IBM Tivoli Access Manager for Operating Systems V6.0 provides centralized auditing and simplified policy management for UNIX and Linux environments

IBM United States Software Announcement 206-089
April 18, 2006

 

 ENUS206-089.PDF (79KB)

Table of contents   Document options  
TOC link At a glance TOC link Publications
TOC link Overview TOC link Technical information
TOC link Key prerequisites TOC link IBM Tivoli Enhanced Value-Based Pricing
TOC link Planned availability dates TOC link Ordering information
TOC link Description TOC link Terms and conditions
TOC link Product positioning TOC link Prices
TOC link Education support TOC link Order now
TOC link Offering Information  
 
Printable version Printable version

 
At a glance

New features reinforce IBM Tivoli Access Manager for Operating Systems V6.0 as a leading UNIX and Linux security system. V6.0 new features include:

  • Additional operating system support, including:
    • AIX® V5.3, Sun Solaris 2.10, and HP-UX 11i v2 on PARISC
    • Novell Linux Desktop 9 (x86)
    • SUSE Linux Enterprise Server 9 and Red Hat Enterprise Linux 3 and 4 (x86, IBM zSeries®, and IBM POWER™ pSeries®, and iSeries™)
    • SUSE Linux Enterprise Server 9 and Red Hat Enterprise Linux 4 (AMD64 and EM64T architectures)
  • Comprehensive audit data collection and reporting facilities
  • Multibranch policy management, which helps reduce administrative effort and supports more consistent policy definition and enforcement for similar objects
  • Improved installation and configuration facilities, which provide more comprehensive error checking

For ordering, contact:

Your IBM representative, an IBM Business Partner, or IBM Americas Call Centers at 800-IBM-CALL (Reference: YE001).
 
Back topBack to top
 

Overview

A simple-to-use, policy-based security system, IBM Tivoli® Access Manager for Operating Systems (AMOS) can securely lock down business-critical applications, files, and operating platforms to help prevent unauthorized access. This security capability helps block both insiders and outsiders from unauthorized access to and use of valuable customer, employee, and business partner data.

In addition, AMOS audits application and platform activity.

Product highlights:

  • Helps defend against the top security threat that enterprises face: misbehavior by internal users and employees
  • Delivers mainframe-class security and auditing in a lightweight, easy-to-use product
  • Combines full-fledged intrusion prevention, host-based firewall, application and platform protection, user tracking and controls, password strength enforcement rules with robust auditing and compliance checking
  • Provides comprehensive auditing to record compliance with government regulations, corporate policy, and other security mandates
  • Provides multibranch policy management, which helps reduce administration costs and errors, making governance more effective and efficient

AMOS helps erect a secure perimeter around sensitive resources to restrict access regardless of a user's administrative status. This security solution addresses many system vulnerabilities, including those associated with UNIX® and Linux™ super user or "root" accounts. Most security failures in UNIX and Linux environments are a direct result of super user account abuse or a hacker who gains access to this account. AMOS provides these controls without adding the administrative burden of changing your business processes.

In addition, to help you comply with your audit requirements, AMOS provides a comprehensive audit log facility, including an interface to the Tivoli Common Auditing and Reporting Service (CARS), a centralized repository of auditing data featuring preconfigured reporting. CARS helps you more easily and efficiently comply with corporate protocols.

AMOS shares a common set of services with the other Tivoli Access Manager products. These products all use and ship the same set of shared services, including a central security policy manager, a central credential directory, common audit reporting service, and common Web-based administrative interface.
 
Back topBack to top
 

Key prerequisites

Refer to the Hardware requirements and Software requirements sections.
 
Back topBack to top
 

Planned availability dates
  • April 21, 2006: Electronic software delivery
  • May 12, 2006: Media and documentation

 
Back topBack to top
 
Description

Employees, not hackers or viruses, present the chief threat to IT security. Internal users account for the majority of cyber-theft. They know where the most valuable data resides and at which times it is most vulnerable.

IBM Tivoli Access Manager for Operating Systems (AMOS) V6.0 provides a security server engine for the UNIX, Red Hat and SUSE Linux, and Linux for zSeries operating systems. This engine provides security services that can be applied to one or more users of a UNIX system. However, conventional UNIX operating-system design requires a super user ID (usually a single predefined ID, also called a root user, with a unique level of privilege that allows bypass of standard UNIX security checks) for most administrative operations. This can open the UNIX platform to vulnerabilities as a super user gains access capabilities with few, if any, restrictions. Also, with the complexity of managing access to the UNIX operating system from multiple vendors, UNIX security can become as expensive as it is risk-laden. AMOS V6.0 offers a policy-based solution to address this security issue with UNIX and Linux. It also provides interoperability within the security and management portfolio offered by IBM.

AMOS V6.0 intercepts system calls and uses the identity of the accessor to make a policy decision on whether the access should proceed. This is achieved through standard interfaces into the operating system that avoid the need for kernel recompiles or complicated install mechanisms. At the same time, this interaction with the operating system provides very high levels of policy control.

