Feedback
 ENUSZP08-0192.PDF (16KB)

IBM Tivoli Access Manager for e-business V6.1 delivers application security controls, performance enhancements, and enhanced support within a Microsoft .NET environment

Europe


Table of Contents

Announcement Letter No. ZP08-0192 dated April 08, 2008.

  • Title
  • Overview
  • Key prerequisites
  • At a glance
  • Description
  • Accessibility by people with disabilities
  • Product positioning
  • Program number
  • Supplemental information

  • Education support
  • Offering information
  • Publications
  • Technical information
  • Specified operating environment
  • Planning information
  • Security, auditability and control
  • IBM Tivoli Enhanced Value-Based Pricing
  • IBM Tivoli Enhanced Value-Based Pricing terminology definitions
  • Passport Advantage
  • Distributed pricing examples
  • Ordering information
  • Current licensees
  • New licensees
  • Basic license
  • Integrated technology services (IBM Global Services)
  • Prices
  • Terms and conditions
  • IBM Electronic Services
  • Announcement countries

  • Announcement Letter No. ZP08-0192 dated April 08, 2008.


    See final section for details of availability and limitations, if applicable.


    Title

    IBM Tivoli Access Manager for e-business V6.1 delivers application security controls, performance enhancements, and enhanced support within a Microsoft .NET environment

    Overview

    Tivoli Access Manager for e-business V6.1, an authentication and authorization hub for Web applications, not only centralizes security management, but it can make it easy and more cost effective to deploy secure applications. Tivoli Access Manager for e-business extends the ability to secure a heterogeneous application infrastructure while adding performance, scalability, and integration improvements.

    Key features include:

    • Enhanced Microsoft .NET infrastructure support providing single sign-on between Windows desktops and back-end applications using Kerberos ticket

    • Addresses performance and scalability by supporting non-standard IP load balancers and configurable administrative domains that support multiple WebSEAL (Tivoli Access Manager for e-business' reverse proxy) instances

    • New integration with browser-based antifraud support is offered by the addition of an HTTP-only cookie attribute to WebSEAL and extending TAM certificate support to use Online Certificate Status Protocol (OCSP)

    • Improvements in session management services and additional integration with IBM software

    If you are seeking either a standardized federation solution supporting SAML, Liberty, WS-Federation, or a Web services security management capability, you can upgrade from Tivoli Access Manager for e-business to Tivoli Federated Identity Manager.


    Key prerequisites

    For details, refer to the Software requirements section.

    At a glance

    IBM Tivoli Access Manager for e-business V6.1:

    • Seamlessly integrates into a Microsoft .NET infrastructure by:

      • Enhancing SPNEGO protocol junction support in WebSEAL to the backend .NET applications.(Tivoli Federated Identity Manager offers the ability to generate and issue the requisite kerberos tickets.)

      • Enhancing Active Directory support and providing Active Directory Application Mode Support as an user registry

    • Providing browser-based antifraud support with option to add an HTTP-only cookie attribute to WebSEAL and extending TAM certificates to use Online Certificate Status Protocol (OCSP)

    • Offers an improved operational experience by:

      • Extending performance to support non-standard, IP load balancers

      • Providing configurable administrative domains that support multiple, instances of WebSEAL

      • Delivering improved session management services

      • Including a newly bundled Tivoli Common Reporting to provide built-in report capabilities for TAM.

    Planned availability dates

    • April 18, 2008 for electronic availability

    • May 2, 2008 for media availability

    Description

    IBM Tivoli Access Manager for e-business V6.1 is a versatile application security solution that provides flexible authentication and a centralized authorization for web access management. Primarily focused on Web applications, Tivoli Access Manager for e-business implementations vary from simple Web single sign-on (SSO) to more highly scalable application security infrastructure deployments.

    Tivoli Access Manager for e-business can help you manage compliance, growth, and complexity of new application deployments while helping control escalating management costs of securing large number of Web applications across the enterprise. Furthermore, Tivoli Access Manager for e-business helps you address the difficulties of implementing consistent security policies across a wide range of Web and application resources. It works by centrally managing access control policy for numerous enforcement points that can be placed as a proxy in front of Web applications, or through authorization and authentication plug-ins directly into a Web or application-server environment. For authorized users, Tivoli Access Manager for e-business integrates with Web applications and servers to deliver a secured and unified business experience. It helps you secure access to business-critical applications and data spread across the extended enterprise, allowing highly available, scalable transactions with business partners, customers, suppliers, and employees.

    Tivoli Access Manager for e-business helps you:

    • Define and manage a centralized authentication, access control policy for a broad range of business initiatives such as employee, customer and business partner portal, CRM and ERP systems upgrades, new ECM and business intelligence platforms deployments, e-procurement, cross-company SSO and outsourcing projects.

    • Enable flexible SSO to heterogeneous Web-based applications that can span multiple sites or domains. By integrating with other SSO providers (such as Kerberos support from a Microsoft domain logon and client/server SSO solution), Tivoli Access Manager for e-business provides a unified authentication for the users across all system interactions.

    • Provide a base for the federation of user identities. For standardized cross-domain authentication (federation), Tivoli Access Manager for e-business customers can upgrade to Tivoli Federated Identity Manager - a modular access control solution for cross-domain SSO.

    • Strengthen your Web application security with browser-based antifraud support and minimize the threat of common vulnerabilities affecting Web application deployments in production use.

    • Maximize your existing hardware and operating system investments

    For details on how it provides these capabilities, see key enhancements below and/or refer to the IBM Tivoli Access Manager for e-business V6.0 Programming Announcement letter ZP05-0463 dated November 29, 2005 IBM Tivoli Access Manager for e-business V6.1 key enhancements

    Improved operational experience

    To strengthen performance and scalability, Tivoli Access Manager for e-business V6.1 supports non-standard, secure IP load balancers. It also has configurable administrative domains that are able to support multiple, distinct instances of WebSEAL - Tivoli Access Manager's reverse proxy component - on a single directory and LDAP server.

    Additional enhancements to Tivoli Access Manager's session management services delivers the ability to limit the number of sessions created on a per realm basis so new logins will be blocked once the maximum number has been reached. The new dynamic configuration feature helps eliminate session management server restarts. And high availability is now built-in by allowing multiple session management server instances via WebSphere Application Server ND. Finally, replication of the session cache has been enabled across the WebSphere Application Server cluster. With the a newly bundled Tivoli Common Reporting, administrators are able to generate consistent product reports with other Tivoli products and can also replace the need to acquire third party business intelligence reporting license for the product-level, built-in reports. Administrators can continue to use the TAM's built-in common auditing and reporting service (CARS) components to capture and store audit data to mine and generate custom product reports.

    Antifraud support

    A common security problem plaguing many Web servers today is known as cross-site scripting. This server-side vulnerability allows code injection by malicious users into the Web pages viewed by other users. As a result, sensitive information about the users of the site can be exposed. Both Microsoft Internet Explorer 6 SP1 and Firefox 2.0 have new cookie attributes preventing them from being accessed by client-side scripts - known as an HTTP-only cookie. Information in the HTTP-only cookie is less likely to be disclosed. Tivoli Access Manager's WebSEAL component has been enhanced to optionally add the HTTP-only attribute to the set-cookie headers it uses for sessions and failover.

    Microsoft .NET Infrastructure Support

    To accommodate seamless, SSO between Windows desktops and back-end applications, Tivoli Access Manager has added SPNEGO protocol support to the WebSEAL component to pass Kerberos-based tokens directly over to .NET applications, such as Microsoft Sharepoint and Exchange servers. And additional support for both Microsoft Active Directory and Active Directory Application Mode is also available. Tivoli Access Manager honors password changes for Active Directory - multi-platform support. User passwords can now be directly changed with LDAP APIs rather than the Access Manager Policy server. UserPrincipalName (UPN) support for Active Directory is also available. This enables the use of Active Directory's alternate users UPN e-mail address for authentication and SSO. Finally, Tivoli Access Manager now supports Active Directory Access Mode as a user registry.

