Software Announcement 200-105
April 25, 2000

Tivoli SecureWay Family of Security Products — Leading Technology for Management and Control of Your e-Business and IT Enterprise Security

 ENUS200-105.PDF (86KB)


At a Glance

The Tivoli SecureWay family of security products enables you to:

  • Centrally manage users in distributed heterogeneous environments
  • Simplify security administration and integration within your systems management environment
  • Enforce business policies for user administration and centrally manage security attacks, threats, and exposures
  • Centrally manage security policies for e-business applications
  • Build on a comprehensive and extensible security framework based on open industry standards

For ordering, contact:

Your IBM representative, an IBM Business Partner, or IBM Americas Call Centers at 800-IBM-CALL (Reference: YE001).

Overview

The Tivoli® SecureWay™ family of security products provides the cost-effective security management solutions that you need for your entire e-business infrastructure.

Many of the Tivoli SecureWay products integrate with Tivoli's award-winning IT management solution, Tivoli Enterprise, affording a flexible, integrated approach to helping solve e-business security challenges.

The Tivoli SecureWay security family products help to protect your e-business applications and manage your security policies across heterogeneous environments with the following solutions:

  • Tivoli SecureWay User Administration (TUA) — an automated, secure way to manage user attributes and user services across heterogeneous, distributed networks. Designed to give IT staff simplified centralized control, TUA features policy-based management, management by subscription, secure delegation, and a platform-independent interface.
  • Tivoli SecureWay Security Manager — an open solution for role-based, distributed, and OS/390® security management. It enables administrators to consistently enforce security policy across multiple platforms with a single security model.
  • Tivoli SecureWay Policy Director — a comprehensive open policy management and access control solution for e-business applications. Policy Director lets you provide granular access to information required by your employees, partners, and customers to do business securely.
  • Tivoli SecureWay Risk Manager — a centralized risk management solution that enables organizations to centrally manage attacks, threats, and exposures by correlating security information from intrusion detectors and other security checkpoints. Risk Manager helps administrators eliminate clutter such as false-positives, and quickly identifies the real security threats, enabling administrators to respond with adaptive security measures.
  • Tivoli SecureWay Global Sign-On (GSO) — a highly secure solution that gives you seamless access to resources. GSO helps reduce corporate security risks and help-desk costs associated with password management. By using TUA to administer the GSO information, you have a powerful solution for administering and managing access to resources from a single administrative interface.
  • Tivoli SecureWay Public Key Infrastructure (PKI) — a security-rich, integrated, registration and certification solution that builds trust into business-critical Web applications. Tivoli PKI enables applications to authenticate users, provides trusted communications, and establishes the level of trust to conduct e-business with confidence.
  • IBM SecureWay FirstSecure — a foundation for security in e-business environments, this solution helps companies secure all aspects of networking via the Web or other networks.

With Tivoli SecureWay products, you are able to:

  • Let the right people in to the right applications and data
  • Cost-effectively manage the security infrastructure
  • Speed deployment of in-house applications and increase time to value

Planned Availability Dates

April 28, 2000, Tivoli SecureWay Policy Director for Application Servers Version 3.6

May 5, 0009, Tivoli SecureWay PKI Version 3.1.1

May 26, 2000, Tivoli SecureWay Policy Director Version 3.6

June 9, 2000, Tivoli SecureWay Risk Manager Version 1.0

July 28, 2000, Tivoli SecureWay PKI Version 3.1.2

Description

The Tivoli SecureWay family products address your major obstacles to secure e-business implementation by enabling you to:

  • Manage your security policies consistently across your heterogeneous enterprise
  • Engineer protection into your e-business applications
  • Efficiently extend and integrate protection across your enterprise

The following products, now part of the Tivoli SecureWay family of security products, were formerly available from IBM through Lotus Passport™ Advantage.

  • Tivoli SecureWay Policy Director, formerly IBM SecureWay Policy Director.
  • Tivoli SecureWay Public Key Infrastructure (PKI), formerly IBM SecureWay Trust Authority

Key Prerequisites

The Tivoli SecureWay products in this announcement are supported on one or more of the following:

  • RS/6000 with AIX®
  • Intel-based systems with Microsoft™ Windows NT™
  • Sun SPARC systems with Solaris
  • HP-UX

Refer to Hardware and Software Requirements for product-specific requirements.

Tivoli SecureWay Policy Director Version 3.6

The Tivoli SecureWay Policy Director provides centralized security policy management for Web, Client/Server, and legacy applications. Refer to Software Announcement 299-326 , dated October 26, 1999 for additional information about Policy Director.

Policy Director enhancements in Version 3.6 include:

  • Password Policy Support — Enables you to specify Policy Director policies to be enforced by Policy Director. Support for strength exit in the WebSEAL component allows user customization of password policy.
  • SecurID Support — Enables you to use SecurID tokens for authentication, helping leverage existing investments in SecurID tokens.
  • Mutually Authenticated Secure Sockets Layer (SSL) Junctions — Support for accepting server-side certificates of protected Web servers when establishing SSL connections to them.
  • Unauthenticated SSL Support — Provides secure communications with Policy Director without requiring the user to first authenticate. This support is needed to perform activities securely before the user can provide any authentication information, such as self-registration, when opening an account or sending credit card information.
  • LDAP Fail-over Support — In order to provide continuous support in the event of an LDAP master server failure, Policy Director can switch over to an LDAP replica server.
  • Tivoli Integration — Enables you to create and manage Policy Director users and security policies from the Tivoli SecureWay User Administration and Tivoli SecureWay Security Manager consoles. Tivoli integration support is available for download from the Web in June 2000. Access the following URL for download information.
  • Netscape Directory Support — In order to leverage existing Netscape Directory investments, Policy Director can use the Netscape LDAP Directory for the storage of information. Support of this enhancement is available May 2000.

