IBM Tivoli Identity and Access Assurance V1.0

IBM United States Software Announcement 209-124
April 21, 2009

 
 ENUS209-124.PDF (141KB)

Table of contents   Document options  
At a glance At a glance Offering Information Offering Information
Overview Overview Publications Publications
Key prerequisites Key prerequisites Technical information Technical information
Planned availability date Planned availability date Software Services Software Services
Description Description Ordering information Ordering information
Product positioning Product positioning Terms and conditions Terms and conditions
Reference information Reference information  IBM  Electronic Services IBM Electronic Services
Program number Program number Prices Prices
Education support Education support Order now Order now
 
Printable version Printable version

 
Top rule
At a glance
Bottom rule

IBM® Tivoli® Identity and Access Assurance V1.0 provides a robust security solution with the following benefits:

  • Manage security and compliance risk posture
    • Help adhere to security policies and mandates
  • Streamline operational efficiency
    • Help reduce manual user administration and associated costs through automated on-boarding and off-boarding of users
    • Help reduce IT help desk calls via self service password reset
    • Help reduce time spent collecting logs through centralized log management
  • Can enhance user productivity
    • Automate initial granting of user access to applications
    • Enable access automation to applications via single sign-on
    • Enable efficient kiosk sharing while maintaining security and compliance
  • Monitor privileged users
    • Establish special controls and monitoring for users that carry elevated privileges or system special privileges
For ordering, contact:
Your IBM representative or an IBM Business Partner.  For more
information, contact the Americas Call Centers at
800-IBM-CALL (426-2255).
 
Reference: YE001

 
Back to topBack to top
 
Top rule
Overview
Bottom rule

IBM Tivoli Identity and Access Assurance V1.0 helps address today's organizational security challenges by administering, securing, and monitoring identities, roles, and entitlements with efficient lifecycle management, access controls, and compliance auditing.

Today, security is on the top of everyone's mind, in both the boardroom and in the data center. Not a day goes by without another data breach. These can impact the brand, bottom line, and customer base. Time spent managing security incidents and managing risks can take time away from focusing on strategic business objectives.

IBM Tivoli Identity and Access Assurance V1.0 can help you address compliance initiatives, operational costs (automate manual administrative tasks that can reduce help desk cost), operational security posture (administer and enforce user access to resources), and operational efficiencies (enhancing user productivity).

IBM Tivoli Identity and Access Assurance V1.0 capabilities:

  • Automated and policy-based user management solution that helps effectively manage user accounts.
  • Centralized authorization for Web and other applications.
  • Enterprise, Web, and federated single sign-on, inside, outside, and between organizations.
  • Integration with stronger forms of authentication (smart cards, tokens, one-time passwords, and so forth).
  • Policy-based access control of business critical applications, files, and operating platforms.
  • Automated monitoring, investigating, and reporting on user activity across the enterprise.

The IBM Tivoli Identity and Access Assurance V1.0 consists of the following components:

  • IBM Tivoli Identity Manager V5.0
  • IBM Tivoli Unified Single Sign-On V1.0
  • IBM Tivoli Access Manager for Operating Systems V6.0
  • IBM Tivoli Compliance Insight Manager V8.5

Refer to the Description section for additional details.


 
Back to topBack to top
 
Top rule
Key prerequisites
Bottom rule

Refer to the Hardware requirements section.


 
Back to topBack to top
 
Top rule
Planned availability date
Bottom rule

May 15, 2009 for electronic availability
May 22, 2009 for media availability

 
Back to topBack to top
 
Top rule
Description
Bottom rule

IBM Tivoli Identity and Access Assurance V1.0 components

IBM Tivoli Identity Manager V5.0

Tivoli Identity Manager provides an automated and policy-based solution that helps effectively manage user accounts, access permissions, and passwords from creation to termination across IT environments. It helps automate the processes of creating and provisioning or de-provisioning user privileges across heterogeneous IT resources throughout the entire user lifecycle.

Tivoli Identity Manager can help increase user efficiency, reduce IT administration costs, and manage compliance with your security policies with centralized user account maintenance (including self-service interfaces), delegated administration, automated approvals processing, periodic revalidation of user access rights, documentation of controls, and other standard reports. IBM Tivoli Identity Manager helps bridge the gap between how business users view their IT resources and the actual IT implementation of user access rights, maximize productivity of the various groups of users involved in identity management, and accelerate and simplify system deployment and ongoing administration.

IBM Tivoli Unified Single Sign-On V1.0

Tivoli Unified Single Sign-On enables you to realize the combined benefits of three leading single sign-on products: IBM Tivoli Access Manager for Enterprise Single Sign-On Suite, IBM Tivoli Federated Identity Manager, and Tivoli Access Manager for e-business.

In addition, Tivoli Federated Identity Manager enables compliance reporting in services oriented architecture (SOA) environments.

IBM Tivoli Access Manager for Operating Systems V6.0

Employees, not hackers or viruses, generally present the chief threat to IT security. Internal users account for the majority of cyber theft. They know where the most valuable data resides and at which times it is most vulnerable.

Tivoli Access Manager for Operating Systems provides a security server engine for the UNIX®, Red Hat, SUSE Linux®, and Linux for System z® operating systems. This engine provides security services that can be applied to one or more users of a UNIX system. However, conventional UNIX operating system design requires a super user ID (usually a single predefined ID, also called a root user, with a unique level of privilege that allows bypass of standard UNIX security checks) for most administrative operations. This can open the UNIX platform to vulnerabilities as a super user gains access capabilities with few, if any, restrictions. Also, with the complexity of managing access to the UNIX operating system from multiple vendors, UNIX security can become as expensive as it is risk-laden. Tivoli Access Manager for Operating Systems offers a policy-based solution to address this security issue with UNIX and Linux. It also provides interoperability within the security and management portfolio offered by IBM.

Tivoli Access Manager for Operating Systems intercepts system calls and uses the identity of the accessor to make a policy decision on whether the access should proceed. This is achieved through standard interfaces into the operating system that avoid the need for kernel recompiles or complicated install mechanisms. At the same time, this interaction with the operating system provides very high levels of policy control.

Tivoli Access Manager for Operating Systems introduces a comprehensive audit data capture and reporting framework to help address audit and governance requirements for production in UNIX and Linux systems.

