Identity and Access Management Level 200
|
|
- April Greer
- 5 years ago
- Views:
Transcription
1 Identity and Access Management Level 200 Flavio Pereira November
2 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 2
3 Objectives After completing this lesson, you should be able to: Create Instance Principals Write advanced Policies Federate OCI with Oracle Identity Cloud Service (IDCS) Design reference IAM Model for an Enterprise 3
4 IAM Basics Identity and Access Management Service (IAM) enables you to control who can do what in your OCI account IAM service Principals Users/Groups, Instance Principals Authentication done through username/password and API Signing Keys Authorization done by defining specific privileges in Policies and associating them with Principals Policies are comprised of one or more human-readable statements which specify what groups can access what resources and what level of access users in that group have Compartment, a unique OCI feature, can be used to organize and isolate related cloud resources OCI supports both free form tags and defined tags with a schema and secured by policies OCI Audit Service Automatically records calls to OCI services API endpoints as log events 4
5 Instance Principals 5
6 Instance Principals Instance Principals lets instances (and applications) to make API calls against other OCI services removing the need to configure user credentials or a configuration file Current problem Storing API credentials on each instance Credential rotation Audits at instance level are impossible since credentials are same across hosts How does Instance principals solve the problem? Instance Principals gives instances their own identity, instances become a new type of Principal (in addition to OCI IAM users/groups) Dynamic groups allows policy to be defined on instances In the Audit, you will see the instance Id making the API call 6
7 Instance Principals Authentication is at instance level Customers don t do any credential management Authorization is done via Dynamic Groups Dynamic groups allow you to group OCI instances as principal actors, similar to user groups. Policy is set at Dynamic Group level. Membership in the group is determined by a set of criteria called matching rules. Resources that match the rule criteria are members of the dynamic group Services that support Instance Principals - Compute, Block Volume, Networking, Load Balancing, Object Storage 7
8 Step1: create a Dynamic Group that matches a set of instances Possible to exclude specific instances from a Dynamic Group All {instance.compartment.id = '<compartment_ocid>', instance.id!= '<instance1_to_exclude_ocid>', instance.id!= '<instance2_to_exclude_ocid>'} 8
9 Step2: create a Policy dictating what permissions those instances should receive 9
10 Step3: customer deploys code to an instance OCI SDK/CLI is able to make calls to OCI APIs without customer configured credentials cat config [DEFAULT] user=ocid1.user.oc1..aaaaaaaag3635pdkcopjvcvljf7kmo7besxqzeqiry2wzawa4zqk2xkx4z7q fingerprint=93:4f:c0:c3:26:3b:06:9f:c8:17:60:78:23:e1:1c:90 # key_file=/home/opc/.oci/oci_api_key.pem tenancy=ocid1.tenancy.oc1..aaaaaaaaxy6bh46cdnlfpaibasc6dotowv32hc2sbj4ph3ocxtfxhhva2hna region=us-ashburn-1 [opc@webserver1.oci]$ oci os ns get ERROR: The config file at ~/.oci/config is invalid: +Config Errors Key Error Hint key_file missing the full path and filename of the private PEM key file [opc@webserver1.oci]$ [opc@webserver1.oci]$ oci os ns get --auth instance_principal { "data": "intoraclerohit" } Java and Python SDKs and Terraform also support Instance Principal authorization 10
11 How it works? The internal PKI Service issues X.509 certificates for every compute instance These compute instance certificates are signed by our internal CA and contain information about the instance (instance Id, compartment Id, etc) If the OCI SDK/CLI can not find locally configured credentials, it will call the Instance Metadata service and use the provided X.509 certificate to call the Identity Auth Service, getting back a token to use in calling OCI APIs The Auth Service will verify the certificate was issued by us and issue a token with the key information from the certificate Calls made using that token will be authorized against any matching policy (using the new "instances" subject) The PKI Agent, running on the SmartNIC, will refresh the certificate periodically and the SDK, running on the instance, will get a new token from the Auth Service as necessary 11
12 How it works? The certificate is rotated multiple times a day and customers cannot change the frequency You can use this Curl command to query the X.509 certificates, curl [opc@webserver1.oci]$ curl BEGIN CERTIFICATE----- MIIIPjCCBiagAwIBAgIQesV+WyeYgLqUxb4vSgrL/jANBgkqhkiG9w0BAQsFADCB qtfzmhega1uecxnqb3bjlwrldmljzto1ndo1yjo4ntpiotowmjo5yjo4yto4mdpl YTo1MjoxNzo1MjozYjo1ZjowZjpmMzo1MTpkNjo1YzoxZjpmYTozYTo1MTo4OTow ZDpjMTowNTo0MjphOTowYzplMTo4YjEyMDAGA1UEAxMpUEtJU1ZDIElkZW50aXR5 IEludGVybWVkaWF0ZSB1cy1hc2hidXJuLTEwHhcNMTgwNjE1MTc0MjU1WhcNMTgw NjE1MTg0MjU1WjCCAbQxggFSMBwGA1UECxMVb3BjLWNlcnR0eXBlOmluc3RhbmNl MGcGA1UECxNgb3BjLWluc3RhbmNlOm9jaWQxLmluc3RhbmNlLm9jMS5pYWQuYWJ1 d2nsanrrywmymjzzbdy1n3hsbhiznwszagozywjra3i3dm9sd3bndwd6c3nkdjd2 12
13 Competitive analysis Feature Credential distribution Auto rotation Per instance creds Default identity Identity/ instance Instance groups Oracle AWS Azure Instance Principals IAM roles for EC2 Service Principals Yes Yes Yes Yes 1 Yes Yes Yes Yes No 1 No No No No No n/a No Credential Distribution: are credentials distributed to customer instances automatically by the service provider? Auto Rotation: are credentials automatically rotated by the service provider? Per Instance Creds: are credentials scoped to a single instance? Default Identity: does every instance receive credentials by default? Identity/Instance: how many identities can be provisioned by instance? Instance Groups: can identities be provisioned to entire sets of instances or must it be done instance-by-instance? 13
14 Advanced Policies 14
15 Policy Syntax Allow <subject> to <verb> <resource-type> in <location> where <conditions> Verb inspect read use manage Type of access Ability to list resources Includes inspect + ability to get user-specified metadata/actual resource Includes read + ability to work with existing resources (the actions vary by resource type)* Includes all permissions for the resource Aggregate resource-type all-resources database-family instance-family object-family virtual-networkfamily volume-family Individual resource type db-systems, db-nodes, db-homes, databases instances, instance-images, volume-attachments, console-histories buckets, objects vcn, subnet, route-tables, security-lists, dhcpoptions, and many more resources (link) Volumes, volume-attachments, volume-backups * In general, this verb does not include the ability to create or delete that type of resource The IAM Service has no family resource-type, only individual ones; Audit and Load Balancer have individual resources (load-balancer, audit-events) 15
16 Verbs & Permissions When you write a policy giving a group access to a particular verb and resource-type, you're actually giving that group access to one or more predefined permissions Verb Permssions API Operation INSPECT VOLUME_INSPECT READ VOLUME_INSPECT ListVolumes GetVolume Permissions are the atomic units of authorization that control a user's ability to perform operations on resources READ +.. As you go from inspect > read > use > manage, the level of access generally increases, and the permissions granted are cumulative Volumes-family USE VOLUME_UPDATE VOLUME_WRITE Each API operation requires the caller to have access to one or more permissions. E.g., to use ListVolumes or GetVolume, you must have access to a single permission: VOLUME_INSPECT MANAGE USE + VOLUME_CREATE.. CreateVolume VOLUME_DELETE DeleteVolume 16
17 Policy Syntax Allow <subject> to <verb> <resource-type> in <location> where <conditions> Conditions: Syntax for a single condition: variable =!= value 2 variable types: request (relevant to the request itself), and target (relevant to the resource(s) being acted upon in the request) E.g. variable request.operation represents the API operation being requested (e.g. ListUsers); target.group.name represents the name of the group variable name is prefixed accordingly with either request or target followed by a period request.operation request.permission request.user.id request.groups.id target.compartment.id target.compartment.name request.region request.ad The API operation name being requested The underlying permission(s) requested OCID of the requesting user The OCIDs of groups requesting user is in The OCID of the compartment The name of the compartment specified in target.compartment.id The key of the region the request is made in The name of the AD the request is made in Example: Allow group Phoenix-Admins to manage all-resources in tenancy where request.region='phx' 17
18 Policy Syntax Allow <subject> to <verb> <resource-type> in <location> where <conditions> Conditions: Syntax for a single condition: variable =!= value Type String Pattern Types of value (single quotation marks are required around the value) /HR*/ (matches strings that start with "HR") /*HR/ (matches strings that end with "HR") /*HR*/ (matches strings with "HR") Syntax for multiple conditions: any all {<condition>,<condition>,...} 18
