2.4 Oracle ORAchk for Oracle Identity and Access Management Health Check Tool
Oracle ORAchk for Oracle Identity and Access Management proactively identifies areas to take preventive measures to keep a system healthy on an ongoing basis.
Oracle ORAchk for Oracle Identity and Access Management includes checks that cover the entire deployment stack from application tier to database tier.
- Supported Operating Systems and Oracle Database Releases
Review the operating systems and Oracle Database requirements for deploying Oracle ORAchk for Oracle Identity and Access Management health check tool. - Supported Components and Topologies
Review the following for supported components and topologies. - Introduction to Oracle ORAchk for Oracle Identity and Access Management Health Checks
Oracle ORAchk for Oracle Identity and Access Management health checks inspect the entire deployment stack from application tier to database tier providing a simplistic, value-added, and easy-to-use solution. - Running Oracle ORAchk for Oracle Identity and Access Management Heath Checks
Review the prerequisites before you install Oracle ORAchk for Oracle Identity and Access Management.
Parent topic: Oracle ORAchk Specific Features and Tasks
2.4.1 Supported Operating Systems and Oracle Database Releases
Review the operating systems and Oracle Database requirements for deploying Oracle ORAchk for Oracle Identity and Access Management health check tool.
Only Linux is supported and in these combinations:
Table 2-3 Operating System and Database Requirements for Oracle ORAchk for Oracle Identity and Access Management health check tool
Operating System | Database |
---|---|
Linux(Oracle Enterprise Linux/RedHat 5, 6, 7 and SuSE 9.10, 11, 12) |
10g R1 |
Linux on System Z (RedHat 6, 7 and SuSE 12) |
11g R1 11g R2 12c 12c R2 |
2.4.2 Supported Components and Topologies
Review the following for supported components and topologies.
Oracle ORAchk for Oracle Identity and Access Management health checks support the following components:
-
Oracle Identity Manager (11.1.2.2.x and 11.1.2.3.x)
-
Oracle Access Manager (11.1.2.2.x and 11.1.2.3.x)
-
Oracle Unified Directory (11.1.2.2.x and 11.1.2.3.x)
Based on the components, the following topologies are supported:
-
Oracle Identity Manager in single node and multi-node setup
-
Oracle Access Manager + (Any directory)* in single node and multi-node setup
Oracle ORAchk for Oracle Identity and Access Management health checks run only on Oracle Unified Directory (OUD). If other directories are there as well, then Oracle ORAchk for Oracle Identity and Access Management skips health checks for those directories and perform health checks on Oracle Access Manager. However, Oracle Access Manager configured in embedded LDAP mode is not supported.
-
Oracle Identity Manager + Oracle Access Manager + (Any directory)** in single node and multi-node setup
Oracle ORAchk for Oracle Identity and Access Management health checks run only on Oracle Unified Directory (OUD). If other directories are there as well, then Oracle ORAchk for Oracle Identity and Access Management skips health checks for those directories and perform health checks on Oracle Access Manager. However, Oracle Access Manager configured in embedded LDAP mode is not supported.
2.4.3 Introduction to Oracle ORAchk for Oracle Identity and Access Management Health Checks
Oracle ORAchk for Oracle Identity and Access Management health checks inspect the entire deployment stack from application tier to database tier providing a simplistic, value-added, and easy-to-use solution.
Run Oracle ORAchk for Oracle Identity and Access Management health checks before and after installing the product, and while running the product.
Table 2-4 Oracle ORAchk for Oracle Identity and Access Management health check tool Use Cases
Use Cases | Description |
---|---|
Post-install health checks |
Includes checks that are run just after a product is installed. These are mostly product focused checks, for example, for Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory respective post-install checks. |
Runtime health checks |
Shows the health of the system regularly and helps you take proactive corrective actions. |
- Features of Oracle ORAchk for Oracle Identity and Access Management Health Check Tool
Health checks are run both at product install time as well as runtime. - Auto-discovery of Oracle Identity and Access Management Environment
Oracle ORAchk framework automatically runs the Discovery tool while running Oracle ORAchk for Oracle Identity and Access Management health checks.
2.4.3.1 Features of Oracle ORAchk for Oracle Identity and Access Management Health Check Tool
Health checks are run both at product install time as well as runtime.
