Getting Started with Oracle Identity Management

16 Getting Started with Oracle Identity Management

This section explains the benefits and features of using Oracle Enterprise Manager to monitor Oracle Identity Management systems.

As more and more businesses rely on the Oracle Identity and Access Management Suite to control access to their mission-critical applications (both packaged applications and custom-built web applications) and to provision resources across their organizations, the need to achieve predictable performance and availability for Oracle Identity Management systems has become a top priority for many businesses. An outage or slow performance in access and identity services, for instance, can have negative impacts on the business bottom-line as end-users are unable to log in to mission-critical applications.

To help you maximize the value of Oracle Identity Management systems and to deliver a superior ownership experience while restraining the systems management costs, Oracle provides Oracle Management Pack Plus for Identity Management (the Identity Management Pack), which leverages the Oracle Enterprise Manager Cloud Control advanced management capabilities, to provide an integrated and top-down solution for your Oracle Identity Management environment.

To view a video about managing Oracle Identity Management, click here.

Benefits of Using the Identity Management Pack

The benefits of using the Identity Management Pack include:

Using a centralized systems management solution to efficiently manage multiple Oracle Identity Management deployments including testing, staging, and production environments from a single console
Gaining the ability to monitor a wide range of performance metrics for all critical Identity Management components to find root causes of problems that could potentially slow performance or create outages
Automating configuration management to accelerate problem resolution
Recording synthetic Web transactions (or service tests) to monitor Identity Management Service availability and analyze end user response times
Defining Service Level Objectives (SLO's) in terms of out-of-box system-level metrics, as well as end user experience metrics to accurately monitor and report on Service Level Agreement (SLA) compliance

Features of the Identity Management Pack

The features in the Identity Management Pack include:

Enterprise-Wide View of Oracle Identity Management
- The "Identity and Access" dashboard provides a centralized view of all Oracle Identity Management components.
- From the "Identity and Access" dashboard, users can view the performance summary of the associated systems and services based on the underlying dependencies and monitor the overall health of the Identity Management environment.
Performance Management
- A wide range of out-of-box performance metrics to find root causes of problems that could potentially slow performance, extend response times, or create outages.
- Customizable performance summaries with a "Metric Palette" that allows users to drag and drop performance charts.
Configuration Management
- Perform key configuration management tasks like keeping track of configuration changes for diagnostic and regulatory purposes, taking snapshots to store configurations, and comparing component configurations to ensure consistency of configurations within the same environment or across different environments.

New Features for this Release

New features for Identify Management Pack include:

Problem Analysis

Problem analysis is now available for IDM targets.
Performance Page

This page shows the performance of the database corresponding to the Oracle Access Manager (OAM) Enterprise Manager target. Using this data, the OAM administrator can identify problems that causes performance bottlenecks.
Configuration Compare Templates

Using a template, you can remove properties that typically signal "false positives" in comparisons by setting flags to ignore differences. When comparing hosts, for example, you know that host names will be different, so you can indicate to ignore differences on the name property value.
Performance Management
- Out-of-box reports for Oracle Internet Directory, Oracle Access Manager, and Oracle Identity Manager.
- Oracle Identity Manager database performance page to analyze the performance of the underlying Oracle Identity Manager database in the context of the OIM-specific tables and user.
  
  Note:
  
  The database target will need to be discovered to take advantage of all the features on the database performance page.
Configuration Management

Automated compliance monitoring and change detection for Oracle Identity Manager is now available to help customers meet compliance and reporting requirements.

To enable the compliance standard association with the Oracle Identity Manager Cluster target, perform the following steps:
1. Click the Oracle Identity Manager Cluster target. From the Target menu, select Compliance, then select Standard Associations.
2. Click Edit Association Settings. Click Add and then select Oracle Identity Manager Cluster Configuration Compliance.
3. Click OK and then OK again to enable the new association setting.
Monitoring Support

As part of the Oracle Access Management Suite, added monitoring support for the Oracle Mobile and Social, Identity Federation. This includes Up and Down status of Mobile and Social service along with the collection of the select Mobile and Social metrics.