19 Advanced Policy Policy for GroupAdmins group to manage any groups with names that start with "A-Users-" Allow group GroupAdmins to manage groups in tenancy where target.group.name = /A-Users-*/ Policy for GroupAdmins group to manage the membership of any group besides the Administrators group: Allow group GroupAdmins to use users in tenancy where target.group.name!= 'Administrators' Policy lets A-Admins create, update, or delete any groups whose names start with "A-", except for the A- Admins group itself Allow group GroupAdmins to manage groups in tenancy where all {target.group.name=/a-*/,target.group.name!='a-admins'} 19
20 Scoping Access with Permissions or API Operations In a policy statement, you can use conditions combined with permissions or API operations to reduce the scope of access granted by a particular verb. Allow a user to manage VCN resources except have the ability to delete a VCN allow group TrainingGroup to manage virtual-network-family in compartment training where request.permission!= 'VCN_DELETE 20
21 Federation 21
22 Best Practices for securing IAM IAM Federation Oracle recommends that you use federation to manage logins into the Console Enterprise administrator needs to set up a federation trust between the on-premises identity provider (IdP) and IAM, in addition to creating mapping between on-premises groups and IAM groups Federation is especially important for enterprises using custom policies for user authentication (for example, multifactor authentication). When using federation, Oracle recommends that you create a federation administrators group that maps to the federated IdP administrator group The federation administrators group will have administrative privileges to manage customer tenancy, while being governed by the same security policies as the federated IdP administrator group In this scenario, it is a good idea to have access to the local tenancy administrator user (that is, member of the default tenancy administrator IAM group), to handle any break-glass type scenarios (for example, inability to access resources through federation) 22
23 Reference IAM model for Enterprises 24
24 Reference IAM Model: Authentication and user management All access by humans go through federation with a customer's corporate identity provider (IdP) to leverage their proven Auth mechanisms (MFA) and management capabilities (password complexity/rotation) Use case Human using console Human using the CLI/SDK Human using a PaaS/SaaS app Code running in OCI that calls OCI native APIs Code running outside OCI that calls OCI APIs "Break-glass" access by a human when federation fails Feature Use SAML2.0 federation between corporate IdP and OCI IAM Create an OCI IAM user with an API signing key Use SAML2.0 federation between corporate IdP and OCI IAM Use Instance Principals Create an OCI IAM "user" with an API signing key. The "user" in this case represents a software agent, not a human Create an OCI IAM user in the default Admins group Set a random Console password of sufficient length/complexity Store this password in a software password manager or physical safe Password is for infrequent use and should not be human memorizable Use once rotate password after every use Monitor via CASB or Audit Service directly Alarm on any use or attempted use of "break-glass" user Outside the "break-glass" scenario, there is no reason to have an OCI IAM user with a Console password 25
25 Compartment A compartment is a collection of related resources (VCN, instances,..) that can be accessed only by groups that have been given permission (by an administrator in your organization) Compartments help you organize and control access to your resources Design considerations: Each resource belongs to a single compartment but resources can be connected/shared across compartments (VCN and its subnets can live in different compartments) A compartment can be deleted after creation or renamed A compartment can have sub compartments that can be up to six levels deep A resource can't be reassigned to a different compartment after creation (exception: Buckets) After creating a compartment, you need to write at least one policy for it, otherwise it cannot be accessed (except by administrators or users who have permission to the tenancy) Sub compartment inherits access permissions from compartments higher up its hierarchy When you create a policy, you need to specify which compartment to attach it to 26
26 Reference IAM Model: Compartments Compartment: NetworkInfra Critical network infrastructure that should be centrally managed by network admins Resources: Security Lists, Internet Gateways, DRGs, the toplevel VCN(s), etc. Compartment: ProdNetwork Production environment that may or may not be centrally managed but is typically under change management Modeled as a separate compartment to easily write policy about who can use (i.e. attach resources to) the network Optionally Databases and Storage may be included here depending on whether they are shared resources or not Resources: Subnets, (Databases), (File Storage) 27
