Making It Work
By David Baum
Companies are using Oracle technologies to build private clouds, and integrate with public clouds, while ensuring security.
When Embry-Riddle Aeronautical University needed to integrate public and private cloud services with a variety of internal applications, the institution turned to Oracle for the middleware technology to tie it all together. The result was a secure yet flexible set of IT services that feature elastic capacity, high user service levels, and unwavering business continuity.
Embry-Riddle uses Oracle Identity Manager to manage a large, dynamic user population efficiently and securely, automatically provisioning and deprovisioning access privileges and requirements as students, faculty, and staff change. This identity management system, part of the Oracle Fusion Middleware family of products, enables the university to avail itself of both public and private cloud computing services, as well as hosted applications from an application service provider—and yet still provide users with a consistent online experience.
“The low cost and obvious convenience of cloud services makes them appealing, but you need to be able to control access, manage identities, and provision resources safely,” says Eric Fisher, director of middleware at Embry-Riddle. “Oracle identity management tools help us overcome some of the resistance with respect to ‘who owns my data,’ data security, authorizing access to IT resources, management, control, and so forth.”
Embry-Riddle is not alone in looking to clouds. Cloud computing—essentially on-demand access to a shared pool of computing resources—is gaining in popularity with many enterprise IT departments. In particular, companies are focusing on their own clouds, which are operated and managed in-house. Commonly called “private clouds” and based on proven technologies such as grid computing, virtualization, clustering, SOA, and identity management, these new architectures can scale incrementally while providing the flexibility to adjust resources to meet dynamic business priorities.
Private clouds have certain advantages over public clouds—among others, greater control over security, data privacy, compliance, and quality of service. “A private cloud for the exclusive use of a single organization can deliver many of cloud’s agility and efficiency benefits while maintaining control over security and privacy, regulatory compliance, and legal and contractual issues, particularly at larger enterprises in security-sensitive domains,” says Richard Sarwal, senior vice president of product development at Oracle.
Many companies agree with this assessment. In a survey of 95 IT executives that was conducted at the 2009 Supercomputing Conference in Portland, Oregon, nearly 85 percent of respondents said they intend to keep their cloud initiatives within their own firewalls. A full 49 percent of the IT executives surveyed—representing the research, manufacturing, government and education industries—cited security as a chief concern with cloud computing.
Managing Identities in the Cloud
Embry-Riddle Aeronautical University educates more than 35,000 students annually in undergraduate and graduate programs at residential campuses in Prescott, Arizona, and Daytona Beach, Florida; through its worldwide campus at more than 170 centers in the United States, Europe, Canada, and the Middle East; and through online learning. This diverse and geographically dispersed learning environment challenges the IT department to provide secure access to campus services and applications as well as to meet student and employee demands for online self-service functionality.
“ Oracle Identity Management Suite doesn’t care where a server is located,” says Fisher. “By utilizing this Oracle software, we have been able to implement a single-sign-on solution to our hosted e-mail service and several other applications, both on premises and off. Within a couple of milliseconds, Oracle can create, update, and manage user accounts just as we do for our internal directory.”
The university used Oracle Identity Management to streamline authentication for its public cloud-based e-mail service. “We use Oracle Identity Management to create and manage all the accounts in real time on this cloud system, and we use a token API mechanism written for Oracle Portal to provide single sign-on,” says Fisher. Students can log in to the university portal, click on a link, and be placed into their e-mail accounts without presenting another credential. “This virtual infrastructure minimizes the amount of support calls we receive from people trying to access their mail,” Fisher adds.
The new identity management system replaces a manual process for implementing nearly 2,000 account changes each day, which previously took at least 24 hours to complete and resulted in a delay in delivering updates to students. Fisher’s team now spends about 30 minutes per day on these activities. The Oracle software has also decreased the number of account-related help desk calls by 40 percent, thanks to the improved self-service options available through Oracle Identity Manager.
In addition, the university uses Oracle Virtual Directory to provide account and authentication services for its cloud-based antispam solution, as well as for hosted applications such as a flight management system, self-help/help desk system, degree audit system, and others. “Oracle Virtual Directory was particularly useful in these implementations because it enabled us to provide the required custom operational attributes quickly, without making extensive modifications to our enterprise directory,” says Fisher.
Federated Services Maximize Options
Next up, according to Fisher, is cross-domain user access with Oracle Identity Federation 11g, a multiprotocol federation server that will extend the university’s existing identity and access-management systems. “LDAP authentication is a good first-generation solution, but we’re interested in using SAML to support federated authentication,” he says. With Oracle Identity Federation 11g, the university will be able to securely share identities among vendors and hosting models without increasing the cost of managing, maintaining, and administering user identities and credentials.
Embry-Riddle also plans to use Oracle Access Manager to centralize its single sign-on process so it can more easily accommodate additional information systems and applications, both on premises and off. “If a particular department comes to us with a new vended application, Oracle gives us a lot of different ways that we can manage accounts,” Fisher says.
This flexibility also maximizes the effectiveness of the university’s IT staff since it means they can outsource responsibility for third-party applications along with much of their routine maintenance, leaving the IT team to focus on issues of strategic importance. Fisher cites the university’s learning management system as an example. The system is hosted and managed by an application service provider, but Embry-Riddle’s users can access it directly through the university portal.