Monitoring Oracle Identity Management Components in Enterprise Manager

You can use Enterprise Manager to monitor the following Identity Management 11g components:

Table 16-1 Licensed Targets for Identity Management 11g Targets

Enterprise Manager Target Type	Purpose
Oracle Adaptive Access Manager Oracle Access Manager Oracle Directory Integration Platform Oracle Identity Federation Oracle Identity Manager Oracle Internet Directory Oracle Virtual Directory	Each component will be presented as a target in Enterprise Manager which provides an interface with access to target overview, customizable performance summary, process control, configuration management, compliance analysis, and Information Publisher reports. For all the Oracle Adaptive Access Managers, Oracle Access Managers, and Oracle Identity Managers that are deployed within the same WebLogic domain, a cluster target will be created for each component: Oracle Adaptive Access Manager Cluster Oracle Access Manager Cluster Oracle Identity Manager Cluster Each cluster target is a logically related group of components that are managed as a unit. Every target is part of a WebLogic domain.
Oracle Directory Server Enterprise Edition	The following types of targets will be created for each Oracle Directory Server Enterprise Edition deployment: Oracle Directory Server Enterprise Edition Server A target represents the LDAP service and all internal resources Directory Server Group User logical grouping of Oracle Directory Server Enterprise Edition Servers Directory Server Enterprise A set of Oracle Directory Server Enterprise Edition Servers connected through a network that participates in the service, including Directory Server Groups. Each target provides an interface in Enterprise Manager with access to target overview, customizable performance summary, process control, and configuration management.

Enterprise Manager Target Type

Purpose

Oracle Adaptive Access Manager

Oracle Access Manager

Oracle Directory Integration Platform

Oracle Identity Federation

Oracle Identity Manager

Oracle Internet Directory

Oracle Virtual Directory

Each component will be presented as a target in Enterprise Manager which provides an interface with access to target overview, customizable performance summary, process control, configuration management, compliance analysis, and Information Publisher reports.

For all the Oracle Adaptive Access Managers, Oracle Access Managers, and Oracle Identity Managers that are deployed within the same WebLogic domain, a cluster target will be created for each component:

Oracle Adaptive Access Manager Cluster
Oracle Access Manager Cluster
Oracle Identity Manager Cluster

Each cluster target is a logically related group of components that are managed as a unit.

Every target is part of a WebLogic domain.

Oracle Directory Server Enterprise Edition

The following types of targets will be created for each Oracle Directory Server Enterprise Edition deployment:

Oracle Directory Server Enterprise Edition Server

A target represents the LDAP service and all internal resources
Directory Server Group

User logical grouping of Oracle Directory Server Enterprise Edition Servers
Directory Server Enterprise

A set of Oracle Directory Server Enterprise Edition Servers connected through a network that participates in the service, including Directory Server Groups.

Each target provides an interface in Enterprise Manager with access to target overview, customizable performance summary, process control, and configuration management.

Table 16-2 Targets Associated with Identity Management 11g Targets

Enterprise Manager Target Type	Purpose
Generic Service	With the Management Pack Plus for Identity Management, users can create targets of type Generic Service associated with any of the monitored Identity Management Systems: Access Manager - Access System, Access Manager - Identity System, Identity Federation System, Identity Manager System, and Identity and Access System. The Generic Service target provides an end-to-end service oriented view of the monitored Oracle Identity Management targets with access to performance and usage metrics, service tests, service level rules, service availability definition, alerts, charts, and topology view.
Host	Representation of hosts running Oracle Identity Management components providing access to metrics, alerts, performance charts, remote file editor, log file alerts, user-defined metrics, host commands and customized reports.
Oracle Database	Representation of Oracle Database that is used by Oracle Identity Management components providing access to metrics, alerts, performance charts, compliance summary, and configuration management.
Oracle Identity and Access System	System target that can be modeled with any discovered Oracle Identity Management target and the underlying hosts and databases as the key components providing an end-to-end system oriented view of the monitored Identity Management environment. The Identity and Access System target provides access to member status, metrics, charts, incidents, and topology view.
Oracle SOA Suite	Representation of Oracle SOA Suite that is used by Oracle Identity Manager 11g providing access to metrics, alerts, performance charts, and configuration management of the SOA infrastructure instance and its service engines.

Table 16-3 Targets Associated with Identity Management 12c Targets

Enterprise Manager Target Type	Purpose
Oracle Identity Federation Oracle Identity Manager Oracle Unified Directory Oracle Directory Integration Platform Oracle Internet Directory	Each component will be presented as a target in Enterprise Manager which provides an interface with access to target overview, customizable performance summary, process control, configuration management, compliance analysis, and Information Publisher reports. For all the Oracle Identity Federations, Oracle Unified Directories, Oracle Directory Integration Platforms, and Oracle Identity Managers that are deployed within the same WebLogic domain, a cluster target will be created for each component: Oracle Adaptive Access Manager Cluster Oracle Access Manager Cluster Oracle Identity Manager Cluster Each cluster target is a logically related group of components that are managed as a unit. Every target is part of a WebLogic domain.