27 Reference IAM Model: Compartments Tenancy Groups NetworkAdmins (John) Groups A-Admins (Tom) ProjectA Allow group NetworkAdmins to MANAGE virtual-networkfamily in compartment NetworkInfra Allow group NetworkAdmins to manage instance-family in compartment NetworkInfra John creates a Network in NetworkInfra compartment John can't terminate, reboot or launch new instances into ProjectA compartment Allow group A-Admins to USE virtual-network-family in compartment NetworkInfra Allow group A-Admins to manage all-resources in compartment ProjectA Tom launches instances in ProjectA using the VCN in NetworkInfra compartment Tom cannot launch instance inside the NetworkInfra compartment The instances Tom launched reside in the VCN from a network topology standpoint but from an access standpoint, they're in the ProjectA compartment, not the NetworkInfra compartment where the VCN is 28
28 Reference IAM Model: Federated Roles Federated Roles is a set of OCI IAM groups that reflect roles within the organization. Federated Roles should be mapped to federated groups in a customer's corporate directory. Group names do not have to match between OCI IAM and the corporate directory but it's easier if they do Group: GlobalAdmins Group: IAMAdmins Group: NetworkAdmins Group: StorageAdmins Group: DBAdmins Group: ComputeAdmins Group: ProjectXYZOperators 29
29 Reference IAM Model: Federated Roles Group: GlobalAdmins Tenancy-level policy: allow group GlobalAdmins to manage all-resources in tenancy Only for enterprises with a notion of root or global admins already, otherwise omit in favor of the more specialized admin groups below Group: IAMAdmins Tenancy-level policy: Note that there is no "family" resource type for IAM, hence the very explicit policy allow group IdentityAdmins to manage compartments in tenancy allow group IdentityAdmins to manage users in tenancy allow group IdentityAdmins to manage groups in tenancy allow group IdentityAdmins to manage dynamic-groups in tenancy allow group IdentityAdmins to manage policies in tenancy allow group IdentityAdmins to manage identity-providers in tenancy allow group IdentityAdmins to manage tenancy in tenancy allow group IdentityAdmins to manage tag-namespaces in tenancy allow group IdentityAdmins to manage tag-definitions in tenancy 30
30 Reference IAM Model: Federated Roles Group: NetworkAdmins Tenancy-level policy: allow group NetworkAdmins to manage virtual-network-family in tenancy allow group NetworkAdmins to manage load-balancers in tenancy allow group NetworkAdmins to manage dns in tenancy Group: StorageAdmins Tenancy-level policy: allow group StorageAdmins to manage object-family in tenancy allow group StorageAdmins to manage volume-family in tenancy allow group StorageAdmins to manage file-systems in tenancy allow group StorageAdmins to manage mount-targets in tenancy allow group StorageAdmins to manage export-sets in tenancy Group: DBAdmins Tenancy-level policy: allow group DBAdmins to manage database-family in tenancy 31
31 Reference IAM Model: Federated Roles Group: ComputeAdmins Tenancy-level policy: allow group ComputeAdmins to manage instance-family in tenancy Group: ProjectXYZOperators Project-level policy: allow group ProjectXYZOperators to manage instance-family in compartment ProjectXYZ allow group ProjectXYZOperators to manage volume-family in compartment ProjectXYZ allow group ProjectXYZOperators to manage database-family in compartment ProjectXYZ Network level policy: allow group ProjectXYZOperators to use virtual-network-family in compartment DevNetwork 32
32 Summary You should now be familiar with the following Using Instance principals for your applications Advanced Policy Syntax Federating OCI with Oracle Identity Cloud Service (IDCS) Reference IAM model 33
33 cloud.oracle.com/iaas cloud.oracle.com/tryit 34
Identity and Access Management Level 100
Identity and Access Management Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More informationVirtual Cloud Network Level 200. Jamal Arif November 2018
Virtual Cloud Network Level 200 Jamal Arif November 2018 Copyright Copyright 2018, Oracle 2018, and/or Oracle its and/or affiliates. its affiliates. All rights All reserved. rights reserved. 1 Safe Harbor
More informationVirtual Cloud Network Best Practices Level 201. Jamal Arif November 2018
Virtual Cloud Network Best Practices Level 201 Jamal Arif November 2018 Copyright Copyright 2018, Oracle 2018, and/or Oracle its and/or affiliates. its affiliates. All rights All reserved. rights reserved.
