Securing an Oracle Private Cloud using Oracle Directory Suite

Similar documents
Oracle Enterprise Manager 12c

Setup Middleware as a Service using EM12c

Configuring and Managing a Private Cloud with Oracle Enterprise Manager

ArcGIS for Server: Administration and Security. Amr Wahba

Securing ArcGIS for Server. David Cordes, Raj Padmanabhan

Oracle Directory Services 11g: Administration

John Heimann Director, Security Product Management Oracle Corporation

Oracle WebLogic Server 12c: Administration I

Table of Contents DevOps Administrators

OpenIAM Identity and Access Manager Technical Architecture Overview

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Microsoft Azure Course Content

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

<Insert Picture Here> Active Directory and Windows Security Integration with Oracle Database

Enterprise Manager Cloud Control 12c Release 4 ( )

Oracle Application Express: Administration 1-2

ArcGIS for Server: Security

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Large-Scale Patch Automation for the Cloud-Generation DBAs

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Securing ArcGIS Services

OEM12c Overview for DBA

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

SAP Security in a Hybrid World. Kiran Kola

Michael Wells Microsoft Specialist, Dell EMC. SQL DBaaS on Microsoft Azure Stack

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

EM 12c: Broadest, Most Complete Range of Enterprise Services

Enterprise Manager Cloud Control 12c Release2 ( ) Installation

Ivanti User Workspace Manager

Primavera Unifier and Enterprise Manager. Supported Versions of Enterprise Manager. Primavera Unifier Metrics Collected for Enterprise Manager

Directory Overview. Cisco Unified Communications Manager System Guide, Release 10.0(1) OL

Why Choose MS Azure?

Oracle Best Practices for Managing Fusion Application: Discovery of Fusion Instance in Enterprise Manager Cloud Control 12c

Oracle Enterprise Manager. 1 Before You Install. System Monitoring Plug-in for Oracle Unified Directory User's Guide Release 1.0

Cloud Operations Using Microsoft Azure. Nikhil Shampur

DBaaS (Oracle and Open Source)

Integrating AirWatch and VMware Identity Manager

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense

Fusion Applications Installations Lessons Learned #701. Todd Siler

Technicalities of Living in the JD Edwards Cloud Cloud Options and Strategies

Securing ArcGIS Server Services An Introduction

Office 365 and Azure Active Directory Identities In-depth

SAS Web Infrastructure Kit 1.0. Administrator s Guide

Implementing Microsoft Azure Infrastructure Solutions

1 Modular architecture

Oracle Fusion Middleware

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Use EMS to protect your mobile data and mobile app

Sentinet for Microsoft Azure SENTINET

1Z Oracle Application Grid 11g Essentials Exam Summary Syllabus Questions

Foundations and Concepts. 04 December 2017 vrealize Automation 7.3

Integrating YuJa Enterprise Video Platform with LDAP / Active Directory

Oracle Privileged Account Manager

ArcGIS Enterprise: An Introduction. Philip Heede

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Oracle Access Manager Integration Oracle FLEXCUBE Payments Release [Feb] [2018]

Securing Office 365 with Conditional Access #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM

ArcGIS Enterprise: Configuring Backups, Disaster Recovery, and Replication. Harrold Sompotan and Patrick Jackson

Under the Hood of Oracle Database Cloud Service for Oracle DBAs 2017 ANZ Webinar Tour by

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Security Readiness Assessment

Create a DBaaS Catalog in an Hour with a PaaS-Ready Infrastructure

Liferay Security Features Overview. How Liferay Approaches Security

Oracle Fusion Middleware Installing Oracle Unified Directory. 12c ( )

JD Edwards EnterpriseOne

App Gateway Deployment Guide

SQL Azure. Abhay Parekh Microsoft Corporation

MySQL for Database Administrators Ed 4

Oracle Identity and Access Management

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Architecture & Deployment

Oracle Access Manager Oracle FLEXCUBE Universal Banking Release [May] [2017]

Oracle Fusion Middleware

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

Creating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software

CC13c LifeCycle Management. Infrastructure at your Service.

Leveraging Azure Services for a Scalable Windows Remote Desktop Deployment

Oracle 1Z Oracle Cloud Solutions Infrastructure Architect Associate.

Federated access to e-infrastructures worldwide

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Developing Enterprise Cloud Solutions with Azure

MODIFYING TRADITIONAL APPLICATIONS FOR MORE COST EFFECTIVE DEPLOYMENT

Foundations and Concepts

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

WLS Neue Optionen braucht das Land

NETWORKING AND ACTIVE DIRECTORY CONSIDERATIONS ON MICROSOFT AZURE FOR USE WITH VMWARE HORIZON CLOUD SERVICE. VMware Horizon Cloud Service

KillTest *KIJGT 3WCNKV[ $GVVGT 5GTXKEG Q&A NZZV ]]] QORRZKYZ IUS =K ULLKX LXKK [VJGZK YKX\OIK LUX UTK _KGX

Granting Read-only Access To An Existing Oracle Schema

COMPONENTS/PRODUCTS IN OIM

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

1z0-479 oracle. Number: 1z0-479 Passing Score: 800 Time Limit: 120 min.

