Centralized Access and Domain Administration...OPERATIONS IN 42 MARKETS 59% of production takes...

Centralized Access and Auditing for Oracle WebLogic Server Domain Administration CON9742

Nicole Haba, Senior Principal Product Manager at Oracle Lars Sandstrom, Infrastructure Solution Area Designer at IKEA IT AB October 2015

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |

Copyright © 2015, Oracle and/or its affiliates. All rights reserved.

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Agenda

Challenges

Solution

Features

Customer Success Story

Questions & Answers

1

2

3

4

5


Challenges

Domain Test

Domain Test

Domain Prod

Domain Prod

Domain Prod

Domain Stage

Domain Stage

Domain Stage

Change and tune configurations Deploy Java EE applications Start and stop processes Change credentials Scale out clusters Run WebLogic Scripting Tool (WLST) scripts ………

Admin

Admin

Admin


Admin

Admin

Admin

Challenges

Domain Test

Domain Test

Domain Prod

Domain Prod

Domain Prod

Domain Stage

Domain Stage

Domain Stage

How to ensure best practices & industry standards are

followed? How to guarantee security of WebLogic

environment?

How to perform operations across multiple domains at once?


Agenda

Challenges

Solution

Features


Questions & Answers

1

2

3

4

5


Total Cloud Control

Optimized, Efficient | |

Integrated Cloud Stack Management

Agile, Automated

Complete Cloud Lifecycle Management

Scalable, Secure

Superior Enterprise-Grade Management


Next Release Builds on a Solid Foundation

Optimized, Efficient | |

Integrated Cloud Stack Management

Agile, Automated

Complete Cloud Lifecycle Management

Scalable, Secure

Superior Enterprise-Grade Management

NEW: Continuous Monitoring

NEW: Infrastructure Management

NEW: Improved

Hybrid Cloud Management


Monitoring & Diagnostics

Configuration Management

Lifecycle Management

Administration

Cloud Control 13c for WebLogic Management


Monitoring & Diagnostics


Target Management Best Practices

Multiple Domain Discovery

Out-of-box Monitoring & Metric Extensions

Administration Groups & Template Collections

Incident & Problem Management

Business Application Management

Middleware Diagnostics Advisor

JVM Diagnostics & Java Workload Explorer

Multi-Domain Log Viewer and Search


Configuration Management


Compare Configurations

Automated Asset Discovery

Consistency Management

Drift Management

Custom Configurations

Synchronize Configurations

Search Configurations Config Change History

Correlate Performance Changes with Configuration Changes

Compliance Management


Lifecycle Management


Scale Up/Out Clusters

Provision Homes & Domains

Patch Recommendations

Deploy/Undeploy Java Apps

Clone Homes & Domains

Apply Patches

Disaster Recovery Support Workbench

Hybrid Cloud Management


Administration


Change Center

Credential Management

Configure Domain, Cluster, Server, Machine

Record Operations as WLST Script

Fine-Grain Privileges

JDBC Data Source Mgmt

System MBean Browser Schedule & Track WLST Scripts

Process Control Audit Operations


Agenda

Challenges

Solution

Features


Questions & Answers

1

2

3

4

5


Cloud Control Features for Challenges

Oracle Enterprise Manager Cloud Control 13c

WebLogic Server Management Pack Enterprise Edition

Challenge Features

Perform operations across multiple domains at once

- Manage centrally from single console - Schedule and track WLST scripts - Process control

Guarantee security of WebLogic environments

- Fine-grain privileges - Credential management - Audit operations

Ensure best practices and industry standards are followed

- Compliance management - Drift management - Consistency management


Perform Operations across Multiple Domains at Once: Manage All Domains Centrally from Single Console

“Managing at scale would not be possible without Oracle Enterprise Manager.” - Nara Gogineni Sr. Director of Enterprise Operations, Oracle

10k compliance evaluations/day

Largest of Oracle Cloud EM Sites:

3.4M events processed/day

2.5M infrastructure targets – 520k apps across 100k WLSs

2M job executions/day


Perform Operations across Multiple Domains at Once: Schedule & Track Execution of WLST Scripts across Domains

• Maintain library of WLST scripts

– Copy script syntax into job definition or refer to file on remote host

– Specify credentials once as named or preferred credentials instead of hardcoding credentials in script

• Submit against multiple domains, WLSs or groups of targets

• Schedule execution of scripts

• Receive notification of errors or failed executions


Perform Operations across Multiple Domains at Once: Automate Process Control across FMW Components

• Start, stop or restart Oracle Fusion Middleware components (i.e. domain, cluster, WLS, app, OHS, OTD, etc.)