More informationObject Storage Level 100
Object Storage Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be
More informationDatabase Level 100. Rohit Rahi November Copyright 2018, Oracle and/or its affiliates. All rights reserved.
Database Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationDNS Level 100. Rohit Rahi November Copyright 2018, Oracle and/or its affiliates. All rights reserved.
DNS Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationQuestion: 1 Which three methods can you use to manage Oracle Cloud Infrastructure services? (Choose three.)
Volume: 91 Questions Question: 1 Which three methods can you use to manage Oracle Cloud Infrastructure services? (Choose three.) A. Oracle Cloud Infrastructure Desktop Client B. Oracle Cloud Infrastructure
More informationFile Storage Level 100
File Storage Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be
More informationConnectivity FastConnect Level 200. Jamal Arif November 2018
Connectivity FastConnect Level 200 Jamal Arif November 2018 Copyright Copyright 2018, Oracle 2018, and/or Oracle its and/or affiliates. its affiliates. All rights reserved. All rights reserved. 1 Safe
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationDeploy VPN IPSec Tunnels on Oracle Cloud Infrastructure. White Paper September 2017 Version 1.0
Deploy VPN IPSec Tunnels on Oracle Cloud Infrastructure White Paper September 2017 Version 1.0 Disclaimer The following is intended to outline our general product direction. It is intended for information
More informationAmazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India
(AWS) Overview: AWS is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy various types of application in the cloud.
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationOnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems
OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems April 2017 215-12035_C0 doccomments@netapp.com Table of Contents 3 Contents Before you create ONTAP Cloud systems... 5 Logging in
More informationAWS Security Overview. Bill Shinn Principal Security Solutions Architect
AWS Security Overview Bill Shinn Principal Security Solutions Architect Accelerating Security with AWS AWS Overview / Risk Management / Compliance Overview Identity / Privilege Isolation Roles for EC2
More informationVeritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018
Veritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018 0. Disclaimer The following is intended to outline our general product direction. It is intended for information
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationCloudHealth. AWS and Azure On-Boarding
CloudHealth AWS and Azure On-Boarding Contents 1. Enabling AWS Accounts... 3 1.1 Setup Usage & Billing Reports... 3 1.2 Setting Up a Read-Only IAM Role... 3 1.3 CloudTrail Setup... 5 1.4 Cost and Usage
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationOracle Cloud Infrastructure Virtual Cloud Network Overview and Deployment Guide ORACLE WHITEPAPER JANUARY 2018 VERSION 1.0
Oracle Cloud Infrastructure Virtual Cloud Network Overview and Deployment Guide ORACLE WHITEPAPER JANUARY 2018 VERSION 1.0 Table of Contents Purpose of this Whitepaper 1 Scope & Assumptions 1 Virtual Cloud
More informationGetting Started Guide 6/5/2018
Getting Started Guide 6/5/2018 Copyright 2016, 2018, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions
More informationSecuring Office 365 with Okta
Securing Office 365 with Okta Index Background Terms & Definitions Introduction Office 365 Authentication Methods Securing Federated Office 365 Using Okta Known Email Clients that Support Modern Authentication
More informationGetting started with Oracle Cloud Infrastructure Level 100
Getting started with Oracle Cloud Infrastructure Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationMCR Connections to Oracle Cloud Infrastructure using FastConnect
MCR Oracle via FastConnect (OCI) 1 MCR Oracle via FastConnect (OCI) MCR Connections to Oracle Cloud Infrastructure using FastConnect To connect to FastConnect using MCR, you will need an Oracle Cloud ID
More informationOracle Cloud 1z0-932
Oracle Cloud 1z0-932 Oracle Cloud Infrastructure 2018 Architect Associate Thank You for Downloading 1z0-932 Updated Exam Questions oracle/1z0-932-pdf-exam-dumps Question #:29 Which two parameters are required
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationCloud Computing /AWS Course Content
Cloud Computing /AWS Course Content 1. Amazon VPC What is Amazon VPC? How to Get Started with Amazon VPC Create New VPC Launch an instance (Server) to use this VPC Security in Your VPC Networking in Your
