Search results

This IBM Redbooks publication provides solution designers and architects with a comprehensive view of the security services they can exploit on z/OS, whether their application is hosted by z/OS or by another platform. It also discusses, at a high level, the Tivoli products that team with mainframe security services to provide flexible and extensible security architectures that fit On Demand infrastructure requirements, because implementing optimum solution-based security requires extensive knowledge of what security services and APIs provide on the platforms for which you are developing the solution. The book briefly describes data processing security concepts, with a focus on the problems that enterprises face today because of the heterogeneous nature of their platforms and technologies, and the requirement to progress towards an On Demand environment. Next, it explains the security services and APIs that are provided on z/OS, with respect to the security concepts they implement and their seamless integration into distributed environments, as building blocks for optimal solution-based security. This analysis is examined from the perspective of both z/OS solutions and non-z/OS hosted solutions, because non-z/OS hosted solutions can exploit the remote security services that z/OS offers. High level explanations and exploitation considerations are provided for z/OS RACF, LDAP server, Kerberos and PKI support, z/OS Communications Server-specific features (such as embedded IP filtering, IPSec VPNs, and application-t

Securing access to information is important to any business. Security becomes even more critical for implementations structured according to Service-Oriented Architecture (SOA) principles, due to loose coupling of services and applications, and their possible operations across trust boundaries. To enable a business so that its processes and applications are flexible, you must start by expecting changes – both to process and application logic, as well as to the policies associated with them. Merely securing the perimeter is not sufficient for a flexible on demand business. In this IBM Redbooks publication, security is factored into the SOA life cycle reflecting the fact that security is a business requirement, and not just a technology attribute. We discuss an SOA security model that captures the essence of security services and securing services. These approaches to SOA security are discussed in the context of some scenarios, and observed patterns. We also discuss a reference model to address the requirements, patterns of deployment, and usage, and an approach to an integrated security management for SOA. This book is a valuable resource to senior security officers, architects, and security administrators.

This IBM Redbooks publication reviews the overall Tivoli Enterprise Security Architecture. It focuses on the integration of audit and compliance, access control, identity management, and federation throughout extensive e-business enterprise implementations. The available security product diversity in the marketplace challenges everyone in charge of designing single secure solutions or an overall enterprise security architecture. With Access Manager, Identity Manager, Federated Identity Manager, Security Compliance Manager, Security Operations Manager, Directory Server, and Directory Integrator, Tivoli offers a complete set of products designed to address these challenges. This book describes the major logical and physical components of each of the Tivoli products. It also depicts several e-business scenarios with different security challenges and requirements. By matching the desired Tivoli security product criteria, this publication describes the appropriate security implementations that meet the targeted requirements. This book is a valuable resource for security officers, administrators, and architects who want to understand and implement enterprise security following architectural guidelines.

The implementation and exploitation of centralized, corporate-wide directories are among the top priority projects in most organizations. The need for a centralized directory emerges as organizations realize the overhead and cost involved in managing the many distributed micro and macro directories introduced in the past decade with decentralized client/server applications and network operating systems. Directories are key for successful IT operation and e-business application deployments in medium and large environments. IBM understands this requirement and supports it by providing directory implementations based on industry standards at no additional cost on all its major platforms and even important non-IBM platforms. The IBM Directory Server implements the Lightweight Directory Access Protocol (LDAP) standard that has emerged quickly in the past years as a result of the demand for such a standard. This IBM Redbook will help you create a foundation of LDAP skills, as well as install and configure the IBM Directory Server. It is targeted at security architects and specialists who need to know the concepts and the detailed instructions for a successful LDAP implementation.

Don't be fooled by the name; IBM Tivoli Directory Integrator integrates anything, and it is not in any way limited to directories. It is a truly generic data integration tool that is suitable for a wide range of problems that usually require custom coding and significantly more resources to address with traditional integration tools. This IBM Redbook shows you how Directory Integrator can be used for a wide range of applications utilizing its unique architecture and unparalleled flexibility. We discuss the business context for this evolutionary data integration and tell you how to architect and design an enterprise data synchronization approach. By telling you everything about Directory Integrator's component structure and then applying all the techniques in two comprehensive business scenarios, we build a formidable base for your own data integration and synchronization projects. This book is a valuable resource for security administrators and architects who want to understand and implement a directory synchronization project.

