I dentity Management 11g What’s New, Features and Positioning Rohit Gupta VP, Product Management.
-
Upload
austen-cameron -
Category
Documents
-
view
222 -
download
2
Transcript of I dentity Management 11g What’s New, Features and Positioning Rohit Gupta VP, Product Management.
<Insert Picture Here>
Identity Management 11gWhat’s New, Features and PositioningRohit GuptaVP, Product Management
<Insert Picture Here>
Agenda
• Business Drivers• Oracle’s Identity Management Strategy
• Product and Roadmap Update• 11g Components Review
• Sun IdM Acquisition Update• Recent Customer Successes• Competitive Positioning and Objection Handling• Summary
Oracle Confidential – For Internal Use Only
Identity Management Business Drivers
Reliable Security
Operational Efficiencies
Regulatory Compliance
User Experience
B2B Collaboration
Oracle Confidential – For Internal Use Only
Identity Management 11g
Core Principles
Suite Wide Integration
Hot-Pluggable
Service-Oriented Security
Entitlements Centric
Oracle Confidential – For Internal Use Only
• “Identity as a Service”, declarative security framework based on open Java and Web-services Standards
• Delivered through OPSS, services include authentication, authorization, encryption, common audit and logging etc.
• Comprehensive security for Fusion Middleware & Fusion Applications
Oracle Identity Management 11gService-oriented Security
Oracle Confidential – For Internal Use Only
Entitlements
SoDManagement
Audit Reporting
Rights Management
Role Mining
Role Management
Provisioning
FraudManagement
Single Sign-On
Attestation
Web ServicesSecurity
• Common entitlements model for authorization across the suite
• Delegated administration policies based on fine-grained entitlements
• Risk-based authorization to enable fraud prevention
• Exhaustive audit and compliance reporting, based on core entitlements defined and managed centrally
Oracle Identity Management 11gEntitlements-centric Suite
Oracle Confidential – For Internal Use Only
Shared Services Based Architecture
• Unified Install and Config• Intuitive, dynamic, user interface• Shared Services for:
• Password Management• Identity Administration• Single Sign-On• Strong Authentication
• Common Policy and Authorization• Common Auditing/Reporting• BPEL-based Workflow
• Leadership & Innovation• Open-source efforts for Aris ID, OpenAz
• Interoperability & Adoption• Enterprise & Internet identity standards
like SAML, SPML, XACML, OpenID, Oauth, etc.
• Hot-Pluggable• Across full range of Applications,
Middleware and Operating Systems
Oracle Identity Management 11gHot Pluggable and Standards-based
Oracle Confidential – For Internal Use OnlySupported and planned system configurations: http://idm.us.oracle.com R l s In o e ea e f I rt t onse ifica i
Oracle Identity ManagementOracle + Sun Combination
Oracle Platform Security Services
Access Management*Identity Administration Directory Services
Access ManagerAdaptive Access ManagerEnterprise Single Sign-OnIdentity FederationEntitlements ServerWeb Services Manager
Identity Manager Directory Server EEInternet DirectoryVirtual Directory
Identity Analytics
Management Pack For Identity Management
Operational Manageability
Identity & Access Governance
*Includes OpenSSO STS & Fedlet
Oracle Identity Management Roadmap Timelines
Oracle Confidential – For Internal Use Only
• Integrated user and role administration
• Internet-grade scalability for extranet provisioning
• 10x Performance Gain
• New Attribute-based Constrained Delegation
• Service-Oriented• Flexible integration based on SPML
• Extensible workflow based on BPEL
Oracle Identity ManagerProvisioning and Identity Administration
Oracle Identity Manager
Mainframes
Databases and LDAP
Custom Apps
Enterprise Applications
GRANT or REVOKE
Oracle Access Manager Authentication and SSO
New
Applications
DataServices
Oracle AccessManager
• Integrated Server and Agent Administration
• eCO-Grid, delivering high performance
Session Management
• SSO Security Zones scoped to individual
Application
• Inline diagnostics for superior manageability
• Support for OSSO Upgrades
Oracle Adaptive Access Manager Fraud Prevention
Secure Login
Challenge or Block
Risk Modeling
Analysis and Forensics
Oracle Adaptive Access Manager
• Integrated Case Management & Fraud Administration
• OTP Anywhere across Interactive Voice Response, SMS, Email etc.
• Universal Risk Snapshots for archival, restoration, forensics and more
• AnswerLogic offers KBA in combination with registration, answers and fuzzy logic
Oracle Identity Analytics 11gCompliance and Identity Governance
Dashboard & Reports
Enterprise Applications
Identity Manager
Risk Analytics
IT Audit Policy
Access Certification
Identity Data Sources
Access Manager
Oracle Identity Analytics
Identity Warehouse
• Compliance Control Panel• Extensive Set of Actionable Dashboards & Risk
Analytics
• Advanced Role Mining and Engineering
• Cert360 offers complete view of users, roles and entitlements to reviewer for attestation
• Rich Identity Warehouse• Optimized for Analysis, Mining, Correlation,
Reporting on Identity, Access and Policy Data
• Integrated with Oracle Identity Manager 11g and 9.1, and Oracle Waveset
Sun IdM Acquisition Status
Review of IdM Acquisition
Old Name New Name
Sun Directory Server Enterprise Edition Oracle Directory Server Enterprise Edition
Sun Role Manager Oracle Identity Analytics
Sun Identity Manager Oracle Waveset
Sun OpenSSO Enterprise Oracle OpenSSO
Strategic Products Continue and Converge
Oracle Directory Server Enterprise Edition & Oracle Internet Directory
N/A
Oracle Identity Manager Oracle Waveset
Oracle Access Manager Oracle OpenSSO
Oracle Identity Analytics Oracle Role Manager
Sun to Oracle Identity ManagementMigration Paths
Oracle Identity Federation 11g
Oracle OpenSSO(Federation)
18 Copyright © 2010, Oracle. All rights reserved
Oracle Identity Manager 11g
Oracle Waveset
Oracle Access Manager 11g
Oracle OpenSSO
Strategic Guidance on OW
• Guidance on ways to continue with Oracle Waveset• Where to safely invest, what to avoid, how to prepare
• Co-existence Strategy (ahead of Migration)• Support a phased approach to migration• OIM as back-office provisioning automation engine for new
(and eventually all) targets
• Migration Solution• Oracle to provide migration solution (methodology,
automation tools, documentation) to migrate from Oracle Waveset to Oracle Identity Manager
• Common Connector Strategy • Leverage connector innovation in current Oracle Waveset
deployment
19 Copyright © 2010, Oracle. All rights reserved
Strategic Guidance on OpenSSO
• Phased approach to minimize impact during the transition to OAM 11g• Agent level compatibility• Manual policy migration
• Automations, upgrade utilities projected for OAM 11g• Target migrations from 7.x, 8.0• Focus on simple use cases – Authentication and SSO• Advanced use cases such as session failover or URL/J2EE
policy will be evaluated on a case by case basis
20 Copyright © 2010, Oracle. All rights reserved
OpenSSO – OIF 11g
• Customers using OpenSSO federation features may migrate to OIF 11g• SAML / WS-Federation / Liberty ID-FF
• OpenSSO Fedlet (certified, bundled with OIF 11g)
• Certain features are out of scope for OIF• Liberty ID-WSF, SIS
• Migration utilities for standards-based flows• Standard metadata import/export
• Custom processing will have to be re-implemented
• Some manual steps may be required for metadata and trust
21 Copyright © 2010, Oracle. All rights reserved
Business Landscape and Positioning
20102005
Oracle’s IdM Business Momentum
• License Revenue
• No. of Products
• No. of Customers
• Developers & PM.