    Enhanced IBM and non-IBM software integration

    Tivoli Access Manager for e-business V6.1 delivers integration with other IBM software products.

    • Tivoli Access Manager for e-business reports enhanced with Business Intelligence and Reporting Tools (BIRT)

    • Tivoli Access Manager for e-business enhanced with IBM Tivoli Monitoring V2.7

    • IBM Tivoli Security Operations Manager and IBM Tivoli Compliance Insight Manager integration with Tivoli Access Manager for e-business for a closed-loop access control and application security solution

    • Tivoli Access Manager for e-business V6.1 includes support to updated third-party software integration. IBM works with the leading application providers through its "Ready for Tivoli" program to build and support out-of-box integrations. You can secure customer, suppliers, employee, and business partner connectivity across:

      • Web servers

        • J2EE-based application servers, such as IBM WebSphere Application Server, BEA WebLogic Server and Oracle Application Server

        • XML firewalls and gateways

      • Leading Web applications including:

        • Cognos

        • FileNet P8 platform

        • Lotus Domino

        • Lotus iNotes

        • Lotus Quickplace

        • Lotus Sametime

        • Microsoft Exchange

        • Microsoft Sharepoint Portal

        • Microsoft Sharepoint Services

        • Oracle Database

        • Oracle eBusiness

        • Peoplesoft PeopleTools

        • SAP AS ABAP

        • SAP AS Java

        • SAP ERP

        • SAP Internet Transaction Server (ITS)

        • SAP Netweaver Portal

        • SAP R/3

        • Sibel

      Plus others - the list grows via IBM integrations and the Ready for Tivoli program.

      Tivoli Access Manager for e-business also accommodates a broad range of possible user-authentication mechanism including user IDs and passwords, client-side certificates, risk-based authentication with soft certificates, all-in-one token (one-time password, USB smartcards, with secure storage), soft certificate and soft one-time password, biometric, mobile and wireless identities, PKI-USB token, OTP only as well as even integration with smart card for physical and network access.

    Accessibility by people with disabilities

    A U.S. Section 508 Voluntary Product Accessibility Template (VPAT) containing details on accessibility compliance can be requested at

    http://www.ibm.com/able/product_accessibility/index.html


    Product positioning

    IBM Tivoli Access Manager for e-business V6.1 is an essential application security solution providing authentication and authorization service to address real-time application security needs and offering web SSO and static entitlement management for Web application resources.

    In the IBM Tivoli security portfolio, Tivoli Access Manager for e-business fulfills the role of user-access control and run-time enforcement - the central point of authentication of the user, and enforcement of resource access control policy. This can be contrasted with Tivoli Identity Manager, which focuses on user provisioning through the management of user identities and passwords in a closed-loop, workflow-based solution.

    Tivoli Access Manager for e-business primarily focuses on solving the problem of managing user access control to heterogeneous Web applications across the enterprise. While Web solutions such as application servers, content managers, and ERP systems have their own disparate security systems, larger Web implementations can externalize these security operations to Tivoli Access Manager for e-business to provide a common single view of user access, deploy stronger authentication (including step-up / 2-factor), and implement a single infrastructure for control of user sessions and logins across all an enterprises applications.

    Also, as customer's SSO needs extend beyond the enterprise to a third party or separate domain within the enterprise (newly acquired division or different line of business), then Tivoli Federated Identity Manager adds federated SSO and Web Services Security standards such as SAML, Liberty, WS-Federation, and WS-Trust support to user access control and run-time enforcement. Tivoli Federated Identity Manager is an access control solution with a run-time enforcement. Although it has "identity" in the product name, it is not another identity management system. Tivoli offers only one identity management system and that is IBM Tivoli Identity Manager.

    Tivoli Access Manager for e-business interoperates with a wide variety of IBM and non-IBM products and platforms to reduce duplication, to maximize integration, and to establish automationfor Web access management.


    Program number

    Program                Program
    number         VRM     name
     
    5724-C87       6.1.0   IBM Tivoli Access Manager for e-business
     
    

    Supplemental information



    Education support

    Comprehensive education for IBM Tivoli products is offered through Worldwide Tivoli Education Delivery Services. A wide range of training options are available, including classes led by instructors, learning on demand, on-site training, and blended learning solutions.

    For additional information, visit

    http://www-306.ibm.com/software/tivoli/education/


    Offering information

    Product information is available via the Offering Information Web site

    http://www.ibm.com/common/ssi

    Also, visit the Passport Advantage Web site

    http://www.ibm.com/software/passportadvantage


    Publications

    Displayable softcopy publications: The Tivoli Access Manager for e-business V6.1 Quick Start Guide, (English) publication will be delivered on a separate publications CD-ROM with the basic machine-readable material. It can also be downloaded from
    http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/ com.ibm.itam e.doc/welcome.htm

    The following English publications may be downloaded at general availability from the following Web site:

    • http://www.ibm.com/software/tivoli/library

    English publications:

    • IBM Tivoli Access Manager for e-business Quick Start Guide (GI11-8174-00)

    • IBM Tivoli Access Manager for e-business Release Notes (GC23-6501-00)

    • IBM Tivoli Access Manager for e-business Upgrade Guide (SC23-6503-00)

    • IBM Tivoli Access Manager for e-business Shared Session Management Administration Guide (SC23-6509-00)

    • IBM Tivoli Access Manager for e-business Performance Tuning Guide (SC23-6518-00)

    • IBM Tivoli Access Manager for e-business Authorization Java Classes Developer Reference (SC23-6516-00)

    • IBM Tivoli Access Manager for e-business Authorization C API Developer Reference (SC23-6515-00)

    • IBM Tivoli Access Manager for e-business Administration Java Classes Developer Reference (SC23-6514-00)

    • IBM Tivoli Access Manager for e-business Administration C API Developer Reference (SC23-6513-00)

    • IBM Tivoli Access Manager for e-business Plug-in for Web Servers Administration Guide (SC23-6507-00)

    • IBM Global Security Kit Secure Sockets Layer Introduction and iKeyman User Guide (SC23-6510-00)

    • IBM Tivoli Access Manager for e-business for Edge Server Administration Guide (SC23-6506-00)

    • IBM Tivoli Access Manager for e-business Auditing Guide (SC23-6511-00)

    • IBM Tivoli Access Manager for e-business Error Message Reference (GI11-8157-00)

    • IBM Tivoli Access Manager for e-business Web Security Developer Reference (SC23-6517-00)

    • IBM Tivoli Access Manager for e-business Problem Determination Guide (GI11-8156-00)

    • IBM Tivoli Access Manager for e-business WebSEAL Administration Guide (SC23-6505-00)

    • IBM Tivoli Access Manager for e-business Command Reference (SC23-6512-00)

    • IBM Tivoli Access Manager for e-business Administration Guide (SC23-6504-00)

    • IBM Tivoli Access Manager for e-business Installation Guide (GC23-6502-00)

    National language publications:

    The following national language publications may be downloaded 60 days ter after general availability from the following Web site:

    • http://www.ibm.com/software/tivoli/library

    French

    • IBM Tivoli Access Manager for e-business Quick Start Guide (GI11-7213-00)

    • IBM Tivoli Access Manager for e-business Release Notes (SC11-2939-00)

    • IBM Tivoli Access Manager for e-business Administration Guide (SC11-2940-00)

    German

    • IBM Tivoli Access Manager for e-business Quick Start Guide (GI11-3108-00)

    Hungarian

    • IBM Tivoli Access Manager for e-business Quick Start Guide (GI22-0102-00)

    • IBM Tivoli Access Manager for e-business Installation Guide (SC22-0482-00)

    Italian

    • IBM Tivoli Access Manager for e-business Quick Start Guide (GI22-0102-00)

