Main Nav

We have been investigating Gartner Magic Quadrant vendors with the goal of implementing a commercial IdM/IAM solution that will replace our current home-grown system.  Most of the products that we have investigated can meet most of our needs, at least on some level.  Right now we are focusing on the Oracle IdM solution and wanted to solicit input from this group.  Have you had good/bad experiences with this solution?  Timelines to implement?  Ongoing staffing requirements?  Hardware requirements?

 

Our goal is to formulate the best TCO estimates possible.  One of the biggest factors driving TCO will be the ability of internal staff to create new connectors and perform maintenance as needed rather than retaining professional services.

 

Stan Putnam

System Architect

University of Alabama at Birmingham

205.934.8144 (voice)

 

Comments

Hi Stan,

I recommend you consider Mark Earnest of Identity Works, LLC as a partner.  I have nothing but great things to say about him and his team.  Mark used to work at PSU several years ago, he understands Higher Education, knows OIM extremely well and isn't interested in selling you his services forever.  He wants to help you solve problems.  Imagine that - a consultant who isn't a leech.  We use him to teach us the environment and how best to develop connectors and solve problems.  He knows his stuff and can teach what he knows quite well.  I'm happy to discuss by phone if you wish.  Mark can be reached at mark@identityworksllc.com

If we didn't have Mark, we would have ditched OIM.  We are only using OIM as a provisioning engine, not a full-blown IdM system.  We also found Oracle University (or whatever they call their education stuff) completely inadequate for any reasonable purpose, not even worth it if available for free.  Of course, *my* opinion.

/mrg

On Nov 26, 2012, at 9:54, Stanley K Putnam <sputnam@UAB.EDU>
 wrote:

We have been investigating Gartner Magic Quadrant vendors with the goal of implementing a commercial IdM/IAM solution that will replace our current home-grown system.  Most of the products that we have investigated can meet most of our needs, at least on some level.  Right now we are focusing on the Oracle IdM solution and wanted to solicit input from this group.  Have you had good/bad experiences with this solution?  Timelines to implement?  Ongoing staffing requirements?  Hardware requirements?
 
Our goal is to formulate the best TCO estimates possible.  One of the biggest factors driving TCO will be the ability of internal staff to create new connectors and perform maintenance as needed rather than retaining professional services.
 
Stan Putnam
System Architect
University of Alabama at Birmingham
205.934.8144 (voice)
 

Hi Stan:

 

We have the Oracle Access Manager 11g deployed to production since May 2012 (we were on Sun Access Manager since 2008) and are working on converting our in-house built identity management system to Oracle Identity Manager. Details on the SAM-OAM migration are at http://www.educause.edu/annual-conference/2012/transitioning-between-acc...

 

High-level answers to your questions regarding the Access Management part of IAM (please let me know if you are interested in details) - parts of it can be translated into OIM experience, too:

 

1) Functionality - we are satisfied with the OAM features (we ran our enterprise systems with Sun AM for several years)

 

2) Availability -  we run a 3-node loadbalanced cluster. The production database is standalone so far but our test environment has both the app and db layers clustered.

 

3) Continuity - we will use a custom/in-house/free solution for standby  for disaster recovery (so far in test only for OAM but the same solution was in prod for our BlackBoard RAC in previous years)

 

4) supportability  - several ways to look at this one - Oracle deploys its Fusion Middleware including the IAM Suite OAM & OIM on standard components with wide range of functionality like Oracle Database Server, WebLogic, Web Tier, Business Intelligence Publisher.  Advantages - backup/recovery/performance monitoring - all standard and well understood tasks. Challenges - corresponding professionals needed.

 

5) Staffing:   we have about 0.5 FTE for Access Management (OAM deployment - app/db/part of OS/netw responsibilities, transition, ongoing integration of services into WAM/SSO) -my other half is in general DBA and app dev support, and about 1.5 FTE for Identity Management (OIM, accounts,...). The University of Guelph has about 4k staff, 1k faculty, 25k undergrads, and 3k graduate students.

 

6) Outsourcing: Our choice is to continue building the IAM expertise locally as much as possible as opposed to having the consultants do that. It has been working great for OAM. We might arrange for a Professional Services for OIM in order to jump ahead - the acquisition of Sun by Oracle in 2010 cost us a lot of resources as we were close to deploying the Sun IDM at that point.

 

7) Timelines: It took me 16 calendar months to go from Sun AM to OAM production (not a full-time commitment). One part for that is the 0.5 FTE :-) and the other is that we transitioned mature Access Management services between two totally independent products so our clients would have zero tolerance for any WAM/SSO issues and everything had to be fully validated. Also, this was done while supporting the existing infrastructure.  

 

8) Hardware - the recommended parameters are in the Deployment Guide - in my opinion the minimum would be three servers - OIM, OAM, Database but the actual details certainly depend on your requirements like availability, dev&test, etc. Overall, on the Access Management side only, we have the production infrastructure on physical hardware (Dell blades, 2 cpu, hex-core, 64 GB ram, RAID-1, etc). Three blades for app layer behind Cisco loadbalancer and one blade for DB. The dev and test environments are virtualized with many VMs- pls see the poster above. Again - no tolerance for defects and the heterogeneous environment with various versions of web/app servers to be integrated with WAM drive the requirements for the dev&test environments.

 

9) Maintenances - we do that ourselves, connectors - not there yet (our OAM is ahead of OIM)

 

 

I am curious about the OIM/OAM experience on other campuses.

 

Cheers,

Zdenek

 

Zdenek Nejedly, PhD

Analyst, Oracle Certified Professional DBA

Computing & Communications Services

University of Guelph, ON N1G 2W1

519-824-4120 x52881

-------

"The important thing is not to stop questioning."

Albert Einstein

 

 

 

 

 

 

That is very helpful.  Thanks for taking the time to respond.

 

Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.