Thursday, October 20, 2016
Oracle SOA / BPM / Fusion Middleware Consultant
Check out this job at Tabadul: Oracle SOA / BPM / Fusion Middleware Consultant
https://www.linkedin.com/jobs2/view/197437126
Features of Oracle Identity Manager
By
Muqthiyar Pasha
1:38 AM
Online-Oracle-DBA
,
Oracle Identity Management (OIM)
,
Oracle Technology World
No comments
The following are the features of Oracle Identity Manager:
-Scalable architecture
Oracle Identity Manager is based on open, standards-based technology. The J2EE application server model of Oracle Identity Manager offers scalability, failover, load-balancing, and built-in Web deployment features.
-Comprehensive user management
Oracle Identity Manager can support unlimited user organizational hierarchies and user groups with inheritance, customizable user ID policy management, password policy management, and user access policies. It also offers the feature of delegated administration with comprehensive permission settings. We can use Oracle Identity Manager to maintain resource allocation history and to manage application parameters and entitlements.
-Web-based user self-service
Oracle Identity Manager contains a user self-service portal that is customizable and Web based. This portal can be used to manage user information, change and synchronize passwords, reset passwords, request access to applications, review and edit entitlements, and work on workflow tasks.
-Flexible process engine
Using Oracle Identity Manager, we can create business and provisioning process models in applications such as Microsoft Project and Microsoft Visio. Process models include support for approval workflows and escalations. We can track the progress of each provisioning event in the workflow.
Oracle Identity Manager provides support for complex branching, self-healing processes, and nested processes with data interchange and dependencies. The process flow can be customized without making code changes.
-Comprehensive reporting for audit-trail accounting
Oracle Identity Manager provides status reports on all processes with full-state information, in real time. In addition, it even offers OLAP features.
-Automated tool for connector management
Oracle Identity Manager provides an automated tool for connector generation. This tool, which is known as the Adapter Factory, supports a wide range of interfaces, applications, and devices. The adapters generated by the Adapter Factory run on the Oracle Identity Manager server, and they do not require any agents to be installed or updated on the target systems. The use of the Adapter Factory helps speed up the process of connector development and simplifies the task of updating existing connectors.
If the target system does not have a network-enabled interface, then we can use the Oracle Identity Manager remote manager to provide an SSL-secured network communication channel and interface to local APIs that are not running on the Oracle Identity Manager server. By using the remote manager, we can run functions on target systems having APIs that are not network aware.
-Built-in change management
Oracle Identity Manager enables to package new processes, import and export existing processes, and move packages from one system to another.
-Scalable architecture
Oracle Identity Manager is based on open, standards-based technology. The J2EE application server model of Oracle Identity Manager offers scalability, failover, load-balancing, and built-in Web deployment features.
-Comprehensive user management
Oracle Identity Manager can support unlimited user organizational hierarchies and user groups with inheritance, customizable user ID policy management, password policy management, and user access policies. It also offers the feature of delegated administration with comprehensive permission settings. We can use Oracle Identity Manager to maintain resource allocation history and to manage application parameters and entitlements.
-Web-based user self-service
Oracle Identity Manager contains a user self-service portal that is customizable and Web based. This portal can be used to manage user information, change and synchronize passwords, reset passwords, request access to applications, review and edit entitlements, and work on workflow tasks.
-Flexible process engine
Using Oracle Identity Manager, we can create business and provisioning process models in applications such as Microsoft Project and Microsoft Visio. Process models include support for approval workflows and escalations. We can track the progress of each provisioning event in the workflow.
Oracle Identity Manager provides support for complex branching, self-healing processes, and nested processes with data interchange and dependencies. The process flow can be customized without making code changes.
-Comprehensive reporting for audit-trail accounting
Oracle Identity Manager provides status reports on all processes with full-state information, in real time. In addition, it even offers OLAP features.
-Automated tool for connector management
Oracle Identity Manager provides an automated tool for connector generation. This tool, which is known as the Adapter Factory, supports a wide range of interfaces, applications, and devices. The adapters generated by the Adapter Factory run on the Oracle Identity Manager server, and they do not require any agents to be installed or updated on the target systems. The use of the Adapter Factory helps speed up the process of connector development and simplifies the task of updating existing connectors.
If the target system does not have a network-enabled interface, then we can use the Oracle Identity Manager remote manager to provide an SSL-secured network communication channel and interface to local APIs that are not running on the Oracle Identity Manager server. By using the remote manager, we can run functions on target systems having APIs that are not network aware.
-Built-in change management
Oracle Identity Manager enables to package new processes, import and export existing processes, and move packages from one system to another.
Deployment Configurations of Oracle Identity Manager
By
Muqthiyar Pasha
1:35 AM
Online-Oracle-DBA
,
Oracle Identity Management (OIM)
,
Oracle Technology World
No comments
Following are the deployment configurations of Oracle Identity Manager
Provisioning
We can use Oracle Identity Manager to create, maintain, and delete accounts on target systems. Oracle Identity Manager becomes the front-end entry point for managing all the accounts on these systems. After the accounts are provisioned, the users for whom accounts have been provisioned are able to access the target systems without any interaction with Oracle Identity Manager. This is the provisioning configuration of Oracle Identity Manager.
The purpose of provisioning is to automate the creation and maintenance of user accounts on target systems. Provisioning is also used to accommodate any requirement for workflow approvals and auditing that may be a component of that provisioning lifecycle.
Provisioning Configuration of Oracle Identity Manager
Provisioning events are initiated either through requests or by direct provisioning.
A request can be manually created by an administrator or, in certain cases, by target users themselves. Oracle Identity Manager automatically creates requests for some events. For example, a request is automatically created when Oracle Identity Manager enforces the requirements of an access policy. We can also use Oracle Identity Manager to create approval processes that can be run as part of the request-based provisioning cycle.
Direct provisioning is a special administrator-only function for creating an account for a particular user on a target application without having to wait for any workflow or approval processes.
Reconciliation
Oracle Identity Manager provides a centralized control mechanism to manage user accounts and entitlements and to control user access to resources. However, we can choose not to use Oracle Identity Manager as the primary repository or the front-end entry point of user accounts. Instead, we can use Oracle Identity Manager to periodically poll your system applications to maintain an accurate profile of all accounts that exist on those systems. This is the reconciliation configuration of Oracle Identity Manager.
Reconciliation Configuration of Oracle Identity Manager
Oracle Identity Manager is used only as an archive for all account management actions that are performed on the target system. It is assumed that user accounts are created, deleted, and maintained by the local resource-specific administrators.
Reconciliation involves using the user discovery and account discovery features of Oracle Identity Manager.
User discovery is the process of recognizing the existence of a user account on a primary database. The primary database is the repository that is considered to contain the master list of user accounts. Within the context of user discovery and reconciliation, the primary database is also referred to as the trusted source or authoritative source. There may be more than one trusted source for each Oracle Identity Manager environment.
Account discovery is the process of recognizing changes to user-related information on resources. If the information that is changed affects the user's primary record, it is generally a change associated with a trusted source. If the information that is changed is related to a user's access to a resource, it is generally a change associated with a target resource.
Different forms of reconciliation:
One-Time Reconciliation
We can use Oracle Identity Manager to perform a single, one-time reconciliation with a legacy target system. The purpose of this form of reconciliation is to import all accounts on that system into Oracle Identity Manager. After one-time reconciliation is performed, we can use Oracle Identity Manager to provision accounts for your users.
Target Resource Reconciliation
Trusted Source Reconciliation
Provisioning and Reconciliation
Provisioning and reconciliation configuration in which we can use Oracle Identity Manager to perform both provisioning and reconciliation tasks. In this configuration, it is assumed that allow accounts on target systems to be created and maintained by both local administrators and Oracle Identity Manager.
To achieve this configuration, one must perform all the steps associated with setting up both provisioning and reconciliation.
Provisioning
We can use Oracle Identity Manager to create, maintain, and delete accounts on target systems. Oracle Identity Manager becomes the front-end entry point for managing all the accounts on these systems. After the accounts are provisioned, the users for whom accounts have been provisioned are able to access the target systems without any interaction with Oracle Identity Manager. This is the provisioning configuration of Oracle Identity Manager.
The purpose of provisioning is to automate the creation and maintenance of user accounts on target systems. Provisioning is also used to accommodate any requirement for workflow approvals and auditing that may be a component of that provisioning lifecycle.
Provisioning Configuration of Oracle Identity Manager
Provisioning events are initiated either through requests or by direct provisioning.
A request can be manually created by an administrator or, in certain cases, by target users themselves. Oracle Identity Manager automatically creates requests for some events. For example, a request is automatically created when Oracle Identity Manager enforces the requirements of an access policy. We can also use Oracle Identity Manager to create approval processes that can be run as part of the request-based provisioning cycle.