IBM Tivoli Compliance Insight Manager V8.5

Using its W7 methodology, Tivoli Compliance Insight Manager can help you interpret native log data in easily understood language. With this information at your fingertips, you can:

  • Quickly assess user behavior, system activity, and security information across all platform types
  • Compare log entries to baseline policy to help pinpoint and minimize security problems
  • Deliver reporting to support auditors' evidence requests and security managers' investigatory needs without the need for expensive platform experts
  • Rapidly respond to incidents through the ability to set actions and alerts about privileged user activity, while allowing administrators to perform their jobs

Accessibility by people with disabilities

A U.S. Section 508 Voluntary Product Accessibility Template (VPAT) containing details on accessibility compliance can be requested at

http://www.ibm.com/able/product_accessibility/

Section 508 of the U.S. Rehabilitation Act

The components in IBM Tivoli Identity and Access Assurance V1.0, except for Tivoli Compliance Insight Manager V8.5, are capable as of May 22, 2009, when used in accordance with IBM's associated documentation, of satisfying the applicable requirements of Section 508 of the Rehabilitation Act, provided that any assistive technology used with the product properly interoperates with it. A US Section 508 Voluntary Product Accessibility Template (VPAT) can be requested on the following Web site

http://www.ibm.com/able/product_accessibility/

 
Back to topBack to top
 
Top rule
Product positioning
Bottom rule

IBM Tivoli Identity and Access Assurance V1.0 is positioned for those customers looking for:

  • A solution to help automate the management of compliance initiatives

    IBM Tivoli Identity and Access Assurance V1.0 helps you understand your current posture to internal and external audit and compliance requirements by monitoring the infrastructure and user activity.

    Identity management lifecycle tools also assist in managing user access certification and recertification and user provisioning as a vital part of the overall compliance posture.

  • Help with operational efficiency and cost reduction

    With staff costs becoming a burden, operational efficiency that is key to a successful business. There is a need to improve end-user productivity by helping ensure users of the systems have the necessary access and rights to effectively carry out their roles, as well as having access to the relevant systems. IBM Tivoli Identity and Access Assurance V1.0 provides tools and applications to provide in:

    • Portal and Microsoft® SharePoint deployments
    • Single sign-on deployments
    • User provisioning deployments
    • Enterprise requirements planning (ERP) deployments and upgrades
    • Organizational restructuring
  • Help address security

    With more and more focus being placed on data breaches and the loss of reputation and confidence in the business, the need for being able to detect and react to these situations is very important, as the cost to the organization can be huge. IBM Tivoli Identity and Access Assurance V1.0 provides the tools to help you address these security issues. The capabilities to help with these are:

    • Response to security incident
    • Entitlement management projects
    • Privileged user monitoring
    • Password management
    • Employee ID projects
  • Help improve user productivity and cost reduction

    End users efficiency using systems is a key concern and can be the cause of frustration for the end users who find it takes a long time for IT to respond to password requests (and is a costly exercise for IT as well), with individual end users having to juggle and remember numbers of individual credentials to access their systems to do their job. IBM Tivoli Identity and Access Assurance V1.0 addresses these concerns by providing:

    • Single sign-on
    • Self-service access request
    • Mobile banking and payments

 
Back to topBack to top
 
Top rule
Reference information
Bottom rule

Refer to:

  • Software Announcement 207-347, dated December 11, 2007, IBM Tivoli Identity Manager V5.0
  • Software Announcement 208-324, dated October 14, 2008, IBM Tivoli Identity and Access Manager V1.0 and IBM Tivoli Unified Single Sign-On V1.0
  • Software Announcement 206-089, dated April 18, 2006, IBM Tivoli Access Manager for Operating Systems V6.0
  • Software Announcement 208-007, dated January 22, 2008, IBM Tivoli Compliance Insight Manager V8.5

 
Back to topBack to top
 
Top rule
Program number
Bottom rule

Program              Program
number       VRM     name
 
5724-X91     1.0.0   IBM Tivoli Identity and Access Assurance

 
Back to topBack to top
 
Top rule
Education support
Bottom rule

Comprehensive education for IBM Tivoli products is offered through Worldwide Tivoli Education Delivery Services. A wide range of training options are available, including classes led by instructors, learning on demand, on-site training, and blended learning solutions.

For additional information, visit

http://www-306.ibm.com/software/tivoli/education/

 
Back to topBack to top
 
Top rule
Offering Information
Bottom rule

Product information is available via the Offering Information Web site

http://www.ibm.com/common/ssi

Also, visit the Passport Advantage® Web site

http://www.ibm.com/software/passportadvantage

 
Back to topBack to top
 
Top rule
Publications
Bottom rule

No publications are shipped with this program.

Refer to the Reference information section for details on product publications for each product in Tivoli Identity and Access Assurance V1.0.

The IBM Publications Center

http://www.ibm.com/shop/publications/order

The Publications Center is a worldwide central repository for IBM product publications and marketing material with a catalog of 70,000 items. Extensive search facilities are provided. Payment options for orders are via credit card (in the U.S.) or customer number for 20 countries. A large number of publications are available online in various file formats, and they can all be downloaded by all countries, free of charge.


 
Back to topBack to top
 
Top rule
Technical information
Bottom rule

Specified operating environment

Hardware requirements

Refer to the Reference information section for announcements that contain details about hardware requirements for each component in IBM Tivoli Identity and Access Assurance V1.0 as hardware requirements may vary among the individual components.

Software requirements

Refer to the Reference information section for announcements that contain details about software requirements for each component in IBM Tivoli Identity and Access Assurance V1.0 as software requirements may vary among the individual components.

The program's specifications and specified operating environment information may be found in documentation accompanying the program, if available, such as a README file, or other information published by IBM, such as an announcement letter. Documentation and other program content may be supplied only in the English language.

Planning information

Installability

Software Subscription and Support (also referred to as Software Maintenance) is included with licenses purchased through Passport Advantage and Passport Advantage Express. Product upgrades and technical support are provided by the Software Subscription and Support (Software Maintenance) offering as described in the Agreements. Product upgrades provide the latest versions and releases to entitled software, and technical support provides voice and electronic access to IBM support organizations, worldwide.

IBM includes one year of Software Subscription and Support (also referred to as Software Maintenance) with each program license acquired. The initial period of Software Subscription and Support (Software Maintenance) can be extended by the purchase of a renewal option, if available.

