IBM United States
Software Announcement 202-082
April 9, 2002

IBM Tivoli Access Manager for e-business V3.9 Securely Integrates CRM, ERP, SCM, and Portals e-business Solutions with Enterprise J2EE Applications

 ENUS202-082.PDF (66KB)


At a Glance

Access Manager for e-business provides integrated security management in a J2EE deployment model for dynamic e-business applications. Key features and benefits of V3.9 include:

  • A secure control point for managing the end-user experience with Web Single Sign-On
  • J2EE Security Integration for the WebSphere® platforms, which can provide tremendous ROI for enterprises leveraging J2EE as their e-business deployment model
  • New Web Agents for WebSphere Application Server and BEA WebLogic (a product of BEA Systems)
  • New Agents for Web Servers (Microsoft Internet Information Server, iPlanet Enterprise Server, IBM HTTP Server) that provide deployment flexibility
  • Extension of enterprise security management capability on the Microsoft Active Directory platform and Lotus® Domino™ Registry
  • National language support for Brazilian Portuguese, Czech, French, German, Hungarian, Italian, Japanese, Korean, Polish, Russian, Spanish, Simplified Chinese, and Traditional Chinese

For ordering, contact:

Your IBM representative, an IBM Business Partner, or IBM Americas Call Centers at 800-IBM-CALL (Reference: YE001).

Overview

IBM Tivoli® Access Manager for e-business Version 3.9 (V3.9) continues to build on the strong Tivoli SecureWay® Policy Director V3.8 enterprise security platform for security management. V3.9:

  • Delivers an integrated enterprise security management solution that is directly integrated into the e-business platform.
    • A common security model for dynamic e-business across heterogeneous platforms and applications, such as Portals, Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), or Supply Chain Management (SCM) solutions.
    • Secure integration capabilities for J2EE applications to leverage cross-enterprise and intra-enterprise application Web Services deployment.
  • Helps provide a return on investment by reducing the need to manage user identities and security policies within each application. Tivoli Access Manager for e-business delivers common user identity management, Web Single Sign-On, common policy-based authorization, and a single point of security management.
  • Can assist rapid time to value in solution deployment with two Web security implementation choices: the Web Proxy solution and the new Web Agents for e-business Web Servers/J2EE Application Servers.
  • Integrates with identity management, provisioning, workflow, and access management to help lower ownership and deployment costs.
  • Is able to extend enterprise security management capability to the Microsoft™ Active Directory platform.

Previous versions of this product were known as "Tivoli SecureWay Policy Director."

Key Prerequisites

Minimum hardware and software requirements for desired platforms.

Planned Availability Date

May 17, 2002

Description

IBM Tivoli Access Manager for e-business V3.9 delivers enterprise security management capabilities that enable you to deploy a consistent security strategy across your application infrastructure for intra-enterprise and cross-enterprise deployments.

In today's competitive environment, a factor critical to the success of e-business is the extent to which business units securely manage their customer relationships as well as integrate their business models on a common application and security platform. Security, Access Management, and Identity Management are fundamental components that empower businesses to deliver valuable functions to diverse end-user constituents, Business Partners, and affiliates.

On the Internet-facing side, business solutions may assume forms such as business portals, Customer Relationship Management (CRM) systems, federated e-commerce networks, vertical industry solutions, and business integration tools linking e-business platforms to procurement systems or supply-chain integration or collaborative manufacturers. For example, business-to-consumer solutions may assume the form of consumer portals or employee portals integrating CRM, Enterprise Resource Planning (ERP), and employee applications into a common access portal.

Integration with Internet-facing applications is just one part of the problem. Enterprise application integration with Web middleware (such as WebSphere Application Server and BEA WebLogic Server), messaging (such as Tivoli Access Manager for Business Integration), business processes, and ERP is critical to deliver time-to-value to business units.

IBM Tivoli Access Manager for e-business V3.9 has the flexibility to:

  • Deploy cross-enterprise solutions that comply with the privacy settings of consumers' and Business Partners' browser interface
  • Deliver core capabilities to help enable business owners and their affiliates support branding, customer affinity, and enterprise application integration
  • Deliver the J2EE integration capabilities for future e-business applications, and Web Services with platforms such as WebSphere Application Server and/or BEA WebLogic Server

IBM Tivoli Access Manager for e-business V3.9 provides:

  • A control point for managing and provisioning user profiles, privileges, and entitlements that deliver personalized and secure access to end users across the extended enterprise.
  • A scalable standards-based, cross-platform security architecture that bridges Internet-facing, cross-enterprise applications with intra-enterprise application integration. This architecture includes common security management, Web Single Sign-On, and enforcement of user access rights, privileges, and entitlements across the e-business infrastructure (J2EE and WebSphere) and mainframe systems.
  • Support for IBM Tivoli Access Manager for Business Integration product solution.
  • Platform security for enterprise UNIX® and Linux servers using the add-on IBM Tivoli Access Manager for Operating Systems.

e-business Platform and Solution Support

V3.9 of IBM Tivoli Access Manager for e-business adds features that help enable you to manage your e-business platform and adds support for e-business solutions from many Independent Software Vendors (ISVs).