Tivoli SecureWay Policy Director for Application Servers Version 3.6

Tivoli SecureWay Policy Director for Application Servers Version 3.6 extends Policy Director's security model by providing a set of CORBA security services and APIs to add security to existing and new applications. These services and interfaces comply with existing CORBA standards and are designed for interoperability among participating ORB vendors in a secure, distributed object environment.

Tivoli SecureWay Policy Director for Application Servers security solution consists of:

  • CORBA Security Services — for authentication, authorization, and message protection
  • CORBA Security Levels — defines Level 1 and Level 2 services according to the CORBA Security Specification
  • Support for Inprise Visibroker and IONA Technology's ORBIX ORBs

Tivoli SecureWay Risk Manager Version 1.0

Tivoli SecureWay Risk Manager 1.0 (Risk Manager), is a centralized security management solution that enables organizations to centrally manage attacks, threats, and exposures by correlating security information from intrusion detectors and other security checkpoints. Risk Manager enables administrators to eliminate clutter such as false-positives while quickly identifying the real security threats to help the administrators respond with adaptive security measures.

The integrated security management capability of Risk Manager enables system administrators who are not security experts, to monitor and assess security risks in real-time with a high degree of integrity and confidence across an organization's multiple security checkpoints. Risk Manager's security reporting capability leverages the Tivoli Enterprise Console to create an enterprise view of security management.

Tivoli SecureWay Risk Manager Version 1.0 consists of:

  • Risk Manager Pre-Adapter for the Cisco Secure ISS RealSecure network intrusion detection system.
  • Risk Manager Pre-Adapter for the Cisco Secure IDS network intrusion detection system.
  • Risk Manager Web Intrusion Detection System for detecting attacks and intrusion on Web Servers. Web Servers supports are Microsoft IIS, Netscape Enterprise Server, and Apache Web Server.
  • TEC-based Correlation rules for centralized correlation of intrusion alerts for the ISS RealSecure, Cisco Secure IDS, and Risk Manager Web intrusion detection systems.
  • Centralized Management, Correlation, and Reporting for attacks and intrusions using the Tivoli Enterprise Console.

Tivoli SecureWay Global Sign-On Version 3.6.2

Tivoli SecureWay Global Sign-On (GSO) is an easy-to-use and secure single sign-on solution that grants users access to the computing resources and applications they are authorized to use with just one logon. Users can logon, change password, and logoff from all of their environments using an intuitive control panel.

The unique logon:

  • Is protected by strong authentication such as that provided by smartcards and biometrics
  • Integrates with system management tools
  • Is extendible to support a changing environment

Tivoli SecureWay Global Sign-On, along with the other Tivoli SecureWay security family products, provides an end-to-end security solution addressing both user and administrator needs. Refer to Software Announcement 298-274 , dated July 28, 1998.

Tivoli SecureWay Global Sign-On (GSO) enhancements are available in a manufacturing refresh in June 2000. Entitled GSO customers will automatically receive the refreshed CDs. Customers who order GSO after the June availability date will receive the enhancements described below.

Tivoli SecureWay Global Sign-On Version 3.6.2 enhancements include:

  • Tivoli Integration — installation is now integrated so Plus Module support is no longer required. Client/server install, Tivoli Management Application endpoint install, and Tivoli SecureWay User Administration integration are now supported.
  • Security Policy Management — provides password policy support, Tivoli SecureWay Security Manager integration, and shared target support.
  • Client enhancements — support for disconnect mode, inactivity auto logoff, primary network provider, and target launcher shortcuts.

Refer to Additional Description for further details.

Year 2000

These products are Year 2000 ready. When used in accordance with their associated documentation, they are capable of correctly processing, providing, and/or receiving date data within and between the twentieth and twenty-first centuries, provided that all products (for example, hardware, software, and firmware) used with the products properly exchange accurate date data with them.

Euro Currency

These programs are not impacted by euro currency.

Product Positioning

The Tivoli SecureWay family of security product solutions are targeted for Global 2000 companies:

  • Large companies with 1,000 or more employees and revenues of more than 200M U.S. dollars
  • Medium-sized firms, companies with 500 to 1,000 employees

These companies are planning to connect to the Internet, expanding their use of the Internet by deploying more Web-based applications, and/or deploying an extranet to connect business partners, customers, and remote employees.

The following matrix represents the current status of the Tivoli SecureWay family of products.

.---------------------+--------------------.
|                     |It has been         |
|If you bought...     |rebranded to...     |
|---------------------+--------------------|
|IBM SecureWay Policy |Tivoli SecureWay    |
| Director            | Policy Director    |
|---------------------+--------------------|
|IBM SecureWay Trust  |Tivoli SecureWay    |
| Authority           | Public Key         |
|                     | Infrastructure     |
|---------------------+--------------------|
|IBM SecureWay        |Not rebranded at    |
| FirstSecure         | this time.         |
|---------------------+--------------------|
|Tivoli Global        |Tivoli SecureWay    |
| Sign-On             | Global Sign-On     |
'---------------------+--------------------'

IBM SecureWay Policy Director or IBM SecureWay Trust Authority Passport Advantage subscriptions will be honored. Entitled customers will receive new releases of Tivoli SecureWay Policy Director and Tivoli PKI for the period of their subscription.

The code and documentation included in the former IBM SecureWay products that have been rebranded will continue to reflect the original product name. Code and documentation will be updated in a future release of these products. Hardcopy book covers, CD-ROM labels, and License Information documentation reflect the rebranded name.

