I dentity Management 11g What’s New, Features and Positioning Rohit Gupta
<Insert Picture Here> Identity Management 11g What’s New, Features and Positioning Rohit Gupta VP, Product Management Agenda • Business Drivers • Oracle’s Identity Management Strategy <Insert Picture Here> • Product and Roadmap Update • 11g Components Review • • • • Sun IdM Acquisition Update Recent Customer Successes Competitive Positioning and Objection Handling Summary Oracle Confidential – For Internal Use Only Identity Management Business Drivers Regulatory Compliance Reliable Security B2B Collaboration Operational Efficiencies User Experience Oracle Confidential – For Internal Use Only Identity Management 11g Core Principles ServiceOriented Security Suite Wide Integration Entitlements Centric Hot-Pluggable Oracle Confidential – For Internal Use Only Oracle Identity Management 11g Service-oriented Security • “Identity as a Service”, declarative security framework based on open Java and Web-services Standards • Delivered through OPSS, services include authentication, authorization, encryption, common audit and logging etc. • Comprehensive security for Fusion Middleware & Fusion Applications Oracle Confidential – For Internal Use Only Oracle Identity Management 11g Entitlements-centric Suite Provisioning Role Management Role Mining • Common entitlements model for authorization across the suite Single Sign-On Web Services Security Entitlements Rights Management Attestation Audit Reporting Fraud Management Oracle Confidential – For Internal Use Only SoD Management • Delegated administration policies based on fine-grained entitlements • Risk-based authorization to enable fraud prevention • Exhaustive audit and compliance reporting, based on core entitlements defined and managed centrally Shared Services Based Architecture • Unified Install and Config • Intuitive, dynamic, user interface • Shared Services for: • Password Management • Identity Administration • Single Sign-On • Strong Authentication • Common Policy and Authorization • Common Auditing/Reporting • BPEL-based Workflow Oracle Identity Management 11g Hot Pluggable and Standards-based • Leadership & Innovation • Open-source efforts for Aris ID, OpenAz • Interoperability & Adoption • Enterprise & Internet identity standards like SAML, SPML, XACML, OpenID, Oauth, etc. • Hot-Pluggable • Across full range of Applications, Middleware and Operating Systems Oracle Confidential – For Internal Use Only Supported and planned system configurations: http://idm.us.oracle.com Release Info Certifications Oracle Identity Management Oracle + Sun Combination Identity Administration Access Management* Directory Services Identity Manager Access Manager Adaptive Access Manager Enterprise Single Sign-On Identity Federation Entitlements Server Web Services Manager Directory Server EE Internet Directory Virtual Directory Identity & Access Governance Identity Analytics Oracle Platform Security Services Operational Manageability Management Pack For Identity Management *Includes OpenSSO STS & Fedlet Oracle Identity Management Roadmap Timelines July 2009 H2CY2010 February 2010 11gR1 Initial Sun Release Internet Directory Virtual Directory Identity Federation Web Services Manager Platform Security Services Directory Server EE Identity Analytics Oracle Waveset Oracle OpenSSO CY2011 11gR1+ Identity Manager Access Manager Adaptive Access Manager Authorization Policy Manager Hundred Day Release Directory Server EE Identity Analytics Oracle Waveset Oracle OpenSSO Oracle Confidential – For Internal Use Only 11gR2 All Identity Management products Oracle Identity Manager Provisioning and Identity Administration • Integrated user and role administration Oracle Identity Manager Enterprise Applications • Internet-grade scalability for extranet provisioning • 10x Performance Gain • New Attribute-based Constrained Delegation • Service-Oriented • Flexible integration based on SPML • Extensible workflow based on BPEL Custom Apps GRANT or REVOKE Databases and LDAP Mainframes Oracle Access Manager New Authentication and SSO Applications • Integrated Server and Agent Administration • eCO-Grid, delivering high performance Session Management • SSO Security Zones scoped to individual Application • Inline diagnostics for superior manageability • Support for OSSO Upgrades Data Services Oracle Access Manager Oracle Adaptive