This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM z Systems hardware and software (referred to in this book by the previous product name, IBM System z®). In an age of increasing security consciousness and more dangerous and advanced persistent threats, System z provides the capabilities to address today’s business security challenges. This book explores how System z hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements. We highlight the features of IBM z/OS® and other operating systems that offer a variety of customizable security elements. We also describe z/OS and other operating systems and additional software that use the building blocks of System z hardware to meet business security needs. We explore these from the perspective of an enterprise security architect and how a modern mainframe must fit into an enterprise security architecture. This book is part of a three-volume series that focuses on guiding principles for optimized mainframe security configuration within a holistic enterprise security architecture. The intended audience includes enterprise security architects, planners, and managers who are interested in exploring how the security design and features of the System z platform, the z/OS operating system, and associated software address current issues, such as data encryption, authentication, authorization, network security, auditing, ease of security administration, and monitoring.

In an increasingly interconnected world, data breaches grab headlines. The security of sensitive information is vital, and new requirements and regulatory bodies such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley (SOX) create challenges for enterprises that use encryption to protect their information. As encryption becomes more widely adopted, organizations also must contend with an ever-growing set of encryption keys. Effective management of these keys is essential to ensure both the availability and security of the encrypted information. Centralized management of keys and certificates is necessary to perform the complex tasks that are related to key and certificate generation, renewal, and backup and recovery. The IBM® Enterprise Key Management Foundation (EKMF) is a flexible and highly secure key management system for the enterprise. It provides centralized key management on IBM zEnterprise® and distributed platforms for streamlined, efficient, and secure key and certificate management operations. This IBM Redbooks® publication introduces key concepts around a centralized key management infrastructure and depicts the proper planning, implementation, and management of such a system using the IBM Enterprise Key Management Foundation solution.

IBM® PowerSC provides a security and compliance solution that is optimized for virtualized environments on IBM Power Systems™ servers, running IBM PowerVM® and IBM AIX®. Security control and compliance are some of the key components that are needed to defend the virtualized data center and cloud infrastructure against ever evolving new threats. The IBM business-driven approach to enterprise security used in conjunction with solutions such as PowerSC makes IBM the premier security vendor in the market today. This IBM Redbooks® deliverable helps IT and Security managers, architects, and consultants to strengthen their security and compliance posture in a virtualized environment running IBM PowerVM.

Today many organizations face challenges when developing a realistic plan or schedule that provides the best possible balance between customer service and revenue goals. Optimization technology has long been used to find the best solutions to complex planning and scheduling problems. A decision-support environment that enables the flexible exploration of all the trade-offs and sensitivities needs to provide the following capabilities: Flexibility to develop and compare realistic planning and scheduling scenarios Quality sensitivity analysis and explanations Collaborative planning and scenario sharing Decision recommendations This IBM® Redbooks® publication introduces you to the IBM ILOG® Optimization Decision Manager (ODM) Enterprise. This decision-support application provides the capabilities you need to take full advantage of optimization technology. Applications built with IBM ILOG ODM Enterprise can help users create, compare, and understand planning or scheduling scenarios. They can also adjust any of the model inputs or goals, and fully understanding the binding constraints, trade-offs, sensitivities, and business options. This book enables business analysts, architects, and administrators to design and use their own operational decision management solution. Please note that the additional material referenced in the text is not available from IBM.

Organizations today are more widely distributed than ever before, which can make systems management tasks, such as distributing software, patches, and security policies, extremely challenging. The IBM® Tivoli® Endpoint Manager platform is architected for today's highly diverse, distributed, and complex IT environments. It provides real-time visibility and control through a single infrastructure, single agent, and single console for systems lifecycle management, endpoint protection, and security configuration and vulnerability management. This platform enables organizations to securely manage their global IT infrastructures faster and more accurately, resulting in improved governance, control, visibility, and business agility. Plus, it gives organizations the ability to handle tomorrow's unforeseen challenges. In this IBM Redbooks® publication, we provide IT security professionals with a better understanding around the challenging topic of endpoint management in the IT security domain. We focus on IBM Tivoli Endpoint Manager for Security and Compliance and describe the product architecture and provide a hands-on design guide for deploying the solution. This book is a valuable resource for security professionals and architects who want to understand and implement a centralized endpoint management infrastructure and endpoint protection to better handle security and compliance challenges.