Trademarks

 
SecureWay is a trademark of International Business Machines Corporation in the United States or other countries or both.
 
OS/390, AIX, and RISC System/6000 are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Microsoft and Windows NT are trademarks of Microsoft Corporation.
 
Tivoli is a registered trademark of Tivoli Systems, Inc. in the United States or other countries or both. In Denmark, Tivoli is a trademark licensed from Kjobenhavns Sommer — Tivoli A/S.
 
Lotus Passport is a trademark of Lotus Development Corporation.
 
Other company, product, and service names may be trademarks or service marks of others.

Additional Description

Tivoli SecureWay PKI Version 3.1.2

Tivoli SecureWay PKI is a security-rich, standards-based, integrated registration and certification solution that builds trust into business-critical Web applications. Tivoli PKI enables applications to authenticate users, provides trusted communications, and establishes the level of trust to conduct e-business with confidence. Refer to Software Announcement 299-317 , dated October 26, 1999, for additional information.

Tivoli SecureWay PKI Version 3.1.1 is now available through Tivoli ordering systems. Version 3.1.2 will be available July 28, 2000, in the U.S. and Canada, and August 25, 2000, elsewhere.

Enhancements in Tivoli SecureWay PKI Version 3.1.2 include:

  • Hierarchy and Cross Certification support to other Certificate Authorities (CAs) using the most current PKCS #10 requests and PKCS #7 responses. Tivoli SecureWay PKI already supports the advanced PKIX standards for hierarchies and cross certification, while many other vendors support only the older PKCS #10 and #7 methods. Tivoli PKI can participate with legacy, as well as advanced PKI implementations.
  • Support of Certificate Revocation List (CRL) Distribution Points. CRL Distribution Points allow a single large CRL to be divided into many smaller lists to enhance performance during certificate validation. Certificates issued will contain new information about which CRL Distribution Points may contain revocation information.
  • Distinguished Name flexibility allows greater leeway when creating directory trees and helps support use of common directories between applications.

Education Support

Descriptions of all classroom and self-study courses are contained in the Catalog of IBM Education and Training.

For current information on Tivoli® Systems education, call 512-436-8000 or visit the Tivoli Systems home page on the Internet at:

Offering Information

Product Information will be available on day of announcement through Offering Information (OITOOL) at:

Publications

The following publications will be shipped with the applicable product:

                                                  Order
Publication Title             Language            Number
 
Tivoli SecureWay(TM) Public KeEnglish             GC32-0472
  Infrastructure Up and Running
Tivoli SecureWay Policy DirectEnglish             GC32-0458
  Up and Running

Technical Information

Hardware Requirements: Review the README information provided with each product for the most current information.

Following are product specific requirements.

Tivoli SecureWay Policy Director

  • RS/6000®
  • Sun SPARC
  • Intel x86 or Pentium™
  • HP 9000 Servers
  • Disk space: 50 MB
  • Memory: 64 MB

Tivoli SecureWay Policy Director for Application Servers

  • Sun SPARC
  • Intel x86 or Pentium

Tivoli SecureWay Global Sign-On

  • RS/6000
  • Sun SPARC
  • Intel x86 or Pentium

Tivoli SecureWay Risk Manager, Version 1.0

  • RS/6000
  • Sun SPARC
  • Intel x86 or Pentium
  • 128M RAM
  • RealSecure Adapter 10M
  • Cisco Secure IDS Adapter 10M
  • Tivoli Web Intrusion Detection System 15M
  • Risk Manager TEC rules 1M

Tivoli SecureWay PKI Version 3.1

  • RS/6000 (minimum 233 MHz, 256 MB RAM, 9.1 GB disk space)
  • Intel-based systems (minimum 450 MHz, 256 MB RAM, 9.1 GB disk space)

Software Requirements: Review the README information provided with each component for the most current information.

Following are product-specific requirements.

Tivoli SecureWay Policy Director

Server platforms:

  • AIX® 4.3.1, or later
  • Solaris 2.6 or 2.7
  • Windows NT™ 4.0 with Service Pack 4 ,or later
  • HP-UX 11.0

Client platforms:

  • Windows™ 95/98
  • Windows NT

Tivoli SecureWay Policy Director for Application Servers

Server platforms:

  • Solaris 2.6 only
  • Policy Director 3.0.1, and later
  • Windows NT

Client platforms:

  • Windows 95/98
  • Windows NT

Tivoli SecureWay Global Sign-On

Server platforms:

  • AIX 4.3.1, or later
  • Solaris 2.6 or 2.7
  • Windows NT 4.0 with Service Pack 4, or later
  • HP-UX 11.0

Client platforms:

  • Windows 95/98
  • Windows NT
  • Solaris 2.6
  • AIX 4.2.1, or later
  • NT 4.0 with Service Pack 5

Tivoli SecureWay Risk Manager Version 1.0

  • Windows NT 4.0 SP5 (RealSecure adapter and Tivoli Web Intrusion Detection)
  • Solaris 2.7 (Cisco Secure IDS adapter and Tivoli Web Intrusion Detection)
  • AIX 4.3.3 (Tivoli Web Intrusion Detection)

Tivoli Web Intrusion Detection support for:

  • Apache: 3.1.12 (AIX/NT) 3.1.9 (Solaris)
  • Netscape ES 4.1 (Solaris/NT) 4.0 (AIX)
  • Microsoft™ IIS 4.0

Tivoli SecureWay PKI Version 3.1

  • AIX Version 4.3.2, or later
  • Microsoft Windows NT 4.0 with Service Pack 5

Tivoli SecureWay PKI Version 3.1 also requires the following products which are included with the Tivoli SecureWay PKI product:

  • SecureWay Directory Version 3.1.1.
  • DB2® Version 5.2 Fix Pack 10 (Enterprise Edition)
  • WebSphere™ Application Server Version 2.0 Standard Edition including IBM HTTP Web Server Version 1.3.3. and JDK Version 1.1.6

Limitations: Tivoli SecureWay Policy Director on HP-UX does not support the SecureWay Directory (LDAP) user registry.