More informationInstalling and Configuring Oracle VM on Oracle Cloud Infrastructure ORACLE WHITE PAPER NOVEMBER 2017
Installing and Configuring Oracle VM on Oracle Cloud Infrastructure ORACLE WHITE PAPER NOVEMBER 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information
More informationTutorial on How to Publish an OCI Image Listing
Tutorial on How to Publish an OCI Image Listing Publish an OCI Image Listing F13637-01 JANUARY 2019 DISCLAIMER The following is intended to outline our general product direction. It is intended for information
More informationAmazon Web Services Training. Training Topics:
Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationoci Documentation Release Oracle
oci Documentation Release 1.3.7 Oracle Sep 11, 2017 Contents 1 Installation 3 1.1 Prerequisites............................................... 3 1.2 Downloading and Installing the SDK..................................
More informationGetting Started Guide 6/1/2017
Getting Started Guide 6/1/2017 Copyright 2016, 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationSailPoint IdentityIQ 6.4
RSA Ready Implementation Guide for Administrative Interoperability Partner Information Last Modified: May 13, 2015 Product Information Partner Name SailPoint Web Site www.sailpoint.com Product Name IdentityIQ
More informationAmazon Web Services (AWS) Training Course Content
Amazon Web Services (AWS) Training Course Content SECTION 1: CLOUD COMPUTING INTRODUCTION History of Cloud Computing Concept of Client Server Computing Distributed Computing and it s Challenges What is
More informationAWS Administration. Suggested Pre-requisites Basic IT Knowledge
Course Description Amazon Web Services Administration (AWS Administration) course starts your Cloud Journey. If you are planning to learn Cloud Computing and Amazon Web Services in particular, then this
More informationWho am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB
@markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Active Directory Domain Services On-premises App Server Validate credentials
More informationOptiSol FinTech Platforms
OptiSol FinTech Platforms Payment Solutions Cloud enabled Web & Mobile Platform for Fund Transfer OPTISOL BUSINESS SOLUTIONS PRIVATE LIMITED #87/4, Arcot Road, Vadapalani, Chennai 600026, Tamil Nadu. India
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationUnderstanding ACS 5.4 Configuration
CHAPTER 2 ACS 5.4 Configuration : This chapter explains the differences in configuration between ACS 3.x and 4.x and ACS 5.4 when you convert the existing 3.x and 4.x configurations to 5.4. This chapter
More informationNotification Template Limitations. Bridge Limitations
Oracle Cloud Known Issues for Oracle Identity Cloud Service Release 18.1.2 E55915-17 February 2018 Notification Template Limitations Note the following limitations with Oracle Identity Cloud Service notification
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More informationVMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1
VMware Workspace ONE Quick Configuration Guide VMware AirWatch 9.1 A P R I L 2 0 1 7 V 2 Revision Table The following table lists revisions to this guide since the April 2017 release Date April 2017 June
More informationDeploying Custom Operating System Images on Oracle Cloud Infrastructure O R A C L E W H I T E P A P E R M A Y
Deploying Custom Operating System Images on Oracle Cloud Infrastructure O R A C L E W H I T E P A P E R M A Y 2 0 1 8 Table of Contents Purpose of This White Paper 3 Scope and Assumptions 3 Access Requirements
More informationMOC 6232A: Implementing a Microsoft SQL Server 2008 Database
MOC 6232A: Implementing a Microsoft SQL Server 2008 Database Course Number: 6232A Course Length: 5 Days Course Overview This course provides students with the knowledge and skills to implement a Microsoft
More informationEdge Device Manager Quick Start Guide. Version R15
Edge Device Manager Quick Start Guide Version R15 Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates
More informationCentrify Identity Services for AWS
F R E Q U E N T L Y A S K E D Q U E S T I O N S Centrify Identity Services for AWS Service Description and Capabilities What is included with Centrify Identity Services for AWS? Centrify Identity Services
More informationAWS Remote Access VPC Bundle
AWS Remote Access VPC Bundle Deployment Guide Last updated: April 11, 2017 Aviatrix Systems, Inc. 411 High Street Palo Alto CA 94301 USA http://www.aviatrix.com Tel: +1 844.262.3100 Page 1 of 12 TABLE
More informationIAM Recommended Practices
