Oracle® Access Manager Configuration Manager Installation and Administration Guide 10g (10.1.4.2.0) Part Number E10358-01 |
|
|
View PDF |
Before migrating data, your team must create a document that defines and records a detailed plan for each installed deployment. You also need details about components and data within each deployment. This chapter provides the worksheet templates that you can copy and fill in, and checklists that you can copy and use to track migration activities:
Worksheet for Policy Manager (release 7.0.4 Access Manager) Instances
Checklist for Deploying and Setting Up the Configuration Manager
Oracle recommends that you copy and fill in the worksheets in this appendix to record the details for each installed deployment. Oracle Access Manager installation and upgrade worksheets provide a starting point. Any details that you can access and print from your deployment will save you time and eliminate the possibility of errors.
Note:
Store worksheets, printed copies, and other recorded details about your installation in a secure location for tracking purposes.This appendix also provides three checklists. You use the first checklist to track application deployment and setup. You use the second checklist to track data migration activities. The third checklist identifies data that is not supported for migration using Oracle Access Manager Configuration Manager.
Use the space in Table A-1 to record general information about your deployment.
Table A-1 Details for Your Overall Deployment
Task | Subtask | Overall Deployment Worksheet |
---|---|---|
0 |
0.1 |
Deployment Name: ________________________________________________________________ Deployment Type (circle all that apply): ________Identity System Only or ________Joint Identity and Access System _____Development_____Test/Demo_____QA_____Preproduction_____Production _____Other Master Administrator for this deployment:___________________________________________ Date of the last validation of system operation:________________________________________ |
0.2 |
Total number of each component in this deployment: Identity Servers:____________________________________________________________________ WebPass Instances:_________________________________________________________________ If This is a Joint Identity and Access System, enter the total number of: Policy Managers (release 7.0.4 known as Access Manager component):____________________ Access Servers:____________________________________________________________________ WebGates:________________________________________________________________________ Custom AccessGates:_______________________________________________________________ Application Server Connectors (BEA, IBM, OC4J):______________________________________ |
|
0.3 |
Total number of: Directory Instances for Identity Servers only:__________________________________________ If This is a Joint Identity and Access System: Directory Instances for Policy Managers only:________________________________________ Directory Instances used by Identity Servers, Policy Managers (release 7.0.4 Access Manager), Access Server:_________________________________________________________________ |
|
0.4 |
Applications that depend on this deployment, owner: App. Names __________ Owner __________ Comments________________________________ ____________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ |
|
0.5 |
Change control procedures:__________________________________________________________ __________________________________________________________________________________ Scheduled maintenance windows:_____________________________________________________ __________________________________________________________________________________ Off-peak hours operation windows:___________________________________________________ __________________________________________________________________________________ |
Use the space in Table A-2 to record details about each directory instance in Oracle Access Manager 10g (10.1.4.0.1), or Oracle COREid Release 7.0.4, deployments.
Table A-2 Details for Directory Instances
Task | Subtask | Directory Instance Details |
---|---|---|
1 |
1.1 |
Directory server type: ______________________________________________________________ Directory server version:____________________________________________________________ Directory server patch level:_________________________________________________________ |
1.2 |
Directory Server Details Directory server DNS host name/IP address:___________________________________________ Directory server port #: ______________________________________________________________ Root bind DN for Oracle Access Manager:______________________________________________ Root password:______________________________________________________________________ Searchbase:_________________________________________________________________________ Configuration base:__________________________________________________________________ Directory server security mode: _____Open or _____SSL If SSL:
Disjoint searchbase:__________________________________________________________________ |
|
1.3 |
Directory Server Profiles (for more information, see specific worksheets for each) ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
1.4 |
Master/replica configuration details: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
1.5 |
Types of data in the directory server (circle all that apply for migration): _____Configuration Data __________Policy Data |
|
1.6 |
Person Object Class:__________________________________________________________________ Group Object Class:_________________________________________________________________ User full name attribute:_____________________________________________________________ User login ID attribute:_______________________________________________________________ Password attribute:_________________________________________________________________ |
|
1.7 |
User class attribute: |
|
1.8 |
User login ID attribute: |
|
1.9 |
Password attribute: |
Use the space in Table A-3 to record details you need for each LDAP directory instance.