• Submit against several components in single operation

• Schedule process control operation

• Receive notification of errors or problems

• Use as corrective action in response to crossing of metric threshold


Guarantee Security of WebLogic Environments: Grant Least Amount of Privileges to Administrators

• Create Cloud Control account for each WebLogic Server administrator

• Limit access to Cloud Control resources (e.g. targets, jobs, templates) by granting specific privileges

• Separate duties across administrators


Guarantee Security of WebLogic Environments: Store WebLogic User Credentials as Named Credentials

• Create named credential – a credential stored as a “named” entity

• Eliminate exposing passwords to all users

• Restrict who is able to login to WebLogic Server Administration Console

• Use Oracle Enterprise Manager Cloud Control as single administration interface


Guarantee Security of WebLogic Environments: Audit WebLogic-Related Operations

• Audit operations

– WebLogic Domain login and logout

– Update and invoke MBean

– Submitted jobs (e.g. WLST Script, FMW Process Control)

• Monitor for suspicious activity

• Reduce risk of service disruption and poor management of WebLogic environments

• Provide accountability of actions and avoid repudiation


Ensure Best Practices & Industry Standards Are Followed: Associate Compliance Standards to Targets

• Use out-of-box compliance standards (e.g. STIG for WLS) or create user-defined standards

• Determine if WLS has valid configuration settings and if exposed to configuration-related vulnerabilities

• Receive notification when violations in compliance occur

• Obtain advice on how to change configurations to bring WLS back into compliance


Ensure Best Practices & Industry Standards Are Followed: Enable Continuous Drift Monitoring

• Compare reference configuration to large set of targets (e.g. WebLogic Servers or Domains) on continuous basis

• Ensure configuration remains same as reference configuration

• Receive notification when configuration change results in undesired differences


Ensure Best Practices & Industry Standards Are Followed: Configure Continuous Consistency Monitoring

• Compare large number of targets within a “container” for consistency

• Ensure targets of similar target type within cluster or system remain the same

• Receive notification when configuration change results in undesired differences


Agenda

Challenges

Solution

Features


Questions & Answers

1

2

3

4

5

WHAT’S COOKING AT IKEA IT? (or Centralized Access and Auditing for Oracle WebLogic Server Domain Administration) Lars Sandström Infrastructure Solution Area Designer Oracle Database, Middleware, Enterprise Manager, Exalogic, Exadata and ZFS Storage

TODAY’S MENU

Starter Briefly about IKEA

Main Course

What we have done

Dessert Future

In 1943 Ingvar Kamprad founded IKEA when he was 17 years old

THE IKEA VISION

“To create a better everyday life for the many people.”

OUR BUSINESS IDEA

“To offer a wide range of well-designed, functional home furnishing products at prices so low that as many people as possible will be able to afford them.”

OPERATIONS IN 42 MARKETS

59% of production takes place in

Europe

1.5 Billion visits to

IKEA.com

315 IKEA Group stores

located in 27

countries*

*We had 315 stores in 27 markets as of August 31, 2014

716 Million store visits

1002 Home furnishing suppliers

in 51 countries

NORTH AMERICA Stores IKEA Industry production unit

51 1

EUROPE Stores IKEA Industry production units

222 36

RUSSIA Stores IKEA Industry production units

14 5

ASIA Stores IKEA Industry production units

23 2

5

AUSTRALIA

Stores

Fiscal Year

Billio

n E

uro

THE FUTURE

00 May 2012 00 May 2012

Centralised Two datacenters in Sweden One datacenter in Philadelphia One datacenter in Singapore Decentralised Small datacenters in warehouses and stores around globe All Oracle products across all datacenters are centrally managed with Oracle Enterprise Manager Cloud Control

Our IT environment

IKEA Production Environment

• 1600 WLS spanning 800 domains (10.3.6, 12.1.3)

• SOA Infrastructure

• Oracle Data Integrator (ODI)

• BI Publisher

• Oracle Enterprise Repository

• Forms/Reports

• Oracle Internet Directory

• 70 Oracle HTTP Servers (11.1.1.7)

• 1600 Oracle Databases (11.2.0.4)

• 2500 Hosts (RedHat Linux, AIX)

• Apache Tomcat 7.0.x, IBM WebSphere, Microsoft SQL Server, Windows Server

• Oracle Service Bus (OSB)

• Oracle WebCenter Suite

• Oracle Transport Management

• Oracle Service Repository

• Oracle Coherence

• In-house developed applications

EXTRA SPICE (Also known as challenges)

Automating Lifecycle Management

Maintaining Tight Landscape

Complying with Best practice

Enterprise Manager Deployment

• Upgraded Enterprise Manager 11g to 12c Release 4 to manage production environment

– Three Management Services 12.1.0.4 on RedHat Linux

– Management Repository in Three Node RAC DB 11.2.0.3 on RedHat Linux

– 2500 Management Agents 12.1.0.4 on RedHat Linux, AIX

– Fusion Middleware and DB Plug-ins 12.1.0.7.0

– Currently managing 31.000 targets in production

– 8.500 Application Deployments running across 1600 WLS spanning 800 domains

– 20 Services with 30 Beacons to ensure proper service levels

– Pre-production/testing environment managed by separate Enterprise Manager deployment