Planning Information

Packaging: Each package contains the program product and documentation on CD-ROM, and the applicable hardcopy documentation listed below:

                                                  Form
Document                      Language            Number
 
IPLA Pamphlet                 Multilingual        Z125-3301
License Information           Multilingual        LC23-4470
Tivoli SecureWay Public       English             GC32-0472
  Key Infrastructure
  Up and Running
Tivoli SecureWay Policy       English             GC32-0458
  Director Up and Running

Security, Auditability, and Control

Tivoli SecureWay family of security products uses the security and auditability features of the operating systems on which it operates.

The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.

Ordering Information

The rebranded Tivoli SecureWay Family products are not available by part number ordering under the IBM Passport Advantage program. Refer to Software Announcement 200-017 , dated February 15, 2000, for additional information about Tivoli's Value Based pricing.

The following Tivoli SecureWay Family products are based on the Tivoli Client/Server or Device/Server metric:

  • Tivoli SecureWay Risk Manager (5698-RMG)
  • Tivoli SecureWay Global Sign-On (5698-GS2)
  • Tivoli SecureWay PKI 56-bit (5698-KII)
  • Tivoli SecureWay PKI 128-bit (5698-KID)

The following Tivoli SecureWay Family products are based on the Tivoli Registered User metric:

  • Tivoli SecureWay Policy Director 56-bit (5698-PDI)
  • Tivoli SecureWay Policy Director 128-bit (5698-PDD)
  • Tivoli SecureWay Policy Director for Application Servers (5698-PDA)

Withdrawal of Previous Passport Advantage Part Numbers: The products listed below are withdrawn from marketing effective immediately.

Outstanding proposals will be honored. Customer orders for the withdrawn products should be submitted through the Special Bid Process to obtain fulfillment approval.

SecureWay Trust Authority Version 3.1 Passport Advantage, Media, and Documentation Package Numbers

The following Passport Advantage, media, and documentation package numbers are no longer available for ordering effective immediately.

SecureWay Trust Authority Version 3.1 has been rebranded and renamed. The replacement product is Tivoli SecureWay PKI Version 3.1 (5698-KID or 5698-KII). Contact your IBM or Tivoli representative for further information.

Passport Advantage Numbers
 
VPO INSTL/SW SUB TRUST AUTHORITY                  D4621ML
  1 YEAR 1 USER
VPO INSTL/SW SUB TRUST AUTHORITY                  D46GAML
  2 YEARS 1 USERS
VPO INSTL TRUST AUTHORITY 1 USER                  D461ZML
VPO SW SUB RNWL TRUST AUTHORITY                   E16GCML
  1 USER
VPO SW SUB TRUST AUTHORITY 1 YEAR                 D46GDML
  1 USER
VPO SW SUB TRUST AUTHORITY 2 YEARS                D46GEML
  1 USER
CO INSTL/SW SUB TRUST AUTHORITY                   D46GCML
  2ND ANNIV 1 USER
CO INSTL/SW SUB TRUST AUTHORITY                   D46GFML
  1ST ANNIV 1 USER
CO SW SUB RNWL TRUST AUTHORITY                    E16GDML
  1 USER
CO SW SUB TRUST AUTHORITY 1ST ANNIV               D4721ML
  1 USER
CO SW SUB TRUST AUTHORITY 2ND ANNIV               D4725ML
  1 USER
CO SUPT TRUST AUTHORITY 1 ANNIV                   AR6XZML
  1 USER
CO SUPT TRUST AUTHORITY 2ND ANNIV                 AR70GML
  1 USER
 
Media Packages
 
IBM Trust Authority V3.1 Media                    BE6KMML
  Pack 128 Byte English
IBM Trust Authority V3.1 Media                    BE6KQML
  Pack 56 Byte English
 
Documentation Packages
 
IBM Trust Authority Documentation                 BE6PENA
  Package English

IBM SecureWay Policy Director Version 1 and Version 2 Passport Advantage, Media, and Documentation Package Numbers

The following Passport Advantage, media, and documentation package numbers are no longer available for ordering effective immediately. Tivoli SecureWay Policy Director Version 3.6 (5698-PDD or 5698-PDI) is the replacement product. Contact your IBM or Tivoli representative for further information.

IBM SecureWay Policy Director
Passport VPO and CO Numbers
 
VPO Instl/SW Sub IBM SecureWay                    D275LML
  Policy Director install 1 year
VPO Instl/SW Sub IBM SecureWay                    D275MML
  Policy Director install 2 years
VPO Instl IBM SecureWay Policy                    D275KML
  Director install
VPO SW Sub Rnwl IBM SecureWay                     E176KML
  Policy Director install
VPO SW Sub IBM SecureWay Policy                   D2764ML
  Director install 1 year
VPO SW Sub IBM SecureWay Policy                   D2765ML
  Director install 2 year
CO Instl/SW Sub IBM SecureWay                     D276PML
  Policy Director install 1 year
CO Instl/SW Sub IBM SecureWay                     D276RML
  Policy Director install 2 years
CO SW Sub Rnwl IBM SecureWay                      E17MUML
  Policy Director install
CO SW Sub IBM SecureWay Policy                    D27BIML
  Director install 1st Anniv
CO SW Sub IBM SecureWay Policy                    D27MMML
  Director install 2nd Anniv
CO Supt IBM SecureWay Policy                      AR7YIML
  Director Flat 1 Anniv 1 User
CO Supt IBM SecureWay Policy                      AR63UML
  Director Flat 2 Anniv 1 User

.--------------------------.
|      IBM SecureWay       |
|     Policy Director      |
|  Version 1 and Version 2 |
|-------------+------------|
|Description  |  English   |
|-------------+------------|
|Media        |V1 BE7X2NA  |
| Package     |V2 BE608NA  |
|             |V2 BE607NA  |
|-------------+------------|
|Documentation|V1 BE7X4NA  |
| Package     |V2 BE6AUNA  |
'-------------+------------'

Customization Options: Select the appropriate feature numbers to customize your order to specify the delivery options desired. These features can be specified on the initial or MES orders.

