Enterprise User Security



Similar documents
Centralized Oracle Database Authentication and Authorization in a Directory

Oracle Net Service Name Resolution

Digicomp Microsoft Evolution Day MIM 2016 Oliver Ryf. Partner:

Oracle Fusion Middleware 11gR2: Forms, and Reports ( ) Certification with SUSE Linux Enterprise Server 11 SP2 (GM) x86_64

Informatica Corporation Proactive Monitoring for PowerCenter Operations Version 3.0 Release Notes May 2014

Schöll MOC Installing and Configuring Windows Server 2012

J2EE-Application Server

Oracle Managed File Getting Started - Transfer FTP Server to File Table of Contents

Oracle E-Business Suite (R12) Integration with OID/OAM 11g

FileNet Business Activity Monitor (BAM) Release Notes

Open Text Social Media. Actual Status, Strategy and Roadmap

Oracle E-Business Suite Single Sign On Using Oracle Access Manager

Microsoft Nano Server «Tuva» Rinon Belegu

ORACLE DATABASE: ADMINISTRATION WORKSHOP I

Installation Sophos Virenscanner auf Friedolins Linux Servern

IGEL Universal Management. Installation Guide

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on Oracle WebLogic Server

Oracle Fusion Middleware 11g Release 1 IDM Suite

Robert Honeyman Honeyman IT Consulting.

Securing Data in Oracle Database 12c

Oracle vs. SQL Server. Simon Pane & Steve Recsky First4 Database Partners Inc. September 20, 2012

Oracle Communications WebRTC Session Controller: Basic Admin. Student Guide

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

What s New with Oracle Database 12c on Windows On-Premises and in the Cloud

Oracle Database Cloud Services OGh DBA & Middleware Day

Herausforderungen des SAM Ist doch eigentlich ganz einfach

Bacula Enterprise Edition

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.2 Web Applications Deployed on BEA WebLogic Server 9.2

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

Design and Implement a Self- Service Enabled Private Cloud with Oracle Enterprise Manager 12c

Implementing a Weblogic Architecture with High Availability

Oracle Database 11g: Administration Workshop I Release 2

It should be noted that the installer will delete any existing partitions on your disk in order to install the software required to use BLËSK.

Oracle Database Cloud Service Lösungen und Strategien. Paul Wehner, Senior Director Sales Consulting, Oracle Frankfurt

Access Management Analysis of some available solutions

Objectif. Participant. Prérequis. Pédagogie. Oracle Database 11g - Administration Workshop I Release 2. 5 Jours [35 Heures]

PASS Deutschland e.v. Regionalgruppe Köln/Bonn/Düsseldorf

Oracle Database 11g: Administration Workshop I Release 2

Kony MobileFabric. Sync Windows Installation Manual - WebSphere. On-Premises. Release 6.5. Document Relevance and Accuracy

CA Identity Manager. Installation Guide (WebLogic) r12.5 SP8

XML-Wirtschaftsforum 2006 Portale. Enterprise Content Management mit IBM Mitarbeiterportalen. Matthias Zastrow

Copyright

CA Asset Portfolio Management

MySQL Strategy. Morten Andersen, MySQL Enterprise Sales. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

<Insert Picture Here> Oracle Database Vault

.OR.AT.ATTORNEY.AUCTION.BARGAINS.BAYERN.BERLIN.BLACKFRIDAY.BOUTIQUE.BRUSSELS.BUILDERS

KonyOne Server Installer - Linux Release Notes

Managing User Accounts

INTRODUCTION TO CLOUD MANAGEMENT

An Oracle White Paper September Oracle WebLogic Server 12c on Microsoft Windows Azure

Configuring Microsoft Active Directory for Oracle Net Naming. An Oracle White Paper April 2014

Oracle Business Intelligence 10g Installation, Configuration And EUL Migration

Release Bulletin EDI Products 5.2

System Requirements. SAS Profitability Management Deployment

System requirements. Java SE Runtime Environment(JRE) 7 (32bit) Java SE Runtime Environment(JRE) 6 (64bit) Java SE Runtime Environment(JRE) 7 (64bit)

Entwicklung von Integrationslösungen aus einem Guss mit AIA Foundation Pack 11g

Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract

OBIEE 11g Scaleout & Clustering

Oracle EXAM - 1Z Oracle Weblogic Server 11g: System Administration I. Buy Full Product.