– Middleware management outsourced to partners who use same Enterprise Manager 12c environment as IKEA administrators

Provision Middleware Environments Consistently and Effortlessly

Gold images of Oracle Homes as well as WebLogic Domains ensure tight landscape at IKEA – fewer different versions

installed and configured means easier maintenance

Predefined and custom procedures to fully automate install and configuration of WebLogic based environments – including JDK provisioning and LDAP configuration

Patch WebLogic Homes Across Hundreds of WebLogic Domains

Patch templates and patch plans automate application of patches across 600 domains –

saving IKEA a lot time and money Patch recommendations

automatically inform IKEA which WLS homes have

potential security risk and require critical security

patches

Apply Templates to Automate and Ensure Monitoring Standards

Customized monitoring templates for all production targets automatically applied to new targets - ensures compliance to

IKEA best practices

Customized monitoring template for WLS ensures alerts are raised for potential performance issues and notifications sent to

IKEA service desk for middleware support team to triage

Configure and Tune All Domains from Single Console

Configure and tune WLS directly from Cloud Control for better control of

environment

Looking forward to Enterprise Manager Cloud Control Release 13.1 to provide auditing of such WLS config changes – will simplify daily work at IKEA as

currently, all config changes are recorded via third party Remote Management Portal…with 13.1 this additional recording step will no longer be needed

00 May 2012

NEW FLAVOURS TO EXPLORE Compliance Enable compliance monitoring for the following:

• PCI DSS • New EU customer data • Custom compliance rules based on IKEA’s own unique standards

Reporting Leverage BI Publisher for custom reporting – much richer reporting features than in prior Information Publisher And a lot more ....

WANTED

New acquaintances to share experiences with.

Contact me: [email protected]

Questions?

mailto:[email protected]


Agenda

Challenges

Solution

Features


Questions & Answers

1

2

3

4

5


Oracle Enterprise Manager One-Hour Hands-On Labs

ID Title Day Time Location

HOL10453 Managing Oracle Fusion Middleware with the New Oracle Enterprise Manager

Wednesday 10:15 – 11:15 AM Hotel Nikko Carmel I-II Floor 3

HOL10453 Managing Oracle Fusion Middleware with the New Oracle Enterprise Manager

Thursday 12:30 – 1:30 PM Hotel Nikko Carmel I-II Floor 3

45

Oracle Enterprise Manager Demos Title Location

Oracle WebLogic, Java Cloud Service, and SOA Management with Oracle Enterprise Manager SLM-003 in Moscone South, Lower Level, Middleware

Oracle BI, BPM, and Oracle WebCenter Management with Oracle Enterprise Manager SLM-034 in Moscone South, Lower Level, Middleware

Oracle Governance, Access, and Directory Management with Oracle Enterprise Manager SLM-019 in Moscone South, Lower Level, Middleware


Oracle Enterprise Manager Technical Sessions


CON9744 Hybrid Cloud Management Using Oracle Exalogic Mon 11:00 am Intercontinental-Sutter (5th floor)

CON9755 The Management of Identity and Access: Breaches, Compliance, Downtime, and Loss

Mon 11:00 am Moscone South—301

CON9715 Oracle Enterprise Manager: The Complete Solution and Oracle’s Best-Kept Secrets

Mon 12:15 pm Moscone South – 300

CON9468 Simplify the Deployment and Monitoring of Your Identity Management System


CON9751 Advanced Management: Oracle SOA Suite and Oracle Service Bus with Oracle Enterprise Manager


CON9745 Agile IT: Visibility and Management Across Oracle WebLogic Server and Oracle Java Cloud Service


CON8634 Oracle WebLogic Server: Automated and Simplified Management in a World of Clouds

Tue 11:00 am Moscone South – 304

46


Oracle Enterprise Manager Technical Sessions


CON9740 Monitor, Diagnose, and Optimize Java Workloads on Premises and in the Cloud

Tue 5:15 pm Moscone South – 309

CON9743 Hybrid Cloud Management of Oracle Java Cloud Service and On-Premises Oracle WebLogic Server

Wed 1:45 pm Moscone South – 303

CON9747 PaaS-ify Across on Premises and Oracle Cloud with Ease Thu 10:45 am Moscone South – 300

CON6627 Proactive Optimization of Java Workloads in Production Environments Thu 2:30 pm Hilton-Continental Ballroom 5

47


Classroom Training

Learning Subscription

Live Virtual Class

Training On Demand

Keep Learning with Oracle University

education.oracle.com

Cloud

Technology

Applications

Industries

Date post:	23-Oct-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Centralized Access and Domain Administration...OPERATIONS IN 42 MARKETS 59% of production takes...

Documents