Packaging

IBM Tivoli Identity and Access Assurance V1.0 is distributed with:

  • International Program License Agreement (Z125-3301)
  • License Information document
  • DVDs
  • Publications (refer to the Publications section)

This program, when downloaded from a Web site, contains the applicable IBM license agreement and License Information, if appropriate, and will be presented for acceptance at the time of installation of the program. For future reference, the license and License Information will be stored in a directory such as LICENSE.TXT.

Security, auditability, and control

IBM Tivoli Identity and Access Assurance V1.0 uses the security and auditability features of the operating system software. The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.


 
Back to topBack to top
 
Top rule
Software Services
Bottom rule

IBM Software Services has the breadth, depth, and reach to manage your services needs. You can leverage the deep technical skills of our lab-based, software services team and the business consulting, project management, and infrastructure expertise of our IBM Global Services team. Also, we extend our IBM Software Services reach through IBM Business Partners to provide an extensive portfolio of capabilities. Together, we provide the global reach, intellectual capital, industry insight, and technology leadership to support a wide range of critical business needs.

To learn more about IBM Software Services or to contact a Software Services sales specialist, visit

http://www.ibm.com/software/sw-services/

IBM Tivoli Enhanced Value-Based Pricing

IBM Tivoli software products are priced using IBM Tivoli's Enhanced Value-Based Pricing. The Enhanced Value-Based Pricing system is based upon the IBM Tivoli Environment-Managed Licensing Model, which uses a managed-environment approach -- whereby price is determined by what is managed rather than the number and type of product components installed.

For example, all servers monitored with IBM Tivoli's monitoring product (IBM Tivoli Monitoring) require entitlements sufficient for those servers. Other Tivoli products may manage clients, client devices, agents, network nodes, users, or other items, and are licensed and priced accordingly.

Unlike typical systems management licensing models that require entitlements of specific software components to specific systems, the IBM Tivoli Environment-Managed Licensing Model provides the customer flexibility to deploy its IBM Tivoli software products within its environment in a manner that can address and respond to the customer's evolving architecture. That is, as the architecture of a customer's environment changes, the customer's implementation of IBM Tivoli software can be altered, as needed, without affecting the customer's license requirements (as long as the customer does not exceed its entitlements to the software).

Under Enhanced Value-Based Pricing, licensing and pricing of server-oriented applications are determined based upon the server's use in the customer's environment. Typically, such applications are licensed and priced in a manner that corresponds to each installed and activated processor of the server managed by the IBM Tivoli application to help correlate price to value while offering a simple solution.

Where a server is physically partitioned, this approach is modified. This partitioning technique is the approach used with systems that have either multiple cards or multiple frames, each of which can be configured independently. For servers capable of physical partitioning (for example, IBM System p® Scalable POWERparallel Systems® servers, Sun Ultra servers, and HP Superdome servers), an entitlement is required for each processor in the physical partition being managed by the Tivoli application. For example, assume that a server has 24 processors installed in aggregate. If this server is not partitioned, entitlements are required for all 24 processors. If, however, it is physically partitioned into three partitions, each containing eight processors, and Tivoli products were managing only one of the three partitions, then entitlements would be required for the eight processors on the physical partition managed by the IBM Tivoli application.

For servers with virtual or logical partitions, entitlements are required for all installed and activated processors on the server. For each IBM Tivoli application managing a clustered environment, licensing is based on the cumulative number of installed and activated processors on each server in the cluster. Where the cluster includes physically partitioned servers, the considerations described above concerning physically partitioned servers apply as well.

Enhanced Value-Based Pricing recognizes the convergence of RISC and UNIX, and Microsoft Windows® and Intel® technologies, in order to simplify your licensing requirements, and to provide a smoother, more scalable model. Pricing and licensing does not differentiate between non-System z server platforms or operating systems. For some products, this platform neutrality extends to System z and other host servers as well.

IBM Tivoli Enhanced Value-Based Pricing terminology definitions

Authorized user

An authorized user is one and only one individual (named or unnamed) within or outside your enterprise. A Proof of Entitlement (PoE) must be obtained for each individual user accessing the program in any manner. A program licensed under an authorized user PoE may be installed on a single computer or server, and accessed by multiple users, provided that a PoE has been obtained for each individual user accessing the program either directly or indirectly (via a multiplexing program, device, or application server) through any means on behalf of the user.

Note that authorized users have unique specific identity and IDs cannot be shared. An ID can establish one or more connections and count as a single authorized user. Specific information to security products:

  • An authorized user of IBM Tivoli Federated Identity Manager is any ID that accesses an application or service managed or protected by IBM Tivoli Federated Identity Manager.
  • An authorized user of IBM Tivoli Directory Integrator is one whose identity can be synchronized by IBM Tivoli Directory Integrator or that can access a connected system that can be synchronized by IBM Tivoli Directory Integrator.
  • An authorized user of IBM Tivoli Identity Manager is any ID whose identity is recorded in the Tivoli Identity Manager identity store.
  • An authorized user of IBM Tivoli Access Manager for e-business is any ID that accesses an application or service managed or protected by IBM Tivoli Access Manager for e-business.

Client device or client

A client device is a computing device that requests the execution of a set of commands, procedures, or applications from another computer system that is typically referred to as a server. Multiple client devices may share access to a common server. A client device generally has some processing capability or is programmable to allow a user to do work. Examples include, but are not limited to, notebook computers, desktop computers, desk side computers, technical workstations, appliances, automated teller machines, point-of-sale terminals, tills and cash registers, and kiosks.

Engine

An engine is also referred to as a central processor (CP) or processor. Engines for traditional workloads are called General Purpose CPs. Engines for Linux workloads are called Integrated Facility for Linux (IFL) engines or Linux-only engines. Engines for Coupling Facility workloads are called ICF engines.

Enterprise

An enterprise is a person or single entity and those subsidiaries with more than 50 percent ownership.

External user

An external user is an authorized user who is not part of the enterprise.

IBM IFL

This optional facility enables additional processing capacity exclusively for Linux workload, with no effect on the model designation of a System z or OS/390® server. Consequently, executing Linux workload on the IBM IFL will not, in most cases, result in any increased IBM software charges for z/OS®, OS/390, VM, VSE, or TPF operating systems and applications. There is, as indicated, a charge associated with the IFL, and there may also be a charge for applications which run on the IFL.

