This chapter describes how you can use Grid Control to manage your Identity Management targets.
This chapter contains the following sections:
Oracle Identity Management provides a unified, integrated security platform designed to manage user identities, provision resources to users, secure access to corporate resources, enable trusted online business partnerships, and support compliance (identity analytics) across the enterprise.
Oracle Identity management products include the following:
Oracle Access Manager 10g
Oracle Identity Manager 9.x
Oracle Identity Federation 10g and 11g
Oracle Identity Management Suite 10g (including Oracle Internet Directory, Single Sign-On, Delegated Administration Services, and Directory Integration Platform)
Oracle Internet Directory 11g
Directory Integration Platform 11g
Oracle Virtual Directory 11g
Enterprise Manager helps you monitor the availability and diagnose the health of Identity Manager targets within your enterprise configuration. By deploying a Management Agent on each host, you can use Enterprise Manager to discover the Identity Management components on these hosts, and automatically begin monitoring them using default monitoring levels, notification rules, and so on.
In Enterprise Manager Grid Control 11g Release 1, an Identity and Access page provides a central site for monitoring all discovered Identity Management components. The Identity and Access page can be added to the Targets sub-tabs by clicking on Preferences > Target and by adding Identity and Access to the selected target subtabs. From the Identity and Access page, you can discover both Identity Management 10g and Identity Management 11g components, create systems and services based on the end-to-end Identity Management environment, and monitor the health of all discovered Identity Management components from a single page. All Identity Management targets, whether Access, Identity, Identity Federation, and Identity Manager have their own server home pages that provide easy access to key information required by the administrators. Each Identity Management Server home page provides the following information:
Server status, responsiveness, and performance data. This includes a wide range of out-of-box performance metrics like CPU utilization, failed and successful authentications or authorizations, average response time, provisioning metrics, and up/down status of servers and components), to find root causes of problems that could potentially slow performance, extend response times, or create outages.
Customizable performance summaries with a Metric Palette that allows users to drag and drop performance charts and drill down into usage and performance statistics for:
Oracle Identity Federation Providers that show authentication requests and responses, HTTP and SOAP requests and responses, and authentication response processing time.Oracle Internet Directory User Statistics that show failed and completed LDAP operations like Add, Bind, Compare, Delete, Modify, and Search. Directory Integration Platform Synchronization and Provisioning Profiles that show job status, successful, skipped, or failed changes, completion time, and errors.
Resource usage for the server and its components
Functionality to start, stop, and restart components
Configuration Management: Allows you to perform key configuration management tasks like keeping track of configuration changes for diagnostic and regulatory purposes, taking snapshots to store configurations, and comparing component configurations to ensure consistency of configurations within the same or across different environments.
Figure 10-1 shows the Access Manager - Access Server home page.
Identity Management services run on Identity Management systems defined in Grid Control. The system includes the software infrastructure components that the Identity services rely on. The system includes components such as databases, HTTP servers, OC4Js, and other servers.
The system is a collection of server targets that are grouped together in Grid Control to give you a view of the "data-center" components that comprise your Identity Management deployment. Identity Management Systems are created when Identity suite components are discovered using Grid Control. Grid Control also monitors the performance and availability of these components and provides a System Dashboard to view the health of the Identity Management system in a single window.
Figure 10-2 shows an Access Manager-Identity System home page:
An Identity Management service is a logical target configured by Grid Control. You use Grid Control to step you through the process of configuring a web application service for your Identity component instances. After you configure a service, that service is displayed on the Services page.
Critical application functions are defined and monitored as services in Grid Control. Each service is monitored by Grid Control beacons, which run service tests that simulate real user access to the service. Service availability and performance are monitored automatically, and problems are immediately reported to the administrator. By monitoring availability and performance of Identity Management services, you can identify and resolve user-visible problems more quickly and thus minimize the impact on users.
Each service has its own home page. The Service Home pages in Grid Control provide:
Status, responsiveness, and performance data
Resource usage data for the service
Summary information such as status, performance alerts, usage alerts, and policy violations for the service's subcomponents, including other services and associated systems
Links to home pages for the service's subcomponents
Alerts and diagnostic drill-downs so that you can identify and resolve problems quickly
The Services Dashboard provides a high-level view of the status, performance, and usage of each Identity Management target. Service-level compliance for various time periods are also included for each service on the dashboard. You can launch the dashboard directly from Identity system target home page. You can also publish the Services Dashboard so that it can be viewed by non-Enterprise Manager users. This allows you to provide a self-service status web page to your end users.
Related Links to do the following:
View metrics for the service
View client configurations
Edit the service
View the service target's properties
View and manage metric thresholds and policies
See Also:Chapter 8, "Service Management"
Individual services in Identity Management are associated with critical system components. This allows Enterprise Manager to perform Root Cause Analysis down to the system level whenever a service outage is detected. When you are configuring an Identity Management service in Grid Control, as mentioned in Configuring Identity Management Services, you also mention the critical system components of this service. When an Identity Management service goes down, Enterprise Manager automatically performs a root cause analysis to determine which critical system component is responsible for this.
Enterprise Manager automatically gathers and evaluates diagnostic information from Identity Management targets distributed across the enterprise. As with all targets managed by Enterprise Manager, an extensive number of Identity Management performance metrics are automatically monitored against predefined thresholds. Alerts are generated in Grid Control when metrics exceed these thresholds.
You can use Grid Control to diagnose performance and availability problems with your Identity Management services. For example, if a service outage occurs, Root Cause Analysis will determine if the primary cause is an outage of a critical service or system component. If a service performance issue is found, an administrator can examine detailed metrics over time related to that service and any of the service or system components used by that service. When you suspect there is a problem with one or more server components in the Identity Management system, the system home pages provide metrics and charts for diagnosing the issue.
Administrators can monitor the health of all critical Identity Management components, including both Identity Management 10g and Identity Management 11g components. Thresholds may be defined against server and component statistics such as CPU utilization, the number of failed and successful authentications or authorizations, average response time, provisioning metrics (e.g. number of newly provisioned, created, deleted, disabled, locked users), Identity Provider and Service Provider metrics, and up/down status of servers and components.In addition to relying on system performance metrics, you may use Management Pack for Identity Management Service Tests to record synthetic web transactions that include a combination of one or more navigation paths within the application to be used as the criteria for determining the availability of the service. For example, Oracle Access Manager requires that a user be successfully authenticated and authorized against a certain WebGate for the service to be considered available. Enterprise Manager uses these logical tasks or transactions to define the availability of the Identity Management environment. In addition to synthetic web transactions, Enterprise Manager also supports LDAP tests that allow you to record LDAP operations against a specific LDAP server (including Oracle Virtual Directory). With the LDAP tests, you can specify the username or password, Search Filter, Search Base, and Compare Attribute Name or Value. These synthetic web transactions are recorded, and the stored transaction or service test can be launched at a user-defined interval from strategic locations across the user-base."
Job Automation: You can use the Grid Control job system to schedule tasks you want to automate.
Policies: You can utilize the policy framework to ensure your Identity Management infrastructure adheres to your site-specific standards.
Database and Application Server Management: Using the single Grid Control console, you can also manage the specific databases and application servers in your Identity Management deployment if needed.
Extensions: Grid Control also includes monitoring of key network components that may be part of your Identity Management deployment. You can also extend Grid Control to monitor other components that are not recognized out-of-box by Enterprise Manager.