    • IBM Tivoli Access Manager for e-business Release Notes (SC13-4066-00)

    • IBM Tivoli Access Manager for e-business Installation Guide (SC13-4060-00)

    • IBM Tivoli Access Manager for e-business Administration Guide (SC13-4067-00)

    • IBM Tivoli Access Manager for e-business WebSEAL Administration Guide (SC13-4061-00)

    • IBM Tivoli Access Manager for e-business Auditing Guide (SC13-4062-00)

    • IBM Tivoli Access Manager for e-business for Edge Server Administration Guide (SC13-4063-00)

    • IBM Global Security Kit Secure Sockets Layer Introduction and iKeyman User Guide (SC13-4068-00)

    • IBM Tivoli Access Manager for e-business Plug-in for Web Servers Administration Guide (SC13-4069-00)

    • IBM Tivoli Access Manager for e-business Performance Tuning Guide (SC13-4070-00)

    • IBM Tivoli Access Manager for e-business Shared Session Management Administration Guide (SC13-4064-00)

    • IBM Tivoli Access Manager for e-business Upgrade Guide (SC13-4065-00)

    Polish

    • IBM Tivoli Access Manager for e-business Quick Start Guide (GI11-8367-00)

    • IBM Tivoli Access Manager for e-business Installation Guide (SC85-0274-00)
    Russian

    • IBM Tivoli Access Manager for e-business Quick Start Guide (GI43-0070-00)

    • IBM Tivoli Access Manager for e-business Installation Guide (SC89-1029-00)

    Spanish

    • IBM Tivoli Access Manager for e-business Quick Start Guide (GI11-7836-00)

    • IBM Tivoli Access Manager for e-business Administration Guide (SC11-3588-00)

    • IBM Tivoli Access Manager for e-business WebSEAL Administration Guide (SC11-3590-00)

    The IBM Publications Center

    http://www.ibm.com/shop/publications/order

    The Publications Center is a worldwide central repository for IBM product publications and marketing material with a catalog of 70,000 items. Extensive search facilities are provided. Payment options for orders are via credit card (in the U.S.) or customer number for 20 countries. A large number of publications are available online in various file formats, and they can all be downloaded by all countries, free of charge.


    Technical information

    Specified operating environment

    Hardware requirements 

    Minimum and recommended processor, disk space, and memory requirements for IBM Tivoli Access Manager for e-business V6.1:

    Description                          Minimum     Recommended
    Processor                            400 MHz     1 GHz
    Disk Space excluding WebSphere,
      Web server, or Web browser         101 MB      226 MB
    Memory excluding WebSphere,
      Web server, or Web browser         224 MB      576 MB
    

    Software requirements 

    IBM Tivoli Access Manager for e-business V6.1 base components - Access Manager Runtime, Java Runtime, Authorization Server, Policy Proxy Server, Policy Server, Web Portal Manager, and Application Development Kit run on the following operating systems.

    • IBM AIX V5.2 or V5.3

    • Sun Solaris 9 or 10 on SPARC

    • Sun Solaris 10 on AMD64

    • Hewlett-Packard HP-UX 11iv2 or 11iv3 on PA-RISC or Itanium

    • Microsoft Windows 2003 Server Standard Edition on x86, AMD64, or EM64T

    • Microsoft Windows 2003 Server Enterprise Edition on x86, AMD64, or EM64T

    • Red Hat Enterprise Linux 4.0 or 5.0 on x86, AMD64 or EM64T on System x, System i, System p, or System z

    • SUSE LINUX Enterprise Server 9 or 10 on x86, AMD64 or EM64T on System x, System i, System p, or System z

    Access Manager Web Portal Manager

    • IBM AIX V5.2 or V5.3

    • Sun Solaris 9 or 10 on SPARC

    • Sun Solaris 10 on AMD64

    • Hewlett-Packard HP-UX 11iv2 or 11iv3 on PA-RISC and Itanium

    • Microsoft Windows 2003 Server Standard Edition on x86, AMD64, or EM64T

    • Microsoft Windows 2003 Server Enterprise Edition on x86, AMD64, or EM64T

    • Red Hat Enterprise Linux Server 4.0 or 5.0 on x86, AMD64, or EM64T on System x, System i, System p, or System z

    • SUSE LINUX Enterprise Server 9 or 10 on x86, AMD64 or EM64t on System x, System i, System p or System z

    Access Manager reverse proxy (WebSEAL)

    • IBM AIX V5.2, or V5.3

    • Sun Solaris 9 or 10 on SPARC

    • Sun Solaris 10 on AMD64

    • Hewlett-Packard HP-UX 11iv2 or 11i3 on PA-RISC and Itanium

    • Microsoft Windows 2003 Server Standard Edition on x86

    • Microsoft Windows 2003 Server Enterprise Edition on x86

    • Red Hat Enterprise Linux 4.0 or 5.0 on x86 on System x or System z

    • SUSE LINUX Enterprise Server 9 or 10 on x86 on System x or System z

    Access Manager Plug-in for Web Servers

    • Apache Web Server 2.0

      • IBM AIX V5.2 or V5.3

      • Sun Solaris 9 or 10 on SPARC

      • Red Hat Enterprise Linux Server 4.0 on System z

      • SUSE LINUX Enterprise Server 9 or 10 on System z

    • IBM HTTP Server V1.3

      • IBM AIX V5.1 or V5.2

      • Sun Solaris 9 or 10 on SPARC

      • Red Hat Enterprise Linux Server 4.0 or 5.0 on x86 on System x or System z

      • SUSE LINUX Enterprise Server 9 or 10 on x86 on System x or System z

      • Microsoft Windows 2003 Server Standard Edition on x86

      • Microsoft Windows 2003 Server Enterprise Edition on x86

    • IBM HTTP Server V2.0

      • IBM AIX V5.2 or V5.3

      • Sun Solaris 9 or 10 on SPARC

      • Red Hat Enterprise Linux Server 4.0 or 5.0 on x86 on System x or System z

      • SUSE LINUX Enterprise Server 9 or 10 on x86 on System x or System z

      • Microsoft Windows 2003 Server Standard Edition on x86

      • Microsoft Windows 2003 Server Enterprise Edition on x86

    • IBM HTTP Server V6.0

      • IBM AIX V5.2 or V5.3

      • Sun Solaris 9 or 10 on SPARC

      • Microsoft Windows 2003 Server Standard Edition

      • Microsoft Windows 2003 Server Enterprise Edition

      • Red Hat Enterprise Linux Server 4.0 or 5.0 on x86 on System x or System z

      • SUSE LINUX Enterprise Server 9 or 10 on x86 on System x or System z

    • Sun Java System Web Server 6.1 SP1

      • IBM AIX V5.1 and V5.2

      • Sun Solaris 9 or 10 on SPARC

    • Sun Java System Web Server 7.0

      • Sun Solaris 9 or 10 on SPARC

    • IBM Edge Component for WebSphere Application Server Network Deployment V6.1

      • IBM AIX V5.2 or V5.3

      • Sun Solaris 9 or 10 on SPARC

      • Red Hat Enterprise Linux Server 4.0 and 5.0 on x86 on System x

      • SUSE LINUX Enterprise Server 9 or 10 on x86 on System x or System z

    • Microsoft IIS 6.0

      • Microsoft Windows 2003 Server Standard Edition on x86

      • Microsoft Windows 2003 Server Enterprise Edition on x86

    Access Manager Session Management Services

    • IBM AIX V5.2 or V5.3

    • Sun Solaris 9 or 10 on SPARC

    • Hewlett-Packard HP-UX 11iv or 11iv3 on PA-RISC

    • Microsoft Windows 2003 Server Standard Edition on x86

    • Mircosoft Windows 2003 Server Enterprise Edition on x86

    • Red Hat Enterprise Linux Server 4.0 or 5.0 on x86 on System x or System z

    • SUSE LINUX Enterprise Server 9 or 10 on x86 on System x or System z

    The following products are included with Tivoli Access Manager for e-business V6.1 for use restricted to Tivoli Access Manager for e-business:

    • IBM Tivoli Directory Server V6.1

    • IBM Tivoli Directory Integrator V6.1.1

    • IBM WebSphere Application Server V6.1

    • IBM DB2 Enterprise Server Edition V9.1

    NOTE: Crystal-based Reports are no longer included with Tivoli Access Manager for e-business V6.1. Tivoli Access Manager for e-business V6.1 now includes a common reporting mechanism.