Example: If publications are not desired for the initial order, specify feature number 3470 to ship media only. For future updates, specify feature number 3480 to ship media updates only. If, in the future, publication updates are required, order an MES to remove feature number 3480; then, the publications will ship with the next release of the program.

                                                    Feature
Description                                         Number
 
Initial Shipments
 
Serial number only (suppresses shipment             3444
 of media and documentation)
 
Ship media only (suppresses initial                 3470
 shipment of documentation)
 
Ship documentation only (suppresses                 3471
 initial shipment of media)
 
                                                    Feature
Description                                         Number
 
Update Shipments
 
Ship Media updates only (suppresses                 3480
 update shipment of documentation)
 
Ship documentation only (suppresses                 3481
 update shipment of media)
 
Suppress updates (suppresses update                 3482
 shipment of media and documentation)
 
Expedite Shipments
 
Local IBM office expedite                           3445
 (for IBM use only)
 
Customer expedite process charge                    3446
 ($30 charge for each product)

Expedite shipments will be processed to receive 72-hour delivery from the time IBM Software Delivery Fulfillment (SDF) receives the order. SDF will then ship the order via overnight air transportation.

Basic License: To order a basic license, specify the program number, feature number 9001 for asset registration, and the feature number of the desired distribution medium. Also, specify the one-time charge (OTC) feature number from the tables below in the quantity desired (maximum quantity of 250).

Use the following table to order the program products listed below.

.-----------------------------------+------------------------.
|                                   |Tivoli Management Points|
|--------+--------------------------+--------+---------------|
|Product |                          |        |               |
|Number  |  Product Name            |  Qty 1 |   Qty 250     |
|--------+--------------------------+--------+---------------|
|5698-PDI| Policy Director 56-bit   |  1151  |    1152       |
|5698-PDD| Policy Director 128-bit  |  1149  |    1150       |
|--------+--------------------------+--------+---------------|
|5698-PDA| Policy Director for      |  1145  |    1146       |
|        |  Application Servers     |        |               |
|--------+--------------------------+--------+---------------|
|5698-KII| Public Key Infrastructure|  1155  |    1156       |
|        |  56-bit                  |        |               |
|--------+--------------------------+--------+---------------|
|5698-KID| Public Key Infrastructure|  1153  |    1154       |
|        |  128-bit                 |        |               |
|--------+--------------------------+--------+---------------|
|5698-RMG| Risk Manager Version     |  1257  |    1258       |
'--------+--------------------------+--------+---------------'

Tivoli Systems Support

Support must be ordered through program number 5698-SPT by specifying feature number 9001 for asset registration and by specifying the First Year Standard Support — No-Charge feature number. The First Year Support No-Charge feature number (and the Standard — 24 Support Upgrade OTC feature numbers, if applicable) must be discontinued. Orders under 5698-SPT establish entitlement records worldwide. If an order under 5698-SPT is not placed, a customer will not be entitled to support, even during the first year of a license.

Customers are notified before the end of the initial support period. The first year support feature numbers will then be converted to feature numbers for annual support billing at the same level of support elected during the initial support period unless the customer notifies IBM/Tivoli that they want to discontinue support. Once the subsequent year support feature numbers are in place, charges are automatically renewed annually unless support is cancelled by the customer. Tivoli pricing offers easy Support. The following Support options are available:

  • Standard — which provides customer support during normal business hours
  • Standard-24 — which provides customer support 24 hours per day, 7 days per week
  • Select — which provides enhanced customer support 24 hours per day, 7 days per week

If an upgrade to Standard-24 Support Option or Select Support Option is desired at initial order of a license and during the first 12 months of a license, or if support is desired after the first 12 months of a license, specify the applicable feature number from the tables below.

Standard Annual Support Option

The following support will be provided for a period of 12 months after the first installation of the Tivoli product; and thereafter, if the customer subscribes to the Standard Annual Support Option:

  • Corrections (PTFs) that fix substantial deviations of unmodified Tivoli products from the then-current code, publications, and/or informal documentation (that is, release notes and memos)
  • Software product updates that are improvements, extensions, and other changes which IBM/Tivoli, at its discretion, deems to be reasonable
  • Technical support that provides support via telephone, fax, e-mail during normal IBM/Tivoli business hours in the customer's locality from Monday through Friday, except local holidays, and supplies work-arounds for problems (where known), answers questions, and provides patches where they exist, and supplies to the customer a reasonable amount of assistance by mail or telephone in the event of difficulties in the use of, or the interpretation of, results from a Tivoli product.

Standard-24 Annual Support Option

The Standard-24 Annual Support Option includes and extends the support services provided in the Standard Annual Support Option to include technical support via telephone 7 days per week, 24 hours per day. When a customer is notified about the upcoming termination of the initial no-charge support period, the customer may choose to acquire this option for subsequent years. An MES order must be entered for the Tivoli product's charges using the applicable feature numbers from the table below. After an MES order is entered, the charges will automatically renew annually unless this option is cancelled by the customer.