The IFL may be dedicated to a single Linux-mode logical partition or it may be shared by multiple Linux-mode logical partitions. Installations should note that the Linux workspace enabled by this facility will not support any of the traditional S/390® operating systems (OS/390, TPF, VSE, or VM). Only Linux applications or Linux operating in conjunction with the Virtual Image Facility, an environment that operates within a logical partition or in native S/390 mode and provides the capability to create multiple Linux images, are supported by IBM S/390 IFL.

IBM Tivoli Directory Integrator connected system

A connected system is any directory, database, application, or file integrated or merged by IBM Tivoli Directory Integrator.

IBM Tivoli Storage Manager HSM for Windows terabyte (TB) capacity

IBM Tivoli Storage Manager HSM for Windows TB capacity includes primary HSM disk storage pool size combined with the amount of utilized HSM removable media storage pool. Storage pools are configured on the IBM Tivoli Storage Manager server.

IBM System Storage™ Archive Manager TB capacity

IBM System Storage Archive Manager TB capacity includes primary disk storage pool size combined with the amount of utilized primary removable media storage used by the IBM System Storage Archive Manager server.

Capacity does not include:

  • Copy storage pools for the space-managed data that reside on disk.
  • Copy storage pools for the space-managed data that reside on removable media.
  • Space used on the IBM Tivoli Storage Manager server for any purpose other than the primary storage of space-managed data.
  • Disk on the host being space managed.

A virtual tape library (VTL) is considered a removable media device, so capacity is based on utilization.

The minimum amount of capacity that can be purchased is 1 TB. Partial capacity will be rounded up to the next whole number of TB. Additional capacity must be added in increments of 1 TB.

IBM TotalStorage® Productivity Center TB capacity

A TB capacity is each individual TB of storage capacity managed by the IBM TotalStorage Productivity Center products. Managed capacity for IBM TotalStorage Productivity Center for Replication and IBM TotalStorage Productivity Center for Replication Two Site BC is defined as the source device capacity. Only the source device capacity is included in this pricing definition (not the target device).

Managed processor (charging under full capacity in the managed environment)

Managed processor charges are based on the active processors on the machines in the computing environment affiliated with the program rather than on the server where the program is run. The managed processors which require PoEs are defined in the License Information's program-unique terms.

Notes®:

  1. IBM defines a physical processor in a computer as a functional unit that interprets and executes instructions. A physical processor consists of at least an instruction control unit and one or more arithmetic and logic units.
  2. Multicore technology allows two or more processors (commonly called cores) to be active on a single silicon chip. With multicore technology, IBM considers each core to be a physical processor. For example, in a dual-core chip, there are two physical processors residing on the single silicon chip.
  3. The program may not run on some or all of the processors for which PoEs are required by the program's valuation method.
  4. In the System z IFL environment, each IFL engine is considered a single physical processor.
  5. Threading, a technique which makes a single processor seem to perform as two or more, does not affect the count of physical processors.
  6. Where blade technology is employed, each blade is considered a separate server and charging is based upon the total number of processors on the blades with which the program is affiliated.
  7. Not all processors require the same number of Value Unit entitlements. To determine the number of Value Unit entitlements required, refer to the processor Value Unit conversion table on the Passport Advantage Web site
    http://www.ibm.com/software/passportadvantage

Millions of Service Units (MSUs)

MSU is defined as millions of CPU service units per hour, which is the measure of capacity used to describe the computing power of the hardware processors on which S/390 or System z software runs. Processor MSU values are determined by the hardware vendor, IBM, or Software Compatible Vendors (SCVs).

For more detailed information about System z software pricing, visit

http://www-1.ibm.com/servers/eserver/zseries/library/refguides/sw_ pricing.html

Network node or node

Network nodes include routers, switches, hubs, and bridges that contain a network management agent. A single network node may contain any number of interfaces or ports.

Partitions

A server's resources (CPU, memory, I/O, interconnects, and buses) may be divided according to the needs of the applications running on the server. This partitioning can be implemented with physical boundaries (physical partitions) or logical boundaries (logical partitions).

Physical partitions are defined by a collection of processors dedicated to a workload and can be used with systems that have either multiple cards or multiple frames, each of which can be configured independently. In this method, the partitions are divided along hardware boundaries and processors, and the I/O boards, memory, and interconnects are not shared.

Logical partitions are defined by software rather than hardware and allocate a pool of processing resources to a collection of workloads. These partitions, while separated by software boundaries, share hardware components and run in one or more physical partitions.

Port

A port is the physical connection between a device and the network.

Processor (per processor charging under full capacity)

In full capacity charging, PoEs must be acquired for all activated processors (available for use) that are on the server where the program or a component of the program is run.

Notes:

  1. IBM defines a physical processor in a computer as a functional unit that interprets and executes instructions. A physical processor consists of at least an instruction control unit and one or more arithmetic and logic units.
  2. Multicore technology allows two or more processors (commonly called cores) to be active on a single silicon chip. With multicore technology, IBM considers each core to be a physical processor. For example, in a dual-core chip, there are two physical processors residing on the single silicon chip.
  3. In the System z IFL environment, each IFL engine is considered a single physical processor.
  4. Threading, a technique which makes a single processor seem to perform as two or more, does not affect the count of physical processors.
  5. Where blade technology is employed, each blade is considered a separate server and charging is based upon the total number of processors on the blade on which the program is run.
  6. When a server is shipped with six processors, but two of them are inactive, four processors are active for the customer.
  7. Not all processors require the same number of Value Unit entitlements. To determine the number of Value Unit entitlements required, refer to the processor value unit conversion table on the Passport Advantage Web site
    http://www.ibm.com/software/passportadvantage

Server

A server is a computer system that executes requested procedures, commands, or applications to one or more user or client devices over a network. A PoE must be obtained for each server on which the program or a component of the program is run or for each server managed by the program. Where blade technology is employed, each blade is considered a separate server.

Standby or backup systems

For programs running or resident on backup machines, IBM defines three types of situations: cold, warm and hot. In cold and warm situations, a separate entitlement for the copy on the backup machine is normally not required and typically no additional charge applies. In a hot backup situation, the customer needs to acquire other license or entitlements sufficient for that server. All programs running in backup mode must be solely under the customer's control, even if running at another enterprise's location.

