Skip Headers
Oracle® Enterprise Manager Cloud Control Administrator's Guide
12c Release 1 (

Part Number E24473-01
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
PDF · Mobi · ePub

22 Identity Management

This chapter describes how you can use Cloud Control to manage your Identity Management targets.

This chapter contains the following sections:

About Oracle Identity Management

Oracle Identity Management provides a unified, integrated security platform designed to manage user identities, provision resources to users, secure access to corporate resources, enable trusted online business partnerships, and support compliance (identity analytics) across the enterprise.

Enterprise Manager supports monitoring of the following Oracle Identity Management components:

Using Cloud Control for Monitoring Identity Management Targets

Enterprise Manager helps you monitor the availability and diagnose the health of Identity Management components within your enterprise configuration. By deploying a Management Agent on each host, you can use Enterprise Manager to discover the Identity Management components on these hosts, and automatically begin monitoring them using default monitoring levels, notification rules, and so on.

Identity and Access Dashboard

In Cloud Control 12c, a new Identity and Access dashboard provides a centralized view of all deployed Oracle Identity Management components - including both Identity Management 10g and Identity Management 11g components. This dashboard enables you to monitor the health of complex Identity Management deployment by providing an integrated interface for Component Type Overview, Member Summary, Resource Usage, Systems, Services and individual component types (Oracle Internet Directory, Oracle Access Manager, etc.) regions. Based on the deployment criteria, you can select the regions that best fit your deployment and display those in the dashboard. Following are the Oracle Identity Management components for which these regions are displayed:

  • Oracle Access Manager Server

  • Oracle Adaptive Access Manager Server

  • Oracle Directory Server Enterprise Edition Server

  • Oracle Identity Manager Cluster

  • Oracle Internet Directory Server

  • Oracle Virtual Directory Server

Each individual component type region displays the most critical metrics for the discovered target members of the specified Identity Management component type. Besides showing current values of these critical metrics, the region displays performance trends of these critical metrics for the last 24 hours so that you can visualize the performance of all target members in a single region.

You can access Identity and Access dashboard (shown in Figure 22-1) from the Middleware Features menu when you click on Targets->Middleware from the Cloud Control home page.

Figure 22-1 Identity and Access Dashboard

Identity and Access Dashboard
Description of "Figure 22-1 Identity and Access Dashboard"

Identity Management Component Server Home Page

All Identity Management targets, whether Access, Identity, Identity Federation, and Identity Manager have their own server home pages that provide easy access to key information required by the administrators. Each Identity Management Component Server home page provides the following information:

  • Server availability, responsiveness, and performance data. This includes a wide range of out-of-box performance metrics such as server up/down status, average response time, CPU utilization, memory utilization, provisioning metrics, failed logins, and total connections.

  • Customizable performance summaries with a Metric Palette that allows users to drag and drop performance charts to drill down into usage and performance statistics.

  • Resource usage for the host or WebLogic Server

  • Functionality to start, stop, and restart components

Figure 22-2 shows the Oracle Directory Server Enterprise Edition server home page.

Figure 22-2 Oracle Directory Server Enterprise Edition Server Home Page

Oracle Directory Server Enterprise Edition Server Home Page
Description of "Figure 22-2 Oracle Directory Server Enterprise Edition Server Home Page"

Configuration Management

You can perform key configuration management tasks such as keeping track of configuration changes, taking snapshots to store configurations, and comparing component configurations. To ensure that the configurations of all critical Oracle Identity Management components in your production environment are consistent with your staging or test environments, you can use Configuration Snapshots to save working configurations into the Management Repository or into an external XML file and then use the Configuration Comparison tool to compare the configuration in the production environment against the test or staging environments. Configuration Comparison helps you ensure the consistency of configurations in your environment, thus reducing “configuration drift.” To diagnose performance problems that may be related to system configuration changes, you can use the Configuration History tool (Figure 22-3) to keep track of all configuration changes to locate the root cause of performance problems.

Figure 22-3 Compare Results Page

Compare Results Page

Identity Management Systems

Identity Management services run on Identity Management systems defined in Cloud Control. The system includes the software infrastructure components that the Identity services rely on. This system can be created using the Identity and Access System Create wizard, that can be accessed from Systems page.

The system is a collection of server targets that are grouped together in Cloud Control to give you a view of the "data-center" components that comprise your Identity Management deployment. Identity Management Systems are created when Identity suite components are discovered using Cloud Control. Cloud Control also monitors the performance and availability of these components and provides a System Dashboard to view the health of the Identity Management system in a single window.