CA Workload Automation Agent for Databases

<Insert Picture Here> PeopleTools Security, What's New in PeopleTools 8.50

Installation Guide 11g Release 1 ( )

Configuring and Managing a Private Cloud with Enterprise Manager 12c

TÜRKIYE. Course Schedule. February June Oracle University Turkey Telephone:

i2b2 Installation Guide

Implement & Manage IaaS and Self Service Portal with Enterprise Manager 12c

WebLogic Server Administration

Oracle Retail Store Inventory Management Installation Guide Release 15.0 E

Md. Tanweer Qasim Mohnavi Oracle APPs DBA

Configuring Load Balancing. Oracle Applications Release 10.7 NCA Windows NT Edition. Gary Burch. April 15, 1998

ZeroTurnaround License Server User Manual 1.4.0

Configuring Microsoft Active Directory 2003 for Net Naming. An Oracle White Paper September 2008

Think Outside the Data Center: Monitoring Retail and Cloud Locations CON Oracle OpenWorld 2015

Update to V10. Automic Support: Best Practices Josef Scharl. Please ask your questions here Event code 6262

Procase Consulting. APEX 4.1 Introduction. Oleg Mochkin

How to resolve Root Certificate Expiry Issue for Enterprise Manager - Database Control ( )


Die Versant-DB ist ein wesentlicher Bestandteil von CADISON.

Oracle Fusion Middleware

WebLogic Server - OGG Domain under Windows7 Startup and Shutdown Admin Server and Managed Servers

Document Exchange Server 2.5

System Requirements. SAS Profitability Management 2.2. Deployment

Monitoring Oracle Enterprise Performance Management System Release Deployments from Oracle Enterprise Manager 12c

Discoverer 11g for Oracle ebusiness Suite Partnering for Sucess

Fuse ESB Enterprise Installation Guide

Oracle Call Center Applications Setup

Learn Oracle WebLogic Server 12c Administration For Middleware Administrators

These requirements led to several challenges in deploying identity related applications within the enterprise:

Tech Titans: Lock it down, securing your Costpoint 7 deployments. Drew Roman, IT Solutions Director WJ Technologies L.L.C. GC-518

Oracle Reference Architecture and Oracle Cloud

Oracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010

Managing User Accounts

How to Scale out SharePoint Server 2007 from a single server farm to a 3 server farm with Microsoft Network Load Balancing on the Web servers.

ORACLE DATABASE 11G: COMPLETE

JD Edwards EnterpriseOne 9.1 Clustering Best Practices with Oracle WebLogic Server

Administering User Security

Introduction to Mobile Access Gateway Installation

Transcription:

Enterprise Security Eine Einführung DOAG Regionaltreffen München 18. September 2014

Agenda o Vorstellung o Benutzerverwaltung Problemstellung o Lösung: Enterprise Security o Implementierung o Use-Cases n Schema Mapping n Enterprise Roles n Proxy Permissions 2

Wer bin ich? o 10 Jahre Oracle Datenbank Erfahrung o Seit 6 Jahren unabhängiger Oracle Consultant in D/ A/CH o Spezialisierung auf: n Performance Management (Instance / SQL) n Hochverfügbarkeit (MAA, RAC, DataGuard) n Manageability (OEM) n Unix (Linux, Solaris, HP-UX) o Oracle Certified Master 10g & 11g o Website & Blog: ora-solutions.net 3

Benutzerverwaltung - Problemstellung o dutzende DB Accounts lokal in einer Vielzahl von verschiedenen Datenbanken mit möglicherweise unterschiedlichen Passworten o Password Policy (Expiry) erzwingt regelmäßige Passwort-Änderung in allen Datenbanken o Entfernung von Benutzer-Accounts bei Verlassen des Unternehmens o hoher Administrationsaufwand o Oracles Lösung für diese Problemstellung: Enterprise Security 4

