What is our primary use case?
I am working on Oracle products and other products simultaneously. We are working for MTN, a telecom subscriber from South Africa. We are using Oracle OUD Access Manager 12.2.1.4, which is 12c PS4.
I was working on eBusiness Suite a long time ago. It was a straightforward integration where we integrated Oracle eBusiness Suite with Oracle Access Manager. In between, it was a WebGate integration that we completed for single sign-on purposes, and for eBusiness Suite, we have a different team who handles that. While registering the eBusiness Suite with Oracle Access Manager, we used Oracle Internet Directory and Oracle OUD. Previously, we were using Oracle Internet Directory. Since then, we have migrated to Oracle OUD. When we were installing the initial stage of eBusiness Suite, we installed it with Oracle Internet Directory. There is a registration process where automatically the WebGate gets installed for single sign-on purposes. Later on, when we completed the migration from Oracle Internet Directory to Oracle OUD, we performed the re-registration of the OID profiles and the WebGate profile at the eBusiness Suite end.
Oracle OUD has been good overall. If you take this Oracle OUD component, many vendors are using the same Oracle OUD in different ways. For example, Ping uses the same OID component, but they call it PingDS and ForgeRock DS. Earlier, it was OpenDJ. It is quite commonly used by many customers.
In Oracle OUD, as per the customer's needs, we are having different schemas for different service accounts. We have different services such as Siebel, Siebel Uli, and WCC, which are interdependent on each other. At Oracle OUD, we have different service accounts because Siebel Uli, Siebel prepaid, and WCC require a service account to connect to their systems for integration with single sign-on and authentication purposes. We have created service accounts accordingly. When a new user is getting onboarded, the user fills a form at Avasa, where they are using an identity management system. Once the user gets registered and created, if they need to access WCC, Uli, or Siebel, we restrict everything at the user and groups level. Manually, we need to take the user ID and give read, read-write, write-write, or write-read privileges at the Oracle OUD end. This is the current functionality we are using at the Oracle OUD end.
What is most valuable?
Since the user base is vast, we are using Oracle OUD on-premises only. Currently, there are plans to move to Azure Cloud.
It is lightweight compared to Oracle Internet Directory and has definitely reduced complexity. Oracle Internet Directory is a heavyweight component, and we are having DIP as well. Internet Directory has its own features and Oracle OUD has its own features.
Both Internet Directory and Oracle OUD support replication, load balancing, and high availability. The biggest advantage is that it is scalable, has high performance, and can integrate with multiple identity stores. Internet Directory is slow while Oracle OUD is very fast. Internet Directory is dependent on the backend; we need an Oracle database which results in slower performance. For modern IAM solutions, cloud solutions, or DevOps integration, Oracle OUD is the best solution while OID is legacy.
The user experience is excellent. The connection process is quite good. For installation and configuration, it is lightweight. You can deploy it or run the CLI commands. In comparison, Oracle Internet Directory requires RCU creation, repository creation, and schema creation, with database dependency. Monitoring-wise, it is good because we have OEM, and it supports REST-based monitoring. It is very easy to upgrade, and maintenance is straightforward. When we were doing the migration from OID to Oracle OUD, we had zero downtime.
What needs improvement?
Oracle OUD can be improved. Compared to the 11g version, they have already improved many things in 12c. For monitoring purposes, they can enhance it further. Currently, many people are using third-party tools such as Grafana, Dynatrace, Splunk, or ELK stack. Oracle OUD should leverage these tools for better monitoring integration.
Additional features that could be improved include automatic tuning for JVMs, automatic tuning recommendations for JVM or any caching or index perspective, REST APIs for customer-facing apps, MFA settings, version control for schemas, and schema validation. It would be beneficial if they provided a GUI-based schema designer. Additionally, if they could simplify Oracle OUD proxy for cloud load balancing, similar to Ping's proxy concept, that would be great.
For how long have I used the solution?
I have been working with Oracle OUD for the last seven years. I started working on the 11g version, and now it is on 12c PS4. I have nearly 11 years of experience in access management. Regarding directories, I worked on Oracle Internet Directory and Oracle OUD, starting from 11g R1, 11g R2 PS2, until today with 12c PS4.
I have extensive experience with one-way replication, two-way, and multi-master replication. We are using it for DIP synchronization at MTN. For DIP synchronization, Oracle OUD is not sufficient; we need Oracle Internet Directory as well. Earlier, OID was handling this DIP sync. When we decided to move from OID to Oracle OUD, we required the OID component for DIP sync, but user authentication is handled by Oracle OUD.
I have experience creating object classes, custom schemas, and managing privileges for service accounts and users in both Internet Directory and Oracle OUD.
What do I think about the stability of the solution?
We have not encountered any stability issues.
What do I think about the scalability of the solution?
The biggest advantage is that Oracle OUD is scalable and has high performance, and it can integrate with multiple identity stores. Performance-wise, Oracle OUD is much faster and scalable.
How are customer service and support?
Until now, we haven't raised any service ticket with Oracle for Oracle OUD. Regarding Oracle support service, they are the best compared to other vendors. They provide 24/7 support based on the severity of the tickets we log with them.
I can give it a 10 out of 10 rating. I haven't encountered any issues in the last 10 years when logging tickets with Oracle support engineers. We have a contact number, we can call them, we can escalate, and we have many facilities available.
How would you rate customer service and support?
How was the initial setup?
The initial deployment of Oracle OUD is very straightforward. Compared to Oracle Internet Directory, which requires a database, RCU, and WebLogic Server, Oracle OUD's installation and configuration deployment is much simpler. In the GUI or CLI, we can access all options for replication or creating dummy users for testing purposes. This makes Oracle OUD much better for implementation.
What about the implementation team?
Oracle OUD is lightweight compared to Oracle Internet Directory.
What other advice do I have?
Regarding pricing, I have not been involved until now. Currently, I am at a stage where they are trying to involve me in sales, which should provide a better picture of pricing structures.
The user experience is excellent. The connection process is quite good. Installation and configuration are lightweight, allowing deployment through CLI commands. Compared to Oracle Internet Directory, which requires RCU creation and has database dependency, Oracle OUD is more efficient. It supports REST-based monitoring and offers easy upgrades and maintenance. During our migration from OID to Oracle OUD, we achieved zero downtime.
Both Internet Directory and Oracle OUD support replication, load balancing, and high availability. Oracle OUD is scalable, has high performance, and can integrate with multiple identity stores. For modern IAM solutions, cloud solutions, or DevOps integration, Oracle OUD is the optimal choice, while OID is considered legacy.
I rate Oracle OUD eight out of nine.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