Support for WebSphere

Access Manager for e-business has been enhanced to deliver the J2EE integration with the WebSphere Application Server (WAS) V4.0. The specific advantages to WAS customers include:

  • The ability to leverage a common security model across WebSphere and many non-WebSphere resources. The Access Manager for e-business and WAS employ common user identity and profiles, Access Manager-based authorization, and use of Access Manager's Web Portal Manager to achieve a single point of security management.
  • Integration that is transparent to the J2EE applications because no coding or deployment changes are typically needed at the application level.
  • The ability to dynamically manage "user-to-role" relationships for multiple WAS applications from a single "logical" policy database.
  • Access Control Lists (ACLs), which provide a more flexible set of user-to-role policies than the current WebSphere security implementation provides.
  • A standards-based solution that complies with the J2EE 1.2 Security Specification.

Support for BEA WebLogic Server (BEA WLS)

Tivoli Access Manager for e-business has been enhanced to greatly increase the level of support of BEA's WLS 6.1. The specific advantages to BEA WLS customers include:

  • The ability to leverage a common security model across WLS and non-WLS resources with common user identity and profiles and use of Web Portal Manager to achieve a single point of security management
  • Support that is transparent to the J2EE applications because no coding or deployment changes are typically needed at the application level
  • The ability to dynamically manage "user-to-role" relationships for multiple WLS applications from a single "logical" policy database
  • Access Manager for e-business ACLs, which provide a flexible set of user-to-role policies
  • A standards-based solution that complies with the J2EE 1.2 Security Specification

New Web Server Agents (Plug-ins)

Access Manager for e-business V3.9 delivers new architectural deployment flexibility by delivering Web Server Agents for the following Web Servers:

  • Microsoft Internet Information Server
  • Netscape/iPlanet Enterprise Server
  • IBM HTTP Server

The key features of the Access Manager Web Server Agents include the following:

  • User authentication mechanisms: Authentication via username and password, X.509 certificates, and SecurID tokens.
  • Step-up authentication: Automatic prompting for an increased level of authentication on entry to sensitive Web space.
  • Authentication based on client location: IP-address-based authentication as per the WebSEAL component.
  • Web Single Sign-On (SSO): Support for e-community cross-domain single sign-on.
  • Single Sign-On between the WebSEAL component and Web Portal Manager (WPM): Access Manager for e-business Web plug-ins will be compatible with the SSO mechanism provided between the WebSEAL component and WPM.
  • Password policy.
  • Password strength.
  • Password expiration.
  • N strikes out password policy.
  • Extensible password policy interface: As per existing Cross Domain Authentication Service (CDAS) interface.
  • ACL and POP (Post Office Protocol) support.
  • Pass user entitlements from LDAP as HTTP headers.
  • Pass user, groups, or credentials as HTTP header: As per the WebSEAL component.
  • Failover: As per the WebSEAL component.
  • Simple and intuitive installation, configuration, unconfiguration, and uninstallation.
  • WebSEAL and plug-in coexistence.
  • Virtual hosting: Virtual hosting as provided by the host Web Server will be supported.

Enhancements to Access Manager Plug-in for WebSphere Edge Server

  • Additional platforms: The plug-in supports additional platforms.
  • Cross Domain Authentication Service (CDAS) interface: An interface that supports custom authentication modules to be invoked by the plug-in for authentication. With this feature, you can write your own authentication modules. This feature is similar to Access Manager's WebSEAL-based implementation of CDAS.
  • Performance enhancements: The plug-in's performance is enhanced to improve its throughput, while reducing its CPU utilization.

Support for e-business Applications using Java™-Based Application Programming Interface

Tivoli Access Manager for e-business builds on the strong Java API integration with new leading-edge support for securing J2EE-compliant applications. Application developers building on the WAS or the BEA WebLogic platform can leverage the J2EE security model to build their applications.

This release adds support for Java APIs for creating management portals. It defines various Java classes and the methods to manipulate these class objects for the following V3.9 objects: context, user, group, account/password policy, protected object/object space, ACL, and multiple ACL entries. The Java Admin API is included in the new Policy Director Java Runtime (PDJrte) package. Native installation support will be implemented to install/uninstall PDJrte on the various platforms supported by V3.9.

Java Entitlements API for Portals

IBM Tivoli Access Manager for e-business addresses the requirement for Portals and applications needing to implement application-level entitlements. A new Java Entitlements function has been implemented via the PDPermission Java client to make calls to entitlements services and to publish portlets to the management namespace. The new entitlements API enables new capability in V3.9's Web Portal Manager to support a new dashboard for managing security policies on "Portlets" when vendor portlets are published in the Tivoli Access Manager's management namespace. The PDPermission Java package has been moved into the new PDJrte package for V3.9.

