Features, advantages and benefits
| Features | Advantages | Benefits |
|---|---|---|
| Rules based authorization engine | Change access-influencing policy parameters without having to rewrite and recompile applications | Dramatically improve both how quickly your applications are deployed and how quickly they adapt; Significantly reduce numbers of groups |
| Microsoft desktop single sign on | Windows users can be automatically authenticated to applications protected by Access Manager for e-business | Enhanced user experience, reduced help desk costs with one less password to remember |
| Integration with over 70 ISV offerings including Siebel CRM, SAP, PeopleSoft and Portal solutions from WebSphere, Plumtree and others | Enterprises benefit from a common security model (authentication, access control, Single Sign On and audit) across the e-business, ISV and legacy applications | Reduces costly integrations and delivers rapid time to value in solution deployment because enterprises can standardize on a single identity and access management platform |
| J2EE Security for WebSphere and BEA Application Servers (SSPI) | Leverages J2EE investment and enables applications to be managed as part of a consistent, policy-driven strategy | Supports J2EE, Java 2 and JAAS environments, with no plug-in required, no proprietary coding needed and no pre- or post-compile necessary |
| Multiple directory support | Customers can deploy the security architecture of their choice | Leverage existing investments in directory infrastructure with performance tuning and fail-over support for added availability and performance |
| Support for dynamic groups native to Tivoli Directory Server and Sun One Directory Server | Upper limit on static groups, makes dynamic groups the only option in some cases, while they may be preferred in other environments | Integrates with existing data management environments |
| Extended z/OS support for WebSphere platform | Enables integrated security management for critical WebSphere applications leveraging IMS, CICS and DB2 transactions | Breadth of platform coverage |
| Web Server agents support | Customers can deploy the security architecture of their choice | Enables deployment flexibility -- with support for proxies, plug-ins, and agents -- for achieving highly secure e-business |
| Customer Self-Registration Template | Self-Registration capability enables end-users to quickly self-enroll to the Enterprise Web environment without requiring manual intervention or lengthy procedures | Reduces administrative cost by delivering rapid enrollment and personalized access to end-users (customers) at their convenience with integrated self-care |
| Extended auditing and reporting capabilities | Audit records are written in standard XML format. Information-gathering tool allows secure, centralized collection and reporting of audit, log, statistics etc. across the extended enterprise. | Eases parsing, extraction and reporting of required information for audit and management |
Business benefits
Tivoli® Access Manager for e-business is a versatile solution for authentication and authorization problems. Primarily focused on Web applications, Access Manager implementations vary from simple Single Sign-on (SSO) to more complex security infrastructure deployments.
Access Manager for e-business can help you manage growth and complexity, control escalating management costs, and address the difficulties of implementing security policies across a wide range of Web and application resources. It works by centrally managing security and audit policy for enforcement points that can be placed as a proxy in front of Web applications, or through authorization and authentication plug-ins direct into a Web server or application-server environment. You can use Access Manager to control wired and wireless access to applications and data, to help bar unauthorized users. For authorized users, Access Manager integrates with Web applications and servers to deliver a secured and unified business experience. It helps you secure access to business-critical applications and data spread across the extended enterprise, allowing highly available, scalable transactions with partners, customers, suppliers, and employees.
Tivoli Access Manager for e-business helps:
Define and manage a centralized authentication, access, and audit policy for a broad range of business initiatives such as employee, customer and partner portals, CRM systems, e-procurement, cross-company single sign-on (SSO) projects, and outsourcing projects.
Establish a new audit and reporting service which collects audit data from multiple enforcement points as well as from other platforms and security applications. A central point for reporting on security events and sample reports are included
Enable a flexible SSO to Web-based applications that can span multiple sites or domains with a range of SSO options, to help eliminate help-desk calls and other security problems associated with multiple passwords. By integrating with other SSO providers (such as Kerberos from a Microsoft domain logon, and client/server SSO solutions) Access Manager goes beyond 'reduced sign-on' to help implement a single authentication for the user across all system interactions. For standardized cross-domain authentication (federation) using SAML, Liberty ID/FF, and WS-Federation, Tivoli Access Manager for e-business customers can also upgrade to Tivoli Federated Identity Manager.