Direct provisioning is a special administrator-only function for creating an account for a particular user on a target application without having to wait for any workflow or approval processes.
Reconciliation
Oracle Identity Manager provides a centralized control mechanism to manage user accounts and entitlements and to control user access to resources. However, we can choose not to use Oracle Identity Manager as the primary repository or the front-end entry point of user accounts. Instead, we can use Oracle Identity Manager to periodically poll your system applications to maintain an accurate profile of all accounts that exist on those systems. This is the reconciliation configuration of Oracle Identity Manager.
Reconciliation Configuration of Oracle Identity Manager
Oracle Identity Manager is used only as an archive for all account management actions that are performed on the target system. It is assumed that user accounts are created, deleted, and maintained by the local resource-specific administrators.
Reconciliation involves using the user discovery and account discovery features of Oracle Identity Manager.
User discovery is the process of recognizing the existence of a user account on a primary database. The primary database is the repository that is considered to contain the master list of user accounts. Within the context of user discovery and reconciliation, the primary database is also referred to as the trusted source or authoritative source. There may be more than one trusted source for each Oracle Identity Manager environment.
Account discovery is the process of recognizing changes to user-related information on resources. If the information that is changed affects the user's primary record, it is generally a change associated with a trusted source. If the information that is changed is related to a user's access to a resource, it is generally a change associated with a target resource.
Different forms of reconciliation:
One-Time Reconciliation
We can use Oracle Identity Manager to perform a single, one-time reconciliation with a legacy target system. The purpose of this form of reconciliation is to import all accounts on that system into Oracle Identity Manager. After one-time reconciliation is performed, we can use Oracle Identity Manager to provision accounts for your users.
Target Resource Reconciliation
Trusted Source Reconciliation
Provisioning and Reconciliation
Provisioning and reconciliation configuration in which we can use Oracle Identity Manager to perform both provisioning and reconciliation tasks. In this configuration, it is assumed that allow accounts on target systems to be created and maintained by both local administrators and Oracle Identity Manager.
To achieve this configuration, one must perform all the steps associated with setting up both provisioning and reconciliation.
Introduction to Oracle Identity Manager
By
Muqthiyar Pasha
1:16 AM
Online-Oracle-DBA
,
Oracle Identity Management (OIM)
,
Oracle Technology World
No comments
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. This chapter provides an overview of Oracle Identity Manager.
Architecture of Oracle Identity Manager
Oracle Identity Manager is based on the n-tier J2EE application architecture.
Tiers of the Oracle Identity Manager architecture:
Presentation Layer
The Presentation layer consists of two clients: the Oracle Identity Manager Administrative and User Console and the Oracle Identity Manager Design Console. The Administrative and User Console is a Web-based thin client that can be accessed from any Web browser. This console provides user self-service and delegated administration features that serve most of the provisioning requirements.
The Design Console provides the full range of the Oracle Identity Manager system configuration and development capabilities including Form Designer, Workflow Designer, and the Adapter Factory. You can access the Design Console by using a desktop Java client.
Dynamic Presentation Logic Layer
Because both the Administrative and User Console and the Design Console are highly dynamic, the Dynamic Presentation Logic layer guides the content displayed on these interfaces. In the case of the Administrative and User Console, there is a clear separation between the Presentation and Presentation Logic Layer. No such boundary exists in the Design Console.
Business Logic Layer
The Business Logic layer is implemented as an EJB application. Oracle Identity Manager runs on leading J2EE-compliant application server platforms, leveraging the J2EE services provided by these application servers to deliver a high-performance, fault-tolerant enterprise application.
The following are components of the Business Logic layer:
Application Server
The application server on which Oracle Identity Manager runs provides life-cycle management, security, deployment, and run-time services to the logical components that make up Oracle Identity Manager. These services include:
-Scalable management of resources (clustering and failover)
-Transaction management
-Security management
-Client access
-Technology resources (such as database connection pooling and messaging)
Client Interfaces and Business Logic Implementation
The core functionality of the Oracle Identity Manager platform is implemented in Java using a highly modular, object-oriented methodology. This includes the various engines that comprise the Oracle Identity Manager platform: Workflow Engine, Request Engine, User Management Engine, Rule Engine, and Reconciliation Engine. It also includes the integration layer based on the Adapter Factory, which dynamically generates integration code based on the metadata definition of the adapters.