Support for Siebel Customer Relationship Management (CRM) V7

IBM Tivoli Access Manager for e-business V3.9 adds support for the Siebel CRM 2000 solution on Access Manager for e-business V3.9 supported server platforms. The support enables you to leverage:

  • Web Single Sign-On to the Siebel 2000 environment using Access Manager for e-business V3.9's WebSEAL
  • Common policy management by mapping Access Manager for e-business V3.9's credentials to Siebel application roles

You can download the security module implementation and documentation for Siebel support from the following Tivoli Web site:

Support for mySAP.com Enterprise Resource Planning (ERP)

IBM Access Manager for e-business V3.9 has been certified with the SAP mySAP.com e-business platform. The support enables:

  • Web Single Sign-On to the mySAP.com environment using Access Manager for e-business V3.9's WebSEAL
  • Common policy management by mapping Access Manager for e-business V3.9's credentials to mySAP.com application roles

You can download the security module implementation and documentation for mySAP.com support from the following Tivoli Web site:

Improvements in Web Portal Manager (WPM) Interface

Access Manager for e-business V3.9 adds new WPM capabilities in the following areas:

  • Additional Platforms: Access Manager for e-business 3.9 supports the WPM component on Windows® 2000, Solaris, and AIX® platforms. Refer to the Software Requirements section for specific versions and releases.
  • IBM WebSphere Application Server: The Web Portal Manager component of Access Manager for e-business V3.9 has a prerequisite of IBM WAS V4.0 with Fixpack 2.
  • Multiple Authentication Mechanisms and SSO: This release adds new support for WPM to be secured behind the WebSEAL component with Single Sign-On. This capability enables administrators to leverage WebSEAL's authentication mechanisms to force higher security measures for administrative users of WPM.
  • Usability Improvements: Several new usability items are provided in Access Manager for e-business V3.9 by:
    • Showing the object space tree in a Windows NT® Explorer-like style
    • Improving the delegated administration screen layout
    • Making the attachment of ACLs to objects easy
    • Providing a common look-and-feel between WPM and IBM Tivoli Identity Manager GUI
    • Providing customization that allows users to either complement WPM with their own application-specific functions or change WPM itself to be more like their own tool; for example, to replace the background screen for the login and main pages
  • Self-Registration Sample: This release adds a new self-registration capability that allows users to immediately self-enroll using a Web Registration application without an administrator involved or having to be manually created. One scenario is that a user goes to a self-registration URL, and specifies some company-specific identification (for example, a credit card number, a member number, or a social security number), along with their user ID and password to be used by Access Manager. In this scenario, a company-specific self-registration process (to be implemented by the registration tool) determines the validity of the company-specific information before creating the user in the user registry. A sample Java Server Page (JSP) will be provided to show you how to implement scenarios similar to the one outlined above with WPM.
  • Customer Self-Care: This feature allows users to be able to change their passwords.

Support for IBM SecureWay Directory

IBM Access Manager for e-business V3.9 provides support for IBM SecureWay Directory V3.2.1 and V3.2.2 (with IBM DB2® V7.2) and IBM SecureWay Directory 4.1 (with IBM DB2 V7.2) as a native user registry. However the quick install option will only support IBM SecureWay Directory V3.2.2 and media packs will ship IBM SecureWay Directory V3.2.2. Also note that new functions (such as Hardware-based SSL Acceleration) in V3.9 will be available only on IBM SecureWay Directory V3.2.2 and V4.1 using GSKit version 5. Entitled customers can download IBM SecureWay Directory V4.1 from the Web site.

Support for iPlanet Directory Server

IBM Access Manager for e-business provides support for iPlanet Directory Server 5.0 as a native registry. This support can enable enterprises to leverage Access Manager for e-business V3.9 in an iPlanet Directory environment as a native user registry for user and credential management.

New Microsoft Active Directory Support

Access Manager Version 3.9 broadens directory support to include Microsoft Active Directory that ships with Windows 2000 Advanced Server. MS Active Directory support enables enterprises to configure MS Active Directory as the default directory for Access Manager.

Support for Domino Registry

This version supports Lotus Domino as Access Manager's user registry. The Domino support consists of two components, a client component that is supported only on Windows 2000 and Windows NT and a server component that is supported on most UNIX and Windows platforms. Domino Server R5.0.4 will be the server component supported in Access Manager for e-business. Access Manager configurations must conform to this limitation to make use of the Domino support.

Linux Runtime and API Support

Expanded platform coverage is offered with support for the Red Hat Linux 7.1 platform. This includes:

  • Policy Director (PD) runtime services (PDRTE)
  • Authorization and Administration API (PDauthADK)
  • Java Authentication and Authorization Program (JAAS) and Java 2 Security and PD Java Admin API (PDJrte)

New Support for RSA ACE Server 5 in Token CDAS

Access Manager for e-business V3.9 will support ACE Server 5 in the Token CDAS implementation.