AMOS V6.0 introduces a comprehensive audit data capture and reporting framework to help address audit and governance requirements for production in UNIX and Linux systems.

Why UNIX needs extra security

UNIX and Linux system access control is made difficult by the super user (root) administration model.

Applications provide their own level of access control. For example, a database application may provide table-level access controls. The ability to determine table-level access in a database is a commendable security measure, but it is ineffective if a root user can simply delete the file system on which the database resides. An unrestricted root user can also modify or destroy audit and other records that would otherwise show what had happened. AMOS V6.0 can help prevent this kind of damage, whether malicious or accidental. It does this without requiring changes in administrative practices (such as a file can be prevented from root user damage without forcing the administrator to use some alternative ID), without impacting or altering applications, and typically with negligible impact on system performance.

AMOS V6.0 can provide significant performance improvements over other UNIX solutions through a multi-threaded design. UNIX operating system resources that can be protected are defined by resource types such as File, NetOutgoing, NetIncoming, Login, Password, Surrogate, and TCB.

The IBM Tivoli Access Manager policy server represents a core technology for IBM Tivoli security products. This sophisticated and versatile security server is used in other IBM Tivoli security products to provide access control implementations for many environments. Examples include Web traffic, IBM WebSphere® MQ messaging, and securing custom applications through the publication of an industry-standard Application Programming Interface (API). All components of the management server and the Web GUI for managing AMOS V6.0 are included in this program.

This release extends the AMOS sphere of control to include the latest versions of Linux on the IBM eServer zSeries. This is significant because it provides RACF®-style authorization to an area of the mainframe not protected by RACF and similar mainframe security products.

V6.0 of AMOS introduces multi-dimensional policy management. This will allow administrators to define access policy based on several different attributes of a resource. This can significantly reduce administrative effort when dealing with similar (but not identical) resources. Reducing administrative effort, and removing the need to keep similar sets of policy in sync, also helps improve the accuracy of the security policy defined.

The Access Manager family of products protects business applications from multiple angles. In conjunction with this release of AMOS, IBM provides fast start access control policy profiles available via the Web. These ready-made profiles help customers rapidly protect critical operating system resources used by key middleware applications. AMOS provides many different ways to protect applications and data. A profile provides an advance starting point for securing the operating environment, which customers can customize for their specific environment.

The available profiles include examples of policy designed to address the following types of controls:

  • Prevent set user access to the privileged user IDs
  • Prevent privileged application administrator IDs from being used to compromise the rest of the system
  • Restrict access to application audit logs
  • Restrict access to applications and data to authorized users
  • Prevent unauthorized change to application static and dynamic data
  • Restrict access to an application's well-known TCP/IP ports
  • Restrict access to the services on which the applications depend

Installation of AMOS has always been relatively straightforward. This release provides more rigorous error condition checking during installation and configuration to help ensure faster and more accurate deployment.

Accessibility by people with disabilities

A U.S. Section 508 Voluntary Product Accessibility Template (VPAT) can be requested via IBM's Web site at

Section 508 of the U.S. Rehabilitation Act

Access Manager for Operating Systems is capable as of May 12, 2006, when used in accordance with IBM's associated documentation, of satisfying the applicable requirements of Section 508 of the Rehabilitation Act, provided that any assistive technology used with the product properly interoperates with it. A U.S. Section 508 Voluntary Product Accessibility Template (VPAT) can be requested via IBM's Web site at


 
Back topBack to top
 
Product positioning

AMOS is a member of the Tivoli Access Manager family. It utilizes the same centralized, Web-based administration system as the rest of the Tivoli Access Manager family. It interoperates with Tivoli Identity Manager (for administration), and with Tivoli Risk Manager and Tivoli Enterprise™ Console (for event management).

AMOS brings granular, user identity-based access control and auditing services to the UNIX and Linux operation system environments.

Trademarks

 
iSeries, POWER, and Tivoli Enterprise are trademarks of International Business Machines Corporation in the United States or other countries or both.
 
The e-business logo, Tivoli, AIX, pSeries, zSeries, WebSphere, and RACF are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
UNIX is a registered trademark of the Open Company in the United States and other countries.
 
Linux is a trademark of Linus Torvalds in the United States, other countries or both.
 
Other company, product, and service names may be trademarks or service marks of others.

 
Back topBack to top
 
Education support

Training is available, or will be available, for IBM Tivoli® products. Education is offered through IBM Global Services — IT Education Services and through IBM Tivoli Software Authorized Training Providers.

IBM Global Services — IT Education Services provides education to support many IBM offerings. Descriptions of courses for IT professionals and managers are on the IBM IT Education Services Web site

Refer to the IBM IT Education Services Web site for information on course locations and availability dates.