Select Annual Support Option

The Select Annual Support Option includes and enhances the support services provided in the Standard-24 Annual Support Option to include limited on-site support, initial on-site review, faster responsiveness, access to senior engineers, IBM/Tivoli management escalation path, and heightened fix priority.

When the customer is notified about the upcoming termination of the initial no-charge support period, the customer may choose to acquire this option for subsequent years. An MES order must be entered for the Tivoli product's charges using the applicable feature number from the table below. After an MES order is entered, the charges will automatically renew annually unless this option is cancelled by the customer.

Support Upgrade

During the first year of a license, the customer can upgrade to the Standard-24 Annual Support Option or the Select Annual Support Option by ordering the applicable OTC feature numbers from the table below. The OTC feature numbers may be specified on the initial order or later via an MES during the first year only. Ordering the OTC feature numbers will not result in an extension of the initial annual-support period.

In subsequent years, if a customer has acquired the Standard Annual Support Option and then wants to upgrade to the Standard-24 Annual Support Option, or the Select Annual Support Option, an MES order must be entered to discontinue the Standard Annual Support Option feature numbers and to add the Standard-24 Annual Support Option or Select Annual Support Option feature numbers. Standard-24 Support can also be upgraded to Select Support by placing an MES order to discontinue the Standard-24 Support option feature numbers and to add the Select Support option feature numbers.

5698-SPT — First-Year Support Options

Use the following table to order support (5698-SPT) for the program products listed below.

.--------+----------------+--------+---------+--------+--------.
|        |                |        |         |        |Upgrade |
|        |                |        |         |Upgrade |from    |
|        |                |        |Upgrade  |from    |1st Year|
|        |                |        |from     |1st Year|Std-24  |
|        |                |1st Year|1st Year |to      |to      |
|        |                |Support |to Std-24|Select  |Select  |
|Support |                |No      |Support  |Support |Support |
|for     |                |Charge  |OTC      |OTC     |OTC     |
|Program |Support for     |Feature |Feature  |Feature |Feature |
|Number  |Program Name    |Number  |Number   |Number  |Number  |
|--------+----------------+--------+---------+--------+--------|
|        |Tivoli SecureWay|        |         |        |        |
|--------+----------------+--------+---------+--------+--------|
|5698-PDA|Policy Director |  1227  | 1214    | 1215   | 1216   |
|        |for Application |        |         |        |        |
|        |Servers         |        |         |        |        |
|        |  Qty of 250    |  1228  | 1217    | 1218   | 1219   |
|--------+----------------+--------+---------+--------+--------|
|5698-PDD|Policy Director |  1241  | 1229    | 1230   | 1231   |
|        |  Qty of 250    |  1242  | 1232    | 1233   | 1234   |
|--------+----------------+--------+---------+--------+--------|
|5698-PDI|Policy Director |  1255  | 1243    | 1244   | 1245   |
|        |  Qty of 250    |  1256  | 1246    | 1247   | 1248   |
|--------+----------------+--------+---------+--------+--------|
|5698-KII|PKI             |  1211  | 1199    | 1200   | 1201   |
|        |  Qty of 250    |  1212  | 1202    | 1203   | 1204   |
|--------+----------------+--------+---------+--------+--------|
|5698-KID|PKI             |  1197  | 1185    | 1186   | 1187   |
|        |  Qty of 250    |  1198  | 1188    | 1189   | 1190   |
|--------+----------------+--------+---------+--------+--------|
|5698-RMG|Risk Manager    |  1271  | 1259    | 1260   | 1261   |
|        |  Qty of 250    |  1272  | 1262    | 1263   | 1264   |
'--------+----------------+--------+---------+--------+--------'

5698-SPT — Subsequent Year Options

Use the following table to order support (5698-SPT) for the program products listed below.

.---------+-------------------+---------+---------+--------.
|         |                   |Standard | Std-24  | Select |
|         |                   |Support  | Support | Support|
|Support  |                   |Annual   | Annual  | Annual |
|  for    |                   |Charge   | Charge  | Charge |
|Program  |Support for        |Feature  | Feature | Feature|
| Number  |Program Name       |Number   | Number  | Number |
|---------+-------------------+---------+---------+--------|
|         |Tivoli SecureWay   |         |         |        |
|---------+-------------------+---------+---------+--------|
|5698-PDA |Policy Director    |         |         |        |
|         |for Application    |         |         |        |
|         |Servers V3.6       |         |         |        |
|         |  Qty of 1         | 1221    |  1222   |   1223 |
|         |  Qty of 250       | 1224    |  1225   |   1226 |
|---------+-------------------+---------+---------+--------|
|5698-PDD |Policy Director    |         |         |        |
|         |Director V3.6      |         |         |        |
|         |128-bit            |         |         |        |
|         |  Qty of 1         | 1235    |  1236   |   1237 |
|         |  Qty of 250       | 1238    |  1239   |   1240 |
|---------+-------------------+---------+---------+--------|
|5698-PDI |Policy Director    |         |         |        |
|         |Director V3.6      |         |         |        |
|         |56-bit             |         |         |        |
|         |  Qty of 1         | 1249    |  1250   |   1251 |
|         |  Qty of 250       | 1252    |  1253   |   1254 |
|---------+-------------------+---------+---------+--------|
|5698-KII |PKI V3. 156-bit    |         |         |        |
|         |  Qty of 1         | 1205    |   1206  |   1207 |
|         |  Qty of 250       | 1208    |   1209  |   1210 |
|-----------------------------+---------+---------+--------|
|5698-KID |PKI V3.1 128-bit   |         |         |        |
|         |  Qty of 1         | 1191    |   1192  |   1193 |
|         |  Qty of 250       | 1194    |   1195  |   1196 |
|-----------------------------+---------+---------+--------|
|5698-RMG |Risk Manager V1.0  |         |         |        |
|         |  Qty of 1         | 1265    |   1266  |   1267 |
|         |  Qty of 250       | 1268    |   1269  |   1270 |
'---------+-------------------+---------+---------+--------'

The Standard Support Option, Standard-24 Support Option and Select Support Option are not transferable among the Tivoli Enterprise products. Support Option feature numbers must be ordered, if desired, for each licensed product. The quantity of the billable feature numbers for Support must be equal to the Tivoli Management Points for a product, if support is desired.