WebSEAL Component Enhancements

Hardware SSL Acceleration Support: This is the ability for WebSEAL to leverage the SSL hardware acceleration support provided in GSKit 5 SSL-based Hardware Acceleration. Check with the product documentation for an exact list of card types and platforms supported by Access Manager. This release does not provide support for Tamper Resistant Devices.

Forced Login (Reauthentication): Reauthentication is the ability for the WebSEAL component to force the user to login again and present authentication credentials based on either a policy setting or a session timeout. The reauthentication step will prompt the user to reenter the same authentication information initially entered. The process of reauthentication will preserve session-specific data across reauthentication steps.

Handling HTTP POST for Authentication and Reauthentication: The plug-in will cache POST data sent by a client while negotiating the reauthentication request. After the reauthentication, it will use this cached data to resume the previous POST transaction.

Support for Transport Layer Security (TLS) Protocol: TLS is a new standard version of secure communication between browsers and Web servers. WebSEAL supports TLS communications.

Support for HTTP 1.1: In V3.9 the WebSEAL component supports the HTTP 1.1 protocol with junctioned Web applications. The WebSEAL component, itself, will not support HTTP 1.1 primitives, except for a limited subset of HTTP 1.1 caching directives.

Junction Fairness: Junction Fairness allows configuration of the maximum percentage of WebSEAL threads that can be "allocated" to servicing requests to a particular junction, or as a global setting for all junctions.

Forms-Based Web SSO: The WebSEAL component can initiate an SSO transaction with a back-end application that uses an HTML form to prompt for authentication information. This functionality will significantly increase the SSO ability of the WebSEAL component.

Session Management Services: The concept of Web Session Management Services (managing and controlling user sessions) provides enterprises with high levels of flexibility in defining how to manage user sessions in intra-enterprise and cross-enterprise (affiliate) environment. Web Session Management enables you to manage your customer relationships. This release of the WebSEAL component delivers the first phase of session management by being able to provide back-end applications with a session ID that is consistent across re-authentications. This session ID will be available to the back-end via the tag-value supplied HTTP header.

Customer Care Management: Version 3.9 adds new customer care capabilities by delivering a new Switch-User capability. An administrator can log onto the Access Manager as another user without the user's password. This feature will be an essential aid to administrators to better serve customers (for example, call-center administrators can login as call-center operators to aid customer service) as well as an aid in problem diagnosis, and in helping administrators respond to customer support issues.

Virtual Hosting using Multiple Instances: The WebSEAL component configuration and unconfiguration tasks are enhanced to allow multiple WebSEAL component server instances to be created.

Integration with Independent Software Vendor (ISV) Solutions: V3.9 integrates with portal, CRM, Content Management, and supply-chain applications. For the latest information on supported ISV solutions contact your IBM representative.

Euro Currency

This program is not impacted by euro currency.

Product Positioning

IBM Tivoli Access Manager for e-business V3.9 is positioned as an end-to-end enterprise security management solution. Tivoli Access Manager for e-business delivers rapid time to value in solution deployment by enabling enterprises complete control at the infrastructure level to open up their application infrastructure to authorized customers, partners, suppliers, and so forth.

Key solution characteristics include:

  • Flexible cross-domain Web Single Sign-On capability for end-user access across multiple Internet domains.
  • A consistent security model that enables enterprises to consistently reuse common definitions of security policies across many applications.
  • A flexible security management portal that provides a federated Web-based administration capability.
  • An end-to-end extensible security platform (Web, J2EE, middleware, and legacy) that addresses the end to-end security value proposition:
    • Leverage common security model for Web applications, Application Servers, CRM, ERP, SCM, and Portals.
    • Multi-platform enterprise security management solution that extends across Windows, UNIX, OS/390®, and Linux platforms.
    • New support for Linux on zSeries (OS/390 hardware with SuSe Linux [2.4 Kernel based]) delivers a RACF®-like solution that enables enterprises to leverage the proven OS/390 hardware as their business management deployment platform for managing distributed e-business as well be able to leverage direct integration with legacy applications running on native z/OS™.

Migration

If you are licensed for Tivoli Policy Director and your IBM Tivoli Support or Passport Advantage Software Maintenance contract is current, you are entitled to migrate to IBM Tivoli Access Manager for e-business V3.9 at no charge. The migration must be completed by September 30, 2002, and it is for the environment that is currently licensed only. Once you migrate to IBM Tivoli Access Manager for e-business V3.9, Software Maintenance must remain in effect for entitlement to updates for IBM Tivoli Access Manager for e-business V3.9. If there is a lapse in Software Maintenance, you must order Software Maintenance after License to again be entitled to updates.

If you have IBM Tivoli Support or Passport Advantage Software Maintenance in effect, and have not yet migrated to IBM Tivoli Access Manager for e-business V3.9, you are entitled to updated code for IBM Tivoli Access Manager for e-business V3.9 as it becomes available. You are entitled to use all components of IBM Tivoli Access Manager for e-business V3.9 to the extent covered in your current licensing until September 30, 2002.