IAM Recommended Practices Tom Maddox Manager, Solution Architecture 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved What to expect from this session We will look at: Best practices
More informationvrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4
vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4 vrealize Operations Manager Customization and Administration Guide You can find the most up-to-date technical
More informationInstalling and Configuring Oracle VM on Oracle Cloud Infrastructure O R A C L E W H I T E P A P E R D E C E M B E R
Installing and Configuring Oracle VM on Oracle Cloud Infrastructure O R A C L E W H I T E P A P E R D E C E M B E R 2 0 1 7 Disclaimer The following is intended to outline our general product direction.
More informationMozy. Administrator Guide
Mozy Administrator Guide Preface 2017 Mozy, Inc. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished under a license
More informationAutonomous Database Level 100
Autonomous Database Level 100 Sanjay Narvekar December 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationSecuring Microservices Containerized Security in AWS
Securing Microservices Containerized Security in AWS Mike Gillespie, Solutions Architect, Amazon Web Services Splitting Monoliths Ten Years Ago Splitting Monoliths Ten Years Ago XML & SOAP Splitting Monoliths
More informationExam : Implementing a Cloud Based Infrastructure
Exam 70-414: Implementing a Cloud Based Infrastructure Course Overview This course teaches students about creating the virtualization infrastructure, planning and deploying virtual machines, monitoring,
More informationOracle 1Z Oracle Cloud Solutions Infrastructure Architect Associate.
Oracle 1Z0-932 Oracle Cloud Solutions Infrastructure Architect Associate https://killexams.com/pass4sure/exam-detail/1z0-932 QUESTION: 76 Which two resources are available by default when your Oracle Cloud
More informationUser Guide. Version R94. English
AuthAnvil User Guide Version R94 English March 8, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated
More informationLab 5: Working with REST APIs
Lab 5: Working with REST APIs Oracle's Autonomous Transaction Processing cloud service provides all of the performance of the market-leading Oracle Database in an environment that is tuned and optimized
More informationvshield Administration Guide
vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationIntroduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
Oracle Access Manager Configuration Guide for On-Premises Version 17 October 2017 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing
More informationSecurity Camp 2016 Cloud Security. August 18, 2016
Security Camp 2016 Cloud Security What I ll be discussing Cloud Security Topics Cloud overview The VPC and structures Cloud Access Methods Who owns your data? Cover your Cloud trail? Protection approaches
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationO365 Solutions. Three Phase Approach. Page 1 34
O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationOverview of AWS Security - Database Services
Overview of AWS Security - Database Services June 2016 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) 2016, Amazon Web Services, Inc. or its affiliates. All rights
More informationAdministering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1
Administering Workspace ONE in VMware Identity Manager Services with AirWatch VMware AirWatch 9.1.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More information5 OAuth EssEntiAls for APi AccEss control layer7.com
5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the
More informationBest Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate
White Paper PlateSpin Transformation Manager PlateSpin Migrate Best Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate Updated for PlateSpin Transformation Manager 1.1 and PlateSpin
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationSignalFx Platform: Security and Compliance MARZENA FULLER. Chief Security Officer
SignalFx Platform: Security and Compliance MARZENA FULLER Chief Security Officer SignalFx Platform: Security and Compliance INTRODUCTION COMPLIANCE PROGRAM GENERAL DATA PROTECTION DATA SECURITY Data types
More informationUser Guide. Version R92. English
AuthAnvil User Guide Version R92 English October 9, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
More informationVMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2
VMware Identity Manager Administration MAY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationWhat is Cloud Computing? What are the Private and Public Clouds? What are IaaS, PaaS, and SaaS? What is the Amazon Web Services (AWS)?