• NA Consultants
• SI Partners
3
< 250
< 60
< 5
< 5
> 1,300% growth
18
> 6,000
> 500
>100
> 70
Oracle Confidential – Do Not DistributeOracle Confidential – Do Not Distribute
Business Summary
Oracle Confidential – Do Not DistributeOracle Confidential – Do Not Distribute
Case Study – ExelonOIM for Enterprise Provisioning & Identity Administration
• NERC (North American Electric Reliability Corporation) regulations were expanded in January 2010 due to homeland security initiatives
• The new regulations resulted in additional reporting and compliance requirements for energy providers, particularly those generating nuclear power
Oracle Solution
• Oracle Identity Manager for 22,000 users and Oracle Identity Analytics chosen over CA and Courion
•Deploying in Sun Solaris Environment
• Accenture aligned with Oracle to recommend us over CA
Business Challenges
• OIM will allow employees to reduce application access time from 15 days to less than 4 hours
• Reduced administrative costs through user self service
• Automated the certification process, which will significantly reduce time and money spent on this quarterly activity
Return On Investment
Oracle Confidential – For Internal Use Only
Case Study – American ExpressOIA for Compliance, Attestation, & Identity Governance
• Manual certifications and multiple orphaned accounts
• Needed a central repository for who-has/had what access
• Business struggles with cryptic names for entitlements
Oracle Solution
• Oracle Identity Analytics with 200K users, 5M accounts, 24M entitlements and 6.5M glossary definitions
• Defined user access certifications across 1400 applications
• Automated closed loop remediation by integrating with provisioning
Business Challenges
• Removed 500K orphaned accounts
• Automated 13,000 access certifications
• Successfully certified transfers to ensure proper access
• Eliminated the disconnect between business and IT in regards to glossary definitions
Return On Investment
Oracle Confidential – For Internal Use Only
Oracle Confidential – For Internal Use Only
•Subscription Sun Identity Manager Licensee
•License term can run through, but not possible to renew after that putting their future project plans at risk
•Lockheed is using a non-strategic technology (Sun Identity Manager)
Oracle Solution
•Oracle Identity Manager Perpetual Use License
•Cancel Sun Subscription License
•Provide 24 months of right to use both Sun and Oracle during the technical migration process
Business Challenges
•Lockheed is now on the path to migrate to the strategic technology and can plan to do so in a non-rushed fashion
Return On Investment
Case Study – Lockheed MartinSun Subscription to Oracle Migration
IdM Competitive Summary: Suites
Identity
Administration
Directory
Services
Suite Breadth
Access Mgmt
& Entitlements
Audit &
Compliance
Fraud Prev. &
Strong Authn
Full IdM Comp Intell at http://my.oracle.com/compete and http://idm.us.oracle.com Oracle Confidential – For Internal Use Only
Competing with IBM
Positioning Against IBM• Product and Deployment Complexity
• Complex licensing model
• Competitive displacements, especially for TIM/TAM. Use strong Oracle References.
• Audit and Compliance capabilities; Sophistication in role management, GRC/SoD integration
• Support for Fine-grained Authorization and Entitlements
• Depth and Breadth of IdM integration with Oracle Ebusiness Suite, PeopleSoft, Siebel and SAP
What to Expect from IBM• A lot of FUD around Sun.
• Solutions-based sales model, i.e., IBM Global Services will bundle HW, SW, and professional/managed services
• IBM claims they are the market leader for web access management
• Will highlight their strong integration between Provisioning and SIEM (Security Information and Event Management).
• Strategic relationships at the CXO levels
In Depth IBM Comp Intell - http://my.oracle.com/portal/page/myo/compete/master_ci/ibm_tivoli Oracle Confidential – For Internal Use Only
A new breed of competition
• Most visible OIA Competitor
• They message around ease of use, simplicity, and cost effectiveness
• We need to message around completeness of stack, deep investment in this space, tight integration with OIM, and ability to do complex role management and rule lifecycle management
• Question their product’s ability to scale
• Click SailPoint logo for more detailed comp intell and positioning points
• Directory Services Competitor
• They message around next generation IdM infrastructure and ability to scale
• We need to message around completeness of stack including the top directory services platform used in numerous highly distributed, scaled, and mission critical instances
• Question their company’s ability to scale to support large customer deployments
• Commercial support for former “Sun” Open Source
• They message around the virtues of Open Source technology and their ability to enhance and support the products
• We need to message around the best parts of Sun IdM merging with Oracle IdM to deliver the leading next generation IdM technologies
• Clarify that Oracle is supporting commercial licensees of OpenSSO and offers license and technical migrations to Oracle
• Question their ability to support all of the technologies they are taking on
Oracle Confidential – For Internal Use Only
Q&A