Feedback

IBM Tivoli Federated Identity Manager V6.2 family — extending online collaboration and supporting user-centric identity management

IBM United States Software Announcement 208-136
June 17, 2008

 

 ENUS208136.PDF (103KB)

 

Table of contents  Document options  
TOC link At a glance TOC link Offering Information
TOC link Overview TOC link Publications
TOC link Key prerequisites TOC link Technical information
TOC link Planned availability dates TOC link Ordering information
TOC link Description TOC link Terms and conditions
TOC link Product positioning TOC link IBM Electronic Services
TOC link Reference information TOC link Prices
TOC link Education support TOC link Order now
 
Printable version Printable version

 
At a glance

IBM Tivoli Federated Identity Manager V6.2:

  • Provides user-centric identity management support by offering Information Card Profile and OpenID support for both the relying party and identity provider roles.
  • Enables modular federation deployments and interoperability by integrating with access management solution and application servers.
  • Streamlines service oriented architecture (SOA) identity management by providing a WS-Trust 1.3-based pluggable trust management service to deploy identity-aware enterprise service bus and CICS® integration using RACF® PassTicket.
  • Extends auditing and reporting for compliance by:
    • Including Business Intelligence Reporting Tool (BIRT) 2.1.2 to help build new or customize supplied reports, and provide the ability to report via Tivoli Federated Identity Manager console or command line
    • Integrating with IBM Tivoli Compliance Insight Manager for centralized compliance reporting

IBM Tivoli Federated Identity Manager Business Gateway V6.2 now supports SAML 2.0.

IBM Tivoli Federated Identity Manager V6.2 for z/OS now supports federated single sign-on.

For ordering, contact:

Your IBM representative, an IBM Business Partner, or IBM Americas Call Centers at 800-IBM-CALL (Reference: YE001).
 
Back topBack to top
 

Overview

Collaboration within and across organization's business ecosystem, including consumers, business partners, and independently managed business units, plays a key role in the business process management initiatives motivating a move towards service oriented architecture (SOA), and even Web 2.0 adoption. With browser-based integration and open standards, IBM Tivoli® Federated Identity Manager can provide quick gains in user productivity, user experience, and a reduction in administration costs by delivering federated single sign-on. End users authenticate once, and then seamlessly obtain secure access to applications and services inside and outside their network infrastructure.

IBM Tivoli Federated Identity Manager provides federated single sign-on capability in a way that can minimize the impact on business applications to help reduce costs and deployment timeframes for integrating applications into a collaboration infrastructure. The Tivoli Federated Identity Manager family consists of three products: IBM Tivoli Federated Identify Manager V6.2, IBM Tivoli Federated Identity Manager Business Gateway V6.2, and Tivoli Federated Identity Manager for z/OS® V6.2.

Furthermore, the reuse of existing applications and Web services can reduce SOA implementation costs. But, these existing applications and Web services are often developed independently and have different notions of an identity, multiple formats in which they share these identities, and a common inability to audit the use of generic identity in the mainframe environment. Tivoli Federated Identity Manager provides flexible Web services identity services using the Security Token Service (STS) that enables the ability to validate and issue a wide variety of identity formats and flow auditable identities between applications and services across multiple security domains and the enterprise. To aid compliance activities, Tivoli Federated Identity Manager also provides integrated audit data collection and reporting.

For small-to-medium enterprises, IBM Tivoli Federated Identity Manager Business Gateway V6.2 delivers an entry-level federation solution based on open standards that enhances collaboration throughout a supply-chain or industry ecosystem.
 
Back topBack to top
 

Key prerequisites

Refer to the Hardware requirements and Software requirements sections.


 
Back topBack to top
 

Planned availability dates
  • IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway
    • June 20, 2008: Electronic availability
    • July 11, 2008: Media availability
  • IBM Tivoli Federated Identity Manager for z/OS
    • July 11, 2008: Media availability

 
Back topBack to top
 
Description

Collaboration through federation

As companies adopt more innovative business models, collaboration and reuse of existing assets are critical. Many organizations address each of these with IBM Tivoli Federated Identity Manager. Collaborating within and across a business ecosystem can place substantial demand on network infrastructures. Generally, an increasing amount of the vital information that needs to be integrated into the consolidated user interfaces is contained in different security domains or organizations. Using federated single sign-on techniques to help integrate this information from multiple domains can provide quick benefits and savings with a relatively small investment. Tivoli Federated Identity Manager provides concurrent support for leading federated single sign-on protocols:

  • SAML 1.0, 1.1, 2.0
  • Liberty ID-FF 1.1, 1.2
  • WS-Federation
  • OpenID
  • Information Card

An organization can not only collaborate by adopting federated single sign-on, but also achieve dramatic reductions in user administration, complexity, and costs. The integration between Tivoli Federated Identity Manager federated single sign-on service and an organization's Web application is achieved without using proprietary APIs. By leveraging the reverse proxy from IBM Tivoli Access Manager (which is included with Tivoli Federated Identity Manager), Tivoli Federated Identity Manager can be integrated with a Web application via an HTTP and HTTPS connection. This provides a loose coupling between the federated single sign-on middleware and the application layer, which allows a wide variety of Web applications to be connected into a federated environment with little or no changes to the applications. Moreover, applications and their associated middleware and servers can be upgraded without changes to the integration with the federated single sign-on services. Similarly, new federation relationships or protocols can be added. This federation deployment capability can reduce time to value and maintenance costs. More importantly, organizations can now collaborate with peace of mind as they leverage the trust management service established by Tivoli Federated Identity Manager.

Furthermore, IBM Tivoli Federated Identity Manager Business Gateway offers an entry-level solution for federated single sign-on. It can be used by the business partners of a larger enterprise running an enterprise Tivoli Federated Identity Manager solution, and Tivoli Federated Identity Manager Business Gateway can also be used by business partners of companies using third-party federated single sign-on products. Examples of the types of business entities that would deploy Tivoli Federated Identity Manager Business Gateway include:

  • Insurance and mortgage brokerages
  • Health care providers
  • Supply chain providers
  • Branch offices of government and law enforcement organizations
  • Employers leveraging employee-benefit outsourcing
  • Small to medium-sized partners of large enterprises

Tivoli Federated Identity Manager Business Gateway also offers a smooth migration to the enterprise level Tivoli Federated Identity Manager solution, with little or no business application changes. Moreover, both solutions use a consistent management user interface, so administration training and transition costs are minimized.

SOA Identity Service

Many of the benefits from an SOA come from the reuse of existing application assets by dividing them into discrete business functions (services), and then combining these services in various combinations to implement business processes. Many of the existing applications were developed independently and often have different representations of user identity and different ways in which identities can be exchanged. Successfully dealing with these different user identities and identity exchange formats is critical to the success of an SOA. IBM Tivoli Federated Identity Manager has a Security Token Service (STS) that provides identity mediation services for an SOA by managing, mapping, and propagating identities. The functionality provided by the STS can also be accessed from leading XML firewalls gateways, including IBM Datapower SOA Appliances, to provide identity mediation services to these boundary devices for XML-based interactions with external organizations. Many organizations are moving from using application-level user IDs and passwords to individual user identities. Tivoli Federated Identity Manager STS can be used to map distributed user IDs to RACF user IDs and associated RACF passtickets (one-time passwords for authentication to RACF). The RACF ID and passticket can then be used to connect to z/OS hosted resources using individual user identities. Tivoli Federated Identity Manager STS, in this use-case, can be hosted on z/OS or a supported distributed platform.

IBM Tivoli Federated Identity Manager V6.2 STS can also be leveraged as a critical component within IBM's federated enterprise service bus (ESB). An ESB is a flexible connectivity infrastructure for integrating disparate applications and services. But many ESBs have identity and compliance challenges. They are not able to efficiently connect and track identities across separately managed domains leading to significant administrative costs and auditing difficulties. The federated ESB simplifies administration and ensures compliance by making an organization's ESB identity aware.

Key enhancements

User centric identity management

The intersection of growing electronic commerce, anonymity of the Internet, and accessibility to information has created both opportunity and risk. Trust between parties in a transaction is paramount. Unfortunately, this trust has been increasingly questioned with the continued rise in identity thefts and other fraudulent activities. The responsibility for an individual's identity and its proper usage becomes heightened and alternative models for establishing this trust are gaining momentum. A user-centric identity network with a wide range of identity providers, card selectors, browsers, and Web sites are emerging with the ability to demonstrate how users can "click-in" to sites via self-issued and manage information cards (i-cards), OpenId, Higgins Identity Frameworks, Microsoft® CardSpace, SAML, WS-Trust, Kerberos, or X.509 components, and also demonstrate live functionality and interoperability within the identity layer. For more information on the user-centric identity network interoperability, visit OSIS at

With user-centric identity network, the user is in control of where sign-on is occurring and which specific user attributes they want to share between an identity provider and a relying party or service provider. This approach is different from the traditional single sign-on framework in that no metadata needs to be shared between the identity and service providers. Rather, the end user is the entity that asserts the trust. The information card describes what kinds of tokens the identity provider can issue and the user attributes they contain. And before an identity provider can deliver a single sign-on token, they need to know what identity to put in the token. So authentication data must be present in the user request to the identity provider for a single sign-on token. To support this user-centric identity management, assurance and single sign-on, Tivoli Federated Identity Manager V6.2 plays an integral role. Tivoli Federated Identity Manager V6.2 supports business-to-customer (B2C) federation with OpenID, Information card profile using identity selectors such as Microsoft CardSpace and Higgins Identity Framework.

Extended federation interoperability

IBM Tivoli Federated Identity Manager V6.2 now appeals to a wider group of organizations with its extended interoperability. By supporting multiple point-of-contact servers — including third-party access management, Tivoli Access Manager for e-business, IBM WebSphere® Application Server (refer to Software requirements section) and third-party Web application servers — organizations now have the opportunity to deploy a federated single sign-on using their existing infrastructure assets. Tivoli Federated Identity Manager V6.2 will also be able to leverage third-party Web access management solutions for authentication and authorization decision. Tivoli Federated Identity Manager Business Gateway V6.2 supports out-of-the-box plug-ins for Microsoft IIS and Apache servers for seamless integration and deployment into an existing infrastructure.

Simplified administration

With several out-of-the-box trust modules and the ability to generate Kerberos tickets, RACF PassTickets, Lightweight Third-Party Authentication (LTPA), and Tivoli Directory Integrator (TDI) module, organizations are able to quickly integrate a wide range of third-party applications to the federated access control.

Enhanced Microsoft .NET infrastructure support provides single sign-on between Windows® desktops and back-end applications using Kerberos ticket.

Administration simplified by:

  • Offering a new command line infrastructure and improved trust chain editor improvements for quick deployment of the STS
  • Enabling key management via a console that can change key store passwords and manage certificate operations
  • Having the ability to develop additional Tivoli Federated Identity Manager plug-ins using Eclipse extensions and support organization and application-specific deployments

Improved auditing and reporting

Auditing and reporting extended by:

  • Including Business Intelligence Reporting Tool (BIRT) 2.1.2 to help build new or customize supplied reports, and provide the ability to report via Tivoli Federated Identity Manager console or command line
  • Having the ability to report via console or new command line infrastructure
  • Integrating with IBM Tivoli Compliance Insight Manager

Miscellaneous enhancements

IBM Tivoli Federated Identity Manager Business Gateway V6.2 now supports SAML 2.0.

IBM Tivoli Federated Identity Manager V6.2 on z/OS offers the federated single sign-on and Web services identity service similar to distributed V6.2 and provides clients the ability to natively run the application in a mainframe environment.

Accessibility by people with disabilities

A U.S. Section 508 Voluntary Product Accessibility Template (VPAT) containing details on accessibility compliance can be requested at

Section 508 of the U.S. Rehabilitation Act

Tivoli Federated Identity Manager is capable, when used in accordance with IBM's associated documentation, of satisfying the applicable requirements of Section 508 of the Rehabilitation Act, provided that any assistive technology used with the product properly interoperates with it. A U.S. Section 508 Voluntary Product Accessibility Template (VPAT) can be requested on the following Web site


 
Back topBack to top
 
Product positioning

Do not mistake the name! IBM Tivoli Federated Identity Manager is an access management solution that has two distinct value propositions. First, it is a robust access control solution that facilitates collaboration inside and outside the enterprise by delivering federated single sign-on. Second, it is an SOA identity service solution that provides end-to-end identity mediation and token validation across diverse applications, services, and mash-ups through its Security Token Service (STS).

As your single sign-on needs to extend beyond the enterprise to a third party or to a separate domain within the enterprise (for example, newly acquired division or different line of business), Tivoli Federated Identity Manager adds federated single sign-on and Web services identity service standards such as SAML, Liberty, WS-Federation, and WS-Trust support to user access control and run-time enforcement.

Within the IBM Tivoli security portfolio, IBM Tivoli Federated Identity Manager's federated single sign-on capabilities directly complement the Web single sign-on and enterprise single sign-on capabilities of IBM Tivoli Access Manager for e-business and IBM Tivoli Access Manager for Enterprise Single Sign-On, respectively. Together, they deliver comprehensive single sign-on inside and outside the enterprise. As these solutions manage authentication and authorization to applications, Tivoli Identity Manager focuses on managing the user lifecycle by offering user provisioning through the management of user identities and passwords in a closed-loop, workflow-based solution.

The SOA identity service value delivered in Tivoli Federated Identity Manager today can be received on its own or through the IBM federated ESB solution. SOA is inherently cross-domain and with that comes the user of varying user identity formats (for example, rays@us.ibm.com or ray@us.ibm.com) from one application to the next. Delivering on the promise of SOA becomes extremely costly to administer and difficult to comply with required policies or regulations. Tivoli Federated Identity Manager's SOA identity service is able to manage, map, propagate, and audit identities across domains to maintain identity context throughout.
 
Back topBack to top
 

Reference information

Refer to Withdrawal Announcement 908-137 , dated June 17, 2008.

Business Partner information

If you are a Direct Reseller - System Reseller acquiring products from IBM, you may link directly to Business Partner information for this announcement. A PartnerWorld ID and password are required (use IBM ID).

BP Attachment for Announcement Letter 208-136

Trademarks

 
Tivoli, z/OS, CICS, RACF, and WebSphere are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Microsoft and Windows are registered trademarks of Microsoft Corporation.
 
Other company, product, and service names may be trademarks or service marks of others.

 
Back topBack to top
 
Education support

Comprehensive education for IBM Tivoli® products is offered through Worldwide Tivoli Education Delivery Services. A wide range of training options are available, including classes led by instructors, learning on demand, on-site training, and blended learning solutions.

For additional information, visit


 
Back topBack to top
 
Offering Information

Product information is available via the Offering Information Web site


 
Back topBack to top
 
Publications

Tivoli Federated Identity Manager V6.2 Quick Start Guide will be delivered hardcopy for English, French, and Spanish with the basic machine-readable material. It can also be downloaded from

Tivoli Federated Identity Manager Business Gateway V6.2 Quick Start Guide will be delivered hardcopy for English, French, and Spanish with the basic machine-readable material. It can also be downloaded from

The following English publications may be downloaded at general availability from the following Web site

National language publications may be downloaded 60 days after planned general availability from the same Web site.

English publications

IBM Tivoli Federated Identity Manager V6.2 and IBM Tivoli Federated Identity Manager for z/OS® V6.2

Title                                           Order number
 
z/OS Program Directory (z/OS only)              GI11-6471
z/OS License Information (z/OS only)            GC23-5623
Quick Start Guide (not for z/OS)                GI11-6490-02
Installation and Configuration Guide            SC23-6190-00
Administration Guide                            SC23-6191-00
Web Services Security Management Guide          GC32-0169-02
Error Message Reference                         GC32-2289-02
Auditing Guide                                  GC32-2287-02
Problem Determination Guide                     GC32-2288-02

IBM Tivoli Federated Identity Manager Business Gateway V6.2

Title                                           Order number
 
Quick Start Guide                               GI11-4624-01
Installation and Configuration Guide            SC23-6193-00
Administration Guide                            SC32-1578-01
Error Message Reference                         SC32-1579-01
Auditing Guide                                  SC32-1580-01
Problem Determination Guide                     SC32-1581-01

The IBM Publications Center

The Publications Center is a worldwide central repository for IBM product publications and marketing material with a catalog of 70,000 items. Extensive search facilities are provided. Payment options for orders are via credit card (in the U.S.) or customer number for 20 countries. A large number of publications are available online in various file formats, and they can all be downloaded by all countries, free of charge.
 
Back topBack to top
 

Technical information

Specified operating environment

Hardware requirements

Minimum/recommended processor, disk space, and memory requirements for IBM Tivoli Federated Identity Manager V6.2 follow:

                                      Minimum    Recommended
 
Processor                             300 MHz    400 MHz
 
Disk Space excluding WebSphere(R)     1 GB       1.5 GB
 Web server or Web browser
 
Memory excluding WebSphere            1 GB       1.5 GB
 Web server or Web browser

Minimum/recommended processor, disk space, and memory requirements for IBM Tivoli Federated Identity Manager Business Gateway V6.2 include:

                                      Minimum    Recommended
 
Processor                             300 MHz    400 MHz
 
Disk Space                            1 GB       1.5 GB
 
Memory                                1 GB       1.5 GB

Minimum/recommended processor, disk space, and memory requirements for IBM Tivoli Federated Identity Manager for z/OS V6.2 follow:

                                      Minimum    Recommended
 
Processor                             z800       z800
 
Disk space excluding Web server
 or Web browser                       300 MB     450 MB

Software requirements

IBM Tivoli Federated Identity Manager V6.2 and IBM Tivoli Federated Identity Manager Business Gateway V6.2 supports the following:

  • IBM AIX® (32 bit) V5.2, V5.3 and V6.1
  • Sun Solaris 9 (Sparc) and 10 (Sparc)
  • Microsoft® Windows® 2003 Standard Server and Enterprise Server
  • Red Hat Linux™ Advanced Server 3.0 for System x™
  • Red Hat Linux Advanced Server 4.0 for System x
  • Red Hat Linux Advanced Server 4.0 for System p™
  • Red Hat Linux Advanced Server 4.0 for System z™
  • Red Hat Linux Advanced Server and Enterprise Server 5.0 for System x
  • Red Hat Linux Advanced Server 5.0 for System p
  • Red Hat Linux Advanced Server 5.0 for System z
  • SUSE Linux Enterprise Server 9 and 10 for IBM System x (31-bit native and 31-bit compatibility mode in 64-bit native)
  • SUSE Linux Enterprise Server 9 and 10 for IBM System p (31-bit native and 31-bit compatibility mode in 64-bit native)
  • SUSE Linux Enterprise Server 9 and 10 for IBM System z (31-bit native and 31-bit compatibility mode in 64-bit native)
  • HP-UX 11i v2 on Integrity
  • HP-UX 11i v3 on Integrity

The Web Server Plug-in component of Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway supports:

  • Apache Web Server 2.0
    • Red Hat Enterprise Linux Server 4.0 or 5.0 on System x
    • SUSE Linux Enterprise Server 9 or 10 on System x
  • Apache Web Server 2.2
    • Red Hat Enterprise Linux Server 4.0 or 5.0 on System x
    • SUSE Linux Enterprise Server 9 or 10 on System x
  • IBM HTTP Server V6.1
    • Red Hat Enterprise Linux Server 4.0 or 5.0 on System x
    • SUSE Linux Enterprise Server 9 or 10 on System x
  • Microsoft Internet Information Server 6.0
    • Microsoft Windows 2003 Server Standard Edition or Enterprise Edition

Included with the program package for use restricted to Tivoli Federated Identity Manager V6.2 are:

  • IBM WebSphere Application Server Network Deployment V6.1
  • An embedded version of IBM WebSphere Application Server V6.1
  • IBM Tivoli Directory Integrator V6.1.1
  • IBM Tivoli Directory Server V6.1
  • IBM Tivoli Access Manager for e-business V6.1
  • IBM Tivoli Common Reporting V1.1.1

Included with the program package for use restricted to IBM Tivoli Federated Identity Manager Business Gateway V6.2 are:

  • An embedded version of IBM WebSphere Application Server V6.1.
  • IBM WebSphere Application Server V6.1

IBM Tivoli Federated Identity Manager for z/OS V6.2 supports the following:

  • z/OS V1R7
  • z/OS V1R8
  • z/OS V1R9
  • IBM WebSphere Application Server for z/OS V6.1

The program's specifications and specified operating environment information may be found in documentation accompanying the program, if available, such as a README file, or other information published by IBM, such as an announcement letter. Documentation and other program content may be supplied only in the English language.

Companion products

The following products or services could be purchased with this product. Companion products include:

  • IBM Tivoli Access Manager for Operating Systems
  • IBM Tivoli Access Manager for Enterprise Single Sign-On
  • IBM Tivoli Identity Manager
  • IBM Tivoli Compliance Insight Manager
  • IBM Rational® AppScan

There are many benefits to including companion products to create a robust security suite, such as including Web and desktop SSO, operating system level access control, user provisioning, privileged user monitoring, and application security with vulnerability scanning.

Limitations

For additional information, refer to Usage restrictions in the Terms and conditions section of this announcement, or to the license information document that is available on the IBM Software License Agreement Web site

Planning information

Direct customer support: Direct customer support is provided for the z/OS product by IBM Operational Support Services — SoftwareXcel. This fee service enhances your productivity by providing voice and electronic access into the IBM support organization. IBM Operational Support Services — SoftwareXcel helps answer questions pertaining to usage and suspected software defects for eligible products.

Installation and technical support is provided by Global Services. For more information call 800-IBM-4YOU (426-4968).

For technical support or assistance, contact your IBM representative or visit

Packaging

IBM Tivoli Federated Identity Manager V6.2 is distributed with:

  • International Program License Agreement (Z125-3301)
  • Quick Start Guide
  • Quick Start Guide CD-ROM
  • CD-ROMs
  • Publications (refer to the Publications section)

IBM Tivoli Federated Identity Manager Business Gateway V6.2 is distributed with:

  • International Program License Agreement (Z125-3301)
  • Quick Start Guide
  • Quick Start Guide CD-ROM
  • CD-ROMs
  • Publications (refer to the Publications section)

IBM Tivoli Federated Identity Manager for z/OS V6.2 is distributed with:

  • International Program License Agreement (Z125-3301)
  • License Information document
  • Tape and CD-ROMs
  • CD-ROM for publications
  • Program Directory

This program, when downloaded from a Web site, contains the applicable IBM license agreement, and License Information, if appropriate, and will be presented for acceptance at the time of installation of the program. For future reference, the license and License Information will be stored in a directory such as LICENSE.TXT.

Security, auditability, and control

IBM Tivoli Federated Identity Manager V6.2, IBM Tivoli Federated Identity Manager Business Gateway V6.2, and IBM Tivoli Federated Identity Manager for z/OS V6.2 use the security and auditability features of the operating system software. The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.

Software Services

IBM Software Services has the breadth, depth, and reach to manage your services needs. You can leverage the deep technical skills of our lab-based, software services team and the business consulting, project management, and infrastructure expertise of our IBM Global Services team. Also, we extend our IBM Software Services reach through IBM Business Partners to provide an extensive portfolio of capabilities. Together, we provide the global reach, intellectual capital, industry insight, and technology leadership to support a wide range of critical business needs.

To learn more about IBM Software Services or to contact a Software Services sales specialist, visit

IBM Tivoli Enhanced Value-Based Pricing

IBM Tivoli software products are priced using IBM Tivoli's Enhanced Value-Based Pricing. The Enhanced Value-Based Pricing system is based upon the IBM Tivoli Environment-Managed Licensing Model, which uses a managed-environment approach — whereby price is determined by what is managed rather than the number and type of product components installed.

For example, all servers monitored with IBM Tivoli's monitoring product (IBM Tivoli Monitoring) require entitlements sufficient for those servers. Other Tivoli products may manage clients, client devices, agents, network nodes, users, or other items, and are licensed and priced accordingly.

Unlike typical systems management licensing models that require entitlements of specific software components to specific systems, the IBM Tivoli Environment-Managed Licensing Model provides the customer flexibility to deploy its IBM Tivoli software products within its environment in a manner that can address and respond to the customer's evolving architecture. That is, as the architecture of a customer's environment changes, the customer's implementation of IBM Tivoli software can be altered, as needed, without affecting the customer's license requirements (as long as the customer does not exceed its entitlements to the software).

Under Enhanced Value-Based Pricing, licensing and pricing of server-oriented applications are determined based upon the server's use in the customer's environment. Typically, such applications are licensed and priced in a manner that corresponds to each installed and activated processor of the server managed by the IBM Tivoli application to help correlate price to value while offering a simple solution.

Where a server is physically partitioned, this approach is modified. This partitioning technique is the approach used with systems that have either multiple cards or multiple frames, each of which can be configured independently. For servers capable of physical partitioning (for example, IBM System p Scalable POWERparallel Systems® servers, Sun Ultra servers, and HP Superdome servers), an entitlement is required for each processor in the physical partition being managed by the Tivoli application. For example, assume that a server has 24 processors installed in aggregate. If this server is not partitioned, entitlements are required for all 24 processors. If, however, it is physically partitioned into three partitions, each containing eight processors, and Tivoli products were managing only one of the three partitions, then entitlements would be required for the eight processors on the physical partition managed by the IBM Tivoli application.

For servers with virtual or logical partitions, entitlements are required for all installed and activated processors on the server. For each IBM Tivoli application managing a clustered environment, licensing is based on the cumulative number of installed and activated processors on each server in the cluster. Where the cluster includes physically partitioned servers, the considerations described above concerning physically partitioned servers apply as well.

Enhanced Value-Based Pricing recognizes the convergence of RISC and UNIX®, and Microsoft Windows and Intel® technologies, in order to simplify your licensing requirements, and to provide a smoother, more scalable model. Pricing and licensing does not differentiate between non-System z server platforms or operating systems. For some products, this platform neutrality extends to System z and other host servers as well.

IBM Tivoli Enhanced Value-Based Pricing terminology definitions

Authorized user

An authorized user is one and only one individual (named or unnamed) within or outside your enterprise. A Proof of Entitlement (PoE) must be obtained for each individual user accessing the program in any manner. A program licensed under an authorized user PoE may be installed on a single computer or server, and accessed by multiple users, provided that a PoE has been obtained for each individual user accessing the program either directly or indirectly (via a multiplexing program, device, or application server) through any means on behalf of the user.

Note that authorized users have unique specific identity and IDs cannot be shared. An ID can establish one or more connections and count as a single authorized user. Specific information to security products are:

  • An authorized user of IBM Tivoli Federated Identity Manager is any ID that accesses an application or service managed or protected by IBM Tivoli Federated Identity Manager.
  • An authorized user of IBM Tivoli Directory Integrator is one whose identity can be synchronized by IBM Tivoli Directory Integrator or that can access a connected system that can be synchronized by IBM Tivoli Directory Integrator.
  • An authorized user of IBM Tivoli Identity Manager is any ID whose identity is recorded in the Tivoli Identity Manager identity store.
  • An authorized user of IBM Tivoli Access Manager for e-business is any ID that accesses an application or service managed or protected by IBM Tivoli Access Manager for e-business.
  • Quantities of authorized users of IBM Tivoli Federated Identity Manager or Tivoli Access Manager for e-business will only include users that have usable Tivoli Federated Identity Manager or Tivoli Access Manager for e-business accounts. If their accounts have been made unusable, then those users do not have to count against the quantities of users that need to be licensed. Such accounts must remain unusable for a minimum of six months in order to not count against the quantities of users that need to be licensed.

Engine

An engine is also referred to as a central processor (CP) or processor. Engines for traditional workloads are called General Purpose CPs. Engines for Linux workloads are called Integrated Facility for Linux (IFL) engines or Linux-only engines. Engines for Coupling Facility workloads are called Integrated Coupling Facility (ICF) engines.

Enterprise

An enterprise is a person or single entity and those subsidiaries with more than 50% ownership.

External user: An authorized user who is not part of the enterprise.

Internal user: An authorized user that is part of the enterprise.

IBM IFL

This optional facility enables additional processing capacity exclusively for Linux workload, with no effect on the model designation of a System z or OS/390® server. Consequently, executing Linux workload on the IBM IFL will not, in most cases, result in any increased IBM software charges for z/OS, OS/390, VM, VSE, or TPF operating systems and applications. There is, as indicated, a charge associated with the IFL, and there may also be a charge for applications which run on the IFL.

The IFL may be dedicated to a single Linux-mode logical partition or it may be shared by multiple Linux-mode logical partitions. Installations should note that the Linux workspace enabled by this facility will not support any of the traditional S/390 operating systems (OS/390, TPF, VSE, or VM). Only Linux applications or Linux operating in conjunction with the Virtual Image Facility™, an environment that operates within a logical partition or in native S/390® mode and provides the capability to create multiple Linux images, are supported by IBM S/390 IFL.

Managed processor (charging under full capacity in the managed environment)

Managed processor charges are based on the active processors on the machines in the computing environment affiliated with the program rather than on the server where the program is run. The managed processors, which require PoEs, are defined in the License Information's program-unique terms.

Notes:

  1. IBM defines a physical processor in a computer as a functional unit that interprets and executes instructions. A physical processor consists of at least an instruction control unit and one or more arithmetic and logic units.
  2. Multicore technology allows two or more processors (commonly called cores) to be active on a single silicon chip. With multicore technology, IBM considers each core to be a physical processor. For example, in a dual-core chip, there are two physical processors residing on the single silicon chip.
  3. The program may not run on some or all of the processors for which PoEs are required by the program's valuation method.
  4. In the System z IFL environment, each IFL engine is considered a single physical processor.
  5. Threading, a technique which makes a single processor seem to perform as two or more, does not affect the count of physical processors.
  6. Where blade technology is employed, each blade is considered a separate server and charging is based upon the total number of processors on the blades with which the program is affiliated.
  7. Not all processors require the same number of Value Unit entitlements. To determine the number of Value Unit entitlements required, refer to the processor Value Unit conversion table on the Passport Advantage® Web site

Partitions

A server's resources (CPU, memory, I/O, interconnects, and buses) may be divided according to the needs of the applications running on the server. This partitioning can be implemented with physical boundaries (physical partitions) or logical boundaries (logical partitions).

Physical partitions are defined by a collection of processors dedicated to a workload and can be used with systems that have either multiple cards or multiple frames, each of which can be configured independently. In this method, the partitions are divided along hardware boundaries and processors, and the I/O boards, memory, and interconnects are not shared.

Logical partitions are defined by software rather than hardware and allocate a pool of processing resources to a collection of workloads. These partitions, while separated by software boundaries, share hardware components and run in one or more physical partitions.

Processor (per processor charging under full capacity)

In full capacity charging, PoEs must be acquired for all activated processors (available for use) that are on the server where the program or a component of the program is run.

Notes:

  1. IBM defines a physical processor in a computer as a functional unit that interprets and executes instructions. A physical processor consists of at least an instruction control unit and one or more arithmetic and logic units.
  2. Multicore technology allows two or more processors (commonly called cores) to be active on a single silicon chip. With multicore technology, IBM considers each core to be a physical processor. For example, in a dual-core chip, there are two physical processors residing on the single silicon chip.
  3. In the System z IFL environment, each IFL engine is considered a single physical processor.
  4. Threading, a technique which makes a single processor seem to perform as two or more, does not affect the count of physical processors.
  5. Where blade technology is employed, each blade is considered a separate server and charging is based upon the total number of processors on the blade on which the program is run.
  6. When a server is shipped with six processors, but two of them are inactive, four processors are active for the customer.
  7. Not all processors require the same number of Value Unit entitlements. To determine the number of Value Unit entitlements required, refer to the processor value unit conversion table on the Passport Advantage Web site

Server

A server is a computer system that executes requested procedures, commands, or applications to one or more user or client devices over a network. A PoE must be obtained for each server on which the program or a component of the program is run or for each server managed by the program. Where blade technology is employed, each blade is considered a separate server.

Standby or backup systems

For programs running or resident on backup machines, IBM defines three types of situations: cold, warm and hot. In cold and warm situations, a separate entitlement for the copy on the backup machine is normally not required and typically no additional charge applies. In a hot backup situation, the customer needs to acquire other license or entitlements sufficient for that server. All programs running in backup mode must be solely under the customer's control, even if running at another enterprise's location.

As a practice, the following are definitions and allowable actions concerning the copy of the program used for backup purposes.

Cold: A copy of the program may reside, for backup purposes, on a machine as long as the program is not started. There is no additional charge for this copy.

Warm: A copy of the program may reside for backup purposes on a machine and is started, but is idling, and is not doing any work of any kind. There is no additional charge for this copy.

Hot: A copy of the program may reside for backup purposes on a machine, is started, and is doing work. The customer must acquire a license or entitlements for this copy and there will generally be an additional charge.

Doing work includes, for example, production, development, program maintenance, and testing. It also could include other activities such as mirroring of transactions, updating of files, synchronization of programs, data or other resources (for example, active linking with another machine, program, database or other resource, and so on), or any activity or configurations that would allow an active hot switch or other synchronized switch over between programs, databases, or other resources to occur.

In the case of a program or system configuration that is designed to support a high availability environment by using various techniques (for example, duplexing, mirroring of files, or transactions, maintaining a heartbeat, active linking with another machine, program, database, or other resource), the program is considered to be doing work in the hot situation and a license or entitlement must be purchased.

Tivoli Management Points

A Tivoli Management Point is a metric used to compute license quantities and is program specific.

Value Units

A Value Unit is a pricing charge metric for program license entitlements, which is based upon the quantity of a specific designated measurement used for a given program. Each program has a designated measurement. The most commonly used designated measurements are processor cores and MSUs. However, for select programs, there are other designated measurements such as servers, users, client devices, and messages. The number of Value Unit entitlements required for your specific implementation of the given program must be obtained from a conversion table associated with the program. You must obtain a PoE for the appropriate number of Value Unit entitlements for your implementation. The Value Unit entitlements of a given program cannot be exchanged, interchanged, or aggregated with Value Unit entitlements of another program. Whenever the designated measurement is a processor core, not all processors require the same number of Value Unit entitlements. To determine the number of Value Unit entitlements required, refer to the processor value unit conversion table on the Passport Advantage Web site

User Value Units

A User Value Unit is a pricing charge metric for program license entitlements which is based upon the quantity of a specific designated measurement used for a given program. Refer to Value Units definition. Users is a descriptive of one of the Value Unit charge metrics.

Processor (Value Unit)

A processor core is a functional unit within a computing device that interprets and executes instructions. A processor core consists of at least an instruction control unit and one or more arithmetic or logic unit. With multicore technology, each core is considered a processor. Not all processor cores require the same number of Value Unit entitlements. To calculate the number of Value Unit entitlements required, refer to the Value Unit table on the following Web site

With full capacity licensing, a PoE must be acquired for the appropriate number of Value Units based on all activated processor cores available for use on the server.

Authorized User for IBM Tivoli Federated Identity Manager for z/OS

An authorized user is one and only one individual, machine, program, or device with a specific identity (ID) within or outside your enterprise. A PoE is required for each user accessing the program or any program component.

Notes:

  1. The program can be accessed by multiple users provided that a user authorization has been obtained for each individual user.
  2. Authorized users have unique specific identity and IDs cannot be shared.
  3. An ID can establish one or more connections and count as a single authorized user.
  4. An authorized user of IBM Tivoli Federated Identity Manager for z/OS is any ID that accesses an application or service managed or protected by IBM Tivoli Federated Identity Manager for z/OS.

Product and licensing Web Sites

A complete list of IBM Tivoli products is available at

IBM Tivoli product licensing documents are available at

Passport Advantage for the distributed products

Through the Passport Advantage Agreement, you may receive discounted pricing based on their total volume of eligible products, across all IBM brands, acquired worldwide. The volume is measured by determining the total Passport Advantage points value of the applicable acquisitions. Passport Advantage points are only used for calculating the Entitled Passport Advantage discount.

To determine the required IBM Tivoli product configuration under Passport Advantage, the IBM Tivoli Enhanced Value-Based Pricing Model applies. The customer's environment is evaluated on a per-product basis.

Use the following two-step process to determine the total Passport Advantage points value:

  1. Analyze your environment to determine the number of charge units for a product. The quantity of each product's part numbers to be ordered is determine by that analysis.
  2. Order the Passport Advantage part numbers. A Passport Advantage point value, which is the same worldwide for a specific part number regardless of where the order is placed, is assigned to each IBM Tivoli product part number. The Passport Advantage point value for the applicable part number, multiplied by the quantity for that part number, will determine the Passport Advantage points for that IBM Tivoli product part number. The sum of these Passport Advantage points determines the Passport Advantage point value of the applicable IBM Tivoli product authorizations which then may be aggregated with the point value of other applicable Passport Advantage product acquisitions to determine the total Passport Advantage points value.

The discounted pricing available through Passport Advantage is expressed in the form of Suggested Volume Prices (SVPs), which vary depending on the SVP level. Each SVP level is assigned a minimum total Passport Advantage point value, which must be achieved, in order to qualify for that SVP level.

Media packs and documentation packs do not carry Passport Advantage points and are not eligible for SVP discounting.

For additional information on Passport Advantage, refer to the following

The following Passport Advantage part number categories may be orderable:

  • License and Software Maintenance 12 Months — This is the product authorization with maintenance to the first anniversary date.
  • Annual Software Maintenance Renewal — This is the maintenance renewal for one anniversary that applies when a customer renews their existing coverage period prior to the anniversary date at which it expires.
  • Software Maintenance Reinstatement 12 months — This is for customers who have allowed their Software Maintenance to expire, and later wish to reinstate their Software Maintenance.
  • Media packs — These are the physical media, such as CD-ROMs, that deliver the product's code.

Exceptions to the Environment-Managed Licensing Model

IBM Tivoli products are priced based on the environment managed and follow the definitions laid out in the IBM Tivoli Enhanced Value-based Pricing terminology section of this announcement, with the following exceptions:

  • IBM Tivoli Federated Identity Manager — In most instances, you must count either the number of registered users or the number of processors in the servers on which IBM Tivoli Federated Identity Manager runs, but not both.

Distributed pricing examples

The following examples are provided to illustrate your licensing requirements.

References to processor-based licensing do not represent the actual number of entitlements required. Entitlement requirements are Processor Value Unit based (PVU). Processors referenced in these examples represent the designated measurement on which the required number of Processor Value Unit entitlements will be calculated. The number of PVUs required per processor will depend on the processor type. For more information, refer to the Value Unit definition in IBM Tivoli Enhanced Value-Based Pricing terminology definitions. To determine the number of Processor Value Unit entitlements required per processor, refer to the processor Value Unit conversion table on the Passport Advantage Web site

References to all other non-processor-based metrics do represent the actual number of entitlements required, unless other designated measurements are referenced or unless otherwise specified.

The pricing examples below should be used to determine required license entitlements for IBM Tivoli Federated Identity Manager, which is managed by the licensed user or processor basis.

Products also have program-specific licensing terms, which are described later in this document. Consult the program-specific licensing terms to determine total licensing requirements for the applicable products.

Pricing model examples

1. Scalable usage model table for Tivoli Federated Identity Manager

The following scalable usage table is used to determine the required Value Units per 1,000 users. The price per User Value Unit (UVU) will be different for each part number.

Scalable
Usage Level         1           2         3         4
 
Chargeable          1-5K        5K-15K    15K-50K   50K-150K
 Users
User Value Units    1,000       500       300       200
 per 1,000 users
 
Scalable
Usage Level         5           6         7         8
 
Chargeable          150K-500K   500K-1M   1M-3M     3M
 Users
User Value Units    100         50        25        10
 per 1,000 users

The pricing model for IBM Tivoli Federated Identity Manager is enhanced to significantly reduce costs for many customers whose systems support a large number of external users. The price for these external users is not the same as for internal users. IBM Tivoli Federated Identity Manager now uses a ratio of 15 external users equal 1 chargeable user for the purpose of calculating UVUs. Each Internal user equals one chargeable user for the purpose of calculating UVUs. Infrequent internal users that utilize their IDs less than five times a year, and are grouped so as to be trackable and auditable, will be granted a ratio of 15 infrequent internal users equal 1 chargeable user for the purpose of calculating Value Units.

Chargeable users are summed up and the volume tiering table then is utilized to calculate the total UVUs required to cover entitlements. With the release of Tivoli Federated Identity Manager for z/OS V6.2, customers may mix internal users, external users, and infrequent internal users within their total UVU.

Examples of mixing and matching to obtain total UVUs

          A        B          C        D          E
Pricing   Internal Chargeable External Chargeable Total      User
metric    users    internal   and      external   chargeable Value
example            users      infreq.  and        users      Units
                   at 1:1     internal infrequent (B+D)      to
                              users    int'l                 order
                                       users
                                       at 15:1
 
Federated 57,000   57,000           0      0      57,000     21,900
Identity
Manager
Example 1
 
Federated 50,000   50,000     105,000  7,000      57,000     21,900
Identity
Manager
Example 2
 
Federated 30,000   30,000     405,000  27,000     57,000     21,900
Identity
Manager
Example 3

Mix and match Tivoli Federated Identity Manager Example 4:

Assume customer GREEN initially has 12,000 company employees and 1,500,000 external users. All of these are authorized users. The total chargeable users are calculated as follows:

  • 12,000 internal users = 12,000 chargeable users.
  • 1,500,000 external users = 1,500,000/15 = 100,000 chargeable users.
  • Customer GREEN must sum these chargeable users together and purchase the Value Units required for a total of 112,000 chargeable users.

If customer GREEN grows to 20,000 company employees and finds that it only needs to entitle approximately 1,380,000 external users (customers, business partners, suppliers), then the total chargeable users are calculated as follows:

  • 20,000 internal users = 20,000 chargeable users (20,000 chargeable users at 1:1).
  • 1,380,000 external users = 1,380,000/15 = 92,000 chargeable users (at 15:1).
  • Customer GREEN would still be covered with their entitlements, as their chargeable user total of 112,000 has not changed. This allows the customer flexibility to accommodate changes in their environment over time.

2. UVU pricing scenario for Tivoli Federated Identity Manager

Transaction 1

Customer ABC initially wants to deploy Tivoli Federated Identity Manager for the following user configuration:

  • 2,000 employees of ABC who access Web applications from HTTP and J2EE application servers. These authorized users access services on Enterprise ABC's portal and may use the ABC portal to access third-party Web applications.
  • 10,000 employee remote Internet users whose accounts are stored in the enterprise's IBM Directory Server. These users access services on enterprise ABC's portal and may use the ABC portal to access third-party Web applications.

Total chargeable users required are 12,000 (calculated at 1:1) for the purpose of calculating the 8,500 UVUs to order. Calculation is as follows:

Pricing   Chargeable user       User Value Units per  User Value Units
metric    quantity in           1,000 chargeable      required
          customer environment  users
          (A)                   (B)                   ((A)*(B))/1,000
 
Tivoli
Federated
Identity
Manager
 
Tier 1    5,000                 1,000                5,000
Tier 2    7,000                   500                3,500
 
                           Total Value Units         8,500

Transaction 2

After the initial purchase, enterprise ABC wants to now secure access for 1,500,000 external authorized users as follows:

  • 500,000 external users whose accounts are stored in the customer's Directory Server. These users access services on ABC's portal and may use the ABC portal to access third-party Web applications.
  • 1,000,000 third-party users sign on to their own company portal and use their company's portal to access ABC's portal. Customer ABC does not maintain local accounts and passwords for these third-party users to sign on directly to ABC's portal.

Note: Applying the 15:1 ratio for external users, this would calculate as 100,000 chargeable users (1,500,000/15 = 100,000 users to charge for).

Customer ABC must purchase UVU entitlements for 100,000 additional chargeable users of Federated Identity Manager based on the 15 to 1 ratio on the external users to chargeable users.

Pricing    Chargeable user      User Value Units per  User Value
metric     quantity in          1,000 chargeable      Units required
           customer             users
           environment
           (A)                  (B)                   ((A)*(B))/1,000
 
Tivoli
Federated
Identity
Manager
 
Tier 1      5,000               1,000                  5,000
Tier 2     10,000                 500                  5,000
Tier 3     35,000                 300                 10,500
Tier 4     62,000                 200                 12,400
 
 
New             112,000          New User Value Unit  32,000
chargeable                       total required
user total
 
Previous         12,000          Less currently       (8,500)
chargeable                       licensed User Value
user total                       Units from Trans. 1
 
                                 Additional User      24,400
                                 Value Units required

3. Processor Value Units Pricing Scenario for Tivoli Federated Identity Manager

Assume Customer ABC prefers unlimited user access for their environment and has the following configuration:

  • Two 2-way servers to run Tivoli Access Manager WebSEAL
  • One 4-way server to run the Tivoli Access Manager Policy Server and Authorization Server
  • One 6-way server running Federated Identity Manager management and run-time servers

The customer will be required to purchase the appropriate number of Processor Value Units (PVUs) to entitle the total number of processors as identified in the following table:

Tivoli Federated Identity Manager — Unlimited User Option (PVUs)

Tivoli Federated            Quantity in customer   Total processors
Identity Manager Server     Environment            requiring PVUs
 
 
2-way                       2                       4
4-way                       1                       4
6-way                       1                       6
 
Total processors for calculating PVUs to order     14*

In this example, the appropriate number of PVUs must be purchased to entitle the 14 processors.

For more information on PVUs access the following

Notes

The Unlimited User Option applies only to the 14 processors licensed. If the customer moved Federated Identity Manager from a 6-way to an 8-way server, PVUs for an additional two processors would be required.

*
There is a minimum order quantity of 14 processors for the IBM Tivoli Federated Identity Manager Unlimited User Option.

Processors are only counted once under the Federated Identity Manager license. If the policy server and the authorization server run on the same processors, they are only counted once for the purpose of determining PVUs to order.

Pricing example for trade up from Tivoli Access Manager for e-business to Tivoli Federated Identity Manager

Customer XYZ currently owns 40,500 UVUs (150,000 chargeable users) of IBM Tivoli Access Manager for e-Business, and plans to trade up to Tivoli Federated Identity Manager. The customer can take their existing UVU entitlement of IBM Tivoli Access Manager for e-Business, and trade it in for 150,000 chargeable users of IBM Tivoli Federated Identity Manager using the announced trade-up part number. Customer XYZ would then have 40,500 UVUs of IBM Tivoli Federated Identity Manager.

Per server pricing example for IBM Tivoli Federated Identity Manager Business Gateway V6.2

In pricing Tivoli Federated Identity Manager Business Gateway V6.2, an example is provided showing the per server pricing. The definition of a server is provided in a previous section.

Example 1a

ABC Consumer Goods deploys Tivoli Federated Identity Manager Business Gateway V6.2 on 1 server in order to connect with its 10 retailing customers. ABC Consumer Goods must purchase one entitlement for the one server.

Example 1b

XYZ Consumer Goods deploys Tivoli Federated Identity Manager Business Gateway V6.2 on 2 servers in order to connect with its 10 retailing customers. XYZ Pharmaceuticals must purchase two entitlements, one for each of the two servers.

Example 2a

ABC Consumer Goods deploys Tivoli Federated Identity Manager Business Gateway V6.2 management and runtime server on one server, and the administrative console on another server. ABC Consumer Goods must purchase one entitlement, one for the server that the management and runtime server is deployed on.

Example 2b

XYZ Consumer Goods deploys IBM Tivoli Federated Identity Manager Business Gateway V6.2 management and runtime server on two servers, and the administrative console on another server. ABC Consumer Goods must purchase two entitlements, one for each of the servers that the management and runtime server is deployed on.

Example 3a

ABC Consumer Goods deploys Tivoli Federated Identity Manager Business Gateway V6.2 on one server. Total users equal 100. ABC Consumer Goods must purchase one entitlement for the one server.

Example 3b

XYZ Consumer Goods deploys Tivoli Federated Identity Manager Business Gateway V6.2 on one server. Total users equal 10,000. ABC Consumer Goods must purchase one entitlement for the one server.

Host pricing example

Scalable usage model tiering for Tivoli Federated Identity Manager for z/OS

The following nonlinear scalable usage table is used to determine the required Value Units per 1,000 users for IBM Tivoli Federated Identity Manager for z/OS V6.2. It is the same table as is used for the distributed version of Tivoli Federated Identity Manager V6.2 discussed in a previous section. As with the distributed version, each tier is converted and all tiers are then summed to calculate the UVUs to order for IBM Tivoli Federated Identity Manager for z/OS V6.2. This example of the pricing table, UVUs are calculated per one chargeable user. Whether you calculate UVUs to order based upon UVUs per 1,000 chargeable users, or UVUs per single chargeable user, all purchases must be calculated for increments of 1,000 chargeable users. For example, 7,700 chargeable users are rounded up to 8,000 chargeable users for the purpose of calculating UVUs to order.

As with other z/OS products, Tivoli Federated Identity Manager for z/OS V6.2 requires a license entitlement, and a Subscription and Support (S&S) entitlement, if support is needed. (Refer to the Ordering information section for part numbers).

Scalable usage level   1          2        3       4
 
Chargeable users       1K -- 5K   5K       15K     50K
                                  -- 15K   -- 50K  -- 150K
 
User Value Units       1.0        0.50     0.30    0.20
per chargeable user

Scalable usage level    5         6        7       8
 
Chargeable users        150K      500K     1M      3M
                        -- 500K   -- 1M    3M
 
User Value Units        0.10      0.05     0.025   0.01
per chargeable user

The pricing model for Tivoli Federated Identity Manager for z/OS is enhanced to significantly reduce costs for many customers whose systems support a large number of external users. The price for these external users is not the same as for internal users. The external user charge will be based on a set ratio of 15 external users to 1 internal user, so that the charge is lower than, and proportional to, the typical internal user charge. Each Internal user equals one chargeable user for the purpose of calculating UVUs. Infrequent internal users who utilize their IDs less than 5 times a year, and are grouped so as to be trackable and auditable, will be granted a ratio of 15 infrequent internal users equal 1 chargeable user for the purpose of calculating UVU.

Chargeable users are totaled and the volume tiering table then is utilized to calculate the total UVUs required to cover entitlements. With the release of Tivoli Federated Identity Manager for z/OS V6.2, customers may mix internal users, external users, and infrequent internal users within their total UVUs.

Examples of mixing and matching to obtain total UVUs may be seen in a previous section of this announcement, as well as a customer pricing example using the UVU scalable usage table. Again, as with other z/OS products, Tivoli Federated Identity Manager for z/OS V6.2 requires a license entitlement, and a Subscription and Support (S&S) entitlement, if support is needed. (Refer to the Ordering information section for part numbers).
 
Back topBack to top
 

Ordering information

The distributed products in this announcement are only available via Passport Advantage. It is not available as shrinkwrap.

Product group:  IBM Tivoli
 
 Product Identifier Description                      PID
 IBM Tivoli Federated Identity Manager V6.2          5724L73
 IBM Tivoli Federated Identity Manager               5724Q82
  Business Gateway V6.2
 
Product category:  Tivoli Security

Value Unit: A Value Unit is a pricing charge metric for program license entitlements which is based upon the quantity of a specific designated measurement used for a given program. Each program has a designated measurement. The most commonly used designated measurement is a processor core. However, for select programs, there are other designated measurements such as users or resources which may include servers, client devices, and messages. The number of Value Unit entitlements required for a program depends on how the program is deployed in your environment and must be obtained from a Value Unit table. You must obtain a PoE for the calculated number of Value Unit entitlements for your implementation. The Value Unit entitlements are specific to a program and may not be exchanged, interchanged, or aggregated with Value Unit entitlements of another program.

A processor core is a functional unit within a computing device that interprets and executes instructions. A processor core consists of at least an instruction control unit and one or more arithmetic or logic unit. Not all processor cores require the same number of PVU entitlements. To calculate the number of PVU entitlements required, refer to the PVU table on the following Web site

With full capacity licensing, a PoE must be acquired for the appropriate number of PVUs based on all activated processor cores available for use on the server.

Ordering z/OS through the Internet

ShopzSeries provides an easy way to plan and order your z/OS ServerPac or CBPDO. It will analyze your current installation, determine the correct product migration, and present your new configuration based on z/OS. Additional products can also be added to your order (including determination of whether all product requisites are satisfied). ShopzSeries is available in the U.S. and several countries in Europe. In countries where ShopzSeries is not available yet, contact your IBM representative (or IBM Business Partner) to handle your order via the traditional IBM ordering process. For more details and availability, visit the ShopzSeries Web site at

Passport Advantage trade up

Below is a list of precursor products for which you must have already acquired a license, in order to be eligible to acquire equivalent licenses using the trade-up part numbers.

Precursor product       Trade-up product               Trade-up
                                                       part number
 
Tivoli Access Manager   Tivoli Federated Mgr           D0434LL
for e-business User VU  User VU Trade-up License and
                        SW S&S 12 Months
 
Tivoli Access Manager   IBM Tivoli Federated Identity  D56NYLL
for e-business          Manager Unlimited User Option
Processor VU            Processor Value Unit (PVU)
                        and SW S&S 12 Mo
 
IBM Tivoli Federated    IBM Tivoli Federated Identity  D612PLL
Identity Manager        Manager Business Gateway
Business Gateway for    Server Trade-up license
Single Partner Server   and SW S&S 12 Mo

Consult your IBM representative if you have any questions.

Passport Advantage customer: Media pack entitlement details

Customers with active maintenance or subscription for the products listed are entitled to receive the corresponding media pack.

Entitled maintenance offerings description       Part number
 
Tiv Federated Identity Manager Proc              TFEDIDMGSB01
Tiv Federated Identity Manager VU                TFEDIDMGSB02
Tiv Federated Ident Mgr Proc Lnx Z               TFEDIDMGSB03
Tiv Federated Identity Mgr User VU               TFEDIDMGSB04
Tiv Federated Identity Manager VU                TFEDIDMGZB01
Tiv Federated Ident Mgr VU Lnx Z                 TFEDIDMGZB02
 
Tivoli Fed Id Mgr Bus Gatway Svr                 TFIMBGSB01
Tivoli FIM BGway Single Partner Server           TFIMBGSB02

Media packs description                          Part number
 
IBM Tivoli Federated Identity Mgr V6.2           BJ0P8ML
 Media MP ML
IBM Tivoli Federated Identity Manager            BJ0P5ML
 Business Gateway V6.2 Media MP ML
IBM Tivoli Federated Identity Manager            BJ0PEML
 Business Gateway for Single Partner V6.2
 Media MP ML

Basic license

Current licensees

Current licensees, with support in effect, will receive instructions on how to order this update.

New licensees

Orders for new licenses will be accepted now.

Shipment will begin on the planned availability date.

Basic license

Ordering information for the distributed products in Passport Advantage

Passport Advantage allows you to have a common anniversary date for Software Maintenance renewals, which can simplify management and budgeting for eligible new versions and releases (and related technical support) for your covered products. The anniversary date, established at the start of your Passport Advantage Agreement, will remain unchanged while your Passport Advantage Agreement remains in effect. New software purchases will initially include twelve full months of Software Maintenance. Software Maintenance in the second year (the first year of renewal) can be prorated to be coterminous with your common anniversary date. Thereafter, all Software Maintenance will renew at the common anniversary date for twelve full months of maintenance.

Refer to the IBM International Passport Advantage Agreement and to the IBM Software Support Handbook for specific terms relating to, and a more complete description of, technical support provided through Software Maintenance.

The quantity to be specified for the Passport Advantage part numbers in the following table is per required number of PVUs or UVUs. To order for Passport Advantage, specify the desired part number and quantity.

Tivoli Federated Identity Manager

                                                       Part
Description                                            number
 
Tivoli Federated Identity Manager User Value Unit      D0432LL
Lic and SW S&S 12 Months
 
Tivoli Federated Identity Manager User Value Unit      E04TXLL
Annual SW S&S Renewal
 
Tivoli Federated Identity Manager User Value Unit      D0433LL
SW S&S Reinstatement 12 Months
 
IBM Tivoli Federated Identity Manager Unlimited        E0277LL
User Option Processor Value Unit (PVU) Annual SW
S&S Renewal
 
IBM Tivoli Federated Identity Manager Unlimited        D55ZJLL
User Option Processor Value Unit (PVU) License and
SW S&S 12 Months
 
IBM Tivoli Federated Identity Manager Unlimited        D55ZKLL
User Option Processor Value Unit (PVU)
SW S&S Reinstatement 12 Months
 
IBM Tivoli Federated Identity Manager Unlimited        E025YLL
User Option for Linux on Z Processor Value Unit
(PVU) Annual SW S&S Renewal
 
IBM Tivoli Federated Identity Manager Unlimited        D55X9LL
User Option for Linux on Z Processor Value Unit
(PVU) License and SW S&S 12 Months
 
IBM Tivoli Federated Identity Manager Unlimited        D55XALL
User Option for Linux on Z Processor Value Unit
(PVU) SW S&S Reinstatement 12 Months

Tivoli Federated Identity Manager Business Gateway

                                                       Part
Description                                            number
 
IBM Tivoli Federated Identity Manager Business         D59UYLL
Gateway Server License and SW S&S 12 Months
 
IBM Tivoli Federated Identity Manager Business         D59UZLL
Gateway Server SW S&S Reinstatement 12 Months
 
IBM Tivoli Federated Identity Manager Business         D6123LL
Gateway for Single Partner User License and SW
S&S 12 Months
 
IBM Tivoli Federated Identity Manager Business         D6124LL
Gateway for Single Partner Server License and SW
S&S Reinstatement 12 Months
 
IBM Tivoli Federated Identity Manager Business         E035CLL
Gateway Server Annual SW S&S Renewal
 
IBM Tivoli Federated Identity Manager Business         E03TNLL
Gateway for Single Partner Server Annual SW
S&S Renewal

To order a media pack for Passport Advantage, specify the part number in the desired quantity from the following table:

                                                     Part
Description                                          number
 
IBM Tivoli Federated Identity Mgr. V6.2              BJ0P8ML
CD-ROM Media Pack, ML
 
IBM Tivoli Federated Identity Mgr Business           BJ0P5ML
Gateway V6.2 CD-ROM Media Pack, ML
 
IBM Tivoli Federated Identity Mgr Business Gateway
for Single Partner V6.2 CD-ROM Media Pack, ML        BJ0PEML

Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway, and Tivoli Federated Identity Manager Business Gateway for Single Partner is also available, via Web download, from Passport Advantage.

Ordering information for the UVU-based distributed and z/OS products

Translation from chargeable users to UVUs (VUE030)

Scalable usage level      1        2        3       4
 
Chargeable users       1K -- 5K     5K     15K      50K
                                 -- 15K  - 50K   - 150K
 
User Value Units per    1,000     500      300     200
1,000 chargeable users

Scalable usage level       5         6        7        8
 
Chargeable users          150K      500K      1M       3M
                        -- 500K    -- 1M      3M
 
User Value Units per      100        50       25       10
1,000 chargeable users

To order, specify the program product number and the appropriate license or charge option. Also, specify the desired distribution medium. To suppress shipment of media, select the license-only option in CFSW.

Program name: IBM Tivoli Federated Identity Manager for z/OS
Program PID: 5698-B28

Entitlement                                License option/
identifier   Description                   Pricing metric
 
S0151G7      Tivoli Federated Identity     Basic OTC, per Value Unit
             Manager for z/OS V6.2

Orderable supply ID    Language            Distribution medium
 
S0151G9                English             3480 tape cartridge

Subscription and Support PID: 5698-R19

Entitlement                          License option/
identifier   Description             Pricing metric
 
S0151GB      Tivoli Federated        Basic ASC, per Value Unit SW S&S
             Identity Manager z/OS   No charge, decline SW S&S

Orderable supply ID    Language           Distribution medium
 
S0151GD                English            Hardcopy publication

Subscription and Support

Subscription and Support must be ordered to receive voice technical support via telephone during normal business hours, and future releases and versions, at no additional charge. The capacity of Subscription and Support (for example, Value Units or number of processors) must be the same as the capacity ordered for the product licenses.

To order, specify the Subscription and Support program product number and the appropriate license or charge option.

IBM is also providing Subscription and Support for these products, via a separately purchased offering, under the terms of the IBM International Agreement for Acquisition of Software Maintenance (IAASM). This offering:

  • Includes and extends the support services provided in the base support to include technical support via telephone during normal business hours.
  • Entitles customers to future releases and versions, at no additional charge. Note that the customer is not entitled to new products.

When Subscription and Support is ordered, the charges will automatically renew annually unless cancelled by the customer.

Basic machine-readable material

Customization option for z/OS

Select the following feature number to customize your order if running on the z/OS platform. This feature can be specified on the initial or MES orders.

Feature number          Description
 
3450                    Satellite Electronic Delivery

Customized Offerings for z/OS host products

Product deliverables are shipped only via Customized Offerings (for example, CBPDO, ServerPac, SystemPac®).

CBPDO and ServerPac are offered for Internet delivery, where ShopzSeries product ordering is available. Internet delivery of ServerPac may help improve automation and software delivery time. For more details on Internet delivery, refer to the ShopzSeries help information at

Media type for this software product is chosen during the Customized Offerings ordering process. Based on your customer environment, it is recommended that the highest possible density tape media is selected. Currently offered media types are:

  • CBPDOs — 3480, 3480 Compressed, 3490E, 3590, 3592*
  • ServerPacs — 3480, 3480 Compressed, 3490E, 3590, 3592*
  • SystemPacs — 3480, 3480 Compressed, 3490E, 3590, 3592*
*
3592 is highest density media. Selecting 3592 will ship the fewest number of media.

Once a product becomes generally available, it will be included in the next ServerPac and SystemPac monthly update.

Production of software product orders will begin on the planned general availability date.

  • CBPDO shipments will begin one week after general availability.
  • ServerPac shipments will begin two weeks after inclusion in ServerPac.
  • SystemPac shipments will begin four weeks after inclusion in SystemPac due to additional customization, and data input verification.

 
Back topBack to top
 
Terms and conditions

The information provided in this announcement letter is for reference and convenience purposes only. The terms and conditions that govern any transaction with IBM are contained in the applicable contract documents such as the IBM International Program License Agreement, IBM International Passport Advantage Agreement, and the IBM Agreement for Acquisition of Software Maintenance.

Terms and conditions for distributed products

The distributed product is only available via Passport Advantage. It is not available as shrinkwrap.

Licensing: IBM International Program License Agreement including the License Information document and PoE govern your use of the program. PoEs are required for all authorized use. Part number products only, offered outside of Passport Advantage, where applicable, are license only and do not include Software Maintenance.

This software license includes Software Maintenance, previously referred to as Software Subscription and Technical Support.

Agreement for Acquisition of Software Maintenance

The following agreement applies for maintenance and does not require customer signatures:

  • IBM Agreement for Acquisition of Software Maintenance (Z125-6011)

This program is licensed under the IBM Program License Agreement (IPLA), and the associated Agreement for Acquisition of Software Maintenance, which provides for support with ongoing access to releases and versions of the program. IBM includes one year of Software Maintenance with the initial license acquisition of each program acquired. The initial period of Software Maintenance can be extended by the purchase of a renewal option, if available. This program has a one-time license charge for use of the program and an annual renewable charge for the enhanced support that includes telephone assistance (voice support for defects during normal business hours) as well as access to updates, releases, and versions of the program as long as support is in effect.

License information form number:

The program's License Information document will be available for review on the IBM Software License Agreement Web site

  • L-JSCK-6ZNU52 — Tivoli Federated Identity Manager — 5724-L23
  • L-JSCK-6ZNTY8 — Tivoli Federated Identity Manager Business Gateway — 5724-Q82
  • L-JSCK-6ZNU33 — Tivoli Federated Identity Manager Business Gateway — Single Partner (5724-Q82)
  • L-JSCK-6ZNU69 — Tivoli Federated Identity Manager for z/OS — 5698-B28

Limited warranty applies: Yes

Limited warranty: IBM warrants that when the program is used in the specified operating environment, it will conform to its specifications. The warranty applies only to the unmodified portion of the program. IBM does not warrant uninterrupted or error-free operation of the program. IBM will correct all program defects. You are responsible for the results obtained from the use of the program.

IBM provides you with access to IBM databases containing information on know program defects, defect corrections, restrictions, and bypasses at no additional charge. Consult the IBM Software Support Handbook for further information at

IBM will maintain this information for at least one year after the original licensee acquires the program (warranty period).

Program technical support: Technical support of a program product will be available for a minimum of five years from the general availability date, as long as your Software Maintenance is in effect. This technical support allows you to obtain assistance (via telephone or electronic means) from IBM for product-specific, task-oriented questions regarding the installation and operation of the program product. Software Maintenance also provides you with access to updates, releases, and versions of the program. You will be notified, via announcement letter, of discontinuance of support with 12 months' notice. If you require additional technical support from IBM, including an extension of support beyond the discontinuance date, contact your IBM representative or IBM Business Partner. This extension may be available for a fee.

Money-back guarantee: If for any reason you are dissatisfied with the program and you are the original licensee, you may obtain a refund of the amount you paid for it, if within 30 days of your invoice date you return the program and its PoE to the party from whom you obtained it. If you downloaded the program, you may contact the party from whom you acquired it for instructions on how to obtain the refund.

For clarification, note that (1) for programs acquired under the IBM International Passport Advantage offering, this term applies only to your first acquisition of the program and (2) for programs acquired under any of IBM's On/Off Capacity on Demand (On/Off COD) software offerings, this term does not apply since these offerings apply to programs already acquired and in use by you.

Authorization for use on home/portable computer: You may not copy and use this program on another computer without paying additional license fees.

Other terms

Volume orders (IVO): No

IBM International Passport Advantage Agreement

Passport Advantage applies: Yes, and through the Passport Advantage Web site at

Usage restriction: Yes. Usage is limited to the quantity of Value Units licensed.

For additional information, refer to the License Information document that is available on the IBM Software License Agreement Web site

Software Maintenance applies: Yes. Software Maintenance is included with licenses purchased through Passport Advantage and Passport Advantage Express. Product upgrades and Technical Support are provided by the Software Maintenance offering as described in the Agreements. Product upgrades provide the latest versions and releases to entitled software and Technical Support provides voice and electronic access to IBM support organizations, worldwide.

IBM includes one year of Software Maintenance with each program license acquired. The initial period of Software Maintenance can be extended by the purchase of a renewal option that is available.

While your Software Maintenance is in effect, IBM provides you assistance for your routine, short duration installation and usage (how-to) questions; and code-related questions. IBM provides assistance via telephone and, if available, electronic access, only to your information systems (IS) technical support personnel during the normal business hours (published prime shift hours) of your IBM support center. (This assistance is not available to your end users.) IBM provides Severity 1 assistance 24 hours a day, 7 days a week. For additional details, consult your IBM Software Support Handbook at

Software Maintenance does not include assistance for the design and development of applications, your use of programs in other than their specified operating environment, or failures caused by products for which IBM is not responsible under the applicable agreements.

For additional information about the International Passport Advantage Agreement and the IBM International Passport Advantage Express Agreement, visit the Passport Advantage Web site at

System i™ Software Maintenance applies: No

Variable charges apply: No

Educational allowance available: Not applicable.

Terms and conditions for host products

Licensing: IBM International Program License Agreement including the License Information document and PoE govern your use of the program. PoEs are required for all authorized use.

Agreement for Acquisition of Software Maintenance

The following agreement applies for maintenance and does not require customer signatures:

  • IBM Agreement for Acquisition of Software Maintenance (Z125-6011)

This program is licensed under the IBM Program License Agreement (IPLA), and the associated Agreement for Acquisition of Software Maintenance, which provides for support with ongoing access to releases and versions of the program. This program has a one-time license charge for use of the program and an annual renewable charge for the enhanced support that includes telephone assistance (voice support for defects during normal business hours) as well as access to updates, releases, and versions of the program as long as support is in effect.

S/390 and System z IBM Operational Support Services — SoftwareXcel is an option for those customers who desire added services.

License information form number

The program's License Information document will be available for review on the IBM Software License Agreement Web site

Limited warranty applies: Yes

Limited warranty: IBM warrants that when the program is used in the specified operating environment, it will conform to its specifications. The warranty applies only to the unmodified portion of the program. IBM does not warrant uninterrupted or error-free operation of the program. IBM will correct all program defects. You are responsible for the results obtained from the use of the program.

IBM provides you with access to IBM databases containing information on know program defects, defect corrections, restrictions, and bypasses at no additional charge. Consult the IBM Software Support Handbook for further information at

IBM will maintain this information for at least one year after the original licensee acquires the program (warranty period).

Program support: Support for a program product will be available for a minimum of five years from the general availability date with a fee-based option to extend support for up to three additional years. Enhanced support, called Subscription and Support, includes telephone assistance as well as access to updates, releases, and versions of the program as long as support is in effect. You will be notified of discontinuance of support with 12 months' notice.

Money-back guarantee: If for any reason you are dissatisfied with the program and you are the original licensee, you may obtain a refund of the amount you paid for it, if within 30 days of your invoice date you return the program and its PoE to the party from whom you obtained it. If you downloaded the program, you may contact the party from whom you obtained it for instructions on how to obtain the refund.

For clarification, note that for programs acquired under any of IBM's On/Off Capacity on Demand (On/Off OOCoD) software offerings, this term does not apply since these offerings apply to programs already acquired and in use by you.

Authorization for use on home/portable computer: You may not copy and use this program on another computer without paying additional license fees.

Other terms

Volume orders (IVO): No

International Passport Advantage Agreement

Passport Advantage applies: No

Usage restriction: Yes. Usage is limited to the quantity of Value Units licensed.

For additional information, refer to the License Information document that is available on the IBM Software License Agreement Web site

Software Maintenance applies: No

For operating system software, the revised IBM Operational Support Services — SoftwareXcel offering will provide support for those operating systems and associated products that are not available with the newly announced Software Maintenance offering.

This will ensure total support coverage for your enterprise needs, including IBM and selected non-IBM products. For complete lists of products supported under both the current and revised offering, visit

IBM Operational Support Services — SoftwareXcel: Yes

System i Software Maintenance applies: No

Variable charges apply: No

Educational allowance available

Yes, 15% education allowance applies to qualified education institution customers.
 
Back topBack to top
 

IBM Electronic Services

IBM has transformed its delivery of hardware and software support services to help you achieve higher system availability. Electronic Services is a Web-enabled solution that offers an exclusive, no-additional-charge enhancement to the service and support available for IBM servers. These services are designed to provide the opportunity for greater system availability with faster problem resolution and preemptive monitoring. Electronic Services comprises two separate, but complementary, elements: Electronic Services news page and Electronic Services Agent.

The Electronic Services news page is a single Internet entry point that replaces the multiple entry points traditionally used to access IBM Internet services and support. The news page enables you to gain easier access to IBM resources for assistance in resolving technical problems.

The Electronic Service Agent™ is no-additional-charge software that resides on your server. It monitors events and transmits system inventory information to IBM on a periodic, client-defined timetable. The Electronic Service Agent automatically reports hardware problems to IBM. Early knowledge about potential problems enables IBM to deliver proactive service that may result in higher system availability and performance. In addition, information collected through the Service Agent is made available to IBM service support representatives when they help answer your questions or diagnose problems. Installation and use of IBM Electronic Service Agent for problem reporting enables IBM to provide better support and service for your IBM server.

To learn how Electronic Services can work for you, visit


 
Back topBack to top
 
Prices

Business Partner information

If you are an IBM Business Partner — Distributor for Workstation Software acquiring products from IBM, you may link to Passport Advantage Online for resellers where you can obtain Business Partner pricing information. An IBM ID and password are required.

Information on charges is available at Web site

In the Electronic tools category, select the option for Purchase/upgrade tools.

Pricing for 5698-B28 MSU-based System z offerings

Program name: IBM Tivoli Federated Identity Manager for z/OS
Program PID: 5698-B28

Entitlement                                License option/
identifier   Description                   Pricing metric
 
S0151G7      IBM Tivoli Federated          Basic OTC, per Value Unit
             Identity Manager z/OS V6.2

Subscription and Support PID: 5698-R19

Entitlement                          License option/
identifier   Description             Pricing metric
 
S0151GB      IBM Tivoli Federated    Basic ASC, per Value Unit SW S&S
             Identity Manager z/OS   No charge, decline SW S&S

Passport Advantage for the distributed products

For Passport Advantage and charges, contact your IBM representative or your authorized IBM Business Partner. Additional information is also available at


 
Back topBack to top
 
Order now

To order, contact the Americas Call Centers, your local IBM representative, or your IBM Business Partner.

To identify your local IBM representative or IBM Business Partner, call 800-IBM-4YOU (426-4968).

 Phone:      800-IBM-CALL (426-2255)
 Fax:        800-2IBM-FAX (242-6329)
 Internet:   callserv@ca.ibm.com
 Mail:       IBM Teleweb Customer Support
             ibm.com Sales Execution Center, Americas North
             3500 Steeles Ave. East, Tower 3/4
             Markham, Ontario
             Canada
             L3R 2Z1
 
 Reference:  YE001

The Americas Call Centers, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.

Note: Shipments will begin after the planned availability date.

Trademarks

 
System x, System p, System z, Virtual Image Facility, System i, and Electronic Service Agent are trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Tivoli, z/OS, WebSphere, AIX, Rational, Scalable POWERparallel Systems, OS/390, S/390, Passport Advantage, Lotus, SystemPac, and PartnerWorld are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Intel is a registered trademark of Intel Corporation.
 
Microsoft and Windows are registered trademarks of Microsoft Corporation.
 
UNIX is a registered trademark of the Open Company in the United States and other countries.
 
Linux is a trademark of Linus Torvalds in the United States, other countries or both.
 
Other company, product, and service names may be trademarks or service marks of others.

Back to topBack to top
 

 
Printable version Printable version