Oracle ORAchk for Oracle Identity and Access Management proactively identifies areas to take preventive measures to keep a system healthy on an ongoing basis.
Oracle ORAchk for Oracle Identity and Access Management includes checks that cover the entire deployment stack from application tier to database tier.
Review the operating systems and Oracle Database requirements for deploying Oracle ORAchk for Oracle Identity and Access Management health check tool.
Only Linux is supported and in these combinations:
Table 2-3 Operating System and Database Requirements for Oracle ORAchk for Oracle Identity and Access Management health check tool
Operating System | Database |
---|---|
Linux(Oracle Enterprise Linux/RedHat 5, 6, 7 and SuSE 9.10, 11, 12) |
10g R1 |
Linux on System Z (RedHat 6, 7 and SuSE 12) |
11g R1 11g R2 12c 12c R2 |
Review the following for supported components and topologies.
Oracle ORAchk for Oracle Identity and Access Management health checks support the following components:
Oracle Identity Manager (11.1.2.2.x and 11.1.2.3.x)
Oracle Access Manager (11.1.2.2.x and 11.1.2.3.x)
Oracle Unified Directory (11.1.2.2.x and 11.1.2.3.x)
Based on the components, the following topologies are supported:
Oracle Identity Manager in single node and multi-node setup
Oracle Access Manager + (Any directory)* in single node and multi-node setup
Oracle ORAchk for Oracle Identity and Access Management health checks run only on Oracle Unified Directory (OUD). If other directories are there as well, then Oracle ORAchk for Oracle Identity and Access Management skips health checks for those directories and perform health checks on Oracle Access Manager. However, Oracle Access Manager configured in embedded LDAP mode is not supported.
Oracle Identity Manager + Oracle Access Manager + (Any directory)** in single node and multi-node setup
Oracle ORAchk for Oracle Identity and Access Management health checks run only on Oracle Unified Directory (OUD). If other directories are there as well, then Oracle ORAchk for Oracle Identity and Access Management skips health checks for those directories and perform health checks on Oracle Access Manager. However, Oracle Access Manager configured in embedded LDAP mode is not supported.
Oracle ORAchk for Oracle Identity and Access Management health checks inspect the entire deployment stack from application tier to database tier providing a simplistic, value-added, and easy-to-use solution.
Run Oracle ORAchk for Oracle Identity and Access Management health checks before and after installing the product, and while running the product.
Table 2-4 Oracle ORAchk for Oracle Identity and Access Management health check tool Use Cases
Use Cases | Description |
---|---|
Post-install health checks |
Includes checks that are run just after a product is installed. These are mostly product focused checks, for example, for Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory respective post-install checks. |
Runtime health checks |
Shows the health of the system regularly and helps you take proactive corrective actions. |
Health checks are run both at product install time as well as runtime.
Product install time checks cover the following areas:
System Resources
System Configuration
Software Configuration
Database Configuration
Table 2-5 Runtime Checks by Component
Component | Modules | Common Services | Data Tier | General |
---|---|---|---|---|
Oracle Identity Manager |
Access Request and Catalog Certification Engine UI Category Provisioning Engine Reconciliation Engine IT Admin (User/Role/Org) Connector Framework Identify Audit Engine Identify Analytics Engine Role Engine |
Audit and Reports/Embedded BIP Scheduler Policy/Rule Engine Workflow Engine (SOA/BPEL) Authorization Layer Notification Engine |
Database |
Overall Performance Application Readiness |
Oracle Access Manager |
UI Category Federation (Single Sign On) Engine Authentication Engine Admin Console Policy Engine oAuth Token Processing Session Management Config Services Authorization Services Oracle Platform Security Services Webgates |
NA |
Database |
Overall Performance Application Readiness |
Oracle Unified Directory |
Basic Sanity Oracle Unified Directory Replication Performance |
NA |
NA |
NA |
Oracle ORAchk framework automatically runs the Discovery tool while running Oracle ORAchk for Oracle Identity and Access Management health checks.
Discovery tool Identifies the host names of the following:
Oracle Identity Manager Admin server
Oracle Access Manager Admin server
One Oracle Unified Directory host from user ID store and system ID store Oracle Unified Directory clusters. If both ID stores are same, then the Discovery tool picks one Oracle Unified Directory host.
Discovery tool stores the discovered information in a topology file and the user credentials in a wallet file.
Oracle ORAchk copies the discovery executables to the target machine and runs the Discovery tool on all required machines.
Discovery tool runs serially on all the required machines.
Oracle ORAchk passes the same topology.xml
and cwallet
files to the Discovery tool on all Oracle Identity and Access Management machines.
That is, if Oracle ORAchk runs the Discovery tool on the first machine, then the Discovery tool creates the topology.xml
and cwallet.sso
files. Oracle ORAchk copies the same xml
and wallet
while running the Discovery tool on other Oracle Identity and Access Management machines.