Access to the functionality of the platform is through a set of EJB Beans. These session beans can be divided into two types:
-Nonpublished APIs: These are session beans that expose functionality used only by the Design Console.
-Published Public APIs: These are session beans that expose the public functionality of Oracle Identity Manager.
The API layer provides access to high-level functionality in Oracle Identity Manager. It is the basis for the functionality implemented in the Oracle Identity Manager Administrative and User Console. It is also the interface that custom clients can use to access Oracle Identity Manager functionality.
Data Access Layer
J2EE contains several technologies for manipulating and interacting with transactional resources (such as databases) that are based on JDBC, JTA, and JTS. The Oracle Identity Manager architecture leverages the following J2EE services:
-Database connection pooling
-Integration with JNDI (lookup of DataSources in the JNDI namespace)
-XA compliance
-Batch updates
The system administrator can manage data sources in the same manner in which all standard J2EE applications in the enterprise are managed. Oracle Identity Manager can use these data sources to communicate with the database tier.
Backend System Integration Layer
The Backend System Integration layer can be divided into the following:
-Database
-Remote Manager
Database
The Database tier consists of the Oracle Identity Manager repository, which manages and stores Oracle Identity Manager metadata in an ANSI SQL 92-compliant relational database. All the data resides in the Oracle Identity Manager repository.
Remote Manager
The remote manager is an Oracle Identity Manager server component that runs on a target system computer. It provides the network and security layer required to integrate with applications that do not have network-aware APIs or do not provide security. It is built as a lightweight RMI server. The communication protocol is RMI tunneled over HTTP/S.
The J2EE RMI framework enables the creation of virtually transparent, distributed services and applications. RMI-based applications consist of Java objects making method calls to one another, regardless of their location. This enables one Java object to call methods on another Java object residing on another virtual computer in the same manner in which methods are called on a Java object residing on the same virtual computer.
Architecture of Oracle Identity Manager
Oracle Identity Manager is based on the n-tier J2EE application architecture.
Tiers of the Oracle Identity Manager architecture:
Presentation Layer
The Presentation layer consists of two clients: the Oracle Identity Manager Administrative and User Console and the Oracle Identity Manager Design Console. The Administrative and User Console is a Web-based thin client that can be accessed from any Web browser. This console provides user self-service and delegated administration features that serve most of the provisioning requirements.
The Design Console provides the full range of the Oracle Identity Manager system configuration and development capabilities including Form Designer, Workflow Designer, and the Adapter Factory. You can access the Design Console by using a desktop Java client.
Dynamic Presentation Logic Layer
Because both the Administrative and User Console and the Design Console are highly dynamic, the Dynamic Presentation Logic layer guides the content displayed on these interfaces. In the case of the Administrative and User Console, there is a clear separation between the Presentation and Presentation Logic Layer. No such boundary exists in the Design Console.
Business Logic Layer
The Business Logic layer is implemented as an EJB application. Oracle Identity Manager runs on leading J2EE-compliant application server platforms, leveraging the J2EE services provided by these application servers to deliver a high-performance, fault-tolerant enterprise application.
The following are components of the Business Logic layer:
Application Server
The application server on which Oracle Identity Manager runs provides life-cycle management, security, deployment, and run-time services to the logical components that make up Oracle Identity Manager. These services include:
-Scalable management of resources (clustering and failover)
-Transaction management
-Security management
-Client access
-Technology resources (such as database connection pooling and messaging)
Client Interfaces and Business Logic Implementation
The core functionality of the Oracle Identity Manager platform is implemented in Java using a highly modular, object-oriented methodology. This includes the various engines that comprise the Oracle Identity Manager platform: Workflow Engine, Request Engine, User Management Engine, Rule Engine, and Reconciliation Engine. It also includes the integration layer based on the Adapter Factory, which dynamically generates integration code based on the metadata definition of the adapters.
Access to the functionality of the platform is through a set of EJB Beans. These session beans can be divided into two types:
-Nonpublished APIs: These are session beans that expose functionality used only by the Design Console.
-Published Public APIs: These are session beans that expose the public functionality of Oracle Identity Manager.
The API layer provides access to high-level functionality in Oracle Identity Manager. It is the basis for the functionality implemented in the Oracle Identity Manager Administrative and User Console. It is also the interface that custom clients can use to access Oracle Identity Manager functionality.
