Friday, June 01, 2012

Oracle Enterprise Manager authentication framework


Oracle Enterprise Manager, which is current version Oracle Enterprise Manager 12C, can used within Oracle dominated IT landscapes for monitoring and maintenance purposes. Oracle Enterprise Manager 12C is the cloud enabled version of the previous versions of Oracle Enterprise Manager. The main goal of Oracle Enterprise Manager is to be the central hub for administrators to monitor and maintain all components within the landscape. This can include the Oracle databases and Oracle applications within the landscape however it can (and commonly will) include components like hypervisors, operating systems and hardware components. This enables you to have a 360 degree view of all components that are part of your infrastructure and will provide you the option to see a full chain of components when pinpointing the root cause of an issue.

Having a central Oracle Enterprise Manager system within your landscape will provides numerous benefits to your IT operations as well as to your business operations. It will however mean that you have one central point linking to all components and all systems will communicate with the centralized Oracle Enterprise Manager installation. Due to this reason it is of vital importance that, when implementing, a good portion of time is dedicated to security questions. To ensure save and encrypted communication and to ensure that users who are allowed access to the application have only access to what is needed for their role can be done via setup. One of the things you will need to consider at the beginning of the implementation of Oracle Enterprise Manager is how your users will be authenticated.

A number of options are available within the Enterprise Manager’s authentication framework. The authentication framework within Oracle Enterprise Manager provides pluggable authentication
Schemes which can be used to handle user Authentication.

Oracle Access Manager (OAM) SSO:  Oracle Access Manager is the Oracle Fusion Middleware single sign-on solution. The underlying identity stores will be the Enterprise Directory Identity Stores being supported by Oracle Access Manager.

Repository-Based Authentication: This is the default authentication option. An Enterprise Manager administrator is also a repository (database) user.

SSO-Based Authentication: The single sign-on based authentication provides strengthened and centralized user identity management across the enterprise. After you have configured Enterprise Manager to use the Oracle Application Server Single Sign-On, you can register any single sign-on user as an Enterprise Manager administrator.

Enterprise User Security Based Authentication: The Enterprise User Security (EUS) option enables you to create and store enterprise users and roles for the Oracle database in an LDAP-compliant directory server.

Oracle Internet Directory (OID) Based Authentication: Oracle Internet Directory is a LDAP v3 compliant directory built on the Oracle database and is fully integrated into Oracle Fusion Middleware and Oracle Applications.

By default the authentication framework will be using the Repository-Based Authentication schema to authenticate users during login. When operating with a rather small team of administrators this can be the best way of working. However, as team sizes grow it is advisable to investigate other options of authentication. My personal rule of thumb is that if the number of users using Oracle Enterprise Manager is more than 25 it is beneficial to look for more centralized solutions.

No comments: