DOCSLIB.ORG

IBM Tivoli Access Manager for Enterprise Single Sign-On 8.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
IBM Tivoli Access Manager for Enterprise Single Sign-On 8.0 Front cover Deployment Guide Series: IBM Tivoli Access Manager for Enterprise Single Sign-On 8.0 Learn how to install and configure the major components Plan an enterprise single sign-on deployment project Read about best practices and troubleshooting Axel Buecker Steve Lay Dirk Rahnenfuehrer Frank Sommer ibm.com/redbooks International Technical Support Organization Deployment Guide Series: IBM Tivoli Access Manager for Enterprise Single Sign-On 8.0 June 2009 SG24-7350-01 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. Second Edition (June 2009) This edition applies to Version 8.0 of IBM Tivoli Access Manager for Enterprise Single Sign-On © Copyright International Business Machines Corporation 2007, 2009. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . x Preface . xi The team that wrote this book . xi Become a published author . xiii Comments welcome. xiv Part 1. Architecture and design . 1 Chapter 1. Business context . 3 1.1 The single sign-on paradigm . 4 1.2 Enterprise single sign-on today . 4 1.2.1 Solve the password security paradox . 5 1.2.2 Manage passwords in a security-rich fashion . 6 1.2.3 High performance . 6 1.2.4 Easy to deploy. 6 1.2.5 Reduce help desk costs by empowering the user. 6 1.2.6 Integrate with an enterprise identity management system . 7 1.2.7 Bring single sign-on to kiosk machines . 7 1.2.8 Audit and reporting . 8 1.3 Considerations for deployment . 8 Chapter 2. Single sign-on architecture and component design . 11 2.1 Overview . 12 2.2 Logical component architecture . 13 2.2.1 AccessAgent . 14 2.2.2 Terminal Server or Citrix Presentation Server AccessAgent . 32 2.2.3 IMS Server . 32 2.2.4 IMS database . 35 2.2.5 AccessAdmin . 35 2.2.6 AccessStudio . 37 2.2.7 Provisioning bridge . 38 2.3 Additional components . 40 2.4 Security requirements . 41 2.4.1 Securing Wallets . 42 2.4.2 Recovering Wallets . 43 2.4.3 Strengthening the protection of Wallets . 44 2.4.4 How the private desktop feature ensures security . 44 © Copyright IBM Corp. 2007, 2009. All rights reserved. iii 2.5 Physical component architecture . 46 2.5.1 AccessAgent . 46 2.5.2 IMS Server . 47 2.5.3 IMS database . 48 2.5.4 Organization directory . 49 2.5.5 Initial deployment scenario . 51 2.5.6 IBM Tivoli Identity Manager integration. 52 2.5.7 Server deployment architectures . 54 2.6 Conclusion. 58 Chapter 3. Planning for customer engagement . 59 3.1 Services engagement preparation . 60 3.1.1 Implementation skills. 60 3.1.2 Available resources. 61 3.2 Basic solution definition. 62 3.3 Services engagement overview . 63 3.3.1 Executive assessment . 64 3.3.2 Demonstration system set up . 65 3.3.3 Analyze solution tasks. 65 3.3.4 Create a contract. 66 3.4 Defining solution tasks . 67 3.4.1 Deployment time estimation . 68 3.4.2 General assumptions . 68 3.4.3 Deployment tasks . 69 3.5 Conclusion. 70 Part 2. Customer environment. 71 Chapter 4. Tivoli Austin Airlines, Inc. 73 4.1 Company profile . 74 4.1.1 Geographic distribution of TAA . 74 4.1.2 Organization of TAA . 78 4.1.3 HR and personnel procedures . 79 4.2 Current IT architecture . 80 4.2.1 Overview of the TAA network . 80 4.2.2 TAA’s e-business initiative . 84 4.2.3 Security infrastructure for the e-business initiative . 84 4.2.4 Secured e-business initiative architecture. 86 4.2.5 User account management and emerging issues. 86 4.3 Corporate business vision and objectives . 88 4.4 Project layout and implementation phases . 89 4.5 Conclusion. 90 iv Deployment Guide Series: IBM Tivoli Access Manager for Enterprise Single Sign-On 8.0 Chapter 5. Enterprise single sign-on solution design . 91 5.1 Business requirements . 92 5.2 Functional requirements . 93 5.3 Design approach . 96 5.4 Implementation overview. 97 5.4.1 About project phases and deployment stages . 97 5.4.2 Project phases . 98 5.5 Conclusion. 99 Chapter 6. Base installation and configuration . 101 6.1 Design considerations . 102 6.1.1 System requirements . 103 6.1.2 Deployment architecture . 103 6.2 Installing and configuring base components . 105 6.2.1 Create administrative users . ..
Load more

Recommended publications
  • Using IPCS with MVS/ESA Version 5
    SYSTEM BY TOM BRYANT STRATEGIES MVS/XA/ESA Problem Solving: Part I — Using IPCS With MVS/ESA Version 5 PCS for MVS/ESA Version 5 has come a long way since I first used it in 1983 at the prompting of an exuberant IBM customer engineer. IPCS IPCS for MVS/ESA continues to move toward a fully panel-driven environment, although in Version 5 offers many Isome situations, I find using IPCS commands easier. capabilities, including the ability to scan for unformatted storage dumps. This article Future articles will examine the environ- easily in batch mode as well as in an ISPF mental record editing and printing program foreground session. I also wanted a CLIST examines the many (EREP), one-page MVS/XA/ESA abend that was well-documented with easy-to-use facilities of IPCS, analysis, advanced SVCDUMP analysis, parameters. Finally, I wanted a CLIST that slip traps and GTF tracing, and standalone does not hang onto dump directory and IPCS and includes some dump analysis. print dataset allocations when completed, as of the author’s favorite IPCS stands for Interactive Problem the IBM BLSCDDIR CLIST does. Control System, although most people IPCS commands. (myself included) use it just for looking at IPCS CLISTS FOR MVS/ESA unformatted storage dumps. IPCS will process VERSION 4.3 AND ABOVE SVCDUMPs which are dumps usually pro- The #IPCSTJB CLIST is the mainline duced with the abend (SVC 13) issued by your CLIST that you execute to establish an IPCS program or the system. Other unformatted session (see Figure 1). If you are invoking dumps that IPCS will produce include an #IPCSTJB for the first time, the NEW CLIST application unformatted dump allocated keyword parameter indicates that you will through the SYSMDUMP DD statement and dynamically create a VSAM dump directory the standalone dump produced by the stand- using the value of the VOL CLIST keyword alone dump program.
    [Show full text]
  • Z/OS Basic Skills Information Center: Mainframe Concepts
    z/OS Basic Skills Information Center Mainframe concepts z/OS Basic Skills Information Center Mainframe concepts Note Before using this information and the product it supports, read the information in “Notices” on page 45. This edition applies to z/OS (product number 5694-A01). We appreciate your comments about this publication. Comment on specific errors or omissions, accuracy, organization, subject matter, or completeness of this book. The comments you send should pertain to only the information in this manual or product and the way in which the information is presented. For technical questions and information about products and prices, contact your IBM branch office, your IBM business partner, or your authorized remarketer. When you send comments to IBM, you grant IBM a nonexclusive right to use or distribute your comments in any way it believes appropriate without incurring any obligation to you. IBM or any other organizations will only use the personal information that you supply to contact you about the issues that you state on this form. Send your comments through this Web site: http://publib.boulder.ibm.com/infocenter/zoslnctr/v1r7/ index.jsp?topic=/com.ibm.zcontact.doc/webqs.html © Copyright International Business Machines Corporation 2005, 2008. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Introduction to the mainframe . .v Mainframe operating system: z/TPF . .22 Chapter 1. The value of the mainframe Chapter 2. Mainframe hardware today . .1 concepts . .23 The S/360: A turning point in mainframe history . .1 Mainframe hardware: Terminology . .23 Mainframe architecture: Secure, compatible, and still Mainframe hardware: Evolving design .
    [Show full text]
  • Z/OS Basics Preface
    Contents Preface . iii How this course is organized . iii How each topic is organized . iv Part 1. Introduction to z/OS and the mainframe environment Chapter 1. Introduction to the new mainframe . 3 1.1 The new mainframe. 4 1.2 The S/360: A turning point in mainframe history . 4 1.3 An evolving architecture . 5 1.4 Mainframes in our midst . 6 1.5 What is a mainframe? . 7 1.6 Who uses mainframe computers?. 10 1.7 Factors contributing to mainframe use . 11 1.8 Typical mainframe workloads . 14 1.9 Roles in the mainframe world . 21 1.10 z/OS and other mainframe operating systems . 27 1.11 Summary . 29 Chapter 2. z/OS overview. 31 2.1 What is an operating system? . 32 2.2 Overview of z/OS facilities. 32 2.3 What is z/OS? . 34 2.4 Virtual storage and other mainframe concepts . 39 2.5 What is workload management? . 57 2.6 I/O and data management. 60 2.7 Supervising the execution of work in the system . 60 2.8 Defining characteristics of z/OS . 68 2.9 Licensed programs for z/OS . 69 2.10 Middleware for z/OS . 70 2.11 A brief comparison of z/OS and UNIX. 71 2.12 Summary . 73 Chapter 3. TSO/E, ISPF, and UNIX: Interactive facilities of z/OS . 75 3.1 How do we interact with z/OS? . 76 3.2 TSO overview . 76 3.3 ISPF overview . 80 3.4 z/OS UNIX interactive interfaces. 99 3.5 Summary .
    [Show full text]
  • Hires Through May 31, 2018
    Hire Heroes USA 2018 Confirmed Hires through May 31, 2018 (Last) Service Service Branch Other Hiring Company Name Position Hired For Rank Army CW-4 Agbotic Greenhouse Cluster Manager Air Force E-1 Nexgen Pharma Assistant Army E-1 Paralyzed Veterans of America Service Officer Supervisor Army E-1 Entrepreneur Owner Army E-1 Ohio Media School "Web Content Radio Coordinator Army E-1 Wireless Advocates Sales Representative Navy E-1 Uber-eats Customer Service Air Force E-1 Diamond Springs Water Warehouse Specialist Army E-1 KFC Fry Cook Army E-2 Lockheed Martin Corporation Security Officer Navy E-2 Delta Dental Customer Service Representative Army E-2 GOODYEAR COMMERCIAL TIRE Driver Air Force E-2 BNSF Trainee Conductor Army E-2 Best Western Plus Inn and Suites Maintenance Technician Army E-2 Systems Planning & Analysis, Inc. Program Manager Army E-2 Blue Line Protection Group Armed Security Guard Army E-2 DaVita Dialysis Tech Army E-2 HCI integrated solutions IT Consultant Air Force E-2 Goodwill Industries Case Manager Marines E-2 G&D Integrated Material Handler Air Force E-2 ProScope Flood/Insurance Adjuster Navy E-2 Pop Media Group Post Production Technician Army E-2 PFM Help Desk Analyst Marines E-2 Apex Systems, Inc Desktop Support Army E-2 Cheers Liquor Mart Cashier General Dynamics - Information Marines E-3 Technology Computer Engineer Air Force E-3 HAECO Americas FAA Airframe Certified Technician Navy E-3 Britts Home Furnishings Sales Consultant Department of Homeland Security Marines E-3 (NPPD) Customs Agent Army E-3 Social SEO Marketing
    [Show full text]
  • IT-Zertifikate (Mit Besonderer Berücksichtigung Von IT-Security-Zertifizierungen)
    IT-Zertifikate (mit besonderer Berücksichtigung von IT-Security-Zertifizierungen) Orientiert an: http://www.itiki.de/qualifikationen/zertifikate/ und Anbieterhomepages Legende: Grün spezifisch IT-Security, Schwarz ausgesprochener Bezug zu IT-Security, Hellgrau nachrangiger Bezug zu IT-Security Rot kein direkter Bezug zu IT-Security ISACA (http://www.isaca.de/index.php/zert-start) Governance Compliance iT5 Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC) Compliance manager iTCM Governance manager iTGM Cyber-Security Practitioner IT Risk iT5 QARiF quality assurance review (ISC)² (https://www.isc2.org/) System Security Certified Practitioner (SSCP) Certified Authorization Professional (CAP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Cyber Forensics Professional (CCFP) HealthCare Information Security and Privacy Practitioner (HCISPP) Certified Cloud Security Professional (CCSP) CISSP® - Certified Information Systems Security Professional Cisco (http://www.ccna.de/ccda.htm) Cisco Certified Network Associate (CCNA) Cisco Certified Entry Network Technician (CCENT) Cisco Certified Design Associate (CCDA) Cisco Certified Network Professional (CCNP) Cisco Certified Design Professional (CCDP) Cisco Certified Internetwork Professional (CCIP) Cisco Certified Voice Professional (CCVP) Cisco Certified Internetwork Expert (CCIE) Cisco Certified Security
    [Show full text]
  • Z/OS: Trusted Key Entry Workstation (TKE) Chapter 1
    z/OS 2.4 Getting started with TKE at your enterprise IBM Note Before using this information and the product it supports, read the information in “Notices” on page 35. This edition applies to Version 2 Release 4 of z/OS (5650-ZOS) and to all subsequent releases and modifications until otherwise indicated in new editions. Last updated: 2021-04-06 © Copyright International Business Machines Corporation 2018, 2021. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Tables................................................................................................................... v How to send your comments to IBM......................................................................vii If you have a technical problem.................................................................................................................vii Chapter 1. What is TKE?........................................................................................ 1 Chapter 2. Requirements for TKE........................................................................... 3 Identifying the console................................................................................................................................ 3 Trusted Key Entry components................................................................................................................... 3 TKE hardware........................................................................................................................................
    [Show full text]
  • Introduction to the New Mainframe: Z/OS Basics
    Front cover Introduction to the New Mainframe z/OS Basics Basic mainframe concepts, including usage and architecture z/OS fundamentals for students and beginners Mainframe hardware and peripheral devices Mike Ebbers John Kettner Wayne O’Brien Bill Ogden ibm.com/redbooks International Technical Support Organization Introduction to the New Mainframe: z/OS Basics March 2011 SG24-6366-02 Note: Before using this information and the product it supports, read the information in “Notices” on page xi. Third Edition (March 2011) © Copyright International Business Machines Corporation 2006, 2009, 2011. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . xi Trademarks . xii Preface . xiii How this text is organized . xiv How each chapter is organized . xiv The team who wrote this book . xv Acknowledgements . xvi Now you can become a published author, too! . xix Comments welcome. xix Stay connected to IBM Redbooks . xix Summary of changes . xxi March 2011, Third Edition . xxi August 2009, Second Edition . xxi Part 1. Introduction to z/OS and the mainframe environment Chapter 1. Introduction to the new mainframe . 3 1.1 The new mainframe. 4 1.2 The System/360: A turning point in mainframe history . 4 1.3 An evolving architecture . 5 1.4 Mainframes in our midst . 8 1.5 What is a mainframe . 9 1.6 Who uses mainframe computers. 12 1.7 Factors contributing to mainframe use . 15 1.8 Typical mainframe workloads . 22 1.9 Roles in the mainframe world . 29 1.10 z/OS and other mainframe operating systems .