Product install time checks cover the following areas:
-
System Resources
-
System Configuration
-
Software Configuration
-
Database Configuration
Table 2-5 Runtime Checks by Component
Component | Modules | Common Services | Data Tier | General |
---|---|---|---|---|
Oracle Identity Manager |
Access Request and Catalog Certification Engine UI Category Provisioning Engine Reconciliation Engine IT Admin (User/Role/Org) Connector Framework Identify Audit Engine Identify Analytics Engine Role Engine |
Audit and Reports/Embedded BIP Scheduler Policy/Rule Engine Workflow Engine (SOA/BPEL) Authorization Layer Notification Engine |
Database |
Overall Performance Application Readiness |
Oracle Access Manager |
UI Category Federation (Single Sign On) Engine Authentication Engine Admin Console Policy Engine oAuth Token Processing Session Management Config Services Authorization Services Oracle Platform Security Services Webgates |
NA |
Database |
Overall Performance Application Readiness |
Oracle Unified Directory |
Basic Sanity Oracle Unified Directory Replication Performance |
NA |
NA |
NA |
2.4.3.2 Auto-discovery of Oracle Identity and Access Management Environment
Oracle ORAchk framework automatically runs the Discovery tool while running Oracle ORAchk for Oracle Identity and Access Management health checks.
-
Discovery tool Identifies the host names of the following:
-
Oracle Identity Manager Admin server
-
Oracle Access Manager Admin server
-
One Oracle Unified Directory host from user ID store and system ID store Oracle Unified Directory clusters. If both ID stores are same, then the Discovery tool picks one Oracle Unified Directory host.
-
-
Discovery tool stores the discovered information in a topology file and the user credentials in a wallet file.
-
Oracle ORAchk copies the discovery executables to the target machine and runs the Discovery tool on all required machines.
-
Discovery tool runs serially on all the required machines.
-
Oracle ORAchk passes the same
topology.xml
andcwallet
files to the Discovery tool on all Oracle Identity and Access Management machines.That is, if Oracle ORAchk runs the Discovery tool on the first machine, then the Discovery tool creates the
topology.xml
andcwallet.sso
files. Oracle ORAchk copies the samexml
andwallet
while running the Discovery tool on other Oracle Identity and Access Management machines. -
At the end of the discovery, the topology file contains the complete information of the entire environment and the wallet file contains the encrypted user credentials.
-
Oracle ORAchk uses the topology file and the wallet file to run the health checks on multiple nodes.
-
The Discovery tool validates the user credentials that it collected. If the credentials are not valid, then the tool prompts the user to enter the details again. After three unsuccessful attempts, the discovery process exits.
2.4.4 Running Oracle ORAchk for Oracle Identity and Access Management Heath Checks
Review the prerequisites before you install Oracle ORAchk for Oracle Identity and Access Management.
Provide the information that is required while running the Discovery tool for the first time.
- Downloading Oracle ORAchk for Oracle Identity and Access Management
Oracle ORAchk for Oracle Identity and Access Management uses a different distribution than the standard Oracle ORAchk. - Prerequisites for Installing Oracle ORAchk for Oracle Identity and Access Management
Review the list of prerequisites for running Oracle Identity and Access Management health checks. - Inputs Required by Discovery Tool (First Time Only)
Discovery tool prompts you to answer a series of questions about your configuration when you run the tool for the first time. - Oracle ORAchk for Oracle Identity and Access Management Health Checks
Run Oracle ORAchk for Oracle Identity and Access Management health checks asroot
or the user who owns the Oracle Identity and Access Management setup.
2.4.4.1 Downloading Oracle ORAchk for Oracle Identity and Access Management
Oracle ORAchk for Oracle Identity and Access Management uses a different distribution than the standard Oracle ORAchk.
Download orachk_idm.zip
for Oracle ORAchk with Oracle Identity and Access Management support, which is available at My Oracle Support Note 1268927.2.
2.4.4.2 Prerequisites for Installing Oracle ORAchk for Oracle Identity and Access Management
Review the list of prerequisites for running Oracle Identity and Access Management health checks.
-
Ensure that JDK 6 or later is set in the system path. If it is not set, then set the environment variable
RAT_JAVA_HOME
to the correct Java home location. -
You must run Oracle ORAchk on the machine where the WebLogic admin server for Oracle Identity and Access Management is installed.
-
Set
RAT_TMPDIR
to the location of a temporary directory, for example:export RAT_INV_LOC=/tmp/oracle/oraInventoryM
If
RAT_TMPDIR
is not set, then Oracle ORAchk uses$HOME
as the temporary directory. The temporary directory used by Oracle ORAchk must have sufficient space (20 MB) or errors can occur. -
If the
oraInst.loc
file is not in the default directory, for example,/u01/app/oraInventory
, then specify the exact location of theoraInventory
directory using theRAC_INV_LOCAL
environment variable. For example:export RAT_INV_LOC=/scratch/shared/oracle/oraInventory
-
You must run Oracle ORAchk as the same user that installed the Oracle Identity and Access Management software components.
-
Each server that is part of the Oracle Identity and Access Management topology must have secure shell (SSH) enabled. If SSH is disabled, then Oracle ORAchk cannot remotely run checks on those servers. On servers without SSH enabled you must run Oracle ORAchk individually and then combine the results.
-
Oracle ORAchk can only detect local database installations. It cannot detect databases that are installed on remote machines. In such cases, run Oracle ORAchk explicitly on the database machine and combine the results.
2.4.4.3 Inputs Required by Discovery Tool (First Time Only)
Discovery tool prompts you to answer a series of questions about your configuration when you run the tool for the first time.
Table 2-6 Discovery Tool Configuration Information
Input | Description |
---|---|
Is this a Single Node Identity Management System (idm) [Y|N] [N] : |
Checks whether your Oracle Identity Manager environment is a single node or multi-node setup. |
How many Oracle Unified Directory (OUD) clusters present[0] :1 |
Checks for the number of Oracle Unified Directory clusters present. |
Enter one of the Oracle Unified Directory (OUD) Host in cluster 1 |
Specify one Oracle Unified Directory host name. |
Enter Oracle Identity Manager (OIM) Host (Press just ENTER to skip) |
Specify one Oracle Identity Manager admin server host name. |
Enter Oracle Access Manager (OAM) Host (Press just ENTER to skip) : |
Specify one Oracle Access Manager admin server host name. |
Enter |
The Discovery tool does not prompt this question, if you have set the |
Enter |
Specify WebLogic admin user name. |
Enter password |
Specify the password for WebLogic admin user name. |
Enter Oracle Identity Manager (OIM) admin user (xelsysadm) password : |
Specify the password for |
Enter Oracle Identity Manager (OIM) LDAP Admin user DN: |
Specify the entire DN for Oracle Identity Manager LDAP admin user, for example, |
Enter password for admin user DN |
Specify the password for Oracle Identity Manager LDAP DN. |
Enter password for schema |
Specify the password for Oracle Identity Manager schema. |
Enter OUD Admin password for |
Specify the Oracle Unified Directory admin password. |
Enter OUD Admin password for |
Specify the Oracle Unified Directory manager password. |
Enter WLS Admin Username for domain |
Specify the Oracle Access Manager admin user name. |
Enter password: |
Specify the Oracle Access Manager Admin user password. |
Enter Oracle Access Manager (OAM) Admin user |
Specify the Oracle Access Manager LDAP admin user name. |
Enter password for admin user: |
Specify the Oracle Access Manager LDAP admin password. |
Enter password for schema |
Specify the password for Oracle Access Manager schema. |
Database Oracle home location |
If Oracle database is on the local machine, then the Discovery tool prompts you to specify the Oracle home location. |
2.4.4.4 Oracle ORAchk for Oracle Identity and Access Management Health Checks
Run Oracle ORAchk for Oracle Identity and Access Management health checks as root
or the user who owns the Oracle Identity and Access Management setup.
Refer to My Oracle Support Note 2070073.1 for the latest known issues specific to Oracle ORAchk for Oracle Identity and Access Management health checks.
Related Topics
- Auto-discovery of Oracle Identity and Access Management Environment
- Inputs Required by Discovery Tool (First Time Only)
- Oracle ORAchk for Oracle Identity and Access Management Command-Line Options
- Merging Reports
- Understanding and Managing Reports and Output
- Health Check Catalog
- https://support.oracle.com/rs?type=doc&id=2070073.1