For current information on IBM Tivoli software education, visit

Current schedule information for IBM Tivoli training is available at


 
Back topBack to top
 
Offering Information

Product information is available via the Offering Information Web site

Also, visit the Passport Advantage® Web site


 
Back topBack to top
 
Publications

The following English publications may be downloaded at planned general availability from the following Web site

National language publications be may be downloaded 60 days after planned general availability from the same Web site.

English:

  • Release Notes (GI11-4615-00)
  • Installation Guide (SC32-1710-00)
  • Administration Guide (SC32-1709-00)
  • Problem Determination Guide (SC32-1711-00)

 
Back topBack to top
 
Technical information

Specified operating environment

Hardware requirements

Minimum/recommended disk space and memory requirements for IBM Tivoli Access Manager for Operating Systems V6.0 (AMOS) follow:

                             Minimum      Recommended
 
AMOS Runtime -- disk         260 MB       360 MB
 space
AMOS Runtime -- memory       128 MB       512 MB
AMOS base servers --         101 MB       226 MB
 disk space --
 excluding WebSphere(R)
AMOS base servers --         224 MB       576 MB
 memory -- excluding
 WebSphere

Software requirements

IBM Directory Server V6.0, and portions of both IBM WebSphere Application Server V6.0 and IBM Access Manager for e-business V6.0 are included for use restricted to Tivoli Access Manager for Operating Systems V6.0.

IBM Tivoli Access Manager for Operating Systems V6.0 supports the following operating systems:

IBM Tivoli Access Manager for Operating Systems Runtime V6.0:

  • IBM AIX® on POWER™ and RS/6000® 5.1, 5.2, 5.3 (32- and 64-bit kernels)
  • Sun Solaris on SunSparc 2.8, 2.9 (32- and 64-bit kernels) 2.10 (64-bit kernel)
  • HP-UX on PA-RISC 11i v1 (11.11) (32- and 64-bit kernels), 11i v2 (B11.23) (64-bit kernel)
  • SUSE Linux™ Desktop 1.0 for 32-bit x86
  • Novell Linux Desktop 9.0 for 32-bit x86
  • SUSE Linux Enterprise Server 8 for 32-bit x86
  • SUSE Linux Enterprise Server 8 for s390 and zSeries® (31- and 64-bit kernels)
  • SUSE Linux Enterprise Server 8 for POWER (64-bit kernel)
  • SUSE Linux Enterprise Server 9 for 32-bit x86
  • SUSE Linux Enterprise Server 9 for s390 and zSeries (31- and 64-bit kernels)
  • SUSE Linux Enterprise Server 9 for POWER (64-bit kernel)
  • SUSE Linux Enterprise Server 9 for AMD64 and EM64T (64-bit kernel)
  • Red Hat Enterprise Linux Server 3.0 for 32-bit x86
  • Red Hat Enterprise Linux Server 3.0 for s390 and zSeries (31- and 64-bit kernels)
  • Red Hat Enterprise Linux Server 3.0 for POWER (64-bit kernel)
  • Red Hat Enterprise Linux Server 4.0 for 32-bit x86
  • Red Hat Enterprise Linux Server 4.0 for s390 and zSeries (31- and 64-bit kernels)
  • Red Hat Enterprise Linux Server 4.0 for POWER (64-bit kernel)
  • Red Hat Enterprise Linux Server 4.0 for AMD64 and EM64T (64-bit kernel)

Access Manager base components — Authorization Server, Policy Proxy Server, Policy Server, and Web Portal Manager:

  • IBM AIX on POWER and RS/6000 5.1, 5.2, 5.3 (32- and 64-bit kernels)
  • Sun Solaris on SunSparc 2.8, 2.9 (32- and 64-bit kernels) 2.10 (64-bit kernel)
  • HP-UX on PA-RISC 11i v1 (11.11) (32- and 64-bit kernels)
  • Microsoft™ Windows™ 2003 Standard Edition (x86, AMD64/EM64T)
  • Microsoft Windows 2003 Enterprise Edition (x86, AMD64/EM64T)
  • SUSE Linux Enterprise Server 8 for 32-bit x86
  • SUSE Linux Enterprise Server 8 for s390 and zSeries (31- and 64-bit kernels)
  • SUSE Linux Enterprise Server 8 for POWER (64-bit kernel)
  • SUSE Linux Enterprise Server 9 for 32-bit x86
  • SUSE Linux Enterprise Server 9 for s390 and zSeries (31- and 64-bit kernels)
  • SUSE Linux Enterprise Server 9 for POWER (64-bit kernel)
  • SUSE Linux Enterprise Server 9 for AMD64 and EM64T (64-bit kernel)
  • Red Hat Enterprise Linux Server 3.0 for 32-bit x86
  • Red Hat Enterprise Linux Server 3.0 for s390 and zSeries (31- and 64-bit kernels)
  • Red Hat Enterprise Linux Server 3.0 for POWER (64-bit kernel)
  • Red Hat Enterprise Linux Server 4.0 for 32-bit x86
  • Red Hat Enterprise Linux Server 4.0 for s390 and zSeries (31- and 64-bit kernels)
  • Red Hat Enterprise Linux Server 4.0 for POWER (64-bit kernel)
  • Red Hat Enterprise Linux Server 4.0 for AMD64 and EM64T (64-bit kernel)