Many large and medium-sized organizations have made strategic investments in the SAP NetWeaver technology platform as their primary application platform. In fact, SAP software is used to manage many core business processes and data. As a result, it is critical for all organizations to manage the life cycle of user access to the SAP applications while adhering to security and risk compliance requirements. In this IBM® Redbooks® publication, we discuss the integration points into SAP solutions that are supported by the IBM Security access and identity management product capabilities. IBM Security software offers a range of identity management (IdM) adapters and access management components for SAP solutions that are available with IBM Tivoli® Identity Manager, IBM Tivoli Directory Integrator, IBM Tivoli Directory Server, IBM Access Manager for e-business, IBM Tivoli Access Manager for Enterprise Single Sign-On, and IBM Tivoli Federated Identity Manager. This book is a valuable resource for security officers, consultants, administrators, and architects who want to understand and implement an identity management solution for an SAP environment.

In a growing number of organizations, policies are the key mechanism by which the capabilities and requirements of services are expressed and made available to other entities. The goals established and driven by the business need to be consistently implemented, managed and enforced by the service-oriented infrastructure; expressing these goals as policy and effectively managing this policy is fundamental to the success of any IT and application transformation. First, a flexible policy management framework must be in place to achieve alignment with business goals and consistent security implementation. Second, common re-usable security services are foundational building blocks for SOA environments, providing the ability to secure data and applications. Consistent IT Security Services that can be used by different components of an SOA run time are required. Point solutions are not scalable, and cannot capture and express enterprise-wide policy to ensure consistency and compliance. In this IBM® Redbooks® publication, we discuss an IBM Security policy management solution, which is composed of both policy management and enforcement using IT security services. We discuss how this standards-based unified policy management and enforcement solution can address authentication, identity propagation, and authorization requirements, and thereby help organizations demonstrate compliance, secure their services, and minimize the risk of data loss. This book is a valuable resource for security officers, consultants, and architects who want to understand and implement a centralized security policy management and entitlement solution.

Every organization has a core set of mission-critical data that must be protected. Security lapses and failures are not simply disruptions—they can be catastrophic events, and the consequences can be felt across the entire organization. As a result, security administrators face serious challenges in protecting the company’s sensitive data. IT staff are challenged to provide detailed audit and controls documentation at a time when they are already facing increasing demands on their time, due to events such as mergers, reorganizations, and other changes. Many organizations do not have enough experienced mainframe security administrators to meet these objectives, and expanding employee skillsets with low-level mainframe security technologies can be time-consuming. The IBM® Security zSecure suite consists of multiple components designed to help you administer your mainframe security server, monitor for threats, audit usage and configurations, and enforce policy compliance. Administration, provisioning, and management components can significantly reduce administration, contributing to improved productivity, faster response time, and reduced training time needed for new administrators. This IBM Redbooks® publication is a valuable resource for security officers, administrators, and architects who wish to better understand their mainframe security solutions.

Deploying an identity management solution for a medium size business begins with a thorough analysis of the existing business and IT environment. After we fully understand the organization, their deployed infrastructure, and the application framework, we can define an applicable representation of these assets within an identity management implementation. This IBM® Redbooks® publication, intended for IBM Business Partners, takes a step-by-step approach to implementing an identity management solution based on IBM Tivoli® Identity Manager. Part 1 discusses the general business context and the planning approach for an identity management solution. Part 2 takes you through an example company profile with existing business policies and guidelines and builds an identity management solution design for this particular environment. We describe how the components can be integrated into the existing environment. Then, we focus on the detailed configuration of identity management integration tasks that must be implemented in order to create a fully functional end-to-end solution. This IBM Redbooks publication does not introduce any general identity management concepts, nor does it systematically explain all of Tivoli Identity Manager's components and capabilities; instead, those details are thoroughly discussed in the IBM Redbooks publications: Identity Management Design Guide with IBM Tivoli Identity Manager, SG24-6996, and Enterprise Security Architecture Using IBM Tivoli Security Solutions, SG24-6014.

In order to comply with government and industry regulations, such as Sarbanes-Oxley, Gramm-Leach-Bliley, and COBIT, enterprises have to constantly detect, validate, and report unauthorized change and out-of-compliance actions on their IT infrastructure. The Tivoli Compliance Insight Manager solution allows organizations to improve the security of their information systems by capturing comprehensive log data, correlating this data through sophisticated log interpretation and normalization, and communicating results through a dashboard and a full set of audit and compliance reporting. We discuss the business context of security audit and compliance software for organizations, and we show a typical deployment within a business scenario. This IBM Redbooks publication is a valuable resource for security officers, administrators, and architects who wish to understand and deploy a centralized security audit and compliance solution.

Identity and user lifecycle management projects are being deployed more and more frequently - and demand is growing. By demonstrating how IBM Tivoli Identity Manager can be made resilient and adapted to special functional requirements, this IBM Redbooks publication creates or enhances confidence in the IBM Tivoli Identity Manager-based solution for senior management, architects, and security administrators. Advanced design topics can start with infrastructure availability for all involved components, Web application, and database server clustering as well as LDAP multi-master setups, continuing with compliance challenges addressing enhanced auditing and reporting, and designing and creating your own self-care/self-registration application environment that embraces external users and business partners offering fine-tuned workflow options and lifecycle management capabilities. The powerful features and extensions of IBM Tivoli Identity Manager are opening doors into a world of advanced design and customization for every identity management challenge you might encounter. Please note that the additional material referenced in the text is not available from IBM.

Don’t be fooled by the name; IBM Tivoli Directory Integrator integrates anything, and it is not in any way limited to directories. It is a truly generic data integration tool that is suitable for a wide range of problems that usually require custom coding and significantly more resources to address with traditional integration tools. This IBM Redbooks publication shows you how Directory Integrator can be used for a wide range of applications utilizing its unique architecture and unparalleled flexibility. We discuss the business context for this evolutionary data integration and tell you how to architect and design an enterprise data synchronization approach. By telling you everything about Directory Integrator’s component structure and then applying all the techniques in two comprehensive business scenarios, we build a formidable base for your own data integration and synchronization projects. This book is a valuable resource for security administrators and architects who want to understand and implement a directory synchronization project. Please note that the additional material referenced in the text is not available from IBM.

This IBM Redbooks publication is a study guide for IBM Tivoli Access Manager for e-business Version 6 and is meant for those who want to achieve IBM Certifications for this specific product. The IBM Tivoli Access Manager for e-business Certification, offered through the Professional Certification Program from IBM, is designed to validate the skills required of technical professionals who work in the implementation of the IBM Tivoli Access Manager for e-business Version 6 product. This book provides a combination of theory and practical experience needed for a general understanding of the subject matter by discussing the planning, installation, configuration and customization, programming, auditing and troubleshooting of Access Manager for e-business solutions. It also provides sample questions that will help in the evaluation of personal progress and provide familiarity with the types of questions that will be encountered in the exam. This publication does not replace practical experience, nor is it designed to be a stand-alone guide for any subject. Instead, it is an effective tool which, when combined with education activities and experience, can be a very useful preparation guide for the exam.

Mastering IBM Tivoli Access Manager is a very important factor in successfully deploying contemporary e-business solutions. Access Manager is the key element in an e-business security framework that needs thorough understanding to achieve maximum security, functionality, and performance. Based on expandable security policies for users, groups, and protected resources, Tivoli Access Manager manages authentication and authorization for application servers, Web sites, and virtually any other resource that requires protection, including custom-written applications. This IBM Redbooks publication describes how to build an integrated enterprise business portal with Tivoli Access Manager Version 4.1, WebSphere Portal, mySAP Workplace, and the SAP Enterprise Portal. It also describes how to implement a federated single sign-on solution within a Web Services scenario. This book is partitioned into general and customer scenario based sections. This book is a valuable resource for security administrators and architects who wish to understand and implement a centralized security infrastructure. Please note that the additional material referenced in the text is not available from IBM.

Mastering the IBM Tivoli Access Manager is the most important factor for successfully deploying contemporary e-business solutions. Access Manager is the key element in an e-business security framework that needs thorough understanding to achieve maximum security, functionality, and performance. Based on expandable security policies for users, groups, and protected resources, the Tivoli Access Manager manages the authentication and authorization to application servers, Web sites, and virtually any other resource that requires protection, including custom-written applications. This IBM Redbooks publication explains the planning steps and describes how to build multi-level enterprise business portals with the new Tivoli Access Manager Version 3.9. It also discusses high-availability scenarios and platform coverage for various involved components like Web servers, registries, and Access Manager management components. It shows the integration of Access Manager into the IBM WebSphere Application Server, IBM WebSphere Everyplace Suite, BEA WebLogic application server, Siebel, and other products. This book is a valuable resource for security administrators and architects who wish to understand and implement a centralized security infrastructure.