Automation with Meraki Provisioning API

Cloud Computing. Amazon Web Services (AWS)

Foundations and Concepts. 20 September 2018 vrealize Automation 7.5

Transcription:

Securing an Oracle Private Cloud using Oracle Directory Suite Prepared by: Eric Mader, Zirous, Inc. @zirous_eric Session ID: 266

Agenda Oracle Private Clouds and Oracle Enterprise Manager 13c Oracle Directory Suite 11g Securing an Oracle Private Cloud Leveraging Existing LDAP Directory Infrastructures Active Directory Virtualization Demo

Oracle Private Clouds and Oracle Enterprise Manager 13c

Private Cloud Features of EMCC 13c Cloud Service Model first introduced in 12c Cloud Software Library installed by default starting with 12.1.0.4. Provides support for IaaS and PaaS service models PaaS includes Database, Middleware, and Testing as a Service Users with lesser roles are able to request, create and manage IT resources within constraints. EMCC High Availability is important non-dba users need to access console for Self Service features.

Private Cloud Features of EMCC 13c Required plug-ins that are not deployed by default.

Private Cloud Features of EMCC 13c Different plug-ins needed for IaaS, DBaaS, etc.

EMCC 13c Cloud Anatomy Model Source: http://docs.oracle.com/cd/e73210_01/emclo/img/guid-5dbaba84-f66e- 47AA-AA6D-79DDF200E086-default.png

Private Cloud Security EMCC Private Cloud leverages standard Enterprise Manager security model no need to give full admin roles!! All Cloud Users and Roles may be defined locally. Cloud-specific Roles VERY BROAD: EM_CLOUD_ADMINISTRATOR EM_SSA_ADMINISTRATOR EM_SSA_USER EM_SSA_USER_BASE

Private Cloud Security EXAMPLE: SSA_USER_DBAAS Extends EM_SSA_USER (basically gives Self Service Portal access) Additional Resource Privileges: Cloud Service Families VIEW Any Service Family Cloud Service Templates Job System Configured as a standard role in Cloud Control

EMCC 13c Supported Authentication Schemes Repository-Based (a.k.a. Local EMCC Users) Oracle Access Manager SSO-Based Enterprise User Security-Based LDAP-Based Supports Oracle Internet Directory and Microsoft Active Directory

Oracle Identity Management 11g Oracle Unified Directory 11.1.2.3

Oracle Unified Directory LDAPv3-compliant directory server De-facto replacement for Oracle Internet Directory Still supported: 11.1.1.9 (never released an 11.1.2 version) Originally branded Sun Microsystems OpenDS Uses local Oracle Berkley DB instead of Oracle Database Contains compatibility layer for OID Handy for Oracle Database Enterprise User Security

Oracle Unified Directory Management performed through Oracle Directory Services Manager web-based console

OUD Deployment Tips Non-DBA Users need to access Enterprise Manager Cloud Control A.K.A. High Availability is important! LDAP users cannot authenticate if directory tier is down! Deploy multiple OUD instances in Replication Topology Works really well across sites!! Keep OUD patched cumulative Critical Patch Updates released quarterly Latest version: 11.1.2.3.170117 Bundled with IAM Suite patch: 25038775 Use latest certified JDK update: Version 7, Update 131

Protecting Cloud Control with Oracle Unified Directory

Creating New OUD Instance (oud-setup) LDAP Secure Access (LDAPS) listener must be enabled:

Creating New OUD Instance (oud-setup) Select Enable for EUS option:

Creating LDAP Group for EM Access Create an EM_ACCESS group in OUD using ODSM:

Register Cloud Control with OUD Registration is performed with the emctl utility: $ emctl config auth oid -ldap_host "demooud" \ -ldap_port "1389" -ldap_principal "cn=ds-manager" \ -user_base_dn "ou=users,dc=example,dc=com" \ -group_base_dn "ou=groups,dc=example,dc=com" \ -ldap_credential "Qwer1234" -sysman_pwd "Qwer1234" \ -enable_auto_provisioning \ -auto_provisioning_minimum_role "EM_ACCESS"

Validating Login using Oracle Unified Directory User Authentication, then Authorization

Creating LDAP User for EM Access Create a user in OUD using ODSM DO NOT add it to EM_ACCESS group!!:

Creating LDAP User for EM Access Attempt a login using new user credentials:

Creating LDAP User for EM Access Add user to the EM_ACCESS group using ODSM:

Creating LDAP User for EM Access Attempt to login using same user credentials:

Creating LDAP User for EM Access Not able to access Cloud Self Service Portal:

Mapping EM Cloud Roles to OUD Groups Create group in OUD named OUD_USER_DBAAS:

Mapping EM Cloud Roles to OUD Groups Group membership provides EM External Role with same name:

Mapping EM Cloud Roles to OUD Groups

Mapping EM Cloud Roles to OUD Groups BRETT1 now able to access Cloud Self Service Portal:

Leveraging Existing Directories

OUD Proxy Server Very similar to Oracle Virtual Directory, or server chaining in Oracle Internet Directory Leverages different backend server types: Oracle Unified Directory, Oracle Directory Server Enterprise Edition, or Microsoft Active Directory Server acts as a true proxy with attribute joining All user accounts are managed in backend directory Custom attributes may be stored locally and joined to user objects Groups can be stored locally

DEMO Simple Oracle DBaaS Private Cloud protected with Oracle Unified Directory

Please Complete Your Session Evaluation Evaluate this session in your COLLABORATE app. Pull up this session and tap "Session Evaluation" to complete the survey. Session ID: 266

Eric Mader eric.mader@zirous.com @zirous_eric Q&A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback