Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.
-
Upload
alexandrina-andrews -
Category
Documents
-
view
216 -
download
0
Transcript of Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.
![Page 1: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/1.jpg)
Web Access Management and Optimizing StorageRebecca Astin and Gray Fernandez
November 2, 2010
![Page 2: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/2.jpg)
2
Web Access Management(WAM)
Overview and FY11 Priorities
![Page 3: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/3.jpg)
3
Federal Triangle Cash Cab
• The solar power cells on the NCC roof
generate how many kilowatt hours of
electricity annually?
A. 111,952
B. 900
C. 200
D. 4
![Page 4: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/4.jpg)
4
Web Access Management
• WAM
– Purpose / Benefits
– Customers / Applications
• FY 11 Priorities
– OID High Availability
– Access to WAM
– TSSMS Migration
– Operations and Maintenance
![Page 5: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/5.jpg)
5
Purpose / Benefits• Provide centralized authentication and authorization
services for EPA developed Web applications– WAM components - Oracle Access Manager (OAM) and Oracle
Internet Directory (OID)
– Provide a central directory which facilitates single sign-on (SSO)
– Improve security as the central directory reduces the number of identities and enables a person’s access be deleted from multiple applications quickly
– Comply with Enterprise Architecture
– Adhere to security procedures and best practices
– Reduces development dollars as individual applications no longer need to develop code for user and access roles management
– Versatile – supports Java, C++, Cold Fusion some COTS, and Web 2.0 apps
![Page 6: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/6.jpg)
6
Classes of Users
• EPA Staff – People who are hired by the EPA
• Internal Affiliates – A non-EPA person who has an EPA LANid (includes interns, other gov’t detailees, some contractors etc
• External Users – People who are not employees and not Internal Affiliates. These users complete the self
registration screen.
![Page 7: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/7.jpg)
7
Current Applications/Customers
• 95+ applications and 130+ Wikis/Blogs– Ebusiness (OTOP)
– Emissions Inventory System (OAR)
– ORBIT Reports (OCFO)
– Performance Assessment Tool (OSWER)
– Water Quality Standards Information Tracking System
(WQSITS) (OW)
– Clean Watershed Needs Survey (CWNS) (OW)
– Emergency Management Portal (OEM)
![Page 8: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/8.jpg)
8
Web Access Management
FY 11 Priorities
![Page 9: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/9.jpg)
9
Web Access Management
• OID Failover/High Availability
– With so many applications relying on WAM, high
availability and failover is a requirement
– Benefits for WAM environment and applications:
1) increased availability and performance
2) reduced planned and unplanned downtime
– Phase 1 – Create redundant LDAP Servers
– Phase 2 – Create redundant Login (OSSO) & Delegated
Admin (DAS) Servers
![Page 10: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/10.jpg)
10
OID HA/FO Architecture
LDAPS /636
- Oracle Single Sign-On (OSSO) ( listen https / 8081 )- Delegated Administration Services (DAS) ( listen https / 8082 )- WebgateRHEL5 / 64 bit, Virtual Machine- 2 vCPU (core)
LDAP User Directory- Oracle Internet Directory (OID)- Directory Integration & Provisioning (DIP)- Metadata Repository- Oracle RDBMS 11gr2 RAC- Oracle ASM- Oracle Clusterware 11gAIX, IBM p570 LPAR
Intranet
NEW Linux Host 2
PONDEROSA
Internal / AgencyFirwall
- Oracle Single Sign-On (OSSO) ( listen https / 8081 )- Delegated Administration Services (DAS) ( listen https / 8082 )- WebgateRHEL5 / 64 bit, Virtual Machine- 2 vCPU (core)
NEW Linux Host 1
LDAP User Directory- Oracle Internet Directory (OID)- Directory Integration & Provisioning (DIP)- Metadata Repository- Oracle RDBMS 11gr2 RAC- Oracle ASM- Oracle Clusterware 11gAIX, IBM p570 LPAR