    [Show full text]
  • Notes to the Consolidated Financial Statements 34 1
    ACN 122 921 813 For personal use only FOR THE YEAR ENDED 31 DECEMBER 2017 Contents to the Annual Financial Report Highlights 4 Chairman’s Report 5 Chief Executive Officer’s Report 7 Corporate information 10 Director’s Report 11 Consolidated statement of profit or loss and other comprehensive income 29 Consolidated statement of financial position 30 Consolidated statement of cash flows 33 Notes to the consolidated financial statements 34 1. Corporate information 34 2. Operating Segments 49 3. Information about Subsidiaries 53 4. Business combination 53 5. Financial assets and financial liabilities 57 6. Revenue from Operating Activities 59 7. Gain on sale of mobile application games 59 8. Employee benefits expense 60 9. Research and Development Expenses 60 10. Doubtful Debts Expense 60 11. Other expenses 61 12. Income Tax 61 13. Cash and cash equivalents 62 14. Trade and Other Receivables 63 15. Financial assets 63 16. Other Assets 64 17. Plant and Equipment 65 18. Goodwill 65 19. Trade and other payables 66 20. Short-term provisions 66 For personal use only 21. Financial liabilities 67 22. Other liability 67 23. Share Capital 67 24. Reserves 68 2 25. Share Based Payments 68 26. Related Party Disclosures 69 27. Earnings Per Share 71 28. Subsequent Events 71 29. Auditors Remuneration 72 30. Parent Entity Information 73 31. Commitments 73 32. Ongoing deal with iCandy 74 33. Contingent Liabilities 74 Directors' declaration 75 Independent auditor’s report to the members of Animoca Brands Corporation Limited 76 For personal use only 3 HIGHLIGHTS Financial 1. Operating revenue of $6.5 million, representing a 25% decrease on FY 2016 – driven by changes in strategy 2.
    [Show full text]
  • MVS January Title
    160 January 2000 3 Unique SYSLOG identification across systems 11 Cache status management 17 DASD tuning 27 Dynamically allocating files to system utilities 34 Testing the catalog search interface 47 Using STRING and UNSTRING in COBOL 50 Cursor-sensitive ISPF (part 2) 72 MVS news © Xephon plc 2000 MVS Update Published by Editor Xephon Jaime Kaminski 27-35 London Road Newbury Disclaimer Berkshire RG14 1JL Readers are cautioned that, although the England information in this journal is presented in Telephone: 01635 33598 good faith, neither Xephon nor the From USA: 01144 1635 33598 organizations or individuals that supplied E-mail: [email protected] information in this journal give any warranty or make any representations as to the North American office accuracy of the material it contains. Neither Xephon/QNA Xephon nor the contributing organizations or 1301 West Highway 407, Suite 201-405 individuals accept any liability of any kind Lewisville, TX 75067 howsoever arising out of the use of such USA material. Readers should satisfy themselves Telephone: 940 455 7050 as to the correctness and relevance to their circumstances of all advice, information, Contributions code, JCL, EXECs, and other contents of this If you have anything original to say about journal before making any use of it. MVS, or any interesting experience to recount, why not spend an hour or two putting MVS Update on-line it on paper? The article need not be very long Code from MVS Update can be downloaded – two or three paragraphs could be sufficient. from our Web site at http://www.xephon. Not only will you be actively helping the free com/mvsupdate.html; you will need the user- exchange of information, which benefits all id shown on your address label.
    [Show full text]
  • Maine Alumnus, Volume 39, Number 9, June 1958
    The University of Maine DigitalCommons@UMaine University of Maine Alumni Magazines University of Maine Publications 6-1958 Maine Alumnus, Volume 39, Number 9, June 1958 General Alumni Association, University of Maine Follow this and additional works at: https://digitalcommons.library.umaine.edu/alumni_magazines Part of the Higher Education Commons, and the History Commons Recommended Citation General Alumni Association, University of Maine, "Maine Alumnus, Volume 39, Number 9, June 1958" (1958). University of Maine Alumni Magazines. 163. https://digitalcommons.library.umaine.edu/alumni_magazines/163 This publication is brought to you for free and open access by DigitalCommons@UMaine. It has been accepted for inclusion in University of Maine Alumni Magazines by an authorized administrator of DigitalCommons@UMaine. For more information, please contact [email protected]. MAKE YOUR DREAMS COME TRUE WITH A MERRILL TRUST COMPANY A u t o L o a n Decide on the make and model you want. loan in comfortable monthly instalments Then visit any handy office and arrange that fit your income. Let Merrill Trust a Merrill Trust Auto Loan. Enjoy safe, help you get behind the wheel of the car worry-free driving while you repay your of your choice now. ► Thirteen Offices "Serving Eastern Maine" ► Convenient Customer Parking "In the Heart of Bangor" t h e M e r r il l T r u s t C o m p a n y THE BANGOR BANK WHERE YOU CAN PARK WITH EASE "Serving Eastern Maine'' MEMBER FEDERAl DEPOSIT INSURANCE CORPORATION • MEMBER FEDERAL RESERVE SYSTEM BANGOR • BELFAST • BUCKSPORT • CALAIS • DEXTER • DOVER FOXCROFT .