Leverage a common security policy model with the Tivoli Access Manager family of products to extend support to other resources, such as WebSphere® MQ applications, and UNIX and Linux system resources.
Provide a base for federation: Companies that choose to collaborate in identity-based business processes may benefit from IBM Tivoli Federated Identity Manager's ability to help simplify integration between companies and their partners' Web sites. Federated SSO solutions, such as Tivoli Federated Identity Manager add standardized cross-domain SSO (SAML, Liberty, WS-Federation) to a security system. However these typically need first-point-of-contact and session management to already be in place; Access Manager fills that role (and Access Manager for e-business customers can upgrade to Tivoli Federated Identity Manager if federation becomes a requirement in the future).
Manage and secure your business environments from your existing hardware (mainframe, PCs, servers) and operating system platforms including Windows, Linux, AIX, Solaris, and HP-UX.
Other Key Features:
Policy-driven security helping to enforce compliance
You can group users and assign permissions to groups, simplifying administration of access control across multiple applications and resources. There is support for dynamic rules, dynamic business entitlements, and authorization decisions based on external data for applications that require it.
Enhanced Auditing helping to streamline reporting with Common Auditing and Reporting Services (CARS)
Tivoli Access Manager includes IBM’s new Common Auditing and Reporting Service (CARS) platform, which provides a consistent way to audit and report on data. Currently, it is difficult for enterprises to gather required information on who accessed what application/data when. For example, this can help ensure that financial data applications or HR applications with sensitive information are accessed appropriately. CARS automates the collection of audit data and provides the ability for enterprises to centrally view and report audit data that are critical for compliance needs. This allows the audit process to be much more efficient and reduces the cost of compliance.
Centralized administration reducing costs and enhancing security
Tivoli Access Manager includes a Web browser-based tool with which your administrator can manage users, groups, roles, permissions, policies, proxy junctions, and application access provisioning. This tool extends beyond delegated user management to also deliver delegated security administration.
Integrated identity management for greater value on your investment
Tivoli Access Manager for e-business can integrate with IBM Tivoli Identity Manager to help you get users, systems, and applications on-line and productive fast. IBM Tivoli Identity Manager has an Access Manager adapter that offers identity lifecycle management (user self care, enrollment, approvals workflow, and provisioning) extending Access Manager user management to be handled alongside other security systems.
IBM Tivoli Access Manager helps you deliver a consistent and secure user experience by having end users use a single identity to log in once to the Enterprise Portal or Microsoft IIS Server and gain access to resources according to authorization rules. With support for Web SSO and secure session management across e-communities, it helps securely extend your business processes to business partners and business affiliates, and with the option to upgrade to Tivoli Federated Identity Manager, this can now extend to SAML, Liberty and WS-Federation authentication.
IBM Tivoli Access Manager for e-business performs intelligent load balancing over replicated servers and can scale your server deployment. It supports implementations in excess of one hundred million users, takes advantage of SSL accelerator card technology and secure hardware keystore, and provides a fail-over capability that allows automatic switchover to a backup Web server.
Modular design for easier use
The modular authorization architecture of IBM Tivoli Access Manager for e-business separates security code from application code. This can translate to an improved time to market for your business initiatives, because typically you can change the security code without affecting application code, and vice-versa. This separation also accommodates "defense in depth" designs that involve enforcing security in a layer, such as a demilitarized zone. Tivoli Access Manager for e-business can help lower your cost of building security into new applications by reducing the need to write complex security code. It integrates with Web application servers that support Java 2, JAAS, and JACC without requiring nonstandard tasks such as extra precompiles. It also has focused J2EE-based support for securing WebSphere Application Server and BEA WebLogic Server.
Tivoli Access Manager for e-business received a Common Criteria certification, under the auspices of the International Common Criteria process, administered by the National Information Assurance Partnership.