For example, if you have acquired Tivoli Management Points for Tivoli Policy Director and you are current on your Tivoli Support or Passport Advantage Software Maintenance, you are entitled to use all components of IBM Tivoli Access Manager for e-business V3.9 under the existing IBM Tivoli terms and conditions of your Tivoli Policy Director licensing.

If you are licensed for Tivoli Policy Director but do not have a current IBM Tivoli Support or Passport Advantage Software Maintenance contract in effect at the time of withdrawal of IBM Tivoli Support and Passport Advantage Software Maintenance for Tivoli Security Manager, you will have to acquire a license for IBM Tivoli Access Manager for e-business to be entitled to updates.

Note: Tivoli Policy Director will be withdrawn from ordering effective May 9, 2002, and related Tivoli Support feature numbers and Passport Advantage Software Maintenance part numbers for this product will be withdrawn from ordering effective September 30, 2002. Refer to Withdrawal Announcement 902-083 , dated April 9, 2002.

Trademarks

 
z/OS is a trademark of International Business Machines Corporation in the United States or other countries or both.
 
SecureWay, WebSphere, AIX, DB2, OS/390, and RACF are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Microsoft is a trademark of Microsoft Corporation.
 
Windows and Windows NT are registered trademarks of Microsoft Corporation.
 
Java is a trademark of Sun Microsystems, Inc.
 
UNIX is a registered trademark is a registered trademark of the Open Company in the United States and other countries.
 
Tivoli is a registered trademark of International Business Machines Corporation or Tivoli Systems Inc. in the United States or other countries or both.
 
Domino is a trademark of Lotus Development Corporation and/or IBM Corporation.
 
Lotus is a registered trademark of Lotus Development Corporation and/or IBM Corporation.
 
Other company, product, and service names may be trademarks or service marks of others.

Education Support

Training is available for many Tivoli® products. Education is offered through IBM Education and Training, and through Tivoli Systems. Worldwide information about education offerings is available on the IBM Education and Training home page at:

For current information on Tivoli Systems education, call 512-436-8000, or visit the Tivoli Systems home page at:

Offering Information

Product information will be available on day of announcement through Offering Information (OITOOL) at:

Publications

The following hardcopy publication is shipped with this program:

  • IBM Tivoli Access Manager for e-business Read Me First (GI11-0918)

The following publications can be ordered after planned availability from the IBM Publications Center Portal, your IBM representative, or your authorized IBM Business Partner:

  • IBM Tivoli Access Manager for e-business Release Notes (GI11-0919)
  • IBM Tivoli Access Manager Base Installation Guide (GC32-0844)
  • IBM Tivoli Access Manager Base for Linux on zSeries Installation Guide (GC23-4796)
  • IBM Tivoli Access Manager Base Administrator's Guide (GC23-4684)
  • IBM Tivoli Access Manager WebSEAL Installation Guide (GC32-0848)
  • IBM Tivoli Access Manager WebSEAL for Linux on zSeries Installation Guide (GC23-4797)
  • IBM Tivoli Access Manager WebSEAL Administrator's Guide (GC23-4682)
  • IBM Tivoli Access Manager for e-business Read Me First (GI11-0918)
  • IBM Tivoli Access Manager Administration C API Developer's Reference (GC32-0843)
  • IBM Tivoli Access Manager Administration Java™ Classes Developer's Reference (SC32-0842)
  • IBM Tivoli Access Manager Authorization C API Developer's Reference (GC32-0849)
  • IBM Tivoli Access Manager Authorization Java Classes Developer's Reference (GC32-4688)
  • IBM Tivoli Access Manager Plug-in for Edge Server User's Guide (GC23-4685)
  • IBM Tivoli Access Manager Capacity Planning Guide (GC32-0847)
  • IBM Tivoli Access Manager Performance Tuning Guide (GC43-0846)
  • IBM Tivoli Access Manager WebSEAL Developer's Reference (GC23-4683)
  • IBM Tivoli Access Manager Plug-in for Web Servers User's Guide (GC23-4686)
  • IBM Tivoli Access Manager for WebSphere® Application Server User's Guide (GC32-0850)
  • IBM Tivoli Access Manager for WebLogic Server User's Guide (GC32-0851)
  • IBM Tivoli Access Manager Error Message Reference (SC32-0845)

The Publication Notification System (PNS) is available by order number/product number. Customers currently subscribing to PNS will automatically receive notifications by e-mail. Customers who wish to subscribe can visit the PNS Web site location at:

The IBM Publications Center Portal:

The Publications Center is a worldwide central repository for IBM product publications and marketing material with a catalog of 70,000 items. Extensive search facilities are provided, as well as payment options via credit card. Furthermore, a large number of publications are available online in various file formats, which can currently be downloaded free of charge.

Note that PNS subscribers most often order their publications via the Publication Center.