Basic Machine-Readable Material

                                                  Feature
Description                                       Number
 
Distribution Medium:  CD-ROM
 
Tivoli SecureWay Policy Director (5698-PDD, 5698-PDI)
 
English                                           5809
French                                            5819
Brazilian Portuguese                              5839
Spanish                                           5859
 
Tivoli SecureWay Policy Director for Application Servers
(5698-PDA)
 
English                                           5809
 
Tivoli SecureWay PKI (5698-KII, 5698-KID)
 
English                                           5809
French                                            5819
Brazilian Portuguese                              5839
Spanish                                           5859
 
Tivoli SecureWay Risk Manager Version 1.0 (5698-RMG)
 
English                                           5809

Customization Options: Select the appropriate feature numbers to customize your order to specify the delivery options desired. These features can be specific on the initial or MES orders.

Example: If publications are not desired for the initial order, specify feature number 3470 to ship media only. For future updates, specify feature number 3480 to ship media updates only. If, in the future, publication updates are required, order an MES to remove feature number 3480; then, the publications will ship with the next release of the program.

Terms and Conditions

Agreement: IBM International Program License Agreement (IPLA), IBM International Agreement for Acquisition of Programs and Support (IIAAPS) with the Attachment for Support and its Addendum for Tivoli Systems, and an Order Form

Transferable: Applies except when Support is in effect

Limited Warranty Applies: Yes

Guarantee: Two months

Getting Started Period: Not applicable

Usage Restriction: Yes. Usage is limited to the number of management points acquired.

Educational Allowance Available: Yes, 15% to qualified educational institutional customers.

Volume Orders: Not applicable

Upgrade Protection Applies: Covered as long as Support remains in effect

Licensed Program Materials Availability: Object Code Only

Entitled Upgrade for Current Upgrade Protection Licensees: As announced for each program

Program Services

  • Support Center applies: Yes. Access is available through the Tivoli Support Center 800-TIVOLI8 (848-6548).
  • Available until:
    • 12 months after initial installation
    • After 12 months as part of the IASP offering
    • Available for program until 12 months written notice
  • Applicable for:
    • Latest code level
    • Immediate previous level for 12 months
  • APAR Mailing Address:
      Tivoli Systems Inc.
      9442 Capital of Texas Highway
      Austin, TX 78759
      Attention: Tivoli SecureWay Development

Support Line: No

Unique Terms and Conditions

The following terms and conditions apply to:

  • 5698-PDD Tivoli SecureWay Policy Director 128-bit
  • 5698-PDI Tivoli SecureWay Policy Director 56-bit

Program-Unique Terms: This Agreement governs the use and support of Tivoli SecureWay PKI (the Program) with the exception of components of the Program which contain their own license agreements. The terms and conditions governing such components are provided when installing or starting such specific components.

The Program contains encryption technology that is subject to special export licensing requirements by the U.S. Department of Commerce. It may also be subject to export and import requirements of other countries. IF YOU DISTRIBUTE ANY COMPONENTS OF THIS PROGRAM, YOU MUST ABIDE BY ALL APPLICABLE LAWS, RULES AND REGULATIONS REGARDING THE EXPORT OF SUCH CODE. FURTHER, YOU MUST ENSURE THAT ALL USERS WHO RECEIVE THE PROGRAM FROM YOU COMPLY WITH THE TERMS OF THIS AGREEMENT

The Program contains several server components and client components.

The server components are:

  • WebSeal Server
  • NetSeal Server (including DCE client)
  • Management Console Server
  • Authorization Server
  • IBM SecureWay Directory
  • IBM DCE Security and Directory Server

The client components are:

  • NetSeat client
  • DCE client

The DCE components included with this Program can only be used to access the Program's server components listed above.

You may only use the DB2 UDB component of the IBM SecureWay Directory in association with your licensed use of the SecureWay Directory.

Warranty through Program Services: Yes, except Sun Solaris JRE provided from IBM in Policy Director.

The following terms and conditions apply to:

  • 5698-KID Tivoli SecureWay Public Key Infrastructure (PKI)
  • 5698-KII Tivoli SecureWay Public Key Infrastructure

You understand and agree that Tivoli SecureWay PKI (the Program) contains data encryption functions which are subject to special export licensing restrictions by the U.S. Department of Commerce.

You understand and agree that the Program contains software from RSA Data Security, Inc. (RSA Code). You may not modify or directly access the RSA Code or its functions, except through the function calls of the Program, which may not be modified. In addition, the Program contains Standard Template Library software ("STL Software") from Silicon Graphics Computer Systems, Inc. ("SG STL Software") and Hewlett-Packard Company ("HP STL Software") SG STL Software is copyright "1996-1999 Silicon Graphics Computer Systems, Inc." and HP STL Software is copyright "1994 Hewlett-Packard Company." STL Software may be found on the Web at http://www.sgi.com/Technology/STL , and other places. Permission to use, copy, modify, distribute, and sell the SG STL Software and HP STL Software and their documentation for any purpose is hereby granted without fee, provided that the above copyright notice appears in all copies and that both that copyright notice and this permission notice appear in supporting documentation. Neither Silicon Graphics, Hewlett-Packard, nor Tivoli makes any representations about the suitability of the SG STL Software or HP STL Software for any purpose. The SG STL Software and HP STL Software are each provided "AS IS" without express or implied warranty.