“Clearly, the application service provider knows its software better than we do, so we prefer to let it handle upgrades and so forth,” Fisher says. “Once you have worked out issues of identity and access control, obtaining services from a public cloud can be very cost effective. The cloud provider already has the facilities, the bandwidth, the data storage—all of which we would have to duplicate ourselves to provide that same service. Oracle has opened the door for us to utilize a lot more of these types of services in the future.”
Public and private clouds are enabled by proven Oracle technologies that have been evolving for years: grid computing, virtualization, SOA, and management automation. Virtualization and grid architectures, with mechanisms such as virtual stack “images” that can be deployed, moved, and scaled easily on shared infrastructure, provide the basis for instant-on applications and elastic capacity. Oracle Enterprise Manager orchestrates the aggregate resource pool, monitors performance, and controls resources using the dynamic provisioning mechanisms exposed by the grid.
Advanced Innovations, a world leader in the orchestration of global supply chain networks, which is headquartered in Limerick, Ireland, relies on Oracle software hosted in a public cloud to meet the needs of its global customers and supply chain, design, and manufacturing partners. Advanced Innovations’ cloud computing model is the engine for its international business.
Michael Higgins, senior vice president of information technology at Advanced Innovations, describes the business as one that creates and orchestrates global supply chain networks that design, build, and deliver electronic products for its customers. “If you come to Advanced Innovations with an idea for a new MP3 player, we’ll get it designed for you, we’ll get it prototyped for you, we’ll go through what’s called NPI, or new product introduction,” he says. “And when you’re happy with the product, we’ll then make you 500,000 of them. We manage the activities of partners throughout the world to do it all for you.”
Advanced Innovations doesn’t directly employ designers. It doesn’t have a prototype shop. And it doesn’t have any factories of its own. What it does have is deep relationships with experts in centers of competence that it has identified around the globe, orchestrated by about 40 Advanced Innovations employees.
Virtual collaboration is central to everything these employees do. That’s why locating computing services in the cloud makes so much sense.
“Many of our users are not Advanced Innovations employees, so we’re providing applications for our customers, our manufacturing partners, our supply chain partners, our transport-logistics partners, and so on,” Higgins says. “We’ve turned our enterprise portal into an ‘extra enterprise portal’ using Oracle’s superior middleware technology. We store those records—customer records, purchase orders, all of that— in our Oracle E-Business Suite application running on Oracle Database.”
The company decided it could be more nimble if it moved its Oracle software into a cloud environment. Oracle’s flexible licensing and support policies enable Advanced Innovations to run the Oracle software in either its own datacenter or in public clouds. “We want to get entirely away from owning servers,” says Higgins. “Our goal is to be entirely cloud-based in terms of all of our production application delivery.”
Advanced Innovations now has a complete Oracle technology stack deployed in a public cloud, including Oracle Database, Oracle SOA Suite, Oracle WebCenter, and Oracle enterprise collaboration software, which handles e-mail and streamlines collaboration among the company and its customers, partners, and suppliers. Soon, Advanced Innovations will run Oracle E-Business Suite and Oracle business intelligence software in the cloud as well. “We’ve seen an incredible improvement in our communications and collaboration capability by leveraging Oracle enterprise collaboration capabilities and Oracle WebCenter in this environment,” Higgins says.
Higgins describes the typical interaction with one of the company’s design partners to illustrate the benefit of this virtual infrastructure. “In the past, if we had come up with a new schematic for a printed circuit board, the designer would bundle up the CAD/CAM diagrams and e-mail them to an engineer in Limerick,” he says. “The engineer in Limerick would calculate the cost and other specs on the new board, then forward that information to an engineer in our China office to be handed over to a procurement officer.”
That process has changed. “Today, using the Oracle collaboration software, the designer simply uploads the CAD/CAM documents into a secure team workspace,” Higgins says. “We can assign access privileges to employees or other partners who need to see that package of documents. The system provides versioning control, checkout control, access control. We don’t have to bother with putting files on servers or mailing them around. They’re available through the Oracle software as workspaces in the cloud.”
Capacity on Demand
At the outset of the cloud deployment, Advanced Innovations decided to do a major Oracle upgrade. In the past, the company had to have additional servers to copy the environment and test the upgraded software. In the current cloud, all Higgins did was push a button to clone the existing infrastructure. Once Advanced Innovations verified that the upgrade was successful, they shut down the extra instances. “The only cost we incurred was the hourly billing for the additional servers during the time we used them,” Higgins says.
Higgins has put his finger on an important enabler of both public and private clouds: server virtualization. Instead of each application running on dedicated hardware and software that must be procured, configured, and provisioned, in a virtualized server world, the technology stack can be prepackaged as a virtual machine image. These prepackaged assets can be quickly and easily deployed on virtualized servers where they may be cloned or “live migrated” to different virtual servers to optimize available resources.
Oracle VM is a highly efficient server virtualization solution that supports Oracle VM Templates for deploying preinstalled and preconfigured software images, including cloning and live migra-tion of those images. This supports rapid deployment and upgrading from test to production environments, and the elastic scalability of production environments to accommodate growth and spikes in workload.
Higgins loves being able to deploy and scale the infrastructure without buying, installing, configuring, and provisioning servers. Moreover, as great as the cost savings are, the business benefits are even more compelling.
“Now that most of our IT assets are in the cloud, our total cost of ownership is down 40 percent for the server infrastructure,” he says. “Even better, we’re now delivering application functionality that is 100 percent aligned to our unique business model.”
David Baum ( email@example.com) is a freelance business writer based in Santa Barbara, California.