This IBM Redbook provides IT architects, IT specialists, and administrators with the critical knowledge to design, develop, implement, deploy, and manage multiple consumer direct and B2B direct stores based on the Extended Sites model using WebSphere Commerce V5.6.1. This book includes: - An introduction to the WebSphere Commerce Extended Sites model - An ITSO Extended Sites example, including a business requirements analysis and solution design - How to implement a team development environment, customize a store profile, and build, deploy, and manage multiple stores - How to manage an Extended Sites hub, hub organization, and hosted stores - How to manage an Extended Sites B2B direct store and organizations - How to manage an Extended Sites consumer direct store and organizations The appendixes include procedures and tips for WebSphere Commerce implementation, WebSphere Commerce Developer implementation, common procedures, and error handling scenarios.

This IBM Redbook describes the z/OS Security Services provided by z/OS as of z/OS 1.6. As this is a vast subject and some of these services have already been addressed by other redbooks, usually in the OS/390–z/OS 1.2 time frame, we concentrate on new services or services that have gone under a noticeable evolution since they were described in previous redbooks, and we provide simple examples of utilization. The first chapter is a summary of all Security Services available in z/OS 1.6 today. This book addresses the enhancements in RACF Security Services in the domains of the Unix Security Services, the digital certificate handlings, and the more traditional Program Access to Data Sets (PADS) function, which have all been enhanced to better match the eBusiness needs in terms of compliance with standards and improved security. Note that RACF Multilevel Security (MLS) is also introduced in this book, with a practical example of its application to TCP/IP Security.

The identity and access management solutions described in this IBM Redbook include the following key areas: User provisioning: Develop a portlet interface for self-care (user and account management), and approval of user provisioning requests by utilizing the Tivoli Identity Manager (TIM) APIs, services, workflow and policies. Tivoli Directory Integrator Assembly Lines and connectors are used to provision users to an LDAP directory, DB2 UDB database, and DB2 Content Manager. Authentication: Provide an integrated single sign-on (SSO) authentication solution using Tivoli Access Manager, and related technologies such as trusted association interceptor (TAI), Credential Vault, and LtpaToken. Authorization: Manage user access control through TIM provisioning policies and role mapping with products that have access models such as Tivoli Access Manager, WebSphere Portal, and DB2 Content Manager. First, we describe the key concepts, benefits, and architecture of an identity and access management solution. Then we present an end-to-end working example scenario for identity and access management system. The example includes business requirements, architecture, details for implementing the runtime and development environments, creation of Identity Manager policies and workflow, provisioning portlet development, deployment, and administration. Finally, we provide procedures to deploy and run the HR and document management applications used in the working example.

NFS Version 4 (NFS V4) is the latest defined client-to-server protocol for NFS. A significant upgrade from NFS V3, it was defined under the IETF framework by many contributors. NFS V4 introduces major changes to the way NFS has been implemented and used before now, including stronger security, wide area network sharing, and broader platform adaptability. This IBM Redbook is intended to provide a broad understanding of NFS V4 and specific AIX NFS V4 implementation details. It discusses considerations for deployment of NFS V4, with a focus on exploiting the stronger security features of the new protocol. In the initial implementation of NFS V4 in AIX 5.3, the most important functional differences are related to security. Chapter 3 and parts of the planning and implementation chapters in Part 2 cover this topic in detail.

Portals provide a personalized single point of access to applications, content, and processes through a Web interface. Secure portal solutions are needed to address common security challenges such as authentication, authorization, and single sign-on. This IBM Redbook and sample code will provide IT architects, developers, IT specialists, and administrators with the critical knowledge to design, develop, deploy, and manage a secure portal solution using IBM Tivoli Access Manager V5.1.0.2 and IBM WebSphere Portal V5.0.2.1. Part 1, "Introduction to secure portal solutions", introduces key concepts and provides an in-depth look at the secure portal solution architecture, topology selection, design, and integration guidelines. Part 2, "ITSO working example secure portal solution", describes how to implement an end-to-end secure portal solution. This part includes a business scenario, requirements, design, implementation of the runtime and development environments, application development and deployment, and administration of the secure portal solution.