    The Program's specifications and specified operating environment information may be found in documentation accompanying the Program, if available, such as a read-me file, or other information published by IBM, such as an announcement letter. Documentation and other Program content may be supplied only in the English language.

    Companion products  There are many benefits to including companion products to create a robust security suite, such as including federated and desktop SSO, operating system level access control, user provisioning, privileged user monitoring, and application security with vulnerability scanning.

    Companion products include:

    • IBM Tivoli Access Manager for Operating Systems

    • IBM Tivoli Access Manager for Enterprise Single Sign-On

    • IBM Tivoli Federated Identity Manager

    • IBM Tivoli Identity Manager

    • IBM Tivoli Security Operations Manager

    • IBM Tivoli Compliance Insight Manager

    • IBM Rational AppScan

    Planning information

    Packaging  IBM Tivoli Access Manager for e-business is distributed with:

    • International Program License Agreement (Z125-3301)

    • License Information document (electronic and hardcopy)

    • CD ROM media

    • Publications (refer to the Publications section)
    This program, when downloaded from a Web site, contains the applicable IBM license agreement, and License Information, if appropriate, and will be presented for acceptance at the time of installation of the program. For future reference, the license and License Information will be stored in a directory such as LICENSE.TXT

    Security, auditability and control

    IBM Tivoli Access Manager for e-business uses the security and auditability features of the operating system software.

    The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities. The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.


    IBM Tivoli Enhanced Value-Based Pricing

    IBM Tivoli software products are priced using IBM Tivoli's Enhanced Value-Based Pricing. The Enhanced Value-Based Pricing system is based upon the IBM Tivoli Environment- Managed Licensing Model, which uses a managed-environment approach -- whereby price is determined by what is managed rather than the number and type of product components installed.

    For example, all servers monitored with IBM Tivoli's monitoring product (IBM Tivoli Monitoring) require entitlements sufficient for those servers. Other Tivoli products may manage clients, client devices, agents, network nodes, users, or other items, and are licensed and priced accordingly.

    Unlike typical systems management licensing models that require entitlements of specific software components to specific systems, the IBM Tivoli Environment-Managed Licensing Model provides the customer flexibility to deploy its IBM Tivoli software products within its environment in a manner that can address and respond to the customer's evolving architecture. That is, as the architecture of a customer's environment changes, the customer's implementation of IBM Tivoli software can be altered, as needed, without affecting the customer's license requirements (as long as the customer does not exceed its entitlements to the software).

    Under Enhanced Value-Based Pricing, licensing and pricing of server-oriented applications are determined based upon the server's use in the customer's environment. Typically, such applications are licensed and priced in a manner that corresponds to each installed and activated processor of the server managed by the IBM Tivoli application to help correlate price to value while offering a simple solution.

    Where a server is physically partitioned, this approach is modified. This partitioning technique is the approach used with systems that have either multiple cards or multiple frames, each of which can be configured independently. For servers capable of physical partitioning (for example, IBM System p Scalable POWERparallel Systems servers, Sun Ultra servers, and HP Superdome servers), an entitlement is required for each processor in the physical partition being managed by the Tivoli application. For example, assume that a server has 24 processors installed in aggregate. If this server is not partitioned, entitlements are required for all 24 processors. If, however, it is physically partitioned into three partitions, each containing eight processors, and Tivoli products were managing only one of the three partitions, then entitlements would be required for the eight processors on the physical partition managed by the IBM Tivoli application.

    For servers with virtual or logical partitions, entitlements are required for all installed and activated processors on the server. For each IBM Tivoli application managing a clustered environment, licensing is based on the cumulative number of installed and activated processors on each server in the cluster. Where the cluster includes physically partitioned servers, the considerations described above concerning physically partitioned servers apply as well.

    Enhanced Value-Based Pricing recognizes the convergence of RISC and UNIX, and Microsoft Windows and Intel technologies, in order to simplify your licensing requirements, and to provide a smoother, more scalable model. Pricing and licensing does not differentiate between non-System z server platforms or operating systems. For some products, this platform neutrality extends to System z and other host servers as well.

    IBM Tivoli Enhanced Value-Based Pricing terminology definitions

    Authorized user

    An authorized user is one and only one individual (named or unnamed) within or outside your enterprise. A Proof of Entitlement (PoE) must be obtained for each individual user accessing the program in any manner. A program licensed under an authorized user PoE may be installed on a single computer or server, and accessed by multiple users, provided that a PoE has been obtained for each individual user accessing the program either directly or indirectly (via a multiplexing program, device, or application server) through any means on behalf of the user.

    Note that:

    Authorized users have unique specific identity and IDs cannot be shared. An ID can establish one or more connections and count as a single authorized user. Specific information to security products are:

    • An authorized user of IBM Tivoli Federated Identity Manager is any ID that accesses an application or service managed or protected by IBM Tivoli Federated Identity Manager.
    • An authorized user of IBM Tivoli Directory Integrator is one whose identity can be synchronized by IBM Tivoli Directory Integrator or that can access a connected system that can be synchronized by IBM Tivoli Directory Integrator.
    • An authorized user of IBM Tivoli Identity Manager is any ID whose identity is recorded in the Tivoli Identity Manager identity store.
    • An authorized user of IBM Tivoli Access Manager for e-business is any ID that accesses an application or service managed or protected by IBM Tivoli Access Manager for e-business.
    • Quantities of authorized users of IBM Tivoli Federated Identity Manager or Tivoli Access Manager for e-business will only include users that have usable Tivoli Federated Identity Manager or Tivoli Access Manager for e-business accounts. If their accounts have been made unusable, then those users do not have to count against the quantities of users that need to be licensed. Such accounts must remain unusable for a minimum of six (6) months in order to not count against the quantities of users that need to be licensed.

    Engine

    An engine is also referred to as a central processor (CP) or processor. Engines for traditional workloads are called General Purpose CPs. Engines for Linux workloads are called Integrated Facility for Linux (IFL) engines or Linux-only engines. Engines for Coupling Facility workloads are called Integrated Coupling Facility (ICF) engines.

    Enterprise

    An enterprise is a person or single entity and those subsidiaries with more than 50 percent ownership.

    External user

    An authorized user who is not part of the enterprise.

    Internal User An authorized user that is part of the enterprise.

    IBM Integrated Facility for Linux (IFL)

    This optional facility enables additional processing capacity exclusively for Linux workload, with no effect on the model designation of a System z or OS/390 server. Consequently, executing Linux workload on the IBM IFL will not, in most cases, result in any increased IBM software charges for z/OS, OS/390, VM, VSE, or TPF operating systems and applications. There is, as indicated, a charge associated with the IFL, and there may also be a charge for applications which run on the IFL.

    The IFL may be dedicated to a single Linux-mode logical partition or it may be shared by multiple Linux-mode logical partitions. Installations should note that the Linux workspace enabled by this facility will not support any of the traditional S/390 operating systems (OS/390, TPF, VSE, or VM). Only Linux applications or Linux operating in conjunction with the Virtual Image Facility, an environment that operates within a logical partition or in native S/390 mode and provides the capability to create multiple Linux images, are supported by IBM S/390 IFL.