Displayable Softcopy Publications

IBM Tivoli Access Manager for e-business V3.9 manuals are offered in displayable softcopy form. The available manuals are:

  • IBM Tivoli Access Manager for e-business Release Notes (GI11-0919)
  • IBM Tivoli Access Manager Base Installation Guide (GC32-0844)
  • IBM Tivoli Access Manager Base for Linux on zSeries Installation Guide (GC23-4796)
  • IBM Tivoli Access Manager Base Administrator's Guide (GC23-4684)
  • IBM Tivoli Access Manager WebSEAL Installation Guide (GC32-0848)
  • IBM Tivoli Access Manager WebSEAL for Linux on zSeries Installation Guide (GC23-4797)
  • IBM Tivoli Access Manager WebSEAL Administrator's Guide (GC23-4682)
  • IBM Tivoli Access Manager for e-business Read Me First (GI11-0918)
  • IBM Tivoli Access Manager Administration C API Developer's Reference (GC32-0843)
  • IBM Tivoli Access Manager Administration Java Classes Developer's Reference (SC32-0842)
  • IBM Tivoli Access Manager Authorization C API Developer's Reference (GC32-0849)
  • IBM Tivoli Access Manager Authorization Java Classes Developer's Reference (GC32-4688)
  • IBM Tivoli Access Manager Plug-in for Edge Server User's Guide (GC23-4685)
  • IBM Tivoli Access Manager Capacity Planning Guide (GC32-0847)
  • IBM Tivoli Access Manager Performance Tuning Guide (GC43-0846)
  • IBM Tivoli Access Manager WebSEAL Developer's Reference (GC23-4683)
  • IBM Tivoli Access Manager Plug-in for Web Servers User's Guide (GC23-4686)
  • IBM Tivoli Access Manager for WebSphere Application Server User's Guide (GC32-0850)
  • IBM Tivoli Access Manager for WebLogic Server User's Guide (GC32-0851)
  • IBM Tivoli Access Manager Error Message Reference (SC32-0845)
The displayable manuals are shipped on CD-ROM along with the basic machine-readable CD-ROM.

Translated, displayable publications will be shipped on CD-ROM along with the basic machine-readable CD-ROM beginning August 23, 2002.

The following documents will not be translated:

  • IBM Tivoli Access Manager Base for Linux on zSeries Installation Guide (GC23-4796)
  • IBM Tivoli Access Manager WebSEAL for Linux on zSeries Installation Guide (GC23-4797)
Publications will also be available from the following Web site: Publications in English will be available May 17, 2002. Translated publications will be available July 26, 2002.

Technical Information

Specified Operating Environment

Hardware Requirements

Hardware platforms supporting the operating systems at the software levels stated in the Software Requirements section.

Minimum/recommended processor, disk space, and memory requirements for IBM Tivoli Access Manager for e-business V3.9 follow:

  • Processor: 300 MHz/400 MHz
  • Disk space excluding WebSphere, Web server, or Web browser: 101 MB/226 MB
  • Memory excluding WebSphere, Web server, or Web browser: 224 MB/576 MB

Software Requirements

IBM Tivoli Access Manager for e-business V3.9 runs on the following operating systems:

  • Access Manager Base
    • IBM AIX® 4.3.3 and 5.1.0
    • Sun Solaris 7 and 8
    • Hewlett-Packard HP-UX 11.0
    • Windows NT® 4.0 with SP 6a
    • Windows® 2000 Advanced Servers with SP 2
    • Red Hat Linux 7.1 (Intel® only) — Runtime, Java Runtime, and Authorization ADK components only
    • SuSE Linux Enterprise Server 7 for S/390® and IBM e(logo)server zSeries (2.4 Kernel based)
  • Access Manager WPM
    • IBM AIX 4.3.3 and 5.1.0
    • Sun Solaris 7 and 8
    • Windows NT 4.0 with SP 6a
    • Windows 2000 Advanced Servers with SP 2
  • Access Manager WebSEAL
    • IBM AIX 4.3.3 and 5.1.0
    • Sun Solaris 7 and 8
    • Hewlett-Packard HP-UX 11.0
    • Windows NT 4.0 with SP 6a
    • Windows 2000 Advanced Servers with SP 2
    • Hewlett-Packard HP-UX 11.0
    • SuSE Linux Enterprise Server 7 for S/390 and zSeries (2.4 Kernel based)
  • Access Manager Plug-in for Edge Server
    • IBM AIX 4.3.3 and 5.1.0
    • Sun Solaris 7 and 8
    • Windows NT 4.0 with SP 6a
    • Windows 2000 Advanced Servers with SP 2
    • Red Hat Linux 7.1 (Intel only)
  • Access Manager Plug-in for Web Servers
    • IBM AIX 5.1.0
    • Sun Solaris 7
    • Windows 2000 Advanced Servers with SP 2
  • Access Manager for WebSphere Application Server
    • IBM AIX 4.3.3 and 5.1.0
    • Sun Solaris 7 and 8
    • Hewlett-Packard HP-UX 11.0
    • Windows NT 4.0 with SP 6a
    • Windows 2000 Advanced Servers with SP 2
    • Red Hat Linux 7.1 (Intel only)
  • Access Manager for WebLogic Server
    • IBM AIX 4.3.3 and 5.1.0
    • Sun Solaris 7 and 8
    • Hewlett-Packard HP-UX 11.0
    • Windows NT 4.0 with SP 6a
    • Windows 2000 Advanced Servers with SP 2
    • Red Hat Linux 7.1 (Intel only)