As a practice, the following are definitions and allowable actions concerning the copy of the program used for backup purposes.

Cold: A copy of the program may reside, for backup purposes, on a machine as long as the program is not started. There is no additional charge for this copy.

Warm: A copy of the program may reside for backup purposes on a machine and is started, but is idling, and is not doing any work of any kind. There is no additional charge for this copy.

Hot: A copy of the program may reside for backup purposes on a machine, is started, and is doing work. The customer must acquire a license or entitlements for this copy and there will generally be an additional charge.

Doing work includes, for example, production, development, program maintenance, and testing. It also could include other activities such as mirroring of transactions, updating of files, synchronization of programs, data or other resources (for example, active linking with another machine, program, database or other resource, and so on), or any activity or configurations that would allow an active hot switch or other synchronized switch over between programs, databases, or other resources to occur.

In the case of a program or system configuration that is designed to support a high availability environment by using various techniques (for example, duplexing, mirroring of files, or transactions, maintaining a heartbeat, active linking with another machine, program, database, or other resource), the program is considered to be doing work in the hot situation and a license or entitlement must be purchased.

Terabyte (T/TB)

1 TB of managed storage = 2 to the power of 40 bytes = 1,099,511,627,776 bytes, trillion bytes.

Tivoli Management Points

A Tivoli Management Point is a metric used to compute license quantities and is program specific.

Value Units

A Value Unit is a pricing charge metric for program license entitlements, which is based upon the quantity of a specific designated measurement used for a given program. Each program has a designated measurement. The most commonly used designated measurements are processor cores and MSUs. However, for select programs, there are other designated measurements such as servers, users, client devices, and messages. The number of Value Unit entitlements required for your specific implementation of the given program must be obtained from a conversion table associated with the program. You must obtain a PoE for the appropriate number of Value Unit entitlements for your implementation. The Value Unit entitlements of a given program cannot be exchanged, interchanged, or aggregated with Value Unit entitlements of another program. Whenever the designated measurement is a processor core, not all processors require the same number of Value Unit entitlements. To determine the number of Value Unit entitlements required, refer to the processor Value Unit conversion table on the Passport Advantage Web site

http://www.ibm.com/software/passportadvantage

Product and licensing Web sites

A complete list of IBM Tivoli products is available at

http://www.ibm.com/software/tivoli

IBM Tivoli product licensing documents are available at

http://www.ibm.com/software/tivoli/products/licensing.html

Passport Advantage

Through the Passport Advantage Agreement, you may receive discounted pricing based on their total volume of eligible products, across all IBM brands, acquired worldwide. The volume is measured by determining the total Passport Advantage points value of the applicable acquisitions. Passport Advantage points are only used for calculating the Entitled Passport Advantage discount.

To determine the required IBM Tivoli product configuration under Passport Advantage, the IBM Tivoli Enhanced Value-Based Pricing Model applies. The customer's environment is evaluated on a per-product basis.

Use the following two-step process to determine the total Passport Advantage points value:

  1. Analyze your environment to determine the number of charge units for a product. The quantity of each product's part numbers to be ordered is determine by that analysis.
  2. Order the Passport Advantage part numbers. A Passport Advantage point value, which is the same worldwide for a specific part number regardless of where the order is placed, is assigned to each IBM Tivoli product part number. The Passport Advantage point value for the applicable part number, multiplied by the quantity for that part number, will determine the Passport Advantage points for that IBM Tivoli product part number. The sum of these Passport Advantage points determines the Passport Advantage point value of the applicable IBM Tivoli product authorizations which then may be aggregated with the point value of other applicable Passport Advantage product acquisitions to determine the total Passport Advantage points value.

The discounted pricing available through Passport Advantage is expressed in the form of Suggested Volume Prices (SVPs), which vary depending on the SVP level. Each SVP level is assigned a minimum total Passport Advantage point value, which must be achieved, in order to qualify for that SVP level.

Media packs and documentation packs do not carry Passport Advantage points and are not eligible for SVP discounting.

For additional information on Passport Advantage, refer to the following

http://www.ibm.com/software/passportadvantage

The following Passport Advantage part number categories may be orderable:

  • License and Software Maintenance 12 Months - This is the product authorization with maintenance to the first anniversary date.
  • Annual Software Maintenance Renewal - This is the maintenance renewal for one anniversary that applies when a customer renews their existing coverage period prior to the anniversary date at which it expires.
  • Software Maintenance Reinstatement 12 months - This is for customers who have allowed their Software Maintenance to expire, and later wish to reinstate their Software Maintenance.
  • Media packs - These are the physical media, such as CD-ROMs, that deliver the product's code.
  • Documentation packs - These contain printed documentation such as the User's Guide and Release Notes.

Distributed pricing examples

The following examples are provided to illustrate your licensing requirements.

References to processor-based licensing do not represent the actual number of entitlements required. Entitlement requirements are Value Unit based, with the exception of IBM Tivoli Storage Manager. Processors referenced in these examples represent the designated measurement on which the required number of Value Unit entitlements will be calculated. The number of Value Units required per processor will depend on the processor type. For more information, refer to the Value Unit definition in IBM Tivoli Enhanced Value-Based Pricing terminology definitions. To determine the number of Value Unit entitlements required per processor, refer to the processor Value Unit conversion table on the Passport Advantage Web site

http://www.ibm.com/software/passportadvantage

References to all other non-processor-based metrics do represent the actual number of entitlements required, unless other designated measurements are referenced or unless otherwise specified.

The pricing example below should be used to determine required license entitlements for the following distributed products.

Products also have program-specific licensing terms, which are described later in this document. Consult the program-specific licensing terms to determine total licensing requirements for the applicable products.

IBM Tivoli Identity and Access Assurance V1.0 is licensed by User Value Units, pursuant to the Tivoli Enhanced Value-Based Pricing model. Your authorized users may use each of the following Tivoli products up to the number of User Value Unit entitlements that you have purchased for IBM Tivoli Identity and Access Assurance V1.0:

  • IBM Tivoli Identity Manager V5.0
  • IBM Tivoli Unified Single Sign-On V1.0

Pricing model examples

Scalable usage model table

The following scalable usage table is used to determine the required value units per 1,000 chargeable users. The price per User Value Unit (UVU) will be different for each part number.