Table A-3 DIT and Object Definition Details
Task | Subtask | DIT and Object Definition Details |
---|---|---|
2 |
2.1 |
Directory server DNS host name or IP address:__________________________________________ Directory server port #: _____________________________________________________________ |
2.2 |
DIT and schema objects used in Oracle Access Manager (or Oracle COREid Release 7.0.4) Person:_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Group:_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Others:_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Diagram DIT (up to 4-level deep):____________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ____________________________________________________________________________________ |
|
2.3 |
Object definition details for all objects managed through Oracle Access Manager: Person:_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Group:_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Others:_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
Use the space in Table A-4 to record details each directory server profile. Consider printing this information from your existing installation.
Table A-4 Details for Directory Server Profiles for Oracle Access Manager/Oracle COREid Release 7.0.4
Task | Subtask | Directory Server Profile Details |
---|---|---|
3 |
3.1 |
Directory server DNS hostname/IP address:___________________________________________ Directory server port #: _______________________________________________________________ |
3.2 |
Directory Server Profile Profile Name:_______________________________________________________________________ Namespace (searchbase): _____________________________________________________________ Directory Type:______________________________________________________________________ Dynamic Auxiliary Classes:___________________________________________________________ |
|
3.3 |
Operations (circle all that apply) Search Operations:_____Search Entries _____Authenticate Users Read Operations: _____Read Entry Write Operations: ____Create Entry___Modify Entry____Delete Entry____Change Password |
|
3.4 |
Used by components (record all that apply) All Identity Servers:_____________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Access Servers:______________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Policy Managers (formerly Access Managers):___________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
3.5 |
Write Operations: _______ Create Entry_______Modify Entry_______Delete Entry Change Password |
|
3.6 |
Database Instances (for more information, see specific worksheets for each): ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
3.7 |
Maximum Active Servers:____________________________________________________________ Failover Threshold:__________________________________________________________________ Sleep for seconds:___________________________________________________________________ Max. Session Time (minutes):_________________________________________________________ |
Use the space in Table A-5 to record details about each database instance profile associated with a directory server instance. Consider printing this information from your existing installation.
Table A-5 Details for DB Instance Profiles
Task | Subtask | DB Instance Profile Details |
---|---|---|
4 |
4.1 |
Directory Server Instance Name:_______________________________________________________ computer Name hosting the directory instance:__________________________________________ Port Number: ______________________________________________________________________ Root DN:___________________________________________________________________________ Root DN Password:__________________________________________________________________ Time Limit:_________________________________________________________________________ Size Limit:__________________________________________________________________________ Flags:_____SSL _____Referral_____Fast Bind (AD only) If SSL:
Secure Port Number:_________________________________________________________________ Initial Connections:__________________________________________________________________ Maximum Connections:______________________________________________________________ |
Use the space in Table A-6 to record details about each Identity Server.
Table A-6 Details for Existing Identity Servers
Task | Subtask | Existing Identity Server Details |
---|---|---|
5 |
Prepare for Identity Configuration Data Migration in Deployment: Total Number of Identity Servers in this deployment: |
|
5.1 |
Identity Server Details Installation directory of this Identity Server:_____________________________________________ Exact Patch Level:____________________________________________________________________ Operating System and Patch Level:_____________________________________________________ Installation directory for the associated WebPass:________________________________________ |
|
5.2 |
Transport security mode between the Identity Server and WebPass: __________Open __________Simple __________Cert If Simple, enter Pass Phrase:__________________________________________________________ If Cert mode, specify full path to:
|
|
5.3 |
Unique Identity Server ID of this instance:______________________________________________ Host name of computer where Identity Server installed:__________________________________ Port number for Identity Server/WebPass communication:________________________________ |
|
5.4 |
Directory server type:________________________________________________________________ For more information for this Directory Instance, see worksheet:___________________________ |
|
5.5 |
Security mode between directory server and Identity Server: __________SSL __________Open If SSL, path to the Root CA certificate:_________________________________________________ |
|
5.6 |
(Windows only) Unique Identity Server service name that differentiates this instance in the Services window if you have multiple instances): |
|
5.7 |
Auditing configuration: ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
5.8 |
Password policy configuration: ____________________________________________________________________________________ |
Use the space in Table A-7 to record details about each existing Policy Manager (formerly known as the Access Manager component).
Table A-7 Details for Existing Policy Managers
Task | Subtask | Existing Policy Manager Details |
---|---|---|
6 |
Prepare for Policy Data Migration in Deployment: Total Number of Policy Managers in this deployment: |
|
6.1 |
Policy Manager Instance Details Installation directory of this Instance _________________________________________________ |
|
6.2 |
Is this the master Policy Manager for the data migration? __________Yes __________No Where is policy data stored? - User data directory server- Configuration data directory server- Separate directory server Directory server type___________________ ____________________________________________ Searchbase where user data is stored:__________________________________________________ Configuration DN:__________________________________________________________________ Policy base:________________________________________________________________________ For more information for this Directory Instance, see worksheet____ _____________________ |
|
If the security mode between the directory server and the Policy Manager is SSL, the path to the SSL certificate is:_________________________________________________________________ |
||
6.3 |
Person object class name: |
|
6.4 |
Policy Manager policy domain root: |
|
6.5 |
Configured Oracle Access Manager 10g (10.1.4.0.1)/Oracle COREid Release 7.0.4 authentication schemes? Yes No If Yes, select authentication scheme or schemes: 10g (10.1.4.0.1) Authentication Schemes _______or _____release 7.0.4 Authentication Schemes _____Basic Over LDAP________________or___________Basic Over LDAP _____Client Certificate________________or___________Client Certificate _____Anonymous____________________or___________NetPoint None Authentication _____Oracle Access and Identity Basic Over LDAP _____________________________________or___________NetPoint Basic Over LDAP _____Oracle Access and Identity Basic Over LDAP for AD Forests _____________________________________or______NetPoint Basic Over LDAP for AD Forests - Others ____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
6.6 |
Configured Oracle Access Manager 10g (10.1.4.0.1)/Oracle COREid Release 7.0.4-related policy domains? Yes No If Yes, select policy domains: 10g (10.1.4.0.1) Policy Domains __________or_____ release 7.0.4 Policy Domains _____Identity Domain (a default)_________or______NetPoint Identity Domain _____Access Domain (a default)__________or______NetPoint Access Manager Others _____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
6.7 |
Configured policies to protect Oracle Access Manager 10g (10.1.4.0.1) or Oracle COREid Release 7.0.4-related URLs? _____Yes or _____No Details_____________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
Use the space in Table A-8 to record details about each earlier Access Server. Consider printing some of this information from the Access System Console.