    Managed processor (charging under full capacity in the managed environment)

    Managed processor charges are based on the active processors on the machines in the computing environment affiliated with the program rather than on the server where the program is run. The managed processors which require PoEs are defined in the License Information's program-unique terms.

    Notes:

    1. IBM defines a physical processor in a computer as a functional unit that interprets and executes instructions. A physical processor consists of at least an instruction control unit and one or more arithmetic and logic units.
    2. Multicore technology allows two or more processors (commonly called cores) to be active on a single silicon chip. With multicore technology, IBM considers each core to be a physical processor. For example, in a dual-core chip, there are two physical processors residing on the single silicon chip.
    3. The program may not run on some or all of the processors for which PoEs are required by the program's valuation method.
    4. In the System z IFL environment, each IFL engine is considered a single physical processor.
    5. Threading, a technique which makes a single processor seem to perform as two or more, does not affect the count of physical processors.
    6. Where blade technology is employed, each blade is considered a separate server and charging is based upon the total number of processors on the blades with which the program is affiliated.
    7. Not all processors require the same number of Value Unit entitlements. To determine the number of Value Unit entitlements required, refer to the processor Value Unit conversion table on the Passport Advantage Web site:

      http://www.ibm.com/software/passportadvantage

    Partitions

    A server's resources (CPU, memory, I/O, interconnects, and buses) may be divided according to the needs of the applications running on the server. This partitioning can be implemented with physical boundaries (physical partitions) or logical boundaries (logical partitions).

    Physical partitions are defined by a collection of processors dedicated to a workload and can be used with systems that have either multiple cards or multiple frames, each of which can be configured independently. In this method, the partitions are divided along hardware boundaries and processors, and the I/O boards, memory, and interconnects are not shared.

    Logical partitions are defined by software rather than hardware and allocate a pool of processing resources to a collection of workloads. These partitions, while separated by software boundaries, share hardware components and run in one or more physical partitions.

    Processor (per processor charging under full capacity)

    In full capacity charging, PoEs must be acquired for all activated processors (available for use) that are on the server where the program or a component of the program is run.

    Notes:

    1. IBM defines a physical processor in a computer as a functional unit that interprets and executes instructions. A physical processor consists of at least an instruction control unit and one or more arithmetic and logic units.
    2. Multicore technology allows two or more processors (commonly called cores) to be active on a single silicon chip. With multicore technology, IBM considers each core to be a physical processor. For example, in a dual-core chip, there are two physical processors residing on the single silicon chip.
    3. In the System z IFL environment, each IFL engine is considered a single physical processor.
    4. Threading, a technique which makes a single processor seem to perform as two or more, does not affect the count of physical processors.
    5. Where blade technology is employed, each blade is considered a separate server and charging is based upon the total number of processors on the blade on which the program is run.
    6. When a server is shipped with six processors, but two of them are inactive, four processors are active for the customer.
    7. Not all processors require the same number of Value Unit entitlements. To determine the number of Value Unit entitlements required, refer to the processor value unit conversion table on the Passport Advantage Web site

      http://www.ibm.com/software/passportadvantage

    Server

    A server is a computer system that executes requested procedures, commands, or applications to one or more user or client devices over a network. A PoE must be obtained for each server on which the program or a component of the program is run or for each server managed by the program. Where blade technology is employed, each blade is considered a separate server.

    Standby or backup systems

    For programs running or resident on backup machines, IBM defines three types of situations: cold, warm and hot. In cold and warm situations, a separate entitlement for the copy on the backup machine is normally not required and typically no additional charge applies. In a hot backup situation, the customer needs to acquire other license or entitlements sufficient for that server. All programs running in backup mode must be solely under the customer's control, even if running at another enterprise's location.

    As a practice, the following are definitions and allowable actions concerning the copy of the program used for backup purposes:

    Cold: A copy of the program may reside, for backup purposes, on a machine as long as the program is not started. There is no additional charge for this copy.

    Warm: A copy of the program may reside for backup purposes on a machine and is started, but is idling, and is not doing any work of any kind. There is no additional charge for this copy.

    Hot: A copy of the program may reside for backup purposes on a machine, is started, and is doing work. The customer must acquire a license or entitlements for this copy and there will generally be an additional charge.

    Doing work includes, for example, production, development, program maintenance, and testing. It also could include other activities such as mirroring of transactions, updating of files, synchronization of programs, data or other resources (for example, active linking with another machine, program, database or other resource, and so on), or any activity or configurations that would allow an active hot switch or other synchronized switch over between programs, databases, or other resources to occur.

    In the case of a program or system configuration that is designed to support a high availability environment by using various techniques (for example, duplexing, mirroring of files, or transactions, maintaining a heartbeat, active linking with another machine, program, database, or other resource), the program is considered to be doing work in the hot situation and a license or entitlement must be purchased.

    Tivoli Management Points

    A Tivoli Management Point is a metric used to compute license quantities and is program specific.

    Value Units

    A Value Unit is a pricing charge metric for program license entitlements, which is based upon the quantity of a specific designated measurement used for a given program. Each program has a designated measurement. The most commonly used designated measurements are processor cores and MSUs. However, for select programs, there are other designated measurements such as servers, users, client devices, and messages. The number of Value Unit entitlements required for your specific implementation of the given program must be obtained from a conversion table associated with the program. You must obtain a PoE for the appropriate number of Value Unit entitlements for your implementation. The Value Unit entitlements of a given program cannot be exchanged, interchanged, or aggregated with Value Unit entitlements of another program. Whenever the designated measurement is a processor core, not all processors require the same number of Value Unit entitlements. To determine the number of Value Unit entitlements required, refer to the processor value unit conversion table on the Passport Advantage Web site

    http://www.ibm.com/software/passportadvantage

    User Value Units A User Value Unit is a pricing charge metric for program license entitlements which is based upon the quantity of a specific designated measurement used for a given program. See Value Units definition. Users is a descriptive of one of the Value Unit charge metrics.

    Product and licensing Web Sites

    A complete list of IBM Tivoli products is available at

    http://www.ibm.com/software/tivoli

    IBM Tivoli product licensing documents are available at

    http://www.ibm.com/software/tivoli/products/licensing.html

    Passport Advantage

    Through the Passport Advantage Agreement, you may receive discounted pricing based on their total volume of eligible products, across all IBM brands, acquired worldwide. The volume is measured by determining the total Passport Advantage points value of the applicable acquisitions. Passport Advantage points are only used for calculating the Entitled Passport Advantage discount.

    To determine the required IBM Tivoli product configuration under Passport Advantage, the IBM Tivoli Enhanced Value-Based Pricing Model applies. The customer's environment is evaluated on a per-product basis.

    Use the following two-step process to determine the total Passport Advantage points value:

    1. Analyze your environment to determine the number of charge units for a product. The quantity of each product's part numbers to be ordered is determine by that analysis.
    2. Order the Passport Advantage part numbers. A Passport Advantage point value, which is the same worldwide for a specific part number regardless of where the order is placed, is assigned to each IBM Tivoli product part number. The Passport Advantage point value for the applicable part number, multiplied by the quantity for that part number, will determine the Passport Advantage points for that IBM Tivoli product part number. The sum of these Passport Advantage points determines the Passport Advantage point value of the applicable IBM Tivoli product authorizations which then may be aggregated with the point value of other applicable Passport Advantage product acquisitions to determine the total Passport Advantage points value.

    The discounted pricing available through Passport Advantage is expressed in the form of Suggested Volume Prices (SVPs), which vary depending on the SVP level. Each SVP level is assigned a minimum total Passport Advantage point value, which must be achieved, in order to qualify for that SVP level.

    Media packs and documentation packs do not carry Passport Advantage points and are not eligible for SVP discounting.

