Tuesday, June 23, 2015

OPAM(Oracle Privileaged Account Manager)

Oracle Privileged Account Manager (OPAM) is a secure password management solution designed to generate, provision, and manage access to passwords for privileged accounts like Linux/Unix “root” or Oracle database “sys” accounts. It enables auditing and establishes accountability for users including those who share privileged account credentials. Additionally OPAM provides Session Management and Recording. OPAM is an integral service of the Oracle Identity Governance Suite and provides central governance for both, regular and privileged users. It further enables complete auditing, reporting and certification of a user’s regular or shared accounts, and account lifecycle management from request, approval, to certification and usage tracking. OPAM greatly enhances security and significantly improves compliance.
Source:Oracle

Highlevel Steps:

1)Run RCU for OPAM
2)Extending the Weblogic Domain to Configure OPAM Managed Server:
3)Prepare the Database for Transparent Data Encryption.

Run RCU 11g Release 1 (11.1.1.9.0).













Extending the existing weblogic domain for Oracle Previleaged Account Manager












 Configuration of OPAM from the MiddlewareHome/opam/bin location







Start your Managed OPAM Server ,after login to the OPAM Console,if you see the below error,
run the sql command in DEV_OPAM schema 




Prepare the Database for TDE(Transparent  Data Encryption )
steps:
1. Specify an Oracle Wallet Location in the sqlnet.ora File
Open the sqlnet.ora file located in $ORACLE_HOME/network/admin. Enter the following line at the end of the file:
ENCRYPTION_WALLET_LOCATION=
(SOURCE=(METHOD=FILE)(METHOD_DATA=
(DIRECTORY=/u01/oracle/admin/orcl/wallet)))

Save the Changes and Close the file.

2.Create the Master Key Encryption
sql>ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Password";
after running the command:
ewallet.p12 file has been created with encryption.

3.To make autologin
Run the command owm (Oracle Wallet manager) and check autologin check box and save.
after saving cwallet.sso file has been created in the wallet location Directory.


If you want to disable TDE(Non-TDE),run the following command in the OPAM schema
  



Restart the OPAM Managed server for changes to take place.
To access OPAM Console:
http://localhost:18101/oinav/opam

and login with weblogic username and password.

Wednesday, June 10, 2015

OAM 11gR2PS3: Schema Upgrade from OAM11gR2PS2 and Weblogic Domain extension for OAM



Check for your OAM Schema version ,whether it is upgraded or not.

To Upgrade OAM Schema.Run the PSA from the Middlewarewe/Oracle_common/bin















If OAM Server is not there in the Domain.Please extend your weblogic Domain















Start Weblogic Admin and OAM Managed Server.



Access the OAM Console as 
http://localhost:7001/oamconsole



Other Posts