- Einführung o Teil von Oracle Database Enterprise Edition o Authentifizierung nicht gegenüber SYS.USER$ Tabelle, sondern gegenüber Directory o Directory Services Plus License (min 2000 á 12 USD) o Benötigt spezielles Directory (lizenzpflichtig) n n n Oracle Virtual Directory (OVD) -> 3rd Party Backend/AD Oracle Internet Directory (OID) -> 3rd Party Backend/AD Oracle Unified Directory () /Password Query Info Query Data Authenticated Return Info 5

Begriffe o Komponenten: n In Datenbank: ( GLOBAL ) o o Global : CREATE USER <username> IDENTIFIED EXTERNALLY; Global Role: CREATE ROLE <role> IDENTIFIED EXTERNALLY; n In : ( ENTERPRISE ) o o o o Enterprise Domain (Container für DBs) Enterprise s ( -Eintrag) Enterprise Roles (Mapping zw. Enterprise s und Global Roles) Proxy Permissions (Mapping zw. Enterprise s und Proxy s) 6

Implementierung OVD o Installation Directory (z.b. ODSEE) o Installation Oracle Weblogic 10.3.6 o Installation Oracle Identity Management 11.1.1.2.0 o Upgrade auf Oracle Identity Management 11.1.1.7.0 o o o o o o Configuration Oracle Virtual Directory Create Suffix OracleContext / Schema Configuration Configure ldap.ora DBCA: Register Database Configure Schema Mapping, Enterprise Roles, Proxy Permissions 7

Implementierung o Installation JDK 1.7 o Installation 11.1.2.2.0 o Installation Oracle Weblogic 10.3.6 o Installation Oracle 11.1.1.7.0 o o o o o o Configure ODSM mit für Configure anlegen Configure ldap.ora DBCA: Register Database Configure Schema Mapping, Enterprise Roles, Proxy Permissions 8

Implementierung Download Files: jdk-7u55-linux-x64.tar.gz ofm_oud_generic_11.1.2.2.0_disk1_1of1.zip wls1036_generic.jar ofm_appdev_generic_11.1.1.7.0_disk1_1of1.zip 9

Implementierung : (JDK Installiert nach /u01/app/jdk)./runinstaller -jreloc /u01/app/jdk/jre Conf 10

Implementierung : Conf 11

Implementierung : Conf 12

Implementierung Weblogic: java -d64 -jar wlsversion_generic.jar Conf 13

Implementierung Weblogic: (Custom, De-Select Coherence) Conf 14

Implementierung Weblogic: Conf 15

Implementierung Weblogic: Conf 16

Implementierung :./runinstaller -jreloc $JAVA_HOME/jre Conf 17

Implementierung : Conf 18

Implementierung : Conf 19

Implementierung Configure OSDM with for : [oracle@oud1 Disk1]$ cd /u01/app/oracle/mw/oracle_common/common/bin/ [oracle@oud1 bin]$./config.sh Conf 20

Implementierung Configure OSDM with for : Conf 21

Implementierung Configure OSDM with for : Conf 22

Implementierung Configure OSDM with for : Conf 23

Implementierung Configure OSDM with for : Conf 24

Implementierung Configure OSDM with for : Conf OSDM: https://oud1.intra:7002/odsm/ Admin Server Console: https://oud1.intra:7002/console/ 25

Implementierung Configure : [oracle@oud1 bin]$ export ORACLE_INSTANCE=/u01/app/oracle/mw/Oracle_1 [oracle@oud1 bin]$ export PATH=/u01/app/jdk/jre/bin:$PATH [oracle@oud1 bin]$ cd $ORACLE_INSTANCE [oracle@oud1 Oracle_1]$./oud-setup Conf 26

Implementierung Configure : Conf 27

Implementierung Configure : Conf 28

Implementierung Configure : Conf 29

Implementierung Configure : Conf 30

Implementierung Configure : Conf 31

Implementierung Configure : Conf 32

Implementierung Configure : Conf 33

Implementierung Configure : Conf 34

Implementierung Create s & Groups: https://oud1.intra:7002/odsm/ Conf 35

Implementierung Create s & Groups: Conf 36

Implementierung Create s & Groups: -> Data Browser -> ou=people -> Create Entry Conf 37