Table A-8 Details for Existing Access Servers
Task | Subtask | Access Server Details |
---|---|---|
7 |
Access Server Details Total number of Access Servers |
|
7.1 |
Access Server Instance Details Installation directory of this Access Server Instance ______________________________________ |
|
7.2 |
Access Server Details in the System Console Access Server name__________________________________________________________________ Access Server host name______________________________________________________________ Port # the Access Server listens to______________________________________________________ Transport security between Access Server and associated WebGate: ___Open___Simple__Cert Associated WebGate ID_______________________________________________________________ Access Management flag: __________ On __________Off |
|
7.3 |
Which directory server stores the configuration data? Same as Policy Manager directory server?__________Yes__________No Configuration DN_________________________________________________________________ If no, see worksheet for directory server instance________________________________________ Host computer:______________________________________________________________________ Port number:________________________________________________________________________ Root DN:___________________________________________________________________________ Root DN password:__________________________________________________________________ Directory type:______________________________________________________________________ Security mode between the configuration data directory server and the Access Server: __________Open__________SSL |
|
7.4 |
Which directory server stores the policy data?___________________________________________ Policy base:_________________________________________________________________________ For more details about directory server instance, see worksheet for_______________________ |
|
7.5 |
Transport Security for Access System Components: _____Open_____Simple_____Cert |
|
Simple mode only:Global Access Protocol pass phrase:____________________________________________________ Password file:_______________________________________________________________________ |
||
Cert mode only:Certificate PEM phrase:_______________________________________________________________ Password file:_______________________________________________________________________ Path of the certificate file:_____________________________________________________________ Path of the key file:__________________________________________________________________ Path of the chain file:_________________________________________________________________ |
Use the space in Table A-9 to record details about each configuration.
Table A-9 Details for Existing Configurations
Task | Subtask | Details of Existing Configurations |
---|---|---|
8 |
8.1 |
Installation directory of the configuration: _____________________________________________ Other components on this computer?_____Yes_____No _____Identity Server_____WebPass_____Policy Manager_____Access Server_____WebGate |
8.2 |
Workflows: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
8.3 |
User cache flush configuration:________________________________________________________ AccessGate ID:______________________________________________________________________ |
|
8.4 |
Access Control Lists (ACLs): ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
8.5 |
Custom Identity Event plug-ins (workflow details involving this plug-in, pre- or post actions) Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ Plug-in Name:______________________________________________________________________ Workflow Details:____________________________________________________________________ Pre-event Actions:___________________________________________________________________ Post-event Actions:___________________________________________________________________ |
|
8.6 |
Customized Authentication plug-ins: __________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
8.7 |
Customized Authorization plug-ins: __________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
|
8.8 |
10g (10.1.4.0.1) Access Manager API clients/release 7.0.4 Access Server API clients: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ |
Use the checklist in Table A-10 to track the progress of "Deploying and Setting Up the Configuration Manager".
Table A-10 Checklist for Schema and Data Preparation
Done | Checklist for Deploying and Setting Up the Configuration Manager |
---|---|
Deployment Name:_________________________________________________________________ Task owner:________________________________________________________________________ |
|
Setting Up a Repository and Installing OC4J |
|
Assigning Configuration Manager Administrator and User Roles in OC4J |
|
Ensuring the Repository is Available to the Configuration Manager |
Use the checklist in Table A-11 to track the progress of migrating data changes. This checklist should be used in conjunction with the information in chapters noted in the table.
Table A-11 Checklist for Configuration Data Migration
Done | Checklist for Configuration Data Migration |
---|---|
Deployment Name:_________________________________________________________________ Task owner:________________________________________________________________________ |
|
Migrating Data from the Source to the Target See also: "Data to Migrate Using Another Tool" . |
|
Rolling Back Changes Made During a Specific Transaction Transaction ID:_____________________________________________________________________ Date of Roll back:___________________________________________________________________ Reason for Roll back:________________________________________________________________ |
|
Restoring the Content of a Snapshot SnapShot ID:_____________________________________________________________________ Date of Restoration:_______________________________________________________________ Reason for Restoration:____________________________________________________________ |
Oracle Access Manager Configuration Manager migrates only data in the LDAP directory. It does not migrate any files.
The items in Table A-12 are not supported for migration using Oracle Access Manager Configuration Manager. To migrate data in Table A-12, you must use other code management products for check in, check out, and deployment. Details of other tools are outside the scope of this manual.
Table A-12 Data to Migrate Using Another Tool
Done | Description |
---|---|
Data that cannot be migrated using Oracle Access Manager Configuration Manager: Data Type____________________________________________Tool Used to Migrate This Data:____________
|