|
|
|
|
How to plan to deploy an Oracle Identity management (Planning Oracle Identity management Deployment)
Common Logical deployment models
- A central identity management system- A model serving internal and external user
- A model of providing administrative autonomy for departmental applications
- A model of integrating OIM in a Windows environment
When do you deploy two identity management realms?
- Security isolation: It provides security environment isolation between groups of applications that require isolation among them, such as extranet and internet environment.- Accessibility: Applications are accessible to internal and external users and are served by two identity management infrastructures.
- Data synchronization: Application-required data is synchronized between the two identity management infrastructures.
- Availability: A separate identity management infrastructure is available for internal and external users.
Why do you need to have OID multi-master replication?
Multi-master OID replication provides the following benefits:- No single point of failure: Multiple identical replicas prevent the directory service from becoming a single point of failure for applications In the network.
- Transparent failover: Achieved by front-ending the network of replicas with appropriate load balancers or routing elements that can be configured such that if any Oracle Internet Directory node becomes unavailable, the applications are transparently failed-over to alternative nodes In the network
- Load balnce: Achieved by employing load balancers to distribute application and user access requests among Oracle Internet Directory nodes In the replication network so that no one node is overloaded leading to performance degradation
WWhat security mechanisms should you use to secure your OCA deployment?
The OracleAS Certificate Authority host system should be secured with at least the following mechanisms, such as:- Physical access to the OracleAS Certificate Authority system must be strictly controlled.
- The operating system must be hardened, and user accounts In the system must be limited.
- The repository for OracleAS Certificate Authority must be secured with database securing guidelines.
- Oracle Application Server must be secured.
- Repository database auditing must be turn on.