Implementierung Create s & Groups: -> Data Browser -> ou=group -> Create Group Entry -> Static Group Conf 38

Implementierung Configuration: ldap.ora DIRECTORY_SERVERS=(oud1.intra:1389:1636) DEFAULT_ADMIN_CONTEXT = "dc=mycompany,dc=com" DIRECTORY_SERVER_TYPE = OID Conf Optional: sqlnet.ora: NAMES.DIRECTORY_PATH= (, TNSNAMES) 39

Implementierung DBCA: register Database in directory (GUI) Conf ACHTUNG: dbca silent funktioniert nicht, wegen Whitespace in cn=directory manager 40

Implementierung DBCA: register Database in directory (GUI) Conf ACHTUNG: dbca silent funktioniert nicht, wegen Whitespace in cn=directory manager 41

Implementierung DBCA: register Database in directory (GUI) Conf ACHTUNG: dbca silent funktioniert nicht, wegen Whitespace in cn=directory manager 42

Implementierung DBCA: register Database in directory (GUI) Conf [oracle@db12oel6 admin]$ tnsping DB12 TNS Ping Utility for Linux: Version 12.1.0.2.0 - Production on 03-SEP-2014 18:16:58 Copyright (c) 1997, 2014, Oracle. All rights reserved. Used parameter files: /u01/app/oracle/product/12.1.0.2/dbhome_1/network/admin/sqlnet.ora Used adapter to resolve the alias Attempting to contact (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db12oel6.intra)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=DB12))) OK (10 msec) 43

Use Cases 3 Use Cases: Conf DBA Accounts: 3 DBAs: TOM / BOB / STEVE Zugriff auf Global GU_DBA Enterprise Role ER_DBA, Global Role GR_DBA Application Admins: 3 APPAdmins: KEVIN / MIKE / ANDREW Zugriff auf Schema APP1 über Proxy- Permission Application Admins: 3 APPAdmins: CARY / SAM / EDDIE Zugriff auf Schema APP2 über Proxy- Permission mittels Group 44

Use Cases Vorbereitung auf Target-Database: Conf CREATE USER GU_DBA IDENTIFIED EXTERNALLY; CREATE USER GU_APP1 IDENTIFIED EXTERNALLY; CREATE USER GU_APP2 IDENTIFIED EXTERNALLY; CREATE ROLE GR_DBA IDENTIFIED EXTERNALLY; GRANT DBA TO GR_DBA; ALTER USER APP1 GRANT CONNECT THROUGH ENTERPRISE USERS; ALTER USER APP2 GRANT CONNECT THROUGH ENTERPRISE USERS; Tracing: alter system set events '28033 trace name context forever, level 9'; 45

Use Cases : Configuration Conf 46

Use Cases : Configuration Conf 47

Use Cases : Configuration Conf 48

Use Cases : Configuration - Target DB Conf 49

Use Cases : Configuration Schema Mapping Conf 50

Use Cases : Configuration Enterprise Role Conf 51

Use Cases : Configuration Proxy Permissions Conf 52

Use Cases : Enterprise Role Conf 53

Use Cases : Proxy-Perms Conf 54

Referenzen o DB Documentation: Oracle Database Enterprise Security Administrator's Guide / http://docs.oracle.com/database/121/dbimi/toc.htm o o Documentation: Fusion Middleware Unified Directory 11g Release 2 (11.1.2.2) http://docs.oracle.com/cd/e49437_01/index.htm Oracle Virtual Directory / Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory 11g Release 1 (11.1.1) http://docs.oracle.com/cd/e28280_01/admin.1111/ e10046/toc.htm 55

Fazit o o o o o interessante Technologie Randprodukt mit wenig Kunden viele Bugs, aber keine Showstopper Oracle Support problematisch (SR älter als 9 Monate), da Team-übergreifend (OVD,, ) keine neuen Features mit 12c, außer Pluggable DB Unterstützung 56

Q & A ora-solutions.net E-Mail: martin.decker@ora-solutions.net Internet: http://www.ora-solutions.net Blog: http://www.ora-solutions.net/web/blog/ 57

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information