Planning Information

Packaging: IBM Tivoli Access Manager for e-business V3.9 is distributed with:

  • International Program License Agreement (IPLA) (Z125-3301)
  • IBM Addendum for Support for Tivoli (Z125-6189)
  • IBM Agreement for Acquisition Support (Z125-6011)
  • License Information document (GC23-4479)
  • The following CD-ROMs:
    • IBM Tivoli Access Manager Base for AIX, Version 3.9 (LK3T-8469)
    • IBM Tivoli Access Manager Base for Solaris, Version 3.9 (LK3T-8470)
    • IBM Tivoli Access Manager Base for Linux, Version 3.9 (LK3T-8471)
    • IBM Tivoli Access Manager Base for Linux on zSeries, Version 3.9 (LK3T-8472)
    • IBM Tivoli Access Manager Base for HP-UX, Version 3.9 (LK3T-8473)
    • IBM Tivoli Access Manager Base for Windows, Version 3.9 (LK3T-8474)
    • IBM Tivoli Access Manager Web Portal Manager for Windows, Version 3.9 (LK3T-8475)
    • IBM Tivoli Access Manager Web Portal Manager for Solaris, Version 3.9 (LK3T-8476)
    • IBM Tivoli Access Manager Web Portal Manager for AIX, Version 3.9 (LK3T-8477)
    • IBM Tivoli Access Manager Web Security for AIX, Version 3.9 (LK3T-8478)
    • IBM Tivoli Access Manager Web Security for Solaris, Version 3.9 (LK3T-8479)
    • IBM Tivoli Access Manager Web Security for Linux, Version 3.9 (LK3T-8480)
    • IBM Tivoli Access Manager Web Security for Linux for zSeries, Version 3.9 (LK3T-8481)
    • IBM Tivoli Access Manager Web Security for HP-UX, Version 3.9 (LK3T-8482)
    • IBM Tivoli Access Manager Web Security for Windows, Version 3.9 (LK3T-8483)
    • IBM Tivoli Access Manager Language Support, Version 3.9 (LK3T-8484)
The following CD-ROM will be available August 2002:
  • IBM Tivoli Access Manager Documentation, Version 3.9 (LK3T-8485)

Security, Auditability, and Control

IBM Tivoli Access Manager for e-business V3.9 uses the security and auditability features of the operating system software.

The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.

Ordering Information

Passport Advantage Customer: Media Pack Entitlement Details

Customers with active maintenance or subscription for Tivoli SecureWay® Policy Director are entitled to receive the following media pack:

                                                          Part
Media Pack Description                                    Number
 
IBM Tivoli Access Manager for e-business                  BJ04CML
 V3.9 Media Pack

New Licensees

Orders for new licenses will be accepted now.

Shipment will begin on the planned availability date.

Ordering Information for Passport Advantage

To order a media pack for Passport Advantage, specify the applicable part number in the desired quantity from the following table:

                                                          Part
Description                                               Number
 
IBM Tivoli Access Manager for e-business                  BJ04CML
 V3.9 Media Pack

Entitled customers that receive the media pack prior to August 23, 2002, will be shipped translated publications on CD-ROM.

The quantity of the Passport Advantage part numbers in the following table is based on the number of required Tivoli Management Points. To order for Passport Advantage, specify the desired part number and quantity.

                                                          Part
Description                                               Number
 
IBM Tivoli Access Manager for e-business                  D57V4LL
 Tivoli Mgmnt Point License and Software
 Maintenance 1st Anniversary
 
IBM Tivoli Access Manager for e-business                  D57V5LL
 Tivoli Mgmnt Point License and Software
 Maintenance Second Anniversary
 
IBM Tivoli Access Manager for e-business                  E17W1LL
 Tivoli Mgmnt Point Software Maintenance
 Renewal to Anniversary Date
 
IBM Tivoli Access Manager for e-business                  D57WTLL
 Tivoli Mgmnt Point Software Maintenance
 after License to Anniversary Date
 
IBM Tivoli Access Manager for e-business                  D516WLL
 Unlimited User Option Processor License
 and Software Maintenance 1st Anniversary
 
IBM Tivoli Access Manager for e-business                  D516XLL
 Unlimited User Option Processor License
 and Software Maintenance Second Anniversary
 
IBM Tivoli Access Manager for e-business                  E00B1LL
 Unlimited User Option Processor Software
 Maintenance Renewal to Anniversary Date
 
IBM Tivoli Access Manager for e-business                  D516YLL
 Unlimited User Option Processor Software
 Maintenance after License to Anniversary Date