    For additional information on Passport Advantage, refer to the following

    http://www.ibm.com/software/passportadvantage

    The following Passport Advantage part number categories may be orderable:

    • License and Software Maintenance 12 Months - This is the product authorization with maintenance to the first anniversary date.
    • Annual Software Maintenance Renewal - This is the maintenance renewal for one anniversary that applies when a customer renews their existing coverage period prior to the anniversary date at which it expires.
    • Software Maintenance Reinstatement 12 months - This is for customers who have allowed their Software Maintenance to expire, and later wish to reinstate their Software Maintenance.
    • Media packs - These are the physical media, such as CD-ROMs, that deliver the product's code.

    Exceptions to the Environment-Managed Licensing Model

    IBM Tivoli products are priced based on the environment managed and follow the definitions laid out in the IBM Tivoli Enhanced Value-based Pricing terminology section of this announcement, with the following exceptions:

    IBM Tivoli Access Manager for e-business - Count either the number of registered users or the number of processors in the server(s) on which IBM Tivoli Access Manager runs, but not both.

    Distributed pricing examples

    The following examples are provided to illustrate your licensing requirements.

    References to processor-based licensing do not represent the actual number of entitlements required. Entitlement requirements are Processor Value Unit based (PVU). Processors referenced in these examples represent the designated measurement on which the required number of Processor Value Unit entitlements will be calculated. The number of PVUs required per processor will depend on the processor type. For more information, refer to the Value Unit definition in IBM Tivoli Enhanced Value-Based Pricing terminology definitions. To determine the number of Processor Value Unit entitlements required per processor, refer to the processor Value Unit conversion table on the Passport Advantage Web site

    http://www.ibm.com/software/passportadvantage

    References to all other non-processor-based metrics do represent the actual number of entitlements required, unless other designated measurements are referenced or unless otherwise specified.

    The pricing example below should be used to determine required license entitlements for IBM Tivoli Access Manageer for e-business, which is managed by the licensed processor

    Products also have program-specific licensing terms, which are described later in this document. Consult the program- specific licensing terms to determine total licensing requirements for the applicable products.

    Pricing model examples

    1 Scalable Usage Model table

    The following scalable usage table is used to determine the required value units per 1000 users. The price per User Value Unit (UVU) will be different for each part number.

      Scalable
      Usage Level           1        2        3         4
      -----------         -------  -------  --------  --------
      Chargeable          1-5K     >5K-15K  >15K-50K  >50K-150K
       Users
      User Value Units    1,000    500      300       200
       per 1,000 users
     
     Scalable
     Usage Level           5        6        7         8
     -----------         -------  -------  --------  --------
     Chargeable          >150-500 >500-1M  >1M-3M    >3M
      Users
     User Value Units    100      50       25        10
      per 1,000 users
     
    

    The pricing model for IBM Tivoli Access Manager is enhanced to significantly reduce costs for many customers whose systems support a large number of external users. The price for these external users is not the same as for internal users. Select Tivoli Security Families now use a ratio of fifteen external users equal one chargeable user for the purpose of calculating User Value Units (UVUs). Each Internal user equals one (1) chargeable user for the purpose of calculating User Value Units. Infrequent internal users that utilize their IDs less than 5 times a year, and are grouped so as to be trackable and auditable, will be granted a ratio of fifteen (15) infrequent internal users equal one (1) chargeable user for the purpose of calculating Value Units.

    Chargeable users are summed up and the volume tiering table then is utilized to calculate the total User Value Units (UVUs) required to cover entitlements. With the release of Tivoli Access Manager for e-business V6.1, customers may mix internal users, external users and infrequent internal users within their total User Value Units.

    Examples of mixing and matching to obtain total user value units.

    -------   -------- ---------- -------- ------------ ---------- --------
    -------   -------- ---------- -------- ------------ ---------- --------
            |    A        B      |   C         D       |  E
    Pricing | Internal Chargeable|External  Chargeable |Total      User
    metric  | users    internal  |& infreq. external 1|chargeable value
    example |          users     |internal  infrequent |users      units to
            |          at 1:1    |users     int'l users|(B+D)      order
            |                    |          at 15:1    |
    ------- | -------- ----------|--------  -----------|---------- --------
    ------- | -------- ----------|--------  -----------|---------- --------
    Access  | 57,000   57,000    |   0          0      |57,000     21,900
    Manager |                    |                     |
    example |                    |                     |
    1       |                    |                     |
    -------   -------- ---------- -------- ------------ ---------- --------
    Access  | 50,000   50,000    |105,000    7,000     |57,000     21,900
    Manager |                    |                     |
    Example |                    |                     |
    2       |                    |                     |
    -------   -------- ---------- -------- ------------ ---------- --------
    Access  | 30,000   30,000    |405,000   27,000     |57,000     21,900
    Manager |                    |                     |
    Example |                    |                     |
    3       |                    |                     |
    -------   -------- ----------+-------- ------------ ---------- --------
    

    Mix and match Tivoli Access Manager for e-business example 4:

    Assume customer GREEN initially has 12,000 company employees and 1,500,000 external users. All of these are authorized users. The total chargeable users are calculated as follows:

    • 12,000 internal users = 12,000 chargeable users

    • 1,500,000 external users = 1,500,000/15 = 100,000 chargeable users

    • Customer GREEN must sum these chargeable users together and purchase ase the Value Units required for a total of 112,000 chargeable users.

    If customer GREEN grows to 20,000 company employees and finds that it only needs to entitle approximately 1,380,000 external users (customers, business partners, suppliers), then the total chargeable users are calculated as follows:

    • 20,000 internal users = 20,000 chargeable users (20,000 chargeable users at 1:1)

    • 1,380,000 external users = 1,380,000/15 = 92,000 chargeable users (at 15:1)

    • Customer GREEN would still be covered with their entitlements, as their chargeable user total of 112,000 has not changed. This allows the customer flexibility to accommodate changes in their environment over time.

    2. User Value Unit Pricing Scenario

    Customer ABC initially wants to deploy Tivoli Access Manager for e-business for the following number of internal users (employees).

    • 5,000 users who access Web applications from HTTP and Java 2 Platform Enterprise Edition (J2EE) application servers - the goal is to provide access control or SSO from Tivoli Access Manager.

    • 5,000 additional user records stored in a database table that is referenced in Tivoli Access Manager's schema using IBM Tivoli Directory Integrator or a third party directory virtualization tool.

    • 1,000 additional mainframe user records from RACF that will be used to access Tivoli Access Manager resources via zOS LDAP and are referenced in Tivoli Access Manager's schema.

    • 1,000 additional user records of a non-secured application that will be recorded in the Tivoli Access Manager schema (for administrative convenience).

    • 1,000 additional users of a non-secured application that will be stored in an IBM Directory Server schema on the same Directory Server as Tivoli Access Manager users but not in the Tivoli Access Manager schema.

    The first four sets of users will all be counted as Tivoli Access Manager authorized users. All users in the Tivoli Access Manager schema should be counted for the purposes of pricing Tivoli Access Manager. This gives a total of 12,000 internal users to charge for, and chargeable users who will be secured in this case using a 8-way server.

    Tivoli Access Manager can use IBM Tivoli Directory Server as an identity store. It is provided in the package or a number of other repositories. The license for Tivoli Directory Server provided with Tivoli Access Manager only extends to those users that are stored under the Access Manager schema. Alternative uses of the IBM Directory Server can be covered by an Directory Server license.

    Transaction 1

    IBM Tivoli Access Manager for e-business User Value Units (UVUs) to order for the 12,000 chargeable users, is calculated as follows:

    Pricing metric  Chargeable user   User value        User value
    environment (A)units perunits
                                      1,000 Users (B)   Required
                                                        ((A) * (B))/1,000
    --------------  ---------------   ---------------   -----------------
    Tier 1                5,000           1,000              5,000
    Tier 2                7,000             500              3,500
                         12,000     Total Uuser value units  8,500
    

    Note: For Tivoli Access Manager there is a minimum order quantity of 250 users, for fewer than 1,000 chargeable users in the scalable usage model. After the first 1,000 chargeable users, order quantities are in increments of 1,000 users to charge for. For example, 1,650 chargeable users are rounded up to 2,000 chargeable users for the purpose of calculating User Value Units (UVUs) to order.