Scalable
usage level         1        2        3         4
 
Chargeable          1-5K     >5K-15K  >15K-50K  >50K-150K
users
User Value Units    1,000    500      300       200
per 1,000
chargeable users
 
Scalable
usage level         5        6        7         8
 
Chargeable          >150-500 >500-1M  >1M-3M    >3M
users
User Value Units    100      50       25        10
per 1,000
chargeable users

The pricing model for Tivoli Identity and Access Assurance V1.0 is enhanced to significantly reduce costs for many customers whose systems support a large number of external users. The price for these external users is not the same as for internal users. Select Tivoli Security families now use a ratio of fifteen external users equal one chargeable user for the purpose of calculating User Value Units (UVUs). Each internal user equals one chargeable user for the purpose of calculating User Value Units. Infrequent internal users who utilize their IDs less than five times a year, and are grouped so as to be trackable and auditable, will be granted a ratio of 15 infrequent internal users equal one chargeable user for the purpose of calculating Value Units.

Chargeable users are added up and the volume tiering table then is utilized to calculate the total User Value Units (UVUs) required to cover entitlements.

Note: Tivoli Identity and Access Assurance V1.0 requires a minimum order quantity of 5,000 users.

Example 1

A large enterprise is required to manage and protect 12,000 users on their internal network.

The initial targets they want to manage are as follows:

  • 12,000 internal users of LDAP and who access Web applications from HTTP and Java™ 2 Platform Enterprise Edition (J2EE) application servers for single sign-on using Tivoli Unified Single Sign-On
  • 12,000 internal users of Lotus Notes® using Tivoli Identity Manager

Calculate User Value Units

The customer would purchase 8,500 User Value Units of Tivoli Identity and Access Assurance V1.0. Refer to the calculation below based on the scalable usage model referenced above.

Pricing metric  Authorized users  User Value        User Value
                required in       Units             Units
                customer          1,000 authorized  required
                environment (A)   users (B)         ((A) * (B))/1,000
 
Tier 1           5,000            1,000             5,000
Tier 2           7,000              500             3,500
Tier 3                              300
Tier 4                              200
 
Authorized      12,000          User Value Units    8,500
user total                      required of Tivoli
                                Identity and
                                Access Assurance V1.0

Example 2

Similar to Example 1, a large enterprise is required to manage and protect up to 12,000 users on their internal network. However this time the large enterprise has a difference in users to manage on the targets they plan to manage.

The initial targets they want to manage are as follows:

  • 12,000 internal users of LDAP and who access Web applications from HTTP and Java 2 Platform Enterprise Edition (J2EE) application servers for single sign-on using Tivoli Unified Single Sign-On
  • 10,000 internal users of Lotus Notes using Tivoli Identity Manager

Calculate User Value Units

The customer would purchase 8,500 User Value Units of Tivoli Identity and Access Assurance V1.0. Refer to the calculation below based on the scalable usage model referenced above.

Pricing metric  Authorized users  User Value        User Value
                required in       Units             Units
                customer          1,000 authorized  required
                environment (A)   users (B)         ((A) * (B))/1,000
 
Tier 1           5,000            1,000             5,000
Tier 2           7,000              500             3,500
Tier 3                              300
Tier 4                              200
 
Authorized      12,000     User Value Units         8,500
user total                 required of Tivoli
                           Identity and
                           Access Assurance V1.0

The point to showcase here is that while the large enterprise has a lower number of users to manage for Lotus Notes, they are required to purchase the higher of the two user counts they need to manage to be in compliance with their license.

Example 3

A large enterprise is required to manage and protect up to 12,000 company employees or internal users and 1,500,000 external users. All of these are authorized users. The total chargeable users are calculated as follows:

  • 12,000 internal users = 12,000/1 = 12,000 chargeable users.
  • 1,500,000 external users = 1,500,000/15 = 100,000 chargeable users.
  • The large enterprise must sum these chargeable users together since they all plan to use LDAP and Active Directory for both Tivoli Identity Manager and Tivoli Unified Single Sign-On. As a result they need to purchase 112,000 users of IBM Tivoli Identity and Access Assurance V1.0.

Calculate User Value Units

The customer would purchase 32,900 User Value Units of Tivoli Identity and Access Assurance V1.0. Refer to the calculation below based on the scalable usage model referenced above.

Pricing metric  Authorized users  User Value        User Value
                required in       Units             Units
                customer          1,000 authorized  required
                environment (A)   users (B)         ((A) * (B))/1,000
 
Tier 1            5,000           1,000              5,000
Tier 2           10,000             500              5,000
Tier 3           35,000             300             10,500
Tier 4           62,000             200             12,400
 
Authorized      112,000     User Value Units        32,900
user total                  required of Tivoli
                            Identity and
                            Access Assurance V1.0

The 15:1 external to internal user ratio is used as external users typically do not have the same level of "usage" that internal users do.

Additionally, in each example, the customer is entitled to use Tivoli Access Manager for Operating Systems and Tivoli Compliance Insight Manager only as follows.

Tivoli Access Manager for Operating Systems can be used to protect access to any servers on which these components are installed: Tivoli Identity Manager, Tivoli Unified Single Sign-On, and Tivoli Compliance Insight Manager.

Tivoli Access Manager for Operating systems also can be used to protect access to those operating systems, applications, and databases that have the users managed by Tivoli Identity Manager or Tivoli Unified Single Sign-On.

If you need to use Tivoli Access Manager for Operating Systems to protect access to other servers, applications, or databases, then you will need to purchase additional entitlements. These can be purchased through the Tivoli Access Manager for Operating Systems V6.0 program product (refer to Software Announcement 206-089, dated April 18, 2006).

Tivoli Compliance Insight Manager can be used to monitor these components: Tivoli Identity Manager, Tivoli Unified Single Sign On, and Tivoli Access Manager for Operating Systems.

Tivoli Compliance Insight Manager also can be used to monitor those operating systems, applications, and databases that have the users managed by Tivoli Identity Manager or Tivoli Unified Single Sign-On.

If you need to use Tivoli Compliance Insight Manager to monitor other servers, applications, or databases, then you will also need to purchase additional event sources for Tivoli Compliance Insight Manager. Similarly if you need specific compliance reporting, then you need to purchase Compliance Management Modules from Tivoli Compliance Insight Manager. Both of these can be purchased through the Tivoli Compliance Insight Manager V8.5 program product (refer to Software Announcement 208-007, dated January 22, 2008).