Access Manager Fraud Prevention • Integrated Case Management & Fraud Administration Secure Login Oracle Adaptive Access Manager Risk Modeling • OTP Anywhere across Interactive Voice Response, SMS, Email etc. • Universal Risk Snapshots for archival, restoration, forensics and more • AnswerLogic offers KBA in combination with registration, answers and fuzzy logic Challenge or Block Analysis and Forensics Oracle Identity Analytics 11g Compliance and Identity Governance Dashboard Risk & Reports Analytics IT Audit Policy Access Certification • Compliance Control Panel • Extensive Set of Actionable Dashboards & Risk Analytics • Advanced Role Mining and Engineering Oracle Identity Analytics • Cert360 offers complete view of users, roles and entitlements to reviewer for attestation • Rich Identity Warehouse • Optimized for Analysis, Mining, Correlation, Reporting on Identity, Access and Policy Data • Integrated with Oracle Identity Manager 11g and 9.1, and Oracle Waveset Access Manager Identity Warehouse Identity Warehouse Identity Manager Identity Data Sources Enterprise Applications Sun IdM Acquisition Status Review of IdM Acquisition Old Name New Name Sun Directory Server Enterprise Edition Oracle Directory Server Enterprise Edition Sun Role Manager Oracle Identity Analytics Sun Identity Manager Oracle Waveset Sun OpenSSO Enterprise Oracle OpenSSO Strategic Products Continue and Converge Oracle Directory Server Enterprise Edition & Oracle Internet Directory N/A Oracle Identity Manager Oracle Waveset Oracle Access Manager Oracle OpenSSO Oracle Identity Analytics Oracle Role Manager Sun to Oracle Identity Management Migration Paths Oracle Waveset Oracle OpenSSO Oracle OpenSSO (Federation) 18 Oracle Identity Manager 11g Oracle Access Manager 11g Oracle Identity Federation 11g Copyright © 2010, Oracle. All rights reserved Strategic Guidance on OW • Guidance on ways to continue with Oracle Waveset • Where to safely invest, what to avoid, how to prepare • Co-existence Strategy (ahead of Migration) • Support a phased approach to migration • OIM as back-office provisioning automation engine for new (and eventually all) targets • Migration Solution • Oracle to provide migration solution (methodology, automation tools, documentation) to migrate from Oracle Waveset to Oracle Identity Manager • Common Connector Strategy • Leverage connector innovation in current Oracle Waveset deployment 19 Copyright © 2010, Oracle. All rights reserved Strategic Guidance on OpenSSO • Phased approach to minimize impact during the transition to OAM 11g • Agent level compatibility • Manual policy migration • Automations, upgrade utilities projected for OAM 11g • Target migrations from 7.x, 8.0 • Focus on simple use cases – Authentication and SSO • Advanced use cases such as session failover or URL/J2EE policy will be evaluated on a case by case basis 20 Copyright © 2010, Oracle. All rights reserved OpenSSO – OIF 11g • Customers using OpenSSO federation features may migrate to OIF 11g • SAML / WS-Federation / Liberty ID-FF • OpenSSO Fedlet (certified, bundled with OIF 11g) • Certain features are out of scope for OIF • Liberty ID-WSF, SIS • Migration utilities for standards-based flows • Standard metadata import/export • Custom processing will have to be re-implemented • Some manual steps may be required for metadata and trust 21 Copyright © 2010, Oracle. All rights reserved Business Landscape and Positioning Oracle’s IdM Business Momentum 2005 2010 • License Revenue • No. of Products > 1,300% growth 3 18 • No. of Customers < 250 > 6,000 • Developers & PM. < 60 > 500 • NA Consultants <5 >100 • SI Partners <5 > 70 Oracle Confidential – Do Not Distribute Business Summary Oracle Confidential – Do Not Distribute Case Study – Exelon OIM for Enterprise Provisioning & Identity Administration Business Challenges • NERC (North American Electric Reliability Corporation) regulations were expanded in January 2010 due to homeland security initiatives • The new regulations resulted in additional reporting and compliance requirements for energy providers, particularly those generating nuclear power Oracle Solution Return On Investment • Oracle Identity Manager for 22,000 users and Oracle Identity Analytics chosen over CA and Courion • OIM will allow employees to reduce application access time from 15 days to less than 4 hours •Deploying in Sun Solaris