Scalable Usage Model Table

                    Tivoli Management Points per 1000 Users
 
Scalable Usage
 Level           1        2       3        4           5          6
 
Cumulative Users
 
Minimum          1    5,001  15,001   50,001     150,001    500,001
Maximum      5,000   15,000  50,000  150,000     500,000  1,000,000
 
Tivoli Management Points
 
               650      490     260      165         125        100
 
Scalable Usage
Level                  7            8             9           10
 
Cumulative Users
 
Minimum        1,000,001    3,000,001    10,000,001   20,000,001
Maximum        3,000,000   10,000,000    20,000,000   50,000,000
 
Tivoli Management Points
 
                      50           45            30           25

Withdrawal of Passport Advantage Part Numbers

The following Passport Advantage part numbers are withdrawn effective immediately:

                                                          Part
Description                                               Number
 
Tivoli SecureWay Policy Director V3.8                     BJ00BML
Media Pack -- Multilingual
 
Tivoli SecureWay Policy Director for                      BJ6QCIE
 Application Servers V3.6.1 Media
 Pack -- Multilingual

Customized Offerings

Product media is shipped only via Customized Offerings (that is, CBPDO, ServerPac, Systempac®). Noncustomized items (CDs, diskettes, source media, media kits) will continue to be shipped via the stand-alone product.

Terms and Conditions

Terms and conditions for IBM Passport Advantage are as follows.

Agreement: For orders under Passport Advantage: IBM IPLA, IBM International Passport Advantage Agreement (PAA), and an IBM International Passport Advantage Agreement Enrollment Form

Transferable: Yes, except for programs acquired at a discount or allowance

Limited Warranty Applies: Yes

Guarantee: 30 day money-back guarantee

Usage Restriction: Yes. Usage is limited to the quantity of processors and clients licensed.

Volume Offering (IVO): No

Upgrade Protection Applies: Covered as long as Tivoli Support or Passport Advantage Software Maintenance is in effect.

Educational Allowance Available: Yes, to qualified education institution customers

Percentage: 15%

Licensed Program Materials Availability:

  • Restricted Materials of IBM: None
  • Nonrestricted Source Materials: None
  • Object Code Only (OCO): All

Maintenance Applies:

  • Software Maintenance under Passport Advantage: Yes
  • Support for Tivoli products: Yes

Complementary Introductory Support: Not available

Program Services and End of Support: Program services for an IBM Tivoli program are one year from the date IBM or your Business Partner makes the program available to you. The program services duration period shall be less than one year for programs acquired after the announcement of a program's end-of-support (EOS) date.

EOS for programs or versions/releases of programs will be announced 12 months prior to the effective date.

Tivoli Support and Passport Advantage Software Maintenance

  • Support Center applies:
    • Yes.
    • Access is available through the IBM Support Center, 800-237-5511.
  • Availability of Passport Advantage Software Maintenance:
    • Passport Advantage Software Maintenance is provided at no additional charge for each eligible program acquired during the initial term.
    • Passport Advantage Software Maintenance is provided at an additional charge for all eligible programs in the second and subsequent terms.
  • Passport Advantage Software Maintenance is available until:
    • Twelve months after announcement of product discontinuance (that is, end-of-life [EOL])
  • Passport Advantage Software Maintenance is applicable to:
    • The current release
    • The immediate previous release for 12 months after the general availability of the current release
  • APAR Mailing Address:
      Tivoli Systems Inc.
      11400 Burnet Road
      Austin, TX 78758
      USA
      Attention: Product Development

IBM Operational Support Services — Support Line: No

Product Web Site: A complete list of products, terminology definitions, and licensing documents are available at the following Web site:

Prices

Passport Advantage

For Passport Advantage and charges, contact your IBM representative or your authorized IBM Business Partner. For additional information about the Passport Advantage offering, visit the following Web site:

Order Now

 Use Priority/Reference Code: YE001
 
 Phone:     800-IBM-CALL
 Fax:       800-2IBM-FAX
 Internet:  ibm_direct@vnet.ibm.com
 Mail:      IBM Atlanta Sales Center
            Dept. YE001
            P.O. Box 2690
            Atlanta, GA  30301-2690

You can also contact your local IBM Business Partner or IBM representative. To identify them, call 800-IBM-4YOU.

Note: Shipments will begin after the planned availability date.

Trademarks

 
zSeries is a trademark of International Business Machines Corporation.
 
The e-business logo is a trademark of International Business Machines Corporation in the United States or other countries or both.
 
WebSphere, AIX, S/390, SecureWay, and Systempac are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Intel is a registered trademark of Intel Corporation.
 
Windows NT and Windows are registered trademarks of Microsoft Corporation.
 
Java is a trademark of Sun Microsystems, Inc.
 
Tivoli is a registered trademark of International Business Machines Corporation or Tivoli Systems Inc. in the United States or other countries or both.
 
Other company, product, and service names may be trademarks or service marks of others.