 
Back to topBack to top
 
Top rule
Ordering information
Bottom rule

This product is only available via Passport Advantage. It is not available as shrinkwrap.

Product group: IBM Tivoli
  Product Identifier Description
  IBM Tivoli Identity and Access Assurance V1.0
  PID:
 
Product category: Security

Passport Advantage customer: Media pack entitlement details

Customers with active maintenance or subscription for the products listed are entitled to receive the corresponding media pack.

Entitled maintenance offerings
description
 
Tivoli Identity and Access Assurance
  
Media packs
description                                          Part number
 
Tivoli Identity and Access Assurance V1.0            BJ0SSML
Media Pack, Multilingual, Multiplatform

Current licensees

New licensees

Orders for new licenses will be accepted now. Shipment will begin on the planned availability date.

Basic license

Ordering information for Passport Advantage

Passport Advantage allows you to have a common anniversary date for Software Maintenance renewals, which can simplify management and budgeting for eligible new versions and releases (and related technical support) for your covered products. The anniversary date, established at the start of your Passport Advantage Agreement, will remain unchanged while your Passport Advantage Agreement remains in effect. New software purchases will initially include twelve full months of Software Maintenance. Software Maintenance in the second year (the first year of renewal) can be prorated to be coterminous with your common anniversary date. Thereafter, all Software Maintenance will renew at the common anniversary date for twelve full months of maintenance.

Refer to the IBM International Passport Advantage Agreement and to the IBM Software Support Handbook for specific terms relating to, and a more complete description of, technical support provided through Software Maintenance.

The quantity to be specified for the Passport Advantage part numbers in the following table is per required number of User Value Units. To order for Passport Advantage, specify the desired part number and quantity.

Description                                      Part number
 
Tivoli Identity and Access Assurance UVUs        D093YLL
Lic + SW S&S 12 Mo
Tivoli Identity and Access Assurance UVUs        E06WHLL
Annual SW S&S Rnwl
Tivoli Identity and Access Assurance UVUs        D093ZLL
SW S&S Reinstate 12 Mo

To order a media pack for Passport Advantage, specify the part number in the desired quantity from the following table:

Description                                            Part number
 
Tivoli Identity and Access Assurance V1.0              BJ0SSML
Media Pack, Multilingual, Multiplatform

IBM Tivoli Identity and Access Assurance V1.0 is also available, via Web download, from Passport Advantage.

Subscription and Support

Subscription and Support must be ordered to receive voice technical support via telephone during normal business hours, and future releases and versions, at no additional charge. The capacity of Subscription and Support (for example, Value Units or number of processors) must be the same as the capacity ordered for the product licenses.

To order, specify the Subscription and Support program product number and the appropriate license or charge option.

IBM is also providing Subscription and Support for these products, via a separately purchased offering, under the terms of the IBM International Agreement for Acquisition of Support Maintenance. This offering:

  • Includes and extends the support services provided in the base support to include technical support via telephone during normal business hours.
  • Entitles customers to future releases and versions, at no additional charge. Note that the customer is not entitled to new products.

When Subscription and Support is ordered, the charges will automatically renew annually unless cancelled by the customer.


 
Back to topBack to top
 
Top rule
Terms and conditions
Bottom rule

The information provided in this announcement letter is for reference and convenience purposes only. The terms and conditions that govern any transaction with IBM are contained in the applicable contract documents such as the IBM International Program License Agreement, IBM International Passport Advantage Agreement, and the IBM Agreement for Acquisition of Software Maintenance.

This product is only available via Passport Advantage. It is not available as shrinkwrap.

Licensing

IBM International Program License Agreement including the License Information document and Proof of Entitlement (PoE) govern your use of the program. PoEs are required for all authorized use. Part number products only, offered outside of Passport Advantage, where applicable, are license only and do not include Software Maintenance.

This software license includes Software Subscription and Support (also referred to as Software Maintenance).

These programs are licensed under the IBM Program License Agreement (IPLA) and the associated Agreement for Acquisition of Software Maintenance, which provide for support with ongoing access to releases and versions of the program. IBM includes one year of Software Subscription and Support (also referred to as Software Maintenance) with the initial license acquisition of each program acquired. The initial period of Software Subscription and Support (also referred to as Software Maintenance) can be extended by the purchase of a renewal option, if available. These programs have a one-time license charge for use of the program and an annual renewable charge for the enhanced support that includes telephone assistance (voice support for defects during normal business hours), as well as access to updates, releases, and versions of the program as long as support is in effect.

License Information form number

L-NBRS-7PVSHN

The program's License Information will be available for review on the IBM Software License Agreement Web site

http://www.ibm.com/software/sla/sladb.nsf
Limited warranty applies

Yes

Limited warranty

IBM warrants that when the program is used in the specified operating environment, it will conform to its specifications. The warranty applies only to the unmodified portion of the program. IBM does not warrant uninterrupted or error-free operation of the program or that IBM will correct all program defects. You are responsible for the results obtained from the use of the program.

IBM provides you with access to IBM databases containing information on known program defects, defect corrections, restrictions, and bypasses at no additional charge. For further information, consult the IBM Software Support Handbook found at

http://www.ibm.com/support/handbook

IBM will maintain this information for at least one year after the original licensee acquires the program (warranty period).

Program technical support

Technical support of a program product will be available for a minimum of five years from the general availability date, as long as your Software Subscription and Support (also referred to as Software Maintenance) is in effect.

Technical support of a program product will be available for a minimum of three years from the general availability date, as long as your Software Subscription and Support (also referred to as Software Maintenance) is in effect. This technical support allows you to obtain assistance (via telephone or electronic means) from IBM for product-specific, task-oriented questions regarding the installation and operation of the program product. Software Subscription and Support (Software Maintenance) also provides you with access to updates, releases, and versions of the program. You will be notified, via announcement letter, of discontinuance of support with 12 months' notice. If you require additional technical support from IBM, including an extension of support beyond the discontinuance date, contact your IBM representative or IBM Business Partner. This extension may be available for a fee.

Money-back guarantee

If for any reason you are dissatisfied with the program and you are the original licensee, you may obtain a refund of the amount you paid for it, if within 30 days of your invoice date you return the program and its PoE to the party from whom you obtained it. If you downloaded the program, you may contact the party from whom you acquired it for instructions on how to obtain the refund.

For clarification, note that (1) for programs acquired under the IBM International Passport Advantage offering, this term applies only to your first acquisition of the program and (2) for programs acquired under any of IBM's On/Off Capacity on Demand (On/Off CoD) software offerings, this term does not apply since these offerings apply to programs already acquired and in use by you.

Authorization for use on home/portable computer

You may not copy and use this program on another computer without paying additional license fees.

Other terms
Volume orders (IVO)

No

IBM International Passport Advantage Agreement
Passport Advantage applies

Yes, and through the Passport Advantage Web site at

http://www.ibm.com/software/passportadvantage
Usage restriction

Yes. Usage is limited to the quantity of Value Units licensed.

For additional information, refer to the License Information document that is available on the IBM Software License Agreement Web site

http://www.ibm.com/software/sla/sladb.nsf
Software Subscription and Support (Software Maintenance) applies

Yes. Software Subscription and Support (also referred to as Software Maintenance) is included with licenses purchased through Passport Advantage and Passport Advantage Express. Product upgrades and Technical Support are provided by the Software Subscription and Support (Software Maintenance) offering as described in the Agreements. Product upgrades provide the latest versions and releases to entitled software and Technical Support provides voice and electronic access to IBM support organizations, worldwide.

IBM includes one year of Software Subscription and Support (Software Maintenance) with each program license acquired. The initial period of Software Subscription and Support (Software Maintenance) can be extended by the purchase of a renewal option, if available.

While your Software Subscription and Support (Software Maintenance) is in effect, IBM provides you assistance for your routine, short duration installation and usage (how-to) questions, and code-related questions. IBM provides assistance via telephone and, if available, electronic access, only to your information systems (IS) technical support personnel during the normal business hours (published prime shift hours) of your IBM support center. (This assistance is not available to your end users.) IBM provides Severity 1 assistance 24 hours a day, 7 days a week. For additional details, consult your IBM Software Support Handbook at

http://www.ibm.com/support/handbook

Software Subscription and Support (Software Maintenance) does not include assistance for the design and development of applications, your use of programs in other than their specified operating environment, or failures caused by products for which IBM is not responsible under the applicable agreements.

For additional information about the International Passport Advantage Agreement and the IBM International Passport Advantage Express Agreement, visit the Passport Advantage Web site at

http://www.ibm.com/software/passportadvantage
System i Software Maintenance applies

No

Variable charges apply

No

Educational allowance available

Not applicable.


 
Back to topBack to top
 
Top rule
IBM Electronic Services
Bottom rule

IBM has transformed its delivery of hardware and software support services to help you achieve higher system availability. Electronic Services is a Web-enabled solution that offers an exclusive, no-additional-charge enhancement to the service and support available for IBM servers. These services are designed to provide the opportunity for greater system availability with faster problem resolution and preemptive monitoring. Electronic Services comprises two separate, but complementary, elements: Electronic Services news page and Electronic Services Agent.

The Electronic Services news page is a single Internet entry point that replaces the multiple entry points traditionally used to access IBM Internet services and support. The news page enables you to gain easier access to IBM resources for assistance in resolving technical problems.

The Electronic Service Agent™ is no-additional-charge software that resides on your server. It monitors events and transmits system inventory information to IBM on a periodic, client-defined timetable. The Electronic Service Agent automatically reports hardware problems to IBM. Early knowledge about potential problems enables IBM to deliver proactive service that may result in higher system availability and performance. In addition, information collected through the Service Agent is made available to IBM service support representatives when they help answer your questions or diagnose problems. Installation and use of IBM Electronic Service Agent for problem reporting enables IBM to provide better support and service for your IBM server.

To learn how Electronic Services can work for you, visit

http://www.ibm.com/support/electronic

 
Back to topBack to top
 
Top rule
Prices
Bottom rule

Business Partner information

If you are an IBM Business Partner -- Distributor for Workstation Software acquiring products from IBM, you may link to Passport Advantage Online for resellers where you can obtain Business Partner pricing information. An IBM ID and password are required.

https://www.ibm.com/software/howtobuy/passportadvantage/paoreseller

Information on charges is available at Web site

http://www.ibm.com/support

In the Electronic tools category, select the option for Purchase/upgrade tools.

Passport Advantage

For Passport Advantage and charges, contact your IBM representative or your authorized IBM Business Partner. Additional information is also available at

http://www.ibm.com/software/passportadvantage

 
Back to topBack to top
 
Top rule
Order now
Bottom rule

To order, contact your local IBM representative or your IBM Business Partner.

To identify your local IBM Business Partner or IBM representative, call 800-IBM-4YOU (426-4968). For more information, contact the Americas Call Centers.

Phone:     800-IBM-CALL (426-2255)
Fax:       800-2IBM-FAX (242-6329)
 
For IBM representative: callserv@ca.ibm.com
 
For IBM Business Partner: pwswna@us.ibm.com
 
Mail:      IBM Teleweb Customer Support
           ibm.com® Sales Execution Center, Americas North
           3500 Steeles Ave. East, Tower 3/4
           Markham, Ontario
           Canada  L3R 2Z1
 
Reference: YE001

The Americas Call Centers, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.

Note: Shipments will begin after the planned availability date.

Trademarks

System Storage and Electronic Service Agent are trademarks of IBM Corporation in the United States, other countries, or both.

IBM, Tivoli, System z, Passport Advantage, System p, Scalable POWERparallel Systems, OS/390, z/OS, S/390, TotalStorage, Notes, Lotus Notes and ibm.com are registered trademarks of IBM Corporation in the United States, other countries, or both.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States, other countries, or both.

Intel is a registered trademark of Intel Corporation or its subsidiaries in the United States and other countries.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Other company, product, and service names may be trademarks or service marks of others.

Terms of use

IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only. Additional terms of use are located at:

http://www.ibm.com/legal/us/en/

For the most current information regarding IBM products, consult your IBM representative or reseller, or visit the IBM worldwide contacts page

http://www.ibm.com/planetwide/us/

 

Back to topBack to top
 
Bottom grey rule
 
Printable version Printable version 

Share this page

Digg Linked In

Contact IBM

Feedback

-->