Figure 22-4 shows an Identity and Access System home page:

Figure 22-4 Identity and Access System Home Page

Identity and Access System Home Page
Description of "Figure 22-4 Identity and Access System Home Page"

Identity Management Services

An Identity Management service is a logical target configured by Cloud Control. You use Cloud Control to step you through the process of configuring a web application service for your Identity component instances. After you configure a service, that service is displayed on the Services page.

Critical application functions are defined and monitored as services in Cloud Control. Each service is monitored by Cloud Control beacons, which run service tests that simulate real user access to the service. Service availability and performance are monitored automatically, and problems are immediately reported to the administrator. By monitoring availability and performance of Identity Management services, you can identify and resolve user-visible problems more quickly and thus minimize the impact on users.

Monitoring Services

Cloud Control enables you to monitor all of your Identity Management services. Each service is monitored for performance, usage, and availability.

Each service has its own home page. The Service Home pages in Cloud Control provide:

  • Status, responsiveness, and performance data

  • Resource usage data for the service

  • Summary information such as status, performance alerts, usage alerts, and policy violations for the service's subcomponents, including other services and associated systems

  • Links to home pages for the service's subcomponents

  • Alerts and diagnostic drill-downs so that you can identify and resolve problems quickly

  • Services Dashboard

    The Services Dashboard provides a high-level view of the status, performance, and usage of each Identity Management target. Service-level compliance for various time periods are also included for each service on the dashboard. You can launch the dashboard directly from Identity system target home page. You can also publish the Services Dashboard so that it can be viewed by non-Enterprise Manager users. This allows you to provide a self-service status web page to your end users.

  • Related Links to do the following:

    • View metrics for the service

    • View client configurations

    • Edit the service

    • View the service target's properties

    • Manage blackouts

    • View and manage metric thresholds and policies

Identity Management Root Cause Analysis

Individual services in Identity Management are associated with critical system components. This allows Enterprise Manager to perform Root Cause Analysis down to the system level whenever a service outage is detected. When you are configuring an Identity Management service in Cloud Control, as mentioned in Identity Management Services, you also mention the critical system components of this service. When an Identity Management service goes down, Enterprise Manager automatically performs a root cause analysis to determine which critical system component is responsible for this.

Automated Identity Management Monitoring and Alerts

Enterprise Manager automatically gathers and evaluates diagnostic information from Identity Management targets distributed across the enterprise. As with all targets managed by Enterprise Manager, an extensive number of Identity Management performance metrics are automatically monitored against predefined thresholds. Alerts are generated in Cloud Control when metrics exceed these thresholds.

Diagnosing Identity Management Performance and Availability Problems

You can use Cloud Control to diagnose performance and availability problems with your Identity Management services. For example, if a service outage occurs, Root Cause Analysis will determine if the primary cause is an outage of a critical service or system component. If a service performance issue is found, an administrator can examine detailed metrics over time related to that service and any of the service or system components used by that service. When you suspect there is a problem with one or more server components in the Identity Management system, the system home pages provide metrics and charts for diagnosing the issue.

Administrators can monitor the health of all critical Identity Management components, including both Identity Management 10g and Identity Management 11g components. Thresholds may be defined against server and component statistics such as CPU utilization, the number of failed and successful authentications or authorizations, average response time, provisioning metrics (e.g. number of newly provisioned, created, deleted, disabled, locked users), Identity Provider and Service Provider metrics, and up/down status of servers and components.In addition to relying on system performance metrics, you may use Management Pack for Identity Management Service Tests to record synthetic web transactions that include a combination of one or more navigation paths within the application to be used as the criteria for determining the availability of the service. For example, Oracle Access Manager requires that a user be successfully authenticated and authorized against a certain WebGate for the service to be considered available. Enterprise Manager uses these logical tasks or transactions to define the availability of the Identity Management environment. In addition to synthetic web transactions, Enterprise Manager also supports LDAP tests that allow you to record LDAP operations against a specific LDAP server (including Oracle Virtual Directory). With the LDAP tests, you can specify the username or password, Search Filter, Search Base, and Compare Attribute Name or Value. These synthetic web transactions are recorded, and the stored transaction or service test can be launched at a user-defined interval from strategic locations across the user-base."

Leveraging the Cloud Control Management Framework

Cloud Control includes many general features that are useful to an Identity Management administrator, including: