HP Automates Infrastructure Outsourcing Provisioning Processes with Oracle

  • Slides: 18
Download presentation
HP Automates Infrastructure Outsourcing Provisioning Processes with Oracle Identity Manager Doug Young - CISSP

HP Automates Infrastructure Outsourcing Provisioning Processes with Oracle Identity Manager Doug Young - CISSP Lead Architect, HP October 14, 2009 © 2008 Hewlett-Packard Development Company, L. P. The information contained herein is subject to change without notice.

Unleash your full potential with HP and Oracle • Converge your infrastructure • Modernize

Unleash your full potential with HP and Oracle • Converge your infrastructure • Modernize your environment • Increase efficiency

Agenda: • Overview • HP view of security and its role in the business

Agenda: • Overview • HP view of security and its role in the business • The challenge of Identity Management • Oracle Identity Manager delivers process automation • The challenges of scale in an outsourced environment • Business drivers • Approach to solve issues of scale • Technical Solution Overview • PLACEHOLDER – Future Phases • Q & A and wrap-up

The Identity Challenge IT Admins Employees Directories Meta-Directories Virtual Directories Applications Messaging Databases Remote

The Identity Challenge IT Admins Employees Directories Meta-Directories Virtual Directories Applications Messaging Databases Remote Employees Partners Non Digital Facilities Equipment Entry Control Suppliers Web Servers Portal Java App Customers Business Services • User productivity • IT constraining business • Runaway administrative and help desk costs • Vulnerability of assets • Slow response to change and growth • Regulatory exposure • Islands of security and management

Identity and Access Management Components IT Admins Remote Employees Partners Identity Management & Compliance

Identity and Access Management Components IT Admins Remote Employees Partners Identity Management & Compliance Support Registration Creation Provisioning Synchronization Policy Roles Entitlement Termination Privilege & Maintenance Management Suppliers Customers Access Management Credential Management Authentication Process Authorization PKI & EKM Federation Tokens Single Sign- On Biometrics Audit and Reporting Directories Meta-Directories Virtual Directories Applications, Messaging Databases Non Digital Facilities Equipment Entry Control Web Services Web Servers Business Services Portal Java App Custom An organization’s strategy for governing who authorized users are and management of their entitlements, privileges and access rights A process, not a product A mission challenge, not just an IT issue

IAM Environments & Solutions IN THE CLOUD Managed Services • Subscription Models • As-a-Service

IAM Environments & Solutions IN THE CLOUD Managed Services • Subscription Models • As-a-Service models TO THE CLOUD Customer Dedicated Solutions: • Managed • Hosted • Turnkey • Multiinstance / tenant • Hosted 3/12/2021 Leveraged Solutions: • Consulting • Managed 6 FROM THE CLOUD

Provisioning in a globally shared environment HP GLOBAL UNIQUE ID SERVICE CLIENT A USER

Provisioning in a globally shared environment HP GLOBAL UNIQUE ID SERVICE CLIENT A USER ADMINISTRATION PROCESSES CLIENT B HP SECURITY ADMINISTRATORS CLIENT C HP MANAGED CLIENT INFRASTRUCTURE ACCOUNT BASED USER ADMIN. PROCESSES CLIENT D CLIENT E 7 3/12/2021 • 54 Million unique identity credentials • 1000 + distinct customers • Multiple global delivery hubs with mix of custom and standardized delivery tools and models • Disparate policies and process flows • User Administration processes often shared with 3 rd party ITO providers

Business Drivers & Benefits Investment Benefits Productivity Improvements Complex workflow integration & automation •

Business Drivers & Benefits Investment Benefits Productivity Improvements Complex workflow integration & automation • Lower TCO SLA Improvement • Productivity gains • Process efficiencies & improvements • Improved time-toprovision • Ability to handle complex workflows Compliance Management & Reporting Process Efficiencies & Uniformity • Significantly improved audit response times • Increased accountability for privileged users • Foundational platform for Identity -as-a-Service

Identity provisioning Automation Challenges

Identity provisioning Automation Challenges

Delivery Model Challenges Client 1 Multi. Tenant Multi. Instance • Duplicate User Names •

Delivery Model Challenges Client 1 Multi. Tenant Multi. Instance • Duplicate User Names • Schema Extensions • Support & Reconciliation Logistics • Scalability • Software versioning • Cost • System Administration & help desk functionality • Cross instance reporting Client 4 Multi. Tenant Service Client 2 Client 3 Multi. Instance Service Clien t 3 Multi. Instance Service

Technical deployment challenges • Change Management Connectivity • Protection of Data-intransit Client specific approval

Technical deployment challenges • Change Management Connectivity • Protection of Data-intransit Client specific approval requirements • • • Initial load of customersconnecting existing accounts to new OIM profiles • Provisioning one HP employee to multiple accounts Physical Scale • Standardization & Repeatability • Infrastructure Globalization • Mapping multiple target accounts to one OIM account Manager Resource Owner Group based Multi-level • Mixed Mode Authentication: Two-factor based authentication for administrative access, standard authentication for end users

Oracle Identity Manager Technical Solution Overview © 2008 Hewlett-Packard Development Company, L. P. The

Oracle Identity Manager Technical Solution Overview © 2008 Hewlett-Packard Development Company, L. P. The information contained herein is subject to change without notice.

Solution Scope Advanced User Management: • Employee • External • Customer Windows AD Exchange

Solution Scope Advanced User Management: • Employee • External • Customer Windows AD Exchange User Self-Service Local Windows Role Management Group Provisioning Manager Initiated Workflow – Approve / Reject File Feed Service Request Portal Attestation Oracle Identity Manager ied Reconciliation n De Compliance Support & Enterprise SOD Strong Authentication Reporting Workflow System Integration Project Foundation Global Identifier Access Management: • SSO • Federation Add-on Options

Architectural View Customer 1 Customer 2 Customer 1 Web Server Tier Application Server Tier

Architectural View Customer 1 Customer 2 Customer 1 Web Server Tier Application Server Tier Customer 2 Customer 1 Customer 2 DB Tier

Managing Security & Privacy Concerns • Database Server • All Server Hardware • VM

Managing Security & Privacy Concerns • Database Server • All Server Hardware • VM Ware Host (ESX) • Networks • Website • OIM Software Instance • Database Instance Dedicated • Load Balancer Shared • SAN • • Privacy of system and data Trans-border data flow & servicing requirements Regional and country privacy regulations Legal and privacy reviews for each customer instance Privacy Security in a shared environment • Web Server

Future Phases Release Planning Delivery Models Client On. Boarding • Release 1 in pre

Future Phases Release Planning Delivery Models Client On. Boarding • Release 1 in pre -production • Release 2 in Detailed Design • Release 3 in planning • Shared • Dedicated • Turnkey • Integration in to new account start-up processes • Existing clients go-live starts Dec. 2009

While at Oracle Open. World…. • Visit HP in Moscone South, Booth #1301 •

While at Oracle Open. World…. • Visit HP in Moscone South, Booth #1301 • Assess your IT environment – for a chance to win an HP Mini Netbook! − Take the TCO Challenge − Applications Modernization Assessment − Storage and Server Assessment − Adaptive Infrastructure Maturity Model − ERP Optimization Assessment 17 3/12/2021

Technology for better business outcomes

Technology for better business outcomes