Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Tivoli® Access Manager for e-business
Release Notes
Version 6.1
GC23-6501-00
���
Tivoli® Access Manager for e-business
Release Notes
Version 6.1
GC23-6501-00
���
Note
Before using this information and the product it supports, read the information in “Notices” on page 53.
Edition notice
This edition applies to version 6, release 1 of IBM Tivoli Access Manager (product number 5724-C08) and to all
subsequent releases and modifications until otherwise indicated in new editions.
© Copyright International Business Machines Corporation 2005, 2008. All rights reserved.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Chapter 1. About this release . . . . . 1
New features for base and other components . . . 1
New WebSEAL features . . . . . . . . . . 2
New Session Management Server (SMS) features . . 3
New Plug-in for Web Servers features . . . . . . 4
Versions added or removed for this release . . . . 4
Software download page for Tivoli Access Manager . 6
Backward compatibility . . . . . . . . . . . 6
Backward compatibility with previous Web ADK
versions . . . . . . . . . . . . . . . 7
Product compatibility . . . . . . . . . . . 7
Chapter 2. Installation, configuration,
upgrade, and migration information . . . 9
Operating systems . . . . . . . . . . . . 10
Supported operating systems and required
patches . . . . . . . . . . . . . . . 10
Tivoli Access Manager components by operating
systems . . . . . . . . . . . . . . . 24
Web application servers supported by operating
systems . . . . . . . . . . . . . . . . 26
IBM WebSphere servers . . . . . . . . . 26
Single or cluster IBM WebSphere Application Server 27
Session Management Server on IBM WebSphere
Application Server . . . . . . . . . . . 27
Web Portal Manager on IBM WebSphere
Application Server . . . . . . . . . . . 27
Software requirements . . . . . . . . . . . 28
Tivoli Access Manager software prerequisites . . 28
Tivoli Access Manager supported Web browsers 29
Installation and configuration notes . . . . . . 30
Upgrade notes . . . . . . . . . . . . . 30
Supported registries . . . . . . . . . . . 30
IBM Tivoli Directory Server . . . . . . . . 30
IBM z/OS LDAP Server . . . . . . . . . 32
IBM Lotus Domino Server . . . . . . . . 32
Microsoft Active Directory Application Mode
(ADAM) . . . . . . . . . . . . . . 33
Microsoft Active Directory . . . . . . . . 33
Novell eDirectory . . . . . . . . . . . 33
Sun Java System Directory Server . . . . . . 33
Disk space requirements . . . . . . . . . . 35
Memory requirements . . . . . . . . . . . 37
Chapter 3. Internationalization notes . . 39
Chapter 4. Uninstallation information 41
Chapter 5. Known limitations,
problems, and workarounds . . . . . 43
Limitations, known problems and workarounds . . 43
Chapter 6. Deprecated items . . . . . 47
Chapter 7. Documentation updates . . 49
Chapter 8. Contacting software support 51
Notices . . . . . . . . . . . . . . 53
Trademarks . . . . . . . . . . . . . . 55
© Copyright IBM Corp. 2005, 2008 iii
iv Release Notes
Chapter 1. About this release
IBM Tivoli Access Manager for e-business (Tivoli Access Manager) version 6.1 builds on previous
versions of Tivoli Access Manager and IBM® SecureWay® Policy Director to provide a complete
authentication and authorization solution for corporate e-business environments.
New features for base and other components
New features for base and other components in this release include:
Active Directory Application Mode (ADAM) support
Tivoli® Access Manager supports the use of Microsoft® Active Directory Application Mode
(ADAM) as a user registry.
Password change using LDAP APIs supported in Active Directory
When using an Active Directory user registry in a Tivoli Access Manager configuration with
blade servers that use LDAP APIs to communicate with the Active Directory server, Access
Manager supports user password change requests using either the Policy Server or LDAP APIs.
Change user password requests using the LDAP APIs do not require the Policy Server to be
up-and-running.
Active Directory alternate user principal name support
Tivoli Access Manager supports the use of an email address or other alternate format of the
userPrincipalName attribute of the Active Directory registry user object as a Tivoli Access
Manager user identity. This is an optional enhancement; when it is enabled, both the default and
the email address or other alternate format of the userPrincipalName can coexist in the Tivoli
Access Manager environment.
Multiple Tivoli Access Manager configurations on a single LDAP server
Provides the ability to specify the name of the management domain and the location for the
Access Manager management domain metadata within the LDAP server Directory Information
Tree (DIT). This ability allows support for multiple, concurrent Access Manager configurations
using the same LDAP server.
Tivoli Common Reporting used as Tivoli Access Manager audit (CARS) reporting mechanism
Tivoli Access Manager Version 6.1 uses Tivoli Common Reporting and the Business Intelligence
Reporting Tool (BIRT) to generate, format, view, and print report data. BIRT replaces report
functionality that required third-party Crystal licenses. Tivoli Common Reporting integrates
open-source reporting interfaces into a common tool that provides a consistent appearance across
Tivoli applications, and improves the quality of the report content.
