servers, Policy Managers (release 7.0.4 Access Manager), Access Server:_________________________________________________________________ |
|
0.4 |
Applications that depend on this deployment, owner: App. Names Owner Comments ____________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ |
|
0.5 |
Change control procedures:__________________________________________________________ __________________________________________________________________________________ Scheduled maintenance windows:_____________________________________________________ __________________________________________________________________________________ Off hours operation windows:_______________________________________________________ __________________________________________________________________________________ |
Use the space in Table A-2 to record details about each directory instance in Oracle Access Manager 10g (10.1.4.0.1), or Oracle COREid Release 7.0.4, deployments.
Table A-2 Details for Directory Instances
Task | Subtask | Directory Instance Details |
---|---|---|
1 |
1.1 |
Directory server type: ______________________________________________________________ Directory server version:____________________________________________________________ Directory server patch level:_________________________________________________________ |
1.2 |
Directory Server Details Directory server DNS hostname/IP address:____________________________________________ Directory server port #: ______________________________________________________________ Root bind DN for Oracle Access Manager:______________________________________________ Root password______________________________________________________________________ Searchbase__________________________________________________________________________ Configuration base__________________________________________________________________ Directory server security mode Open SSL If SSL:
Disjoint searchbase___________________________________________________________________ |
|
1.3 |
Directory Server Profiles (for more information, see specific worksheets for each) ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
1.4 |
Master/replica configuration details: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
1.5 |
Types of data in the directory server (circle all that apply for migration): Configuration Data Policy Data |
|
1.6 |
Person Object Class__________________________________________________________________ Group Object Class_________________________________________________________________ User full name attribute:_____________________________________________________________ User login ID attribute:_______________________________________________________________ Password attribute:_________________________________________________________________ |
|
1.7 |
User class attribute: |
|
1.8 |
User login ID attribute: |
|
1.9 |
Password attribute: |
Use the space in Table A-3 to record details you need for each LDAP directory instance.
Table A-3 DIT and Object Definition Details
Task | Subtask | DIT and Object Definition Details |
---|---|---|
2 |
2.1 |
Directory server DNS hostname or IP address:__________________________________________ Directory server port #: _____________________________________________________________ |
2.2 |
DIT and schema objects used in Oracle Access Manager (or Oracle COREid Release 7.0.4) Person_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Group______________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Others______________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Diagram an up to 4-level deep DIT_____________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ____________________________________________________________________________________ |
|
2.3 |
Object definition details for all objects managed through Oracle Access Manager: Person_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Group______________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Others______________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
Use the space in Table A-4 to record details each directory server profile. Consider printing this information from your existing installation.
Table A-4 Details for Directory Server Profiles for Oracle Access Manager/Oracle COREid Release 7.0.4
Task | Subtask | Directory Server Profile Details |
---|---|---|
3 |
3.1 |
Directory server DNS hostname/IP address:___________________________________________ Directory server port #: _______________________________________________________________ |
3.2 |
Directory Server Profile Profile Name____________________________________:___________________________________ Namespace (searchbase): _____________________________________________________________ Directory Type:______________________________________________________________________ Dynamic Auxiliary Classes |
|
3.3 |
Operations (circle all that apply) Search Operations: Search Entries Authenticate Users Read Operations: Read Entry Write Operations: Create Entry Modify Entry Delete Entry Change Password |
|
3.4 |
Used by components (record all that apply) All Identity Servers:_____________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Access Servers_______________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Policy Managers (formerly Access Managers)____________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
3.5 |
Write Operations: Create Entry Modify Entry Delete Entry Change Password |
|
3.6 |
Database Instances (for more information, see specific worksheets for each) ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
3.7 |
Maximum Active Servers:____________________________________________________________ Failover Threshold:__________________________________________________________________ Sleep for seconds:___________________________________________________________________ Max. Session Time (minutes):_________________________________________________________ |
Use the space in Table A-5 to record details about each database instance profile associated with a directory server instance. Consider printing this information from your existing installation.
