Course Description

_____________________________________________________________________  
IBM Tivoli Access Manager for e-Business 6.0 Deployment and System Administration
_____________________________________________________________________
Table of Contents:
• Course Description
• Objectives
• Who Will Benefit From This Course
• Required Skills/Knowledge
• Recommended Courses
• Course Outline

Duration: 4 days
Delivery Method: Classroom
Language: English
Geography: All

Course Description
This is a classroom course with hands-on labs for IBM Tivoli Access Manager for e-business 6.0 product. IBM Tivoli Access Manager is an authentication and authorization solution for corporate Web, client/server, and existing applications.This product allows customers to control  user access to protected information and resources by providing a centralized, flexible, and scalable access control solution. This course is targeted for System Administrators, Security Architects, Application Programmers, and Identity Developers who are responsible for maintaining large numbers of users, groups, and access to specific information resources. 

Objectives

After completing this course, students will be able to accomplish the following:

1. Describe how IBM Tivoli Access Manager for e-business secures access to business applications and resources.

2. Explain the architecture of IBM Tivoli Access Manager for e-business.

3. Describe how IBM Tivoli Access Manager for e-business can integrate with new or existing products to secure business applications and resources

4. Describe how to install and configure IBM Tivoli Access Manager for e-business and its prerequisites for a particular case study.

5. Describe how to install and configure Web Portal Manager to manage the Access Manager environment.

6. Describe how to install and configure IBM Tivoli Directory Server Web Application Tool in order to ease  management of the IBM Tivoli Directory Server user registry.

7. Troubleshoot Access Manager for e-business installations.

8. Describe the role of the user registry in IBM Tivoli Access Manager for e-business implementation.

9. Create users, groups, access control lists, and protected object policies to manage the authentication and authorization of users.

10. Use pdadmin commands and Web Portal Manager to manage users, groups, access control, and WebSEAL environment.

11. Describe authorization rules to customize access control.

12. Create Access Manager domains to unify the authentication and authorization of users.

13. Create Access Manager delegated administrators to delegate domain management responsibilities to lower-level administrators.

14. Use auditing to track users and administrators activities.

15. Implement the Access Manager common auditing and reporting systems (CARS) for historical and operational reporting.

16. Describe how WebSEAL secures Web-based resources.

17. Install and configure WebSEAL.

18. Describe and implement a variety of authentication methods including forms-based single sign-on, cross domain single sign-on, Windows desktop single sign-on (SPNEGO), and client-side certificates.

19. Describe Session Management Server (SMS) and WebSEAL shared session management to limit concurrent sessions and terminate or inspect active sessions.

20. Create and manage WebSEAL junctions to unify the Web space of the back-end servers with the Web space of the WebSEAL server.

21. Enable auditing to track user activities.

22. Enable logging to troubleshoot WebSEAL environment.

23. Describe how to tailor a security environment with IBM Tivoli Access Manager for e-business Web server plug-ins. 

Who Will Benefit From This Course
This course is targeted for System Administrators, Security Architects, Application Programmers, and Identity Developers who are responsible for maintaining large numbers of users, groups, and access to specific information resources. 

Required Skills/Knowledge

The following list contains the prerequisite knowledge or Tivoli product knowledge an attendee must have prior to attending the course:

• Basic operating-system administrative skills for Linux
• Basic knowledge of Lightweight Directory Access Protocol (LDAP)
• TCP/IP fundamentals
• Firewall concepts
• Working knowledge of Web protocols (HTTP, XML)
• Basic knowledge of IBM WebSphere Application Server

Recommended Courses
LDAP foundation class.

Course Outline

Unit 1: IBM Tivoli Access Manager for e-business 6.0 Introduction and Overview

 Lesson 1:  Introduction to Tivoli Access Manager for e-business

 Lesson 2: Tivoli Access Manager for e-business Architecture

 Lesson 3: Tivoli Access Manager for e-business Integration

Unit 2: IBM Tivoli Access Manger for e-business Installation and Configuration

 Lesson 1: Tivoli Access Manager for e-business Prerequisites

 Lesson 2: Tivoli Access Manager for e-business Installation

Unit 3: Tivoli Access Manager and the LDAP User Registry

 Lesson 1: What is LDAP

 Lesson 2: Tivoli Access Manager and the User Registry

 Lesson 3: Installing and Configuring the IBM Tivoli Directory Server Web Application Tool

Unit 4: Managing Users and Groups

 Lesson 1: Using the Tivoli Access Manager Command Line and Graphical User Interface

 Lesson 2: Installing and Configuring the  Web Portal Manager

 Lesson 3: Using pdadmin Commands and Web Portal Manager to Manage Users, Groups, and Access Control

Unit 5: Managing Access Control

 Lesson 1: Controlling Access with Tivoli Access Manager

 Lesson 1: ACLs

 Lesson 2: POPs

 Lesson 3: IP Authentication

Unit 6: Introduction to WebSEAL

 Lesson 1:         What is WebSEAL

 Lesson 2:         WebSEAL Authentication

 Lesson 3:        WebSEAL Junctions

 Lesson 4:        Web Space Protection

 Lesson 5:        Web Space Scalability

 Lesson 6:        Single Sign-on

Unit 7: WebSEAL Installation and Configuration

 Lesson 1:        Installation Prerequisites

 Lesson 2:        Installation Methods

 Lesson 3:        WebSEAL Configuration

 Lesson 4:        WebSEAL Instance Management

 Lesson 5:        WebSEAL Configuration Files

Unit 8: WebSEAL Authentication Mechanisms

 Lesson 1:        Authentication Overview

 Lesson 2:        Authentication Methods

 Lesson 3:        Basic Authentication

 Lesson 4:        Forms Authentication

 Lesson 5:        Client Certificate Authentication

 Lesson 6:        HTTP Header Authentication

 Lesson 7:        IP Address Authentication

 Lesson 8:        Token Authentication

Unit 9: Advanced Authentication Methods

 Lesson 1:        Multiplexing Proxy Agents

 Lesson 2:        Switch User Authentication

 Lesson 3:        Re-authentication

 Lesson 4:        External Authentication Interface

 Lesson 5:        Logout and Password Change Operations

 Lesson 6:        Login Failure Policy

Unit 10:  WebSEAL Junctions

  Lesson 1:        WebSEAL Junctions Overview

  Lesson 2:        Managing Junctions with Web Portal Manager

  Lesson 3:        Managing Junctions with pdadmin Utility

  Lesson 4:        Standard WebSEAL Junctions

  Lesson 5:        Transparent Path Junctions

  Lesson 6:        Stateful Junctions

  Lesson 7:        Junction Cookie

  Lesson 8:        Junction Mapping Table

  Lesson 9:        Generating a Third Party Web Space (Query-Contents)

  Lesson 10: Junction Throttling

Unit 11:        Virtual Host Junctions

 Lesson 1:        Virtual Host Junction Concepts

 Lesson 2:        Configuring a Virtual Host Junction

 Lesson 3:        Virtual Host Junctions in Object Space

 Lesson 4:        Commands for Virtual Host Junctions

Unit 12:         Single Sign-on

 Lesson 1:        Single Sign-on Concepts

 Lesson 2:        Single Sign-on using HTTP Basic Authentication (BA) Headers

 Lesson 3:        Supplying Client Identity and Generic Password

 Lesson 4:        Forwarding Original Client BA Header Information

 Lesson 5:        Removing Client BA Header Information

 Lesson 6:        Supplying User Name and Password from GSO

 Lesson 7:        Global Sign-on

 Lesson 8:        Configuring a GSO Enabled WebSEAL Junction

 Lesson 9:        Forms Single Sign-on Authentication

 Lesson 10:        Single Sign-on to IBM WebSphere (LTPA)

Unit 13:        Windows Desktop Single Sign-on

 Lesson 1:  Windows Single Sign on Overview

 Lesson 2   SPNEGO

 Lesson 3:  Active Directory with Windows Single Sign On

 Lesson 4:  Configuration of Windows Single Sign On

Unit 14: Cross Domain Single Sign-on

 Lesson 1:  Cross Domain Single Sign On Overview

 Lesson 2:  Configuration of Cross Domain Single Sign On

 Lesson 3:  Extended Attributes for CDSSO

Unit 15: Session Management Server

 Lesson 1:  Overview of Session Management

 Lesson 2:  Overview of SMS

 Lesson 2:  Administration

 Lesson 3:  Installation

 Lesson 4:  Configuration

 Lesson 5:  SMS and WebSEAL

Unit 16: Domain and Policy Proxy Server

 Lesson 1: Tivoli Access Manager Secure Domains

 Lesson 2: Managing Secure Domains

 Lesson 3: Using Policy Proxy Servers

Unit 17: Authorization Rules

 Lesson 1: Authorization Rules

 Lesson 2: Creating Custom Authorization Rules

Unit 18: Delegated Administration

 Lesson 1: Domain Management Responsibilities

 Lesson 2: Delegated Administration

 Lesson 3: Delegated User and Group Administration

 Lesson 4: Delegated Object Space Management

Unit 19: Logging and Auditing

 Lesson 1:  Policy Server Auditing

 Lesson 2:  Policy Server Logging

 Lesson 3:  WebSEAL Auditing

 Lesson 4:  WebSEAL Logging

Unit 20: Common Auditing and Reporting Services (CARS)

 Lesson 1:  Common Auditing and Reporting Services Overview

 Lesson 2:  CARS Installation and Configuration

 Lesson 3:  CARS Configuration for IBM Tivoli Access Manager Policy Server

 Lesson 4:  CARS WebSEAL Configuration

 Lesson 5:  IBM Tivoli Access Manager Reporting with CARS 

<< Go Back