Environment • Reduced administrative costs through user self service • Accenture aligned with Oracle to recommend us over CA Oracle Confidential – For Internal Use Only • Automated the certification process, which will significantly reduce time and money spent on this quarterly activity Case Study – American Express OIA for Compliance, Attestation, & Identity Governance Business Challenges • Manual certifications and multiple orphaned accounts • Needed a central repository for who-has/had what access • Business struggles with cryptic names for entitlements Oracle Solution • Oracle Identity Analytics with 200K users, 5M accounts, 24M entitlements and 6.5M glossary definitions • Defined user access certifications across 1400 applications • Automated closed loop remediation by integrating with provisioning Oracle Confidential – For Internal Use Only Return On Investment • Removed 500K orphaned accounts • Automated 13,000 access certifications • Successfully certified transfers to ensure proper access • Eliminated the disconnect between business and IT in regards to glossary definitions Case Study – Lockheed Martin Sun Subscription to Oracle Migration Business Challenges •Subscription Sun Identity Manager Licensee •License term can run through, but not possible to renew after that putting their future project plans at risk •Lockheed is using a non-strategic technology (Sun Identity Manager) Oracle Solution Return On Investment •Oracle Identity Manager Perpetual Use License •Cancel Sun Subscription License •Lockheed is now on the path to migrate to the strategic technology and can plan to do so in a non-rushed fashion •Provide 24 months of right to use both Sun and Oracle during the technical migration process Oracle Confidential – For Internal Use Only IdM Competitive Summary: Suites Suite Breadth Access Mgmt & Entitlements Fraud Prev. & Strong Authn Identity Administration Directory Services Audit & Compliance Full IdM Comp Intell at http://my.oracle.com/compete and http://idm.us.oracle.com Oracle Confidential – For Internal Use Only Competing with IBM Positioning Against IBM What to Expect from IBM • Product and Deployment Complexity • A lot of FUD around Sun. • Complex licensing model • Solutions-based sales model, i.e., IBM Global Services will bundle HW, SW, and professional/managed services • Competitive displacements, especially for TIM/TAM. Use strong Oracle References. • Audit and Compliance capabilities; Sophistication in role management, GRC/SoD integration • Support for Fine-grained Authorization and Entitlements • IBM claims they are the market leader for web access management • Will highlight their strong integration between Provisioning and SIEM (Security Information and Event Management). • Strategic relationships at the CXO levels • Depth and Breadth of IdM integration with Oracle Ebusiness Suite, PeopleSoft, Siebel and SAP In Depth IBM Comp Intell - http://my.oracle.com/portal/page/myo/compete/master_ci/ibm_tivoli Oracle Confidential – For Internal Use Only A new breed of competition • Most visible OIA Competitor • They message around ease of use, simplicity, and cost effectiveness • We need to message around completeness of stack, deep investment in this space, tight integration with OIM, and ability to do complex role management and rule lifecycle management • Question their product’s ability to scale • Click SailPoint logo for more detailed comp intell and positioning points Oracle Confidential – For Internal Use Only • Directory Services Competitor • They message around next generation IdM infrastructure and ability to scale • We need to message around completeness of stack including the top directory services platform used in numerous highly distributed, scaled, and mission critical instances • Question their company’s ability to scale to support large customer deployments • Commercial support for former “Sun” Open Source • They message around the virtues of Open Source technology and their ability to enhance and support the products • We need to message around the best parts of Sun IdM merging with Oracle IdM to deliver the leading next generation IdM technologies • Clarify that Oracle is supporting commercial licensees of OpenSSO and offers license and technical migrations to Oracle • Question their ability to support all of the technologies they are taking on
© Copyright 2024