The Program includes portions of DB2 Universal Database® software ("DB2 Components"). You are not authorized to install or use the DB2 Components other than in connection with your licensed use of the Program for the storage and management of data used or generated by the Program. For example, this license does not include inbound connections to the database or the DB2 Components from other applications for queries or report generation. The DB2 Components must reside on the same machine as the Program, and you are not authorized to install or use the DB2 Components separate from the Program.

The Program includes portions of the IBM WebSphere Application Server and the IBM HTTP Web Server ("IBM Servers"). You are not authorized to install or use the IBM Servers other than in connection with your licensed use of IBM WebSphere. The IBM Servers must reside on the same machine as IBM WebSphere, and you are not authorized to install or use the IBM Servers separate from the IBM WebSphere program.

You may not take any action, or permit any omissions, with respect to the IBM WebSphere program that would exceed the license rights granted in the Agreement and these Program-unique Terms. Any other use of the IBM WebSphere program is prohibited. You are responsible for maintaining the overall security of your systems, processes, and information.

The IBM WebSphere program includes the following code modules (hereinafter referred to as "Modules"), which are installed into the customer-chosen destination path for the Program Registration Authority portion of the IBM WebSphere program:

  1. All configuration files (file extension .cfg) and letter templates (file extension .ltr) in the \etc directory
  2. The policy_exit file in the \bin directory, and
  3. All files in the \webpages directory. You may copy and modify the Modules only for the purpose of customizing hypertext markup language ("HTML") screens, Java™ Server Pages, graphics, policy exits, configuration files, and sample letters in connection with your own applications which you create for use with the IBM WebSphere program. You may not distribute or otherwise copy or modify the Modules.

Tivoli shall have no liability to you or your customers or end users for your or their use of the IBM WebSphere program, and you agree to indemnify, defend, and hold Tivoli and its subsidiaries and suppliers harmless from and against any claims (actual or alleged) that are based on or arise in connection with:

  1. Your use of the IBM WebSphere program;
  2. Any of your customers or end users use of or interaction with the IBM WebSphere program;
  3. Any use of or reliance upon any digital certificates issued by you using or in connection with the IBM WebSphere program; and/or
  4. Any representations made by you about the IBM WebSphere program, provided that Tivoli:
    • Promptly notifies you in writing of such claim, and
    • Allows you to control, and cooperates with you in the defense and any related settlement negotiations. Tivoli shall have the right to participate in such claim at its own expense.

IBM HTTP Server and the APACHE HTTP Server: The IBM HTTP Server component of the IBM WebSphere program includes software developed by The Apache Group for use in the Apache HTTP Server project ( http://www.apache.org/ ). In addition, the IBM WebSphere program is accompanied by source code for the Apache HTTP Server. The portions of the IBM HTTP Server which are based on software developed by The Apache Group and the source code for the Apache HTTP Server are Copyright © 1995-1998 The Apache Group. All rights reserved.

IBM's license for the Apache HTTP Server requires IBM to reproduce the following license from The Apache Group:

Copyright © 1995-1998 The Apache Group. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the Apache Group for use in the Apache HTTP server project ( http://www.apache.org/ )."
  • The names "Apache Server" and "Apache Group" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, contact apache@apache.org.
  • Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the Apache Group for use in the Apache HTTP server project ( http://www.apache.org/ )."

THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software consists of voluntary contributions made by many individuals on behalf of the Apache Group and was originally based on public domain software written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. For more information on the Apache Group and the Apache HTTP server project, please refer to:

Your use of the source code for the Apache HTTP Server accompanying the IBM WebSphere program is subject to the terms and conditions of the above license from The Apache Group and not the International Program License Agreement. In particular, IBM is providing the source code for the Apache HTTP Server on an AS-IS basis, without warranty of any kind (either express or implied) including, without limitation, any implied warranty of merchantability and fitness for a particular purpose and any warranty of non-infringement.

Your use of the IBM WebSphere program, including the IBM HTTP Server component, is subject to the terms and conditions of the International Program License Agreement.

Charges

Contact your IBM representative for charges information for this announcement.

Order Now

 Use Priority/Reference Code: YE001
 
 Phone:     800-IBM-CALL
 Fax:       800-2IBM-FAX
 Internet:  ibm_direct@us.ibm.com
 Mail:      IBM Atlanta Sales Center
            Dept. YE001
            P.O. Box 2690
            Atlanta, GA  30301-2690

You can also contact your local IBM Business Partner or IBM representative. To identify them, call 800-IBM-4YOU.

Note: Shipments will begin after the planned availability date.

Trademarks

 
SecureWay and WebSphere are trademarks of International Business Machines Corporation in the United States or other countries or both.
 
RISC System/6000, AIX, DB2, and DB2 Universal Database are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Pentium is a trademark of Intel Corporation.
 
Windows NT, Windows, and Microsoft are trademarks of Microsoft Corporation.
 
Java is a trademark of Sun Microsystems, Inc.
 
Tivoli is a registered trademark of Tivoli Systems, Inc. in the United States or other countries or both. In Denmark, Tivoli is a trademark licensed from Kjobenhavns Sommer — Tivoli A/S.
 
Other company, product, and service names may be trademarks or service marks of others.