Table A-5 Details for DB Instance Profiles
Task | Subtask | DB Instance Profile Details |
---|---|---|
4 |
4.1 |
Directory Server Instance Name_______________________________________________________ computer Name hosting the directory instance___________________________________________ Port Number: ______________________________________________________________________ Root DN:___________________________________________________________________________ Root DN Password:__________________________________________________________________ Time Limit:_________________________________________________________________________ Size Limit:__________________________________________________________________________ Flags: SSL Referral Fast Bind (AD only) If SSL:
Secure Port Number_________________________________________________________________ Initial Connections:__________________________________________________________________ Maximum Connections:______________________________________________________________ |
Use the space in Table A-6 to record details about each Identity Server.
Table A-6 Details for Existing Identity Servers
Task | Subtask | Existing Identity Server Details |
---|---|---|
5 |
Prepare for Identity Configuration Data Migration in Deployment: Total Number of Identity Servers in this deployment: |
|
5.1 |
Identity Server Details Installation directory of this Identity Server _____________________________________________ Exact Patch Level____________________________________________________________________ Operating System and Patch Level_____________________________________________________ Installation directory for the associated WebPass_________________________________________ |
|
5.2 |
Transport security mode between the Identity Server and WebPass: Open Simple Cert If Simple, enter Pass Phrase__________________________________________________________ If Cert mode, specify full path to:
|
|
5.3 |
Unique Identity Server ID of this instance:______________________________________________ Host name of computer where Identity Server installed___________________________________ Port number for Identity Server/WebPass communication________________________________ |
|
5.4 |
Directory server type___________________ _____________________________________________ For more information for this Directory Instance, see worksheet____ ______________________ |
|
5.5 |
Security mode between directory server and Identity Server: SSL Open If SSL, path to the Root CA certificate |
|
5.6 |
(Windows only) Unique Identity Server service name that differentiates this instance in the Services window if you have multiple instances): |
|
5.7 |
Auditing configuration ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
5.8 |
Password policy configuration ____________________________________________________________________________________ |
Use the space in Table A-7 to record details about each existing Policy Manager (formerly known as the Access Manager component).
Table A-7 Details for Existing Policy Managers
Task | Subtask | Existing Policy Manager Details |
---|---|---|
6 |
Prepare for Policy Data Migration in Deployment: Total Number of Policy Managers in this deployment: |
|
6.1 |
Policy Manager Instance Details Installation directory of this Instance _________________________________________________ |
|
6.2 |
Is this the master Policy Manager for the data migration? Yes No Where is policy data stored? - User data directory server- Configuration data directory server- Separate directory server Directory server type___________________ ____________________________________________ Searchbase where user data is stored:__________________________________________________ Configuration DN:__________________________________________________________________ Policy base:________________________________________________________________________ For more information for this Directory Instance, see worksheet____ _____________________ |
|
If the security mode between the directory server and the Policy Manager is SSL, the path to the SSL certificate is:_________________________________________________________________ |
||
6.3 |
Person object class name: |
|
6.4 |
Policy Manager policy domain root: |
|
6.5 |
Configured Oracle Access Manager 10g (10.1.4.0.1)/Oracle COREid Release 7.0.4 authentication schemes? Yes No If Yes, select authentication scheme or schemes: 10g (10.1.4.0.1) Authentication Schemes release 7.0.4 Authentication Schemes - Basic Over LDAP - Basic Over LDAP - Client Certificate - Client Certificate - Anonymous - NetPoint None Authentication - Oracle Access and Identity Basic Over LDAP - NetPoint Basic Over LDAP - Oracle Access and Identity Basic Over LDAP for AD Forests - NetPoint Basic Over LDAP for AD Forests - Others ____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
6.6 |
Configured Oracle Access Manager 10g (10.1.4.0.1)/Oracle COREid Release 7.0.4-related policy domains? Yes No If Yes, select policy domains: 10g (10.1.4.0.1) Policy Domains release 7.0.4 Policy Domains - Identity Domain (a default) - NetPoint Identity Domain - Access Domain (a default) - NetPoint Access Manager Others _____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
6.7 |
Configured policies to protect Oracle Access Manager 10g (10.1.4.0.1) or Oracle COREid Release 7.0.4-related URLs? Yes No Details_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
Use the space in Table A-8 to record details about each earlier Access Server. Consider printing some of this information from the Access System Console.