    [Show full text]
  • Position Descriptions | September 2019 IT & Telecommunications (New Zealand) Survey
    Aon Rewards Solutions Proprietary and Confidential Position descriptions | September 2019 IT & Telecommunications (New Zealand) Survey Position Families: Contact Centre 4 Positions Customer Support 44 Positions Finance 9 Positions Graduates 2 Positions Information Technology 105 Positions Professional Services 41 Positions Sales 20 Positions Senior Executive 8 Positions Telecommunications 19 Positions IT & Telecommunications (New Zealand) | Position Descriptions 1 © Aon plc Downloaded on 23/08/2019 11:55:39 AM IT & Telecommunications (New Zealand) Survey Position Family: Contact Centre Contact Centre Manager 49010 Senior Contact Centre Representative 50010 Contact Centre Representative 50015 Workforce Analyst 54015 IT & Telecommunications (New Zealand) | Position Descriptions 2 © Aon plc Downloaded on 23/08/2019 11:55:39 AM IT & Telecommunications (New Zealand) Survey Position Family: Customer Support Business Equipment Support Area/Field Service Supervisor - Business Equipment 24195 Senior Customer Service Engineer - Business Equipment 24200 Customer Service Engineer - Business Equipment 24205 Internet Protocols (IP) IP Network Technical Specialist 24185 IP Network Engineer 24190 Management Regional Customer Service Manager 24005 Branch/Region Customer Service Manager 24010 Customer Support/Service Manager 12005 Call/Response Centre Manager 24020 Call/Response/Technical Support Centre Manager - Technical Role 24025 Post Sales Account Management Senior Account Manager - Customer Service 24115 Account Manager - Customer Service 24120 Pre
    [Show full text]
  • Understanding the Motivations for Business to Create Shared Value 18 Case Studies 3
    3 Understanding the Motivations for Business to Create Shared Value 18 Case Studies 3 Understanding the Motivations for Business to Create Shared Value 18 Case Studies Introduction - a Mix of Motivations for All but Organised in the Primary In this section, there are 18 case studies listing companies from Hong Kong and around the world who are embracing business for good. This is a snapshot of different types of activities, not a comprehensive analysis. The write-ups are based on interviews that the Consulting Team conducted mainly in the third and fourth quarter of 2019. Since this study is interested in what motivates businesses to do good, this section has been organised around three broad categories, based on our research and the interviews. The three categories are 1) New business opportunities 2) Leadership and 3) External influence. In reality, there are a variety of drivers that are driving these companies to behave differently, not just one. We have clustered the cases around the primary driver to do good. This categorisation should not be viewed in a strict sense - rather the motivations are interlinked and not mutually exclusive. New Business Opportunities Whilst Transforming Society This section lists companies who are primarily motivated by finding a new business opportunity, at the same time as tackling a societal challenge. 53 Hong Kong Broadband Network HKSAR “Under the goal of Making our Home a Better Place to Live, HKBNers share a strong collective alignment of interest, and are extra passionate to deliver products, services and outcomes that are always great for our stakeholders and Hong Kong’s communities.
    [Show full text]