Common Auditing and Reporting Service server is a 32-bit (31-bit for Linux on zSeries) application that supports the following operating systems:

  • IBM AIX on POWER and RS/6000 5.1, 5.2, 5.3 (32- and 64-bit kernels)
  • Sun Solaris on SunSparc 2.8, 2.9 (32- and 64-bit kernels)
  • HP-UX on PA-RISC 11i v1 (11.11) (32- and 64-bit kernels)
  • Microsoft Windows 2003 Standard Edition (x86)
  • Microsoft Windows 2003 Enterprise Edition (x86)
  • SUSE Linux Enterprise Server 8 for 32-bit x86
  • SUSE Linux Enterprise Server 8 for s390 and zSeries (31- and 64-bit kernels)
  • SUSE Linux Enterprise Server 8 for POWER (64-bit kernel)
  • Red Hat Enterprise Linux Server 3.0 for 32-bit x86
  • Red Hat Enterprise Linux Server 3.0 for s390 and zSeries (31- and 64-bit kernels)
  • Red Hat Enterprise Linux Server 3.0 for POWER (64-bit kernel)

Common Auditing and Reporting Service C client is a 32-bit (31-bit for Linux on zSeries) module that supports the following operating systems:

  • IBM AIX on POWER and RS/6000 5.1, 5.2, 5.3 (32- and 64-bit kernels)
  • Sun Solaris on SunSparc 2.8, 2.9 (32- and 64-bit kernels) 2.10 (64-bit kernel)
  • HP-UX on PA-RISC 11i v1 (11.11) (32- and 64-bit kernels), 11i v2 (B11.23) (64-bit kernel)
  • SUSE Linux Desktop 1.0 for 32-bit x86
  • Novell Linux Desktop 9.0 for 32-bit x86
  • SUSE Linux Enterprise Server 8 for 32-bit x86
  • SUSE Linux Enterprise Server 8 for s390 and zSeries (31-and 64-bit kernels)
  • SUSE Linux Enterprise Server 8 for POWER (64-bit kernel)
  • SUSE Linux Enterprise Server 9 for 32-bit x86
  • SUSE Linux Enterprise Server 9 for s390 and zSeries (31- and 64-bit kernels)
  • SUSE Linux Enterprise Server 9 for POWER (64-bit kernel)
  • SUSE Linux Enterprise Server 9 for AMD64 and EM64T (64-bit kernel)
  • Red Hat Enterprise Linux Server 3.0 for 32-bit x86
  • Red Hat Enterprise Linux Server 3.0 for s390 and zSeries (31- and 64-bit kernels)
  • Red Hat Enterprise Linux Server 3.0 for POWER (64-bit kernel)
  • Red Hat Enterprise Linux Server 4.0 for 32-bit x86
  • Red Hat Enterprise Linux Server 4.0 for s390 and zSeries (31- and 64-bit kernels)
  • Red Hat Enterprise Linux Server 4.0 for POWER (64-bit kernel)
  • Red Hat Enterprise Linux Server 4.0 for AMD64 and EM64T (64-bit kernel)

Planning information

Software Maintenance, previously referred to as Software Subscription and Technical Support, is included in the Passport Advantage Agreement. Installation and technical support is provided by the Software Maintenance offering of the IBM International Passport Advantage Agreement. This fee service enhances customer productivity, with voice and electronic access into IBM support organizations.

Packaging

Tivoli Access Manager for Operating Systems is distributed with:

  • International Program License Agreement (Z125-3301)
  • Read This First card
  • CD-ROMs

Security, auditability, and control

Access Manager for Operating Systems uses the security and auditability features of the operating system software and the Tivoli Management Framework.

The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.
 
Back topBack to top
 

IBM Tivoli Enhanced Value-Based Pricing

IBM Tivoli software products are priced using IBM Tivoli's Enhanced Value-Based Pricing. The Enhanced Value-Based Pricing system is based upon the IBM Tivoli Environment-Managed Licensing Model, which uses a managed-environment approach — whereby price is determined by what is managed rather than the number and type of product components installed.

For example, all servers monitored with IBM Tivoli's monitoring product (IBM Tivoli Monitoring) require entitlements sufficient for those servers. Other IBM Tivoli products may manage clients, client devices, agents, network nodes, users, or other items, and are licensed and priced accordingly.

Unlike typical systems management licensing models that require entitlements of specific software components to specific systems, the IBM Tivoli Environment-Managed Licensing Model provides the customer flexibility to deploy its IBM Tivoli software products within its environment in a manner that can address and respond to the customer's evolving architecture. That is, as the architecture of a customer's environment changes, the customer's implementation of IBM Tivoli software can be altered as needed without affecting the customer's license requirements (as long as the customer does not exceed its entitlements to the software).

Under Enhanced Value-Based Pricing, licensing and pricing of server-oriented applications are determined based upon the server's use in the customer's environment. Typically, such applications are licensed and priced in a manner that corresponds to each installed and activated processor of the server managed by the IBM Tivoli application to help correlate price to value while offering a simple solution.

Where a server is physically partitioned, this approach is modified. This partitioning technique is the approach used with systems that have either multiple cards or multiple frames, each of which can be configured independently. For servers capable of physical partitioning (for example, IBM's pSeries® Scalable POWERparallel® Systems servers, Sun Ultra servers, and HP Superdome servers), an entitlement is required for each processor in the physical partition being managed by the IBM Tivoli application. For example, assume that a server has 24 processors installed in aggregate. If this server is not partitioned, entitlements are required for all 24 processors. If, however, it is physically partitioned into three partitions each containing eight processors, and Tivoli products were managing only one of the three partitions, then entitlements would be required for the eight processors on the physical partition managed by the IBM Tivoli application.

For servers with virtual or logical partitions, entitlements are required for all installed and activated processors on the server. For each IBM Tivoli application managing a clustered environment, licensing is based on the cumulative number of installed and activated processors on each server in the cluster for each IBM Tivoli application managing the cluster. Where the cluster includes physically partitioned servers, the considerations described above concerning physically partitioned servers apply as well.

Enhanced Value-Based Pricing recognizes the convergence of RISC/UNIX® and Microsoft Windows/Intel® technologies, in order to simplify the customer's licensing requirements, and to provide a smoother, more scalable model. Pricing and licensing does not differentiate between non-zSeries server platforms or operating systems. For some products, this platform neutrality extends to zSeries and other host servers as well.

IBM Tivoli Enhanced Value-Based Pricing terminology definitions

Processor

A processor is a functional unit in a computer that interprets and executes instructions. A processor consists of at least an instruction control unit and an arithmetic and logic unit.

Server

A server is a computer system that executes requested procedures, commands, or applications to one or more clients and/or other devices over a network. Examples include, but are not limited to, file servers, print servers, mail servers, database servers, application servers, and Web servers.

Standby or backup systems

For programs running or resident on backup machines, IBM defines three types of situations: cold, warm, and hot. In the cold and warm situations, a separate entitlement for the copy on the backup machine is normally not required and typically no additional charge applies. In a hot backup situation, the customer needs to acquire another license or entitlement sufficient for that server. All programs running in backup mode must be solely under the customer's control, even if they are running at another enterprise's location.

As a practice, the following are definitions and allowable actions concerning the copy of the program used for backup purposes:

Cold — A copy of the program may reside, for backup purposes, on a machine as long as the program is not started. There is no additional charge for this copy.

Warm — A copy of the program may reside for backup purposes on a machine and is started, but is idling, and is not doing any work of any kind. There is no additional charge for this copy.

Hot — A copy of the program may reside for backup purposes on a machine, is started, and is doing work. The customer must acquire a license or entitlement for this copy and there will generally be an additional charge.

Doing work, includes, for example, production, development, program maintenance, and testing. It also could include other activities such as mirroring of transactions, updating of files, synchronization of programs, data or other resources (for example, active linking with another machine, program, database, or other resource, and so on), or any activity or configurations that would allow an active hot switch or other synchronized switch over between programs, databases, or other resources to occur.

In the case of a program or system configuration that is designed to support a high availability environment by using various techniques (for example, duplexing, mirroring of files or transactions, maintaining a "heartbeat," active linking with another machine, program, database, or other resource, and so on), the program is considered to be doing work in the hot situation and a license or entitlement must be purchased.

Value Units

A Value Unit is a metric used to compute license quantities, is program specific, and is typically only used on products managing zSeries systems.

Product Web site

A complete list of IBM Tivoli products is available at Web site

Licensing Web site

IBM Tivoli product licensing documents are available at Web site

Passport Advantage: Through the Passport Advantage Agreement, customers may receive discounted pricing based on their total volume of eligible products, across all IBM brands, acquired worldwide. The volume is measured by determining the total "Passport Advantage points value" of the applicable acquisitions. Passport Advantage points are only used for calculating the entitled Passport Advantage discount.

To determine the required Tivoli product configuration under Passport Advantage, the Tivoli Enhanced Value-Based Pricing Model applies. The customer's environment is evaluated on a per-product basis.

Use the following two-step process to determine the total "Passport Advantage points value":

  1. Analyze the customer environment to determine the number of Tivoli Management Points or other charge unit for a product. The quantity of each product's part number to be ordered is determined by that analysis.
  2. Order the Passport Advantage part numbers. A Passport Advantage point value, which is the same worldwide for a specific part number regardless of where the order is placed, is assigned to each Tivoli product part number. The Passport Advantage point value for the applicable part number multiplied by the quantity for that part number will determine the Passport Advantage points for that Tivoli product part number. The sum of these Passport Advantage points determines the "Passport Advantage point value" of the applicable Tivoli product authorizations, which then may be aggregated with the point value of other applicable Passport Advantage product acquisitions to determine the total "Passport Advantage points value."