What is Cloud Computing? What are the Private and Public Clouds? What are IaaS, PaaS, and SaaS? What is the Amazon Web Services (AWS)? What is Amazon Machine Image (AMI)? Amazon Elastic Compute Cloud (EC2)?
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationApril Understanding Federated Single Sign-On (SSO) Process
April 2013 Understanding Federated Single Sign-On (SSO) Process Understanding Federated Single Sign-On Process (SSO) Disclaimer The following is intended to outline our general product direction. It is
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationUsing AWS Data Migration Service with RDS
Using AWS Data Migration Service with RDS INTRODUCTION AWS s Database Migration Service (DMS) is a managed service to help migrate existing data and replicate changes from on-premise databases to AWS s
More informationAbout This Document 3. Overview 3. System Requirements 3. Installation & Setup 4
About This Document 3 Overview 3 System Requirements 3 Installation & Setup 4 Step By Step Instructions 5 1. Login to Admin Console 6 2. Show Node Structure 7 3. Create SSO Node 8 4. Create SAML IdP 10
More informationNetwork Security & Access Control in AWS
Network Security & Access Control in AWS Ian Massingham, Technical Evangelist @IanMmmm 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Account Security Day One Governance Account
More informationStreamSets Control Hub Installation Guide
StreamSets Control Hub Installation Guide Version 3.2.1 2018, StreamSets, Inc. All rights reserved. Table of Contents 2 Table of Contents Chapter 1: What's New...1 What's New in 3.2.1... 2 What's New in
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationSAP IoT Application Enablement Best Practices Authorization Guide
SAP IoT Application Enablement Best Practices Authorization Guide TABLE OF CONTENTS 1 INITIAL TENANT SETUP... 3 1.1 Configure Trust... 3 1.1.1 Technical Background... 6 1.2 Establish Trust... 6 1.3 Set
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationVision deliver a fast, easy to deploy and operate, economical solution that can provide high availability solution for exchange server
Exchange server 2010 Interview Questions High Availability Filed under: Exchange Server 2010 exchange2k10 @ 5:04 pm 1. What are the vision and Goals of Exchange Server 2010 high availability? Vision deliver
More informationHow to Architect and Implement Devops on ExaCS
How to Architect and Implement Devops on ExaCS TIP4120 Jeffrey T. Wright Sr. Principal Product Manager Database Cloud Services, Exadata October 25, 2018 Agenda Architecture block diagram System credentials
More informationOracle Policy Automation The modern enterprise advice platform
Oracle Policy Automation The modern enterprise advice platform Release features and benefits (November 2017) v1.01 Program agenda 1 2 3 Overview of Oracle Policy Automation New features in release For
More informationHySecure Quick Start Guide. HySecure 5.0
HySecure Quick Start Guide HySecure 5.0 Last Updated: 25 May 2017 2012-2017 Propalms Technologies Private Limited. All rights reserved. The information contained in this document represents the current
More informationWho am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB
@markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Under the hood: Multiple backend services and hybrid components Hybrid Components
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationSetup Guide for AD FS 3.0 on the Apprenda Platform
Setup Guide for AD FS 3.0 on the Apprenda Platform Last Updated for Apprenda 6.5.2 The Apprenda Platform leverages Active Directory Federation Services (AD FS) to support identity federation. AD FS and
More informationGuide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE
Guide to Deploying VMware Workspace ONE with VMware Identity Manager SEP 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationSetting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1
Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1 Setting Up Resources in VMware Identity Manager (On Premises) You can find the most up-to-date
More informationCloud Access Manager Configuration Guide
Cloud Access Manager 8.1.3 Configuration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More information