LOBLOLLY / (REDWOOD hardware)
DMZ F5 LTM
VIP1 =
sso-vip.epa.gov(134.67.21.14)
https/443FIPS 140-2
VIP2 =
oiddas-vip.epa.gov(134.67.21.15)
https/443FIPS 140-2
IntanetF5 LTM
IP = ponderosa-resv
134.67.27.29
IP = loblolly-resv
134.67.27.30
SharedSAN
DatabaseStorage
SAN
SAN
Private VLANRAC
Interconnect
IP = ponderosa-priv
IP = loblolly-priv
VIP = ponderosa-vip.rtpnc.epa.govAddress: 134.67.221.86
maintained by Oracle Clusterware VIP Service
DMZFirewall
ssodas1.epa.gov(134.67.22.20)
ssodas2.epa.gov (134.67.22.21)
DMZ
VIP = loblolly-vip.rtpnc.epa.govAddress: 134.67.221.87
maintained by Oracle Clusterware VIP Service
VIP =iasimprod-resv.rtpnc.epa.gov
(134.67.25.6)ldap/389 ldaps/636
FIPS 140-2
![Page 11: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/11.jpg)
11
Developer Access
• Access to WAM at NCC
– Developers can access OAM User and Group
Manager to populate test users and groups
– Developers have access to the WAM staging
environment when testing applications in the
development environment
![Page 12: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/12.jpg)
12
TSMSS Phase Out
• TSMSS is being phased out for non mainframe platforms
• Will be phased out by FY 2012
• De-couple user provisioning and account registration
– Migrate web account registration
– Migrate TSSMS identities to WAM
• Migrate disk space billing for Oracle databases from TSSMS
accounts to eBusiness accounts
• Migrate legacy applications that use TSSMS identities for
application or database level access to WAM identities
• Linux / WAM authentication
TSSMS Migration
![Page 13: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/13.jpg)
13
TSMSS Pilot
• Pilot program for migrating Oracle database
users from TSSMS identities to WAM identities
• Working with AQS to document identity and
access workflow
• Close coordination with TSSMS, Oracle DBSS and
CDX
• Modify OID attributes and registration process
AQS WAM Authentication
![Page 14: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/14.jpg)
14
Operations and Maintenance
• OAM Upgrade to 10.1.4.3
• P2V Migration
– All WAM servers will migrate to virtual machines
• Monitor Audit Logs
– Review OAM logs for suspicious patterns
• WAM Self Registration Changes
– De-Couple self-registration and application
access request from Portal
![Page 16: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/16.jpg)
16
Optimizing Storage
![Page 17: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/17.jpg)
17
Federal Triangle Cash Cab
• Do you think your storage costs could
decrease in FY 11?
A.Yes
B.No
![Page 18: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/18.jpg)
18
• What is it?
• What are the benefits?
• How does it work?
• Shared Environment Implementation
• Next Steps
Advanced Compression Option
![Page 19: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/19.jpg)
19
• Compression of Table Data.
• Compression for File Data.
• Compression for Backup Data.
• Compression for Network Traffic
Benefits Summary:
ACO Minimizes costs while continuing to achieve the highest levels of application
performance.
![Page 20: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/20.jpg)
20
What is it?
• Introduced in Oracle Database 11g
• Allows you to compress structured data (numbers,
characters) as well as unstructured data (documents,
spreadsheets, XML and other files).
• Provides enhanced compression for database backups
• Includes network compression for faster synchronization
with standby databases.
A database option that can make your database smaller and faster and reduce your storage costs.
![Page 21: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/21.jpg)
21
Shared Environment Implementation
Phase I: Compression for Backup Data.
• Fully implemented on 11/9!
Phase II: Compression for Table Data.
• Implemented at the discretion of Application Owners
• Owners will be advised what their potential savings are on a Storage Cost Analysis Report.
• Effects will be tested in the Staging Environment.
