As more and more businesses rely on the Oracle Identity and Access Management Suite to control access to their mission-critical applications (both packaged applications and custom-built web applications) and to provision resources across their organizations, the need to achieve predictable performance and availability for Oracle Identity Management systems has become a top priority for many businesses. An outage or slow performance in access and identity services, for instance, can have negative impacts on the business bottom-line as end-users are unable to log in to mission-critical applications.
To help you maximize the value of Oracle Identity Management systems and to deliver a superior ownership experience while restraining the systems management costs, Oracle provides Oracle Management Pack Plus for Identity Management (the Identity Management Pack), which leverages the Oracle Enterprise Manager Cloud Control advanced management capabilities, to provide an integrated and top-down solution for your Oracle Identity Management environment.
To view a video about managing Oracle Identity Management, click here.
The benefits of using Identity Management Pack include:
Using a centralized systems management solution to efficiently manage multiple Oracle Identity Management deployments including testing, staging, and production environments from a single console
Gaining the ability to monitor a wide range of performance metrics for all critical Identity Management components to find root causes of problems that could potentially slow performance or create outages
Automating configuration management to accelerate problem resolution
Recording synthetic Web transactions (or service tests) to monitor Identity Management Service availability and analyze end user response times
Defining Service Level Objectives (SLO's) in terms of out-of-box system-level metrics, as well as end user experience metrics to accurately monitor and report on Service Level Agreement (SLA) compliance
The features in the Identity Management Pack include:
Enterprise-Wide View of Oracle Identity Management
The "Identity and Access" dashboard provides a centralized view of all Oracle Identity Management components - including Identity Management 10g and Identity Management 11g components.
From the "Identity and Access" dashboard, users can view the performance summary of the associated systems and services based on the underlying dependencies and monitor the overall health of the Identity Management environment.
Performance Management
A wide range of out-of-box performance metrics to find root causes of problems that could potentially slow performance, extend response times, or create outages
Customizable performance summaries with a "Metric Palette" that allows users to drag and drop performance charts
Configuration Management
Perform key configuration management tasks like keeping track of configuration changes for diagnostic and regulatory purposes, taking snapshots to store configurations, and comparing component configurations to ensure consistency of configurations within the same environment or across different environments.
New features for Identify Management Pack include:
Problem Analysis
Problem analysis is now available for IDM targets. See Chapter 32, "Investigating and Analyzing Problems" for more information.
Performance Page
This page shows the performance of the database corresponding to the Oracle Access Manager (OAM) Enterprise Manager target. Using this data, the OAM administrator can identify problems causing performance bottlenecks.
Configuration Compare Templates
Using a template, you can remove properties that typically signal "false positives" in comparisons by setting flags to ignore differences. When comparing hosts, for example, you know that host names will be different, so you can indicate to ignore differences on the name property value.
Performance Management
Out-of-box reports for Oracle Internet Directory, Oracle Access Manager, and Oracle Identity Manager
Oracle Identity Manager database performance page to analyze the performance of the underlying Oracle Identity Manager database in the context of the OIM-specific tables and user. Note: The database target will need to be discovered to take advantage of all the features on the database performance page.
Configuration Management
Automated compliance monitoring and change detection for Oracle Identity Manager is now available to help customers meet compliance and reporting requirements.
To enable the compliance standard association with the Oracle Identity Manager Cluster target. Perform the following steps:
Click the Oracle Identity Manager Cluster target. From the Target menu, select Compliance, then select Standard Associations.
Click Edit Association Settings. Click Add and then select Oracle Identity Manager Cluster Configuration Compliance.
Click OK and then OK again to enable the new association setting.
Monitoring Support
As part of the Oracle Access Management Suite, added monitoring support for the Oracle Mobile and Social, Identity Federation. This includes Up and Down status of Mobile and Social service along with the collection of the select Mobile and Social metrics.
You can use Enterprise Manager to monitor the following Identity Management 11g components (Table 29-1).
Table 29-1 Licensed Targets for Identity Management 11g Targets
Enterprise Manager Target Type | Purpose |
---|---|
Oracle Adaptive Access Manager Oracle Access Manager Oracle Directory Integration Platform Oracle Identity Federation Oracle Identity Manager Oracle Internet Directory Oracle Virtual Directory |
Each component will be presented as a target in Enterprise Manager which provides an interface with access to target overview, customizable performance summary, process control, configuration management, compliance analysis, and Information Publisher reports. For all the Oracle Adaptive Access Managers, Oracle Access Managers, and Oracle Identity Managers that are deployed within the same WebLogic domain, a cluster target will be created for each component:
Each cluster target is a logically related group of components that are managed as a unit. Every target is part of a WebLogic domain. |
Oracle Directory Server Enterprise Edition |
The following types of targets will be created for each Oracle Directory Server Enterprise Edition deployment:
Each target provides an interface in Enterprise Manager with access to target overview, customizable performance summary, process control, and configuration management. |
The following Identity Management 10g components can be monitored by Enterprise Manager (Table 29-2).
Table 29-2 Licensed Targets for Identity Management 10g Targets
Enterprise Manager Target Type | Purpose |
---|---|
Oracle Delegated Administration Server Oracle Directory Integration Platform Oracle Internet Directory Oracle Single Sign-On |
Each component will be presented as a target in Enterprise Manager which provides an interface with access to target overview and performance summary |
Oracle Access Manager - Access Server Oracle Access Manager - Identity Server Oracle Identity Federation |
Each component will be presented as a target in Enterprise Manager which provides an interface with access to target overview and performance summary. A system target will be created for each component to provide end-to-end system oriented view of the component:
The underlying LDAP servers, database instances and hosts will be monitored within the system. |
Oracle Identity Manager |
The following types of targets will be created for each Oracle Identity Manager:
A system target will be created for Oracle Identity Manager to provide an end-to-end system oriented view of the component.
The underlying LDAP servers, database instances, and hosts will be monitored within the system. |
The monitored targets in the Identity Management pack associated with both release 10g and release 11g are summarized in Table 29-3.
Table 29-3 Targets Associated with Both Identity Management 10g and Identity Management 11g Targets
Enterprise Manager Target Type | Purpose |
---|---|
Generic Service |
With the Management Pack Plus for Identity Management, users can create targets of type Generic Service associated with any of the monitored Identity Management Systems: Access Manager - Access System, Access Manager - Identity System, Identity Federation System, Identity Manager System, and Identity and Access System. The Generic Service target provides an end-to-end service oriented view of the monitored Oracle Identity Management targets with access to performance and usage metrics, service tests, service level rules, service availability definition, alerts, charts, and topology view. |
Host |
Representation of hosts running Oracle Identity Management components providing access to metrics, alerts, performance charts, remote file editor, log file alerts, user-defined metrics, host commands and customized reports. |
Oracle Database |
Representation of Oracle Database that is used by Oracle Identity Management components providing access to metrics, alerts, performance charts, compliance summary, and configuration management. |
Oracle Identity and Access System |
System target that can be modeled with any discovered Oracle Identity Management target (including both Identity Management 10g and Identity Management 11g targets) and the underlying hosts and databases as the key components providing an end-to-end system oriented view of the monitored Identity Management environment. The Identity and Access System target provides access to member status, metrics, charts, incidents, and topology view. |
Oracle SOA Suite |
Representation of Oracle SOA Suite that is used by Oracle Identity Manager 11g providing access to metrics, alerts, performance charts, and configuration management of the SOA infrastructure instance and its service engines. |