At the end of the discovery, the topology file contains the complete information of the entire environment and the wallet file contains the encrypted user credentials.
Oracle ORAchk uses the topology file and the wallet file to run the health checks on multiple nodes.
The Discovery tool validates the user credentials that it collected. If the credentials are not valid, then the tool prompts the user to enter the details again. After three unsuccessful attempts, the discovery process exits.
Review the prerequisites before you install Oracle ORAchk for Oracle Identity and Access Management.
Provide the information that is required while running the Discovery tool for the first time.
root
or the user who owns the Oracle Identity and Access Management setup.Oracle ORAchk for Oracle Identity and Access Management uses a different distribution than the standard Oracle ORAchk.
Download orachk_idm.zip
for Oracle ORAchk with Oracle Identity and Access Management support, which is available at My Oracle Support Note 1268927.2.
Related Topics
Review the list of prerequisites for running Oracle Identity and Access Management health checks.
Ensure that JDK 6 or later is set in the system path. If it is not set, then set the environment variable RAT_JAVA_HOME
to the correct Java home location.
You must run Oracle ORAchk on the machine where the WebLogic admin server for Oracle Identity and Access Management is installed.
RAT_TMPDIR
to the location of a temporary directory, for example:
export RAT_INV_LOC=/tmp/oracle/oraInventoryM
If RAT_TMPDIR
is not set, then Oracle ORAchk uses $HOME
as the temporary directory. The temporary directory used by Oracle ORAchk must have sufficient space (20 MB) or errors can occur.
oraInst.loc
file is not in the default directory, for example, /u01/app/oraInventory
, then specify the exact location of the oraInventory
directory using the RAC_INV_LOCAL
environment variable. For example:
export RAT_INV_LOC=/scratch/shared/oracle/oraInventory
You must run Oracle ORAchk as the same user that installed the Oracle Identity and Access Management software components.
Each server that is part of the Oracle Identity and Access Management topology must have secure shell (SSH) enabled. If SSH is disabled, then Oracle ORAchk cannot remotely run checks on those servers. On servers without SSH enabled you must run Oracle ORAchk individually and then combine the results.
Oracle ORAchk can only detect local database installations. It cannot detect databases that are installed on remote machines. In such cases, run Oracle ORAchk explicitly on the database machine and combine the results.
Discovery tool prompts you to answer a series of questions about your configuration when you run the tool for the first time.
Table 2-6 Discovery Tool Configuration Information
Input | Description |
---|---|
Is this a Single Node Identity Management System (idm) [Y|N] [N] : |
Checks whether your Oracle Identity Manager environment is a single node or multi-node setup. |
How many Oracle Unified Directory (OUD) clusters present[0] :1 |
Checks for the number of Oracle Unified Directory clusters present. |
Enter one of the Oracle Unified Directory (OUD) Host in cluster 1 |
Specify one Oracle Unified Directory host name. |
Enter Oracle Identity Manager (OIM) Host (Press just ENTER to skip) |
Specify one Oracle Identity Manager admin server host name. |
Enter Oracle Access Manager (OAM) Host (Press just ENTER to skip) : |
Specify one Oracle Access Manager admin server host name. |
Enter |
The Discovery tool does not prompts this question, if you have set the |
Enter |
Specify WebLogic admin user name. |
Enter password |
Specify the password for WebLogic admin user name. |
Enter Oracle Identity Manager (OIM) admin user (xelsysadm) password : |
Specify the password for |
Enter Oracle Identity Manager (OIM) LDAP Admin user DN: |
Specify the entire DN for Oracle Identity Manager LDAP admin user, for example, |
Enter password for admin user DN |
Specify the password for Oracle Identity Manager LDAP DN. |
Enter password for schema |
Specify the password for Oracle Identity Manager schema. |
Enter OUD Admin password for |
Specify the Oracle Unified Directory admin password. |
Enter OUD Admin password for |
Specify the Oracle Unified Directory manager password. |
Enter WLS Admin Username for domain |
Specify the Oracle Access Manager admin user name. |
Enter password: |
Specify the Oracle Access Manager Admin user password. |
Enter Oracle Access Manager (OAM) Admin user |
Specify the Oracle Access Manager LDAP admin user name. |
Enter password for admin user: |
Specify the Oracle Access Manager LDAP admin password. |
Enter password for schema |
Specify the password for Oracle Access Manager schema. |
Database Oracle home location |
If Oracle database is on the local machine, then the Discovery tool prompts you to specify the Oracle home location. |
Run Oracle ORAchk for Oracle Identity and Access Management health checks as root
or the user who owns the Oracle Identity and Access Management setup.
Refer to My Oracle Support Note 2070073.1 for the latest known issues specific to Oracle ORAchk for Oracle Identity and Access Management health checks.
Related Topics