    Transaction 2

    After the initial purchase described in transaction 1, customer ABC wants to secure access for 1,500,000 external authorized users (customers and suppliers) who access Web applications from HTTP and J2EE application servers. Customer ABC must purchase additional user value units to entitle the 100,000 additional chargeable users based on the fifteen to one ratio on the external users to chargeable user conversion.

    Pricing metric  Chargeable user   User value units  User value units
                    environment (A)   per 1,000         required
                                      Users (B)         ((A) * (B))/1,000
    --------------  ---------------   ---------------   -----------------
    Tier 1                5,000           1,000              5,000
    Tier 2               10,000             500              5,000
    Tier 3               35,000             300             10,500
    Tier 4               62,000             200             12,400
                        112,000        Total value units    32,900
                                       Less currently       (8,500)
                                       licensed from
                                       Transaction 1
                                       Additional value     24,400
                                       units required
    

    3. Processor Value Units Pricing Scenario

    Assume Customer ABC prefers unlimited user access for their environment. The customer will require the following licensing:

    Tivoli Access Manager for e-business - Unlimited User Option

    Tivoli Access Manager   Quantity in customer    Total processors
    for e-business          environment             required
    4-way                          1                       4*
                            Total Processors              12
    

    Note: The Unlimited User Option applies only to the 12 processors licensed. The customer must purchase the processor value units (PVUs) appropriate for the customer's environment. If the customer installed Tivoli Access Manager for e-business on a 16-way server, an additional 4 processors would be required. This licensing is based on the server in which Tivoli Access Manager for e-business runs.

    * There is a minimum order quantity of 12 processors for the IBM Tivoli Access Manager for e-business Unlimited User Option.

    * Note: The processors used for Tivoli Access Manager base components, the Access Manager Reverse Proxy (WebSEAL), and Access Manager Session Management Services are counted towards the total number of entitled processor count.

    Charge Metric Definitions

    Value Unit

    A Value Unit is a pricing charge metric for program license entitlements which is based upon the quantity of a specific designated measurement used for a given program. Each program has a designated measurement. The most commonly used designated measurement is a processor core. However, for select Programs, there are other designated measurements such as users, client devices, and messages. The number of Value Unit entitlements required for a program depends on how the program is deployed in your environment and must be obtained from a Value Unit table. You must obtain a PoE for the calculated number of Value Unit entitlements for your implementation. The Value Unit entitlements are specific to a program and may not be exchanged, interchanged, or aggregated with Value Unit entitlements of another program.

    Processor (Value Unit)

    A processor core is a functional unit within a computing device that interprets and executes instructions. A processor core consists of at least an instruction control unit and one or more arithmetic or logic unit. With multicore technology, each core is considered a processor. Not all processor cores require the same number of Value Unit entitlements. To calculate the number of Value Unit entitlements required, refer to the value unit table on the following Web site

    http://www-142.ibm.com/software/sw-lotus/services/cwepassport.nsf/ wdocs/pvu_table_for_customers

    With full capacity licensing, a PoE must be acquired for the appropriate number of value units based on all activated processor cores available for use on the server.


    Ordering information

    For ordering information, consult your IBM representative or authorized IBM Business Partner, or visit

    http://www-306.ibm.com/software/support/pa.html

    This product is only available via Passport Advantage. It is not available as shrinkwrap.

    Product group: Tivoli Security
    Product: IBM Tivoli Access Manager for e-business V6.1
    Identifier Description (PID):  5724-C87
    Product category: IBM Tivoli Access Manager for e-business
    

    Value Unit  A Value Unit is a pricing charge metric for program license entitlements which is based upon the quantity of a specific designated measurement used for a given program. Each program has a designated measurement. The most commonly used designated measurement is a processor core. However, for select programs, there are other designated measurements such as users or resources which may include servers, client devices, and messages. The number of Value Unit entitlements required for a program depends on how the program is deployed in your environment and must be obtained from a Value Unit table. You must obtain a PoE for the calculated number of Value Unit entitlements for your implementation. The Value Unit entitlements are specific to a program and may not be exchanged, interchanged, or aggregated with Value Unit entitlements of another program.

    A processor core is a functional unit within a computing device that interprets and executes instructions. A processor core consists of at least an instruction control unit and one or more arithmetic or logic unit. Not all processor cores require the same number of Processor Value Unit entitlements. To calculate the number of Processor Value Unit entitlements required, refer to the Processor Value Unit Table on the following Web site

    http://www.ibm.com/software/sw-lotus/services/cwepassport.nsf/wdocs/ pvu_table_for_customers

    With full capacity licensing, a PoE must be acquired for the appropriate number of Processor Value Units based on all activated processor cores available for use on the server.


    Passport Advantage customer: Media pack entitlement details

    Customers with active maintenance or subscription for the products listed are entitled to receive the corresponding media pack.

    Entitled maintenance offerings description       Part number
    Tivoli Access Mgr eBus Value Unit                TAMEBUUOSB02
    TIV AMEB UUO PROC for zLinux                     TAMEBUUOSB04
    TAMeb User Value Unit                            TAMEBUUOSB07
    TIV AMEB UUO VU for zLinux                       TAMEBUUOZB01
    Tiv Acc Mgr EBSN Unltd Usr Opt VU                TAMEBUUOZB02
     
    Media packs description                          Part number
    IBM Tivoli Access Manager for e-business V6.1    BJ0MBML
      MP Multiplatform ML
     
     
    

    Current licensees

    Current licensees, with support in effect, will automatically be shipped the update.

    Current licensees of Tivoli Access Manager for e-business must place a new order for the desired distribution medium.

    New licensees

    Orders for new licenses will be accepted now.

    Shipment will begin on the planned availability date.

    Basic license

    Ordering information for Passport Advantage

    Passport Advantage allows you to have a common anniversary date for Software Maintenance renewals, which can simplify management and budgeting for eligible new versions and releases (and related technical support) for your covered products. The anniversary date, established at the start of your Passport Advantage Agreement, will remain unchanged while your Passport Advantage Agreement remains in effect. New software purchases will initially include twelve full months of Software Maintenance. Software Maintenance in the second year (the first year of renewal) can be prorated to be coterminous with your common anniversary date. Thereafter, all Software Maintenance will renew at the common anniversary date for twelve full months of maintenance.

    Refer to the IBM International Passport Advantage Agreement and to the IBM Software Support Handbook for specific terms relating to, and a more complete description of, technical support provided through Software Maintenance.

    The quantity to be specified for the Passport Advantage part numbers in the following table is per required number of <Processor Value Units, Resource Value Units, User Value Units>. To order for Passport Advantage, specify the desired part number and quantity.

    IBM Tivoli Access Manager for e-business V6.1
     
     
    Description                                        Part number
    -----------------------------------------------    -----------
    IBM Tivoli Access Mgr for e-bus                    E02B1LL
      Unlimited User Option Processor Value Unit
      Linux on z Annual Sw Maint Rnwl
    IBM Tivoli Access Mgr for e-bus                    D56PSLL
      Unlimited User Option Processor Value Unit
      Linux on z Lic+Sw Maint 12 Mo
    IBM Tivoli Access Mgr for e-bus                    D56PTLL
      Unlimited User Option Processor Value Unit
      Linux on z Sw Maint Reinstate 12Mo
    IBM Tivoli Access Mgr for e-bus                    E025XLL
      Unlimited User Option Processor Value Unit
      Annual Sw Maint Rnwl
    IBM Tivoli Access Mgr for e-bus                    D55X7LL
      Unlimited User Option Processor Value Unit
      Lic+Sw Maint 12 Mo
    IBM Tivoli Access Mgr for e-bus                    D55X8LL
      Unlimited User Option Processor Value Unit
      Sw Maint Reinstate 12 Mo
    
    IBM Tivoli Access Manager for e-business
    Description                                       Part number
    Tivoli Access Manager for e-business              E04NFLL
    User Value Units Annual SW Maint Rnwl
    Tivoli Access Manager for e-business              D03RLLL
    User Value Units Lic+Sw Maint 12 Mo
    Tivoli Access Manager for e-business              D03RMLL
    User Value Units Sw Maint Reinstate 12 Mo
    

    To order a media pack for Passport Advantage, specify the part number in the desired quantity from the following table:

     Description                                     Part number
     ----------------------------------------------- -----------
    IBM Tivoli Access Manager for e-business V6.1     BJ0MBML
    Media Pack ML
    

    Withdrawal of Passport Advantage part numbers:

    The following Passport Advantage part numbers will be withdrawn on May 16, 2008.