![Page 22: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/22.jpg)
22
Benefit: Compression of Table Data
On-disk storage savings translates directly into cost savings.
Oracle claims an average of 4:1 compression rate
GB $/GB/Yr Storage Bill Compress Rate GB With ACO Bill Savings500 87.72 $ 43,860 0% 500 $ 43,860 $ - 500 87.72 $ 43,860 30% 350 $ 30,702 $ 13,158 500 87.72 $ 43,860 50% 250 $ 21,930 $ 21,930 500 87.72 $ 43,860 70% 150 $ 13,158 $ 30,702
• Compression rates of 80% observed in testing with STORET data. * mileage will vary
• License included in shared environment, must be separately licensed for dedicated environment
• Dedicated Environments will have a Break Even point of roughly 50 GB per processor licensed.
![Page 23: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/23.jpg)
23
Benefit: OLTP Table Compression
OLTP Table Compression Syntax CREATE TABLE emp ( emp_id NUMBER , first_name VARCHAR2(128) , last_name VARCHAR2(128) ) COMPRESS FOR OLTP;
![Page 24: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/24.jpg)
24
Benefit: Compression for File Data
With SecureFiles, organizations can now manage all relational data and associated file data in Oracle using a single security/audit model, a unified backup & recovery process, and perform seamless retrievals across all information.
SecureFiles beats the Linux file system on both read and write performance. It also has compression, de-duplication (only storing duplicate files once), and encryption. The encryption is an extension of Oracle Transparent Data Encryption, which is FIPS 140-2 compliant.
![Page 25: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/25.jpg)
25
Benefit: Compression for File Data
• With SecureFiles compression, typical files such as documents or XML files, experience a reduction of 2 to 3 times in size.
• Using built-in intelligence, SecureFiles Compression automatically avoids compressing data that would not benefit from compression – for instance a document that was compressed via a 3rd party tool before being inserted into the database as a SecureFiles file.
Simplify, Secure and Compress unstructured content.
![Page 26: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/26.jpg)
26
Benefit: Compression for File Data
SecureFiles Deduplication Syntax CREATE TABLE images ( image_id NUMBER, image BLOB) LOB(image) STORE AS SECUREFILE (TABLESPACE lob_tbs DEDUPLICATE);
![Page 27: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/27.jpg)
27
Benefit: Compression for Backup Data
Advanced Compression includes the capability to compress the backup data generated by both RMAN (physical backups) and DATA PUMP (logical exports).
![Page 28: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/28.jpg)
28
Benefit: Compression for Backup Data
Syntax for setting the RMAN compression algorithm: RMAN> SET COMPRESSION ALGORITHM ‘LOW|MEDIUM|HIGH’;
Syntax for taking a compressed RMAN backup: RMAN> backup as COMPRESSED BACKUPSET database archivelog all;
Syntax to enable compression for Data Pump: expdp hr FULL=y DUMPFILE=dpump_dir:full.dmp COMPRESS;
![Page 29: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/29.jpg)
29
Benefit: Compression for Network Traffic
Redo data may be transmitted in a compressed format to reduce network bandwidth consumption and in some cases reduce transmission time of redo data.
Data Guard Redo Transport Services are used to transfer redo data to standby/mirror site(s).
![Page 30: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/30.jpg)
30
How does it work?
![Page 31: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/31.jpg)
31Pg 31
How does it work?
![Page 32: Web Access Management and Optimizing Storage Rebecca Astin and Gray Fernandez November 2, 2010.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649eb45503460f94bbc597/html5/thumbnails/32.jpg)
32
Next Steps?
Various estimates indicate that data volume is almost doubling every 2-3 years. ACO can insure that your storage costs do not mushroom at the same rate as your data volume.
Contact your NCC Point of Contact or me directly to schedule a database storage cost analysis to see how your application might benefit.
Dedicated environments will incur extra licensing costs. The Shared environment is already licensed.