Data Access Layer
J2EE contains several technologies for manipulating and interacting with transactional resources (such as databases) that are based on JDBC, JTA, and JTS. The Oracle Identity Manager architecture leverages the following J2EE services:
-Database connection pooling
-Integration with JNDI (lookup of DataSources in the JNDI namespace)
-XA compliance
-Batch updates
The system administrator can manage data sources in the same manner in which all standard J2EE applications in the enterprise are managed. Oracle Identity Manager can use these data sources to communicate with the database tier.
Backend System Integration Layer
The Backend System Integration layer can be divided into the following:
-Database
-Remote Manager
Database
The Database tier consists of the Oracle Identity Manager repository, which manages and stores Oracle Identity Manager metadata in an ANSI SQL 92-compliant relational database. All the data resides in the Oracle Identity Manager repository.
Remote Manager
The remote manager is an Oracle Identity Manager server component that runs on a target system computer. It provides the network and security layer required to integrate with applications that do not have network-aware APIs or do not provide security. It is built as a lightweight RMI server. The communication protocol is RMI tunneled over HTTP/S.
The J2EE RMI framework enables the creation of virtually transparent, distributed services and applications. RMI-based applications consist of Java objects making method calls to one another, regardless of their location. This enables one Java object to call methods on another Java object residing on another virtual computer in the same manner in which methods are called on a Java object residing on the same virtual computer.
How to install patches or updates for your VMware ESX host using update manager
How to install patches or updates for your VMware ESX host using update manager
1. Download patches and upgrades
Begin by logging onto the vSphere client. From the vSphere client home screen click on the “Update Manager” icon.
From the Update Manager Administration window select the “Admin View” tab.
Select the “Getting Started” tab. and Click on Download patches and upgrades.
Make sure the vSphere server has access to internet to download the required patches and updates from VMware repository.
2. Create a Baseline Group.
To create baselines go to the Update Manager home screen select the “Baselines and Groups” tab, from the “Baseline” section on the left click the "Create" link:
Enter Baseline Group name
Click next
Click next
Select Baselines for this group.
Select the required options and click next
1. Critical Host Patches (Predefined)
Checks ESX/ESXi hosts for compliance with all critical patches
2. Non-Critical Host Patches (Predefined)
Checks ESX/ESXi hosts for compliance with all optional patches.
Click next
Click Finish
1. Download patches and upgrades
Begin by logging onto the vSphere client. From the vSphere client home screen click on the “Update Manager” icon.
From the Update Manager Administration window select the “Admin View” tab.
Select the “Getting Started” tab. and Click on Download patches and upgrades.
Make sure the vSphere server has access to internet to download the required patches and updates from VMware repository.
2. Create a Baseline Group.
To create baselines go to the Update Manager home screen select the “Baselines and Groups” tab, from the “Baseline” section on the left click the "Create" link:
Enter Baseline Group name
Click next
Click next
Select Baselines for this group.
Select the required options and click next
1. Critical Host Patches (Predefined)
Checks ESX/ESXi hosts for compliance with all critical patches
2. Non-Critical Host Patches (Predefined)
Checks ESX/ESXi hosts for compliance with all optional patches.
Click next
Click Finish
How to boot a VM into Safe Mode in ESXi
1) Right Click the VM
2) Select Edit Settings
a. Click Options
b. Select Boot Options
c. Set the Power-on Boot Delay to 5000ms (5 seconds)
d. Now the VM will display the BIOS VMWare bios screen for 5 seconds, giving you enough time to click the VM and press F8
3) Open the console window for the VM. Start the boot process.
4) Click the console with the mouse to gain focus.
5) Wait until the VMWare boot screen appears.
6) Before the counter reaches 0:00 press the F8 key and don't let up until the Windows Advanced Options Menu appears which will allow selecting the Safe Mode or other options.
2) Select Edit Settings
a. Click Options
b. Select Boot Options
c. Set the Power-on Boot Delay to 5000ms (5 seconds)
d. Now the VM will display the BIOS VMWare bios screen for 5 seconds, giving you enough time to click the VM and press F8
3) Open the console window for the VM. Start the boot process.
4) Click the console with the mouse to gain focus.
5) Wait until the VMWare boot screen appears.
6) Before the counter reaches 0:00 press the F8 key and don't let up until the Windows Advanced Options Menu appears which will allow selecting the Safe Mode or other options.