    Description                                        Part number
    -------------------------------------------------  -----------
    IBM Tivoli Access Manager for e-business           BJ0C2ML
    Unlimited User Option for Multiplatforms V5.1
    Multilingual CD ROM 128 Bit Media Pack
     
    

    For information about Value-Based Pricing and Software Maintenance options, contact your IBM representative.


    Integrated technology services (IBM Global Services)

    Contact your IBM representative for the list of selected services available in your country, either as standard or customized offerings for the efficient installation, implementation, or integration of this product.


    Prices

    Business Partner information:

    If you are an IBM Business Partner -- Distributor for Workstation Software acquiring products from IBM, you may link to Passport Advantage Online for resellers where you can obtain Business Partner pricing information. An IBM ID and password are required.

    https://www.ibm.com/software/howtobuy/passportadvantage/paoreseller/ emea/channelannouncement

    https://www.ibm.com/software/howtobuy/passportadvantage/paoreseller/ emea/channelannouncement


    Terms and conditions

    The information provided in this announcement letter is for reference and convenience purposes only. The terms and conditions that govern any transaction with IBM are contained in the applicable contract documents such as the IBM International Program License Agreement, IBM International Passport Advantage Agreement, and the IBM Agreement for Acquisition of Software Maintenance.

    This product is only available via Passport Advantage. It is not available as shrinkwrap.

    Licensing  IBM International Program License Agreement including the License Information document and Proof of Entitlement (PoE) govern your use of the program. PoEs are required for all authorized use. Part number products only, offered outside of Passport Advantage, where applicable, are license only and do not include Software Maintenance.

    This software license includes Software Maintenance, previously referred to as Software Subscription and Technical Support.

    License information form number  L-JSCK-72KRXT

    The program's License Information will be available for review on the IBM Software License Agreement Web site

    http://www.ibm.com/software/sla/sladb.nsf

    Passport advantage applies  Yes, and through the Passport Advantage Web site at

    http://www.ibm.com/software/passportadvantage

    iSeries software maintenance applies  No

    Variable charges apply  No

    Limited warranty applies  Yes

    Warranty 

    IBM warrants that when the program is used in the specified operating environment, it will conform to its specifications. The warranty applies only to the unmodified portion of the program. IBM does not warrant uninterrupted or error-free operation of the program or that IBM will correct all program defects. You are responsible for the results obtained from the use of the program.

    IBM provides you with access to IBM databases containing information on known program defects, defect corrections, restrictions, and bypasses at no additional charge. For further information, consult the IBM Software Support Handbook found at

    http://techsupport.services.ibm.com/guides/handbook.html

    IBM will maintain this information for at least one year after the original licensee acquires the program (warranty period).

    Program technical support 

    Technical support of a program product will be available for a minimum of five years from the general availability date, as long as your Software Maintenance is in effect. This technical support allows you to obtain assistance (via telephone or electronic means) from IBM for product-specific, task-oriented questions regarding the installation and operation of the program product. Software Maintenance also provides you with access to updates, releases, and versions of the program. You will be notified, via announcement letter, of discontinuance of support with 12 months' notice. If you require additional technical support from IBM, including an extension of support beyond the discontinuance date, contact your IBM representative or IBM Business Partner. This extension may be available for a fee.

    Software maintenance applies  Yes. Software Maintenance is included with licenses purchased through Passport Advantage and Passport Advantage Express. Product upgrades and Technical Support are provided by the Software Maintenance offering as described in the Agreements. Product upgrades provide the latest versions and releases to entitled software and Technical Support provides voice and electronic access to IBM support organizations, worldwide.

    IBM includes one year of Software Maintenance with each program license acquired. The initial period of Software Maintenance can be extended by the purchase of a renewal option, if available.

    While your Software Maintenance is in effect, IBM provides you assistance for your routine, short duration installation and usage (how-to) questions, and code-related questions. IBM provides assistance via telephone and, if available, electronic access, only to your information systems (IS) technical support personnel during the normal business hours (published prime shift hours) of your IBM support center. (This assistance is not available to your end users.) IBM provides Severity 1 assistance 24 hours a day, 7 days a week. For additional details, consult your IBM Software Support Handbook at

    http://techsupport.services.ibm.com/guides/handbook.html

    Software Maintenance does not include assistance for the design and development of applications, your use of programs in other than their specified operating environment, or failures caused by products for which IBM is not responsible under the applicable agreements.

    For additional information about the International Passport Advantage Agreement and the IBM International Passport Advantage Express Agreement, visit the Passport Advantage Web site at

    http://www.ibm.com/software/passportadvantage

    Volume orders (IVO)  No

    Guarantee

    If for any reason you are dissatisfied with the program and you are the original licensee, you may obtain a refund of the amount you paid for it, if within 30 days of your invoice date you return the program and its PoE to the party from whom you obtained it. If you downloaded the program, you may contact the party from whom you acquired it for instructions on how to obtain the refund.

    For clarification, note that (1) for programs acquired under the IBM International Passport Advantage offering, this term applies only to your first acquisition of the program and (2) for programs acquired under any of IBM's On/Off Capacity on Demand (On/Off CoD) software offerings, this term does not apply since these offerings apply to programs already acquired and in use by you.

    Authorization for copy  You may not copy and use this program on another computer without paying additional license fees.

    Educational allowance available 

    Education allowance does not apply.
    Education software allowance does not apply.
    Special education prices are available for qualified customers through Passport Advantage.


    IBM Electronic Services

    IBM has transformed its delivery of hardware and software support services to help you achieve higher system availability. Electronic Services is a Web-enabled solution that offers an exclusive, no-additional-charge enhancement to the service and support available for IBM servers. These services are designed to provide the opportunity for greater system availability with faster problem resolution and preemptive monitoring. Electronic Services comprises two separate, but complementary, elements: Electronic Services news page and Electronic Services Agent.

    The Electronic Services news page is a single Internet entry point that replaces the multiple entry points traditionally used to access IBM Internet services and support. The news page enables you to gain easier access to IBM resources for assistance in resolving technical problems.

    The Electronic Service Agent is no-additional-charge software that resides on your server. It monitors events and transmits system inventory information to IBM on a periodic, client-defined timetable. The Electronic Service Agent automatically reports hardware problems to IBM. Early knowledge about potential problems enables IBM to deliver proactive service that may result in higher system availability and performance. In addition, information collected through the Service Agent is made available to IBM service support representatives when they help answer your questions or diagnose problems. Installation and use of IBM Electronic Service Agent for problem reporting enables IBM to provide better support and service for your IBM server.

    To learn how Electronic Services can work for you, visit

    http://www.ibm.com/support/electronic


    Announcement countries

    All European, Middle Eastern and African Countries.


    The data in this letter is subject to the disclaimer in Letter ZS90-0112, which is available from the same IBM announcement letters database.

    This announcement is provided for your information only. For additional information, please contact your IBM Representative or IBM Business Partner as appropriate.

    ************ End of Document ************