The discounted pricing available through Passport Advantage is expressed in the form of Suggested Volume Prices (SVPs), which vary depending on the SVP level. Each SVP level is assigned a minimum total Passport Advantage point value, which must be achieved, in order to qualify for that SVP level.

Media packs and documentation packs do not carry Passport Advantage points and are not eligible for SVP discounting.

For additional information on Passport Advantage, refer to the following Web site

The following Passport Advantage part number categories may be ordered:

  • License and Software Maintenance 12 Months — this is the product authorization with maintenance to the first anniversary date.
  • Annual Software Maintenance Renewal — this is the maintenance renewal for one anniversary that applies when a customer renews their existing coverage period prior to the anniversary date at which it expires.
  • Software Maintenance Reinstatement 12 Months — this is for customers who have allowed their Software Maintenance to expire, and later wish to reinstate their Software Maintenance.
  • Media packs — these are the physical media, such as CD-ROMs, that deliver the product's code.

Exceptions to the Environment-Managed Licensing Model: IBM Tivoli products are priced based on the Environment-Managed Licensing Model and follow the definitions laid out in the Definitions section of this announcement, with the following exceptions:

  1. IBM Tivoli Access Manager for e-business

    Count either the number of registered users or the number of processors in the server in which IBM Tivoli Access Manager for e-business runs, but not both.

  2. IBM Tivoli Identity Manager

    Count either the number of registered users or the number of processors in the server in which IBM Tivoli Identity Manager runs, but not both.

  3. IBM Tivoli Access Manager for Operating Systems

    Count the processors in each system to be secured that operates with a UNIX-based operating system, including both clients and servers.

Pricing examples

IBM Tivoli Access Manager for Operating Systems

The following customer network applies to all of the examples to enable the reader to see where products tend to manage something less than the entire environment. The customer's overall network environment includes:

Distributed servers:

  • 20 uniprocessors (15 with WebSphere MQ Server and five with WebSphere MQ client)
  • 65 2-way servers (44 with WebSphere MQ Server; 20 with WebSphere MQ client; and one with WebSphere MQ Server and WebSphere Business Integration Event Broker)
  • 12 4-way servers (all with WebSphere MQ Server)
  • One 8-way server with WebSphere Business Integration Event Broker
  • One 12-way server with two virtual or logical partitions
  • One 14-way server
  • One 16-way Sun Ultra server with two 8-way physical partitions (only one of which is managed by Tivoli applications)
  • One 24-way server

Others:

  • One z800 server with two processors running Linux
  • One 1,500 MSU zSeries server
  • 1,500 clients
  • 100 network nodes

The customer wants to secure its distributed servers with UNIX operating systems (one 8-way, one 14-way, one 24-way) and 50 clients (technical workstations, each with two processors).

                       Quantity          Processor
Systems                in customer       entitlements
managed                environment       required
 
8-way                   1                  8
14-way                  1                 14
24-way                  1                 24
2-way (technical       50                100
 workstations)
Total Processor                          146
 Entitlements

Note: All UNIX systems require the per-processor charge, whether they are clients or servers.
 
Back topBack to top
 

Ordering information

This product is only available via Passport Advantage. It is not available as shrinkwrap.

Product information

Licensed
function                    Product         Product
title                       group           category
 
Tivoli Access Manager       Tivoli          Tivoli Access
 for Operating               Security        Mgr E-Business
 Systems
 
 
Program                     PID             Charge unit
name                        number          description
 
Tivoli Access Manager       5698-PDO        Managed
 for Operating                               Processors
 Systems

Charge metrics definitions

Processor

In Full Capacity charging, Proofs of Entitlement (PoEs) must be acquired for all activated "processors" (available for use) that are on the server where the program or a component of the program is run.

  1. If there are program components included in the offering whose function is not to be included in the charge metric, these must be listed in the Program-unique Terms of the License Information.
  2. IBM defines a physical processor in a computer as a functional unit that interprets and executes instructions. A physical processor consists of at least an instruction control unit and one or more arithmetic and logic units.
  3. Multi-core technology allows two or more processors (commonly called "cores") to be active on a single silicon chip. Unless otherwise announced, with multi-core technology, IBM considers each "core" to be a physical processor. For example, in a dual-core chip, there are two physical processors residing on the single silicon chip.
  4. In the zSeries' Integrated Facility for Linux (IFL) environment, each IFL engine is considered a single "physical processor."
  5. Threading, a technique which makes a single processor seem to perform as two or more, does not affect the count of physical processors.
  6. Where "blade" technology is employed, each "blade" is considered a separate server and charging is based upon the total number of processors on the blade on which the program is run.

