Mark Wilcox

Subscribe to Mark Wilcox feed
Oracle Blogs
Updated: 10 hours 25 min ago

How To Simplify Your Password Management With Oracle Enterprise Single Sign-On

Thu, 2011-10-13 12:11
We're doing another free webcast - this time on Enterprise Single Sign-On.Click here to registerAddressing Your Password Nightmares with an Enterprise Single Sign-On PlatformWebcast Date: Wednesday, October 19, 2011 Webcast Time: US Pacific 10am PDTSTEP 1: Please complete the registration form below, to take part in the Live Oracle Webcast event. Studies estimate that nearly 25 percent of all help desk calls are related to password resets. The modern enterprise IT environment demands a balance between the intense security required to meet a variety of compliance standards and the need for flexibility and ease-of-use on the part of end-users. Enterprise single sign-on (ESSO) can help strike that balance and protect your business. ESSO built into your identity management platform can offer even more. It can reduce risk, enhance user productivity, cut costs, and provide a long-term solution to password management. Join us for this live complimentary Webcast where industry experts from Oracle will discuss:How to slash your password related help desk costs and improve user experience The benefits of ESSO integrated into an identity management platform Best practices for a successful ESSO deploymentYou’ll also have the opportunity to get answers to your most nagging security questions during the live Q&A.

How To Simplify Your Password Management With Oracle Enterprise Single Sign-On

Thu, 2011-10-13 12:11
We're doing another free webcast - this time on Enterprise Single Sign-On. Click here to register
Addressing Your Password Nightmares with an Enterprise Single Sign-On Platform

Webcast Date: Wednesday, October 19, 2011 
Webcast Time: US Pacific 10am PDT

STEP 1: Please complete the registration form below, to take part in the Live Oracle Webcast event. 

Studies estimate that nearly 25 percent of all help desk calls are related to password resets. The modern enterprise IT environment demands a balance between the intense security required to meet a variety of compliance standards and the need for flexibility and ease-of-use on the part of end-users. 

Enterprise single sign-on (ESSO) can help strike that balance and protect your business. ESSO built into your identity management platform can offer even more. It can reduce risk, enhance user productivity, cut costs, and provide a long-term solution to password management. 

Join us for this live complimentary Webcast where industry experts from Oracle will discuss:
How to slash your password related help desk costs and improve user experience 
The benefits of ESSO integrated into an identity management platform 
Best practices for a successful ESSO deployment
You’ll also have the opportunity to get answers to your most nagging security questions during the live Q&A. 

How To Use Oracle Identity Management To Rescue Delayed IBM Identity Management Deployments

Fri, 2011-09-02 06:35
Oracle Identity Management Webinars

If your organization has a delayed IBM-based identity management deployment this webinar will show reasons why this might be and how Oracle can help.

In particular you will learn how Oracle Identity Management can:

  • Mobilize and complete your identity management project
  • Coexist with or replace your existing IBM identity management point solution
  • Reduce security risk and improve regulatory compliance

Click Here To Register.

How To Use Oracle Identity Management To Rescue Delayed IBM Identity Management Deployments

Fri, 2011-09-02 06:35
Oracle Identity Management Webinars

If your organization has a delayed IBM-based identity management deployment this webinar will show reasons why this might be and how Oracle can help.

In particular you will learn how Oracle Identity Management can:

  • Mobilize and complete your identity management project
  • Coexist with or replace your existing IBM identity management point solution
  • Reduce security risk and improve regulatory compliance

Click Here To Register.

Learn How To Save 48% On Your Access Management Deployment

Fri, 2011-09-02 06:30
Oracle Identity Management Webinar logoWe're hosting an upcoming webinar with the Aberdeen group that will show you research that will show how using an Identity Management platform can save you significant money vs a point-solution based deployment. Click Here to register.

Learn How To Save 48% On Your Access Management Deployment

Fri, 2011-09-02 06:30
Oracle Identity Management Webinar logo We're hosting an upcoming webinar with the Aberdeen group that will show you research that will show how using an Identity Management platform can save you significant money vs a point-solution based deployment. Click Here to register.

Remember Your Password Or You Won't Get Your Donut

Wed, 2011-08-24 04:26
People have trouble remembering complex passwords.Click here to see one organization's ingenious way to get their employees to remember them.Click it or no donut for you.

Remember Your Password Or You Won't Get Your Donut

Wed, 2011-08-24 04:26
People have trouble remembering complex passwords. Click here to see one organization's ingenious way to get their employees to remember them. Click it or no donut for you.

Best Practice For Oracle Virtual Directory (OVD) Backup and Disaster Recovery.

Thu, 2011-08-18 05:03
I'm writing this in response to a question on one of our mailing lists because of the current nature of the Oracle docset (something the doc team is working on) - it's kind of hard to figure out in a concise form.Here are the things to do:
  • Make sure to have 2 or more OVD instances deployed in production. OVD provides tools to keep the configurations in synch between systems
  • If you have an external DR site - then synchronize the OVD configuration to this external site. Note this will assume that hostnames will be same in the DR site as primary. If not - then will require manual tweaking of the names.
  • OVD keeps all of its configuration in files in the $ORACLE_INSTANCE directory. Back this directory up. If you needed to recover - this can be restored. Most likely would need to re-register the instance with OPMN and EM - which is covered in the OVD documentation.

Best Practice For Oracle Virtual Directory (OVD) Backup and Disaster Recovery.

Thu, 2011-08-18 05:03
I'm writing this in response to a question on one of our mailing lists because of the current nature of the Oracle docset (something the doc team is working on) - it's kind of hard to figure out in a concise form. Here are the things to do:
  • Make sure to have 2 or more OVD instances deployed in production. OVD provides tools to keep the configurations in synch between systems
  • If you have an external DR site - then synchronize the OVD configuration to this external site. Note this will assume that hostnames will be same in the DR site as primary. If not - then will require manual tweaking of the names.
  • OVD keeps all of its configuration in files in the $ORACLE_INSTANCE directory. Back this directory up. If you needed to recover - this can be restored. Most likely would need to re-register the instance with OPMN and EM - which is covered in the OVD documentation.

Oracle Unified Directory Webcast Q&A Results Posted

Thu, 2011-07-28 07:10
We have posted the answers to the questions from the Q&A from the OUD introduction webcast.

Moving OVD 11g Test to Production Configurations

Mon, 2011-07-25 03:43
Just back from vacation - during which we launched our new Oracle Unified Directory (OUD). And I'll be spending a lot of time writing about that since it's new product. But here's a useful 11g OVD piece of information. If you need to migrate test to production configurations on 11g OVD and you apply the latest patchset (11.1.1.5 aka Patchset 4) we have new migration scripts that are particularly useful for off-line migrations: For off-line Test-To-Production migration of OVD, customers can use Movement Scripts to:
  1. Create a configuration archive of OVD instance using 'copyConfig' script.
  2. Extract the move plan using 'extractMovePlan' script & edit the move plan appropriately.
  3. Copy the configuration archive & move plan to Production server(s) & execute 'pasteConfig' script.

Introducing Oracle Unified Directory 11g

Fri, 2011-07-15 13:48
=> July 21, 2011 at 10:00am PT / 1:00pm ET / 19:00 CET Enterprises face many choices for managing identity data: to virtualize or not to virtualize, to synchronize data or store data. The choice of directory server means choosing between multiple vendors and compromising between features and performance. Oracle Unified Directory 11g defines a new category in the directory server market. Join us for this launch webcast to learn how Oracle Unified Directory 11g provides scalability and a complete directory server solution. Register by clicking here.

A New OVD Customer Case Study

Wed, 2011-04-13 03:23

The EMEA sales team just published a new case study for Ruhr-Universität Bochum a university in Germany.

They use OVD to provide an LDAP interface to their master identity data which is stored in an Oracle database. This allowed them to avoid needing to synchronize the data to another LDAP - which resulted in faster and more reliable identity services.

Posted via email from Virtual Identity Dialogue

Choosing The Right Directory For The Cloud - Recording of Mark Wilcox Webcast from March 24, 2011

Thu, 2011-03-31 00:14

Last week I delivered a webcast on Choosing the Right Directory For the Cloud and the recording for the event is now live.

Even if you don't really have any interest in directories on the cloud - I encourage you to listen to the Q&A after my short (about 20 minutes) presentation.

Lots of interesting questions - most of which are not directory-centric.

Posted via email from Virtual Identity Dialogue

Making It Easier For Developers To Access LDAP

Tue, 2011-03-29 02:41

One of the reasons why I think LDAP has always had slow adoption by developers is most of their tools provided great abstractions for dealing with databases (like Hibernate, Toplink/JPA, ADF Business Components, etc) while LDAP trailed.

However, at Oracle we do have some great ways to fix this problem.

And not just by trying to make LDAP look like a database.

There are three ways to do this:
1 - You can use OVD's Web Interfaces - either REST (OVD HTTP/Web Gateway) or SOAP (DSML v2)
2 - Oracle Platform Security Services User/Role API
3 - Oracle Platform Security Services Identity Governance Framework ArisID

Posted via email from Virtual Identity Dialogue

How To Query OVD, OID, DSEE Using SQL

Tue, 2011-03-29 02:24

One of the perpetual questions in LDAP is "how to query via SQL". I even wrote a post on this 3 years ago.

And while it doesn't occur very often anymore - it popped up again this week. So I suspect there might be others.


First - to be clear - SQL is very different than LDAP. SQL is simply a standardized query language for querying a relational database. Each database has a different protocol - that's why each database must provide its own database driver even for a standard connection API like JDBC (or ODBC or .NET ADO).

Second - if you have access to an Oracle database (even Oracle XE) you can use the DBMS_LDAP PL/SQL API to query an LDAP server. And a very useful trick to perform with that is to create a database view that maps to a DBMS_LDAP call. When you go this route - you can have your PL/SQL expert write one package and then anything that can connect to the view - can use the data without needing to use PL/SQL or LDAP.

Third - If you are using Java - you can use the JDBC-LDAP library. JDBC-LDAP is a JDBC driver we wrote almost a decade ago at OctetString. Because there was so little demand for it - we actually released it as open-source and donated to OpenLDAP. And you can get pre-built binaries here.

Once you have JDBC-LDAP then you can use it similar to any other JDBC driver.

And even do a SQL query - though it has a strong LDAP flavor:

ResultSet rs = stmt.executeQuery("SELECT cn, uniquemember FROM subTreeScope;dc=example,dc=com WHERE objectclass=groupofuniquenames");

This says "retrieve the cn and uniquemember attributes from any groupofuniquenames objects under the dc=example,dc=com branch"

In LDAP terms - the start of the statement lists which attributes you want (this could be * for all attributes), Scope & searchbase is set on FROM and WHERE clause is the LDAP filter.

And here is an example of what the results look like (captured from my output in Netbeans):

run:
Sort by : null
numColumns is 4
uniquemember_0:uid=kvaughan,ou=People,dc=example,dc=com
uniquemember_1:uid=rdaugherty,ou=People,dc=example,dc=com
uniquemember_2:uid=hmiller,ou=People,dc=example,dc=com
cn:Directory Administrators
uniquemember_0:uid=scarter,ou=People,dc=example,dc=com
uniquemember_1:uid=tmorris,ou=People,dc=example,dc=com
uniquemember_2:
cn:Accounting Managers
uniquemember_0:uid=kvaughan,ou=People,dc=example,dc=com
uniquemember_1:uid=cschmith,ou=People,dc=example,dc=com
uniquemember_2:
cn:HR Managers
uniquemember_0:uid=abergin,ou=People,dc=example,dc=com
uniquemember_1:uid=jwalker,ou=People,dc=example,dc=com
uniquemember_2:
cn:QA Managers
uniquemember_0:uid=kwinters,ou=People,dc=example,dc=com
uniquemember_1:uid=trigden,ou=People,dc=example,dc=com
uniquemember_2:
cn:PD Managers
BUILD SUCCESSFUL (total time: 1 second)

Posted via email from Virtual Identity Dialogue

OID Supports 400,000 (Four Hundred Thousand!!) Operations Per Second on 500 Million User Database. AKA OID Eats Facebook Database For Breakfast

Mon, 2011-03-28 08:36

It's funny - in the Internet - we can forget that no matter how popular new technologies are - like Twitter or Facebook that their other less "fashionable" (after a few drinks you might even say "dead" :)) technologies like SMTP, IMAP and of course LDAP that still handle far more social networks than these two systems do.

And we've seen this because in the past year - there has been a number of new opportunities around building new extremely large (e.g. larger than 10 million) directory servers.

Typically this is because companies are either launching new cloud services or consolidating older user databases into standards-based approaches. This isn't just the usual suspects (e.g. telco) either. Insurance agencies, retailers and others who have large customer bases that need to use a directory service for customer-facing portals, messaging, etc all are looking into these types of solutions.

At Oracle both OID and DSEE are strategic options for directory services. We love them both :).

But because OID uses the Oracle RDBMS for its storage - when it comes to these extremely large directories it gives customers some unique capabilities that don't exist with any other directory product.

In particular:

  • ability to scale to extremely large number of entries without needing to split the entry database into multiple instances (called partitions)
  • can leverage Oracle Exadata database machines

And we have put this together into a new whitepaper.

In this white paper we showed how we got OID 11g on an Exadata machine containing 500 million entries (e.g. roughly the size of Facebook's 2010 user population) - were able to get it to 400K operations per second.

And that was only on a Exadata half-rack.

With 10gb Ethernet (as opposed to Infiband).

Meaning -  we're not even close to maxing out the performance here.

Yet we're easily lapping the field and doing it with less management overhead.

Or in other words - if you find you need a new large-scale directory, there really isn't any reason to be looking at any other directory vendor.

Because no other vendor gives you two proven options to scale to these numbers. You can either choose to scale horizontally by data partitioning using DSEE leveraging existing commodity hardware  or you can avoid partitioning by utilizing the power of Oracle RDBMS with OID with or without the unique capabilities of Oracle Exadata.

Posted via email from Virtual Identity Dialogue

OVD-EUS: Questions and Answers About Mapping Database Users, Roles to AD Users and Groups

Thu, 2011-03-24 03:19

More OVD-EUS AD Q&A from sales:

Question: which AD object types are used to store Oracle users and roles in AD
Answer: There are two ways to deploy OVD-EUS. Option 1 - uses OID (or DSEE) to store the EUS metadata, thus the only attribute used in AD is the orclcommon attribute used to store the password hash (assuming using EUS password authentication). Option 2 - The EUS meta-data is stored in a branch explicitly created to store this data and the AD schema is extended to support this.

Question: are any roles added  to AD by default with the schema extension
Answer: No.

Question:  which oracle accounts are typically excluded from integration
Answer: In 10g database you cannot use sysdba users. In 11g any user can be used.

Posted via email from Virtual Identity Dialogue

How To Do Highly Available OVD-EUS

Tue, 2011-03-22 23:21

Got a question from sales on our mailing list that I think is good to have generally available:

My customer is considering using OVD for EUS (against AD) but worries about having one more point of failure (OVD).
Mark Comment - This is covered in our product documentation as well.

Question - What are the failover solutions available?
Answer - It's easy to make OVD highly available. All that is required that you have 2 (or more) OVD instances installed. Then you can synchronize the configuration. I typically prefer to get 1 server configured and then do the synchronize.

  Question - What  are the best practices?
Answer - After you have multiple OVD instances configured - then you can either put OVD behind an existing hardware load-balancer (most common) or if OVD implementation is restricted to just OVD-EUS, can list the specific OVD servers hostname and ports in the database's ldap.ora file. The reason why I put this caveat is that not all applications lets you list multiple connections for fail-over.

Question - Do we have customers working with highly available OVD solution?
Answer - As far as I know, everyone has OVD deployed in a highly available configuration

Posted via email from Virtual Identity Dialogue

Pages