Table A-8 Details for Existing Access Servers
Task | Subtask | Access Server Details |
---|---|---|
7 |
Access Server Details Total number of Access Servers |
|
7.1 |
Access Server Instance Details Installation directory of this Access Server Instance ______________________________________ |
|
7.2 |
Access Server Details in the System Console Access Server name__________________________________________________________________ Access Server host name______________________________________________________________ Port # the Access Server listens to______________________________________________________ Transport security between Access Server and associated WebGate: Open Simple Cert Associated WebGate ID_______________________________________________________________ Access Management flag On Off |
|
7.3 |
Which directory server stores the configuration data? Same as Policy Manager directory server? Yes No Configuration DN_________________________________________________________________ If no, see worksheet for directory server instance________________________________________ Host computer______________________________________________________________________ Port number________________________________________________________________________ Root DN____________________________________________________________________________ Root DN password___________________________________________________________________ Directory type_______________________________________________________________________ Security mode between the configuration data directory server and the Access Server: Open SSL |
|
7.4 |
Which directory server stores the policy data?___________________________________________ Policy base__________________________________________________________________________ For more details about directory server instance, see worksheet for_______________________ |
|
7.5 |
Transport Security for Access System Components: Open Simple Cert |
|
Simple mode onlyGlobal Access Protocol pass phrase:____________________________________________________ Password file________________________________________________________________________ |
||
Cert mode onlyCertificate PEM phrase:_______________________________________________________________ Password file_______________________________________________________________________ Path of the certificate file:_____________________________________________________________ Path of the key file:__________________________________________________________________ Path of the chain file:_________________________________________________________________ |
Use the space in Table A-9 to record details about each configuration.
Table A-9 Details for Existing Configurations
Task | Subtask | Details of Existing Configurations |
---|---|---|
8 |
8.1 |
Installation directory of the Configuration _____________________________________________ Other components on this computer? Yes No Identity Server WebPass Policy Manager Access Server WebGate |
8.2 |
Workflows ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
8.3 |
User cache flush configuration_________________________________________________________ AccessGate ID_______________________________________________________________________ |
|
8.4 |
Access Control Lists (ACLs) ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
8.5 |
Custom Identity Event plug-ins (workflow details involving this plug-in, pre- or post actions) Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ |
|
8.6 |
Customized Authentication plug-ins: __________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
8.7 |
Customized Authorization plug-ins: __________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
8.8 |
10g (10.1.4.0.1) Access Manager API clients/release 7.0.4 Access Server API clients: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
Use the checklist in Table A-10 to track the progress of Deploying and Setting Up the Configuration Manager.
Table A-10 Checklist for Schema and Data Preparation
Done | Checklist for Deploying and Setting Up the Configuration Manager | Details |
---|---|---|
Deployment Name:_________________________________________________________________ Task owner:________________________________________________________________________ |
||
|
||
Setting Up a Repository and Installing OC4J |
|
|
|
||
Assigning Configuration Manager Administrator and User Roles |
|
|
|
||
Ensuring the Repository is Available to the Configuration Manager |
|
Use the checklist in Table A-11 to track the progress of migrating data changes. This checklist should be used in conjunction with the information in chapters noted in the table.
Table A-11 Checklist for Configuration Data Migration
Done | Checklist for Configuration Data Migration | Details |
---|---|---|
Deployment Name:_________________________________________________________________ Task owner:________________________________________________________________________ |
||
|
||
|
||
|
||
|
||
|
||
Migrating Data from the Source to the Target See also: "Data to Migrate Using Another Tool" . |
|
|
|
||
|
||
Rolling Back Changes Made During a Specific Transaction Transaction ID_____________________________________________________________________ Date of Roll back:___________________________________________________________________ Reason for Roll back:________________________________________________________________ |
|
|
Restoring the Content of an Environment (Directory) Snapshot SnapShot ID_____________________________________________________________________ Date of Restoration:_______________________________________________________________ Reason for Restoration:____________________________________________________________ |
|
Oracle Access Manager Configuration Manager migrates only data in the LDAP directory. It does not migrate any files.
The items in Table A-12 are not supported for migration using Oracle Access Manager Configuration Manager. To migrate data in Table A-12, you must use other code management products for check in, check out, and deployment. Details of other tools are outside the scope of this manual.
Table A-12 Data to Migrate Using Another Tool
Done | Description |
---|---|
Data that cannot be migrated using Oracle Access Manager Configuration Manager: Data Type Tool Used to Migrate This Data:
|