"Per managed processor"

Charges are based on the activated processors on the machines in the computing environment affiliated with the program rather than on the server where the program is run. The managed processors which require PoEs are defined both in the Prices section of the announcement or the License Information's Program-unique Terms.

  1. If there are program components included in the offering whose function is not to be included in the charge metric, these must be listed in the Program-unique Terms of the License Information.
  2. IBM defines a physical processor in a computer as a functional unit that interprets and executes instructions. A physical processor consists of at least an instruction control unit and one or more arithmetic and logic units.
  3. Multi-core technology allows two or more processors (commonly called "cores") to be active on a single silicon chip. Unless otherwise announced, with multi-core technology, IBM considers each "core" to be a physical processor. For example, in a dual-core chip, there are two physical processors residing on the single silicon chip.
  4. The program may not run on some or all of the processors for which PoEs are required by the program's valuation method.
  5. In the zSeries' Integrated Facility for Linux (IFL) environment, each IFL engine is considered a single "physical processor."
  6. Threading, a technique that makes a single processor seem to perform as two or more, does not affect the count of physical processors.
  7. Where "blade" technology is employed, each "blade" is considered a separate server and charging is based upon the total number of processors on the blade with which the program is affiliated.

Passport Advantage customer: Media pack entitlement details

Customers with active maintenance or subscription for the product listed are entitled to receive the corresponding media pack.

IBM Tivoli Access Manager for Operating Systems V6.0.0

Entitled maintenance     Media packs              Part
offerings description    description              number
 
IBM Tivoli Access        IBM Tivoli Access        BJ0H3ML
 Manager for Operating    Manager for Operating
 Systems                  Systems V6.0.0 Media
                          Pack CD ROM
                          Multilingual

New licensees: Orders for new licenses will be accepted now.

Shipment will begin on the planned availability date.

Basic license

Ordering information for Passport Advantage: Passport Advantage allows you to have a common anniversary date for Software Maintenance renewals, which can simplify management and budgeting for eligible new versions and releases (and related technical support) for your covered products. The anniversary date, established at the start of your Passport Advantage Agreement, will remain unchanged while your Passport Advantage Agreement remains in effect. New software purchases will initially include 12 full months of maintenance coverage. Maintenance in the second year (the first year of renewal) can be prorated to be coterminous with your common anniversary date. Thereafter, all Software Maintenance will renew at the common anniversary date and include 12 full months of maintenance.

Refer to the IBM International Passport Advantage Agreement and to the IBM Software Maintenance Handbook for specific terms relating to, and a more complete description of, technical support provided through Software Maintenance.

The quantity to be specified for the Passport Advantage part numbers in the following table is per processor. To order for Passport Advantage, specify the desired part number and quantity.

Passport Advantage Program Licenses

Tivoli Access Manager for Operating Systems

Part                                    Part
description                             number
 
Tivoli Access Manager for               D512TLL
 Operating Systems Managed
 Proc(s) License and SW
 Maintenance 12 Months
Tivoli Access Manager for               E009QLL
 Operating Systems Managed
 Proc(s) SW Maintenance Annual
 Renewal
Tivoli Access Manager for               D512VLL
 Operating Systems Managed
 Proc(s) SW Maintenance
 Reinstatement 12 Months
Tivoli Access Manager for               D54EGLL
 Operating Systems for Linux Z
 Managed Proc(s) License and SW
 Maintenance 12 Months
 
Part                                    Part
description                             number
 
Tivoli Access Manager for               E01JCLL
 Operating Systems for Linux Z
 Managed Proc(s) SW Maintenance
 Annual Renewal
 
Tivoli Access Manager for               D54EHLL
 Operating Systems for Linux Z
 Managed Proc(s) SW Maintenance
 Reinstatement 12 Months

To order a media pack for Passport Advantage, specify the part number in the desired quantity from the following table:

                                        Part
Description                             number
 
IBM Tivoli Access Manager for           BJ0H3ML
 Operating Systems
 V6.0.0 CD-ROM

Access Manager for Operating Systems is also available via Web download from Passport Advantage.

On/Off Capacity on Demand

Tivoli Access Manager for Operating Systems

Part                                    Part
description                             number
 
AMOS Processor Day Per Use-day,         ASQ00LL
 On Off Capacity on
 demand Temporary
 Use Ch

 
Back topBack to top
 
Terms and conditions

This product is only available via Passport Advantage. It is not available as shrinkwrap.

Licensing: IBM International Program License Agreement. PoEs are required for all authorized use.

Part number products only, offered outside of Passport Advantage, where applicable, are license only and do not include Software Maintenance.

This software license includes Software Maintenance, previously referred to as Software Subscription and Technical Support.

License information form number

Program                  Program        Form
name                     number         number
 
Access Manager for       5698-PDO       GC23-5619-00
 Operating Systems

On or near the planned availability date, the LI will be available for review on the IBM Software License Agreement Web site

Limited warranty: Yes

Warranty: This program includes a warranty for one year from acquisition from IBM or an authorized IBM Business Partner. For one year from acquisition of the program, this warranty provides the customer with access to databases containing program information and FAQs, including any known fixes to defects, which the customer can download or otherwise obtain and install.

Program technical support: Technical support of a program product will be available for a minimum of three years from the general availability date, as long as your Software Maintenance is in effect. This technical support allows you to obtain assistance (via telephone or electronic means) from IBM for product-specific, task-oriented questions regarding the installation and operation of the program product. Software Maintenance also provides you with access to updates, releases, and versions of the program. Customers will be notified, via announcement letter, of discontinuance of support with 12 months' notice. If you require additional technical support from IBM, including an extension of support beyond the discontinuance date, contact your IBM representative or IBM Business Partner. This extension may be available for a fee.

Money-back guarantee: If for any reason you are dissatisfied with the program and you are the original licensee, return it within 30 days from the invoice date, to the party (either IBM or its reseller) from whom you acquired it, for a refund.

  • For programs acquired under the IBM International Passport Advantage offering, this term applies only to your first acquisition of the program.
  • For programs acquired under any of IBM's On/Off Capacity on Demand (On/Off CoD) software offerings, this term does not apply since these offerings apply to programs already acquired and in use by the customer.

Copy and use on home/portable computer: No

Volume orders (IVO): No

Passport Advantage applies: Yes, and through the Passport Advantage Web site at

Usage restriction: Yes. Usage is limited to the number of processors licensed.

For additional information, refer to the License Information Document that is available on the IBM Software License Agreement Web site

Software Maintenance applies: Yes

Software Maintenance, previously referred to as Software Subscription and Technical Support, is included in the IBM International Passport Advantage Agreement. Installation and technical support is provided by the Software Maintenance offering of the IBM International Passport Advantage Agreement. This fee service provides voice and electronic access to IBM support organizations.

IBM includes one year of Software Maintenance with the initial license acquisition of each program acquired. The initial period of Software Maintenance can be extended by the purchase of a renewal option, if available.

While your Software Maintenance is in effect, IBM provides you assistance for your routine, short duration installation and usage (how-to) questions; and code-related questions. IBM provides assistance via telephone and, if available, electronic access, only to your information systems (IS) technical support personnel during the normal business hours (published prime shift hours) of your IBM support center. (This assistance is not available to your end users.) IBM provides Severity 1 assistance 24 hours a day, every day of the year. For additional details, consult your IBM Software Support Guide at

Software Maintenance does not include assistance for the design and development of applications, your use of programs in other than their specified operating environment, or failures caused by products for which IBM is not responsible under this agreement.

For more information about the Passport Advantage Agreement, visit the Passport Advantage Web site at

iSeries™ Software Maintenance applies: No

Educational allowance available

Not applicable

On/Off CoD

To be eligible for On/Off CoD pricing, customers must be enabled for temporary capacity on the corresponding hardware, and the required contract — Z125-6907, Amendment for iSeries and pSeries Temporary Capacity On Demand — Software — must be signed prior to use.
 
Back topBack to top
 

Prices

Information on charges is available at Web site

In the Electronic tools category, select the option for "Purchase/upgrade tools."

Passport Advantage

For Passport Advantage information and charges, contact your IBM representative or authorized IBM Business Partner. Additional information is also available at

Business Partner information

If you are an IBM Business Partner — Distributor for Workstation Software acquiring products from IBM, you may link directly to Business Partner pricing information. An ID and password are required (use IBM ID).


 
Back topBack to top
 
Order now

To order, contact the Americas Call Centers, your local IBM representative, or your IBM Business Partner.

To identify your local IBM representative or IBM Business Partner, call 800-IBM-4YOU (426-4968).

 Phone:     800-IBM-CALL (426-2255)
 Fax:       800-2IBM-FAX (242-6329)
 Internet:  callserv@ca.ibm.com
 Mail:      IBM Americas Call Centers
            Dept. Teleweb Customer Support, 9th floor
            105 Moatfield Drive
            North York, Ontario
            Canada M3B 3R1
 
 Reference: YE001

The Americas Call Centers, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.

Note: Shipments will begin after the planned availability date.

Trademarks

 
POWER and iSeries are trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Tivoli, Passport Advantage, WebSphere, AIX, RS/6000, zSeries, POWERparallel, pSeries, and PartnerWorld are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Intel is a registered trademark of Intel Corporation.
 
Microsoft and Windows are trademarks of Microsoft Corporation.
 
UNIX is a registered trademark of the Open Company in the United States and other countries.
 
Linux is a trademark of Linus Torvalds in the United States, other countries or both.
 
Other company, product, and service names may be trademarks or service marks of others.

Back to topBack to top
 

 
Printable version Printable version  

Share this page

Digg Linked In

Contact IBM

Feedback

-->