Configurable option to provide a suffix to search for Tivoli Access Manager domain information
Provides a suffix under which the secAuthorityInfo object is located; this parameter serves as a
starting search location for the secAuthorityInfo object when Tivoli Access Manager is started. If
this parameter is set, the specified suffix will be searched first to locate the secAuthorityInfo
object for the domain. If this parameter is not set, or if the secAuthorityInfo object is not located
within the suffix specified by the parameter, then the entire set of suffixes will be searched.
Default maximum age for cache entries
A new configuration option was added to provide the ability to specify a default maximum age
based on mime-type for cache entries when a cached response is missing expiry information.
Session fixation prevention
Enhances security to prevent session fixation attacks.
Web Portal Manager implemented as a plug-in to the IBM Integrated Solutions Console.
The Web Portal Manager is implemented as a plug-in to the IBM Integrated Solutions Console.
© Copyright IBM Corp. 2005, 2008 1
The Integrated Solutions Console is a graphical administration console that provides a framework
for administering multiple products. For example, your console enables you to administer Tivoli
Access Manager and WebSphere® Application Server. Web Portal Manager is not installed as part
of the Tivoli Access Manager runtime. To use Web Portal Manager, you must install it separately.
The Integrated Solutions Console is automatically installed when you install WebSphere
Application Server.
Number of LDAP handles opened per Active Directory domain configurable
The ability to configure the number of LDAP handles opened per Active Directory domain
provides the flexibility to change to a number that fits your environment.
New configuration option allows NamingContext searching for Novell eDirectory
The novell-suffix-search-enabled option was added to the [ldap] stanza for ldap.conf in the
configuration file to allow naming context searches when Novell eDirectory is used as the user
registry. The value of the option determines whether to search the entire directory namespace for
user, group, and policy information using a global root search or to automatically determine the
set of naming contexts hosted by the LDAP server and search each defined naming context
individually for user, group, and policy information.
Configurable option for TAM to return registry stored IDs instead of keyed in value IDs
New configurable options, cache-return-registry-id and uraf-return-registry-id, were
introduced to allow Tivoli Access Manager to return the user ID in the same case as the
registry-stored value rather than the user keyed-in user ID value.
New WebSEAL features
Application Response Measurement (ARM) Enablement
Enables WebSEAL to dynamically load the ARM API library and report significant transactions,
pass on transaction correlators to junctions and CGI, and optionally accept correlators from
clients.
Single-signoff enhancements for eCSSO
Design changes ensure that all hosts use the master authentication server (MAS) for vouch-for
requests, which allows customers to track them and log them all out. Authentication failures are
no longer redirected back to the requesting host, but are instead handled at the MAS. These
additional options in WebSEAL enable customers to implement their own single-signoff solutions
for e-Community Single Sign On (eCSSO).
Junction local address binding
A new option was added to the server task create command to specify the local IP address over
which WebSEAL will communicate with the junctioned back-end server.
Online Certificate Status Protocol (OCSP) Enablement
WebSEAL includes additional configuration settings that allow administrators to enable GSKit
OCSP support for client-to-WebSEAL and WebSEAL-to-junction SSL connections. The WebSEAL
options directly correspond to nine new GSKit options.
WebSEAL: Improved integration with Session Management Server (SMS)
Changes to session state information, including new configuration stanzas for clustered
environments. Multiple Session Management Server instances may now be configured allowing
for load balancing and automatic failover/recovery.
WebSEAL separate certificate key store
This feature enables WebSEAL to be configured with a separate key store, and thus a separate list
of trusted CA signer certificates, for junctioned SSL server certificate validation.
WebSEAL Multi-domain support
Multiple instances of WebSEAL can be hosted on a single machine; each WebSEAL instance can
access a separate Tivoli Access Manager management domain.
2 Release Notes
WebSEAL Token service groundwork
Provides the infrastructure necessary for WebSEAL to consume Tivoli Federated Identity Manager
(TFIM) tokens, which allows SPNEGO single-signon for authenticated users to access
downstream applications.
Mismatching client protocol support
This feature provides additional WebSEAL configuration settings that specify the perceived
protocol and port of the TCP interface for client browsers. In this configuration, WebSEAL
behaves as if the browser were directly communicating using HTTPS even though requests are
being received via TCP.
Support alternate UPN for SPNEGO
To add support for the use of alternate User Principal Names (UPNs), a new configuration option
was added to WebSEAL allowing administrators to specify a list of mappings from Kerberos
realm names to user ID suffixes.
HttpOnly cookie support
This feature allows WebSEAL to be configured to add the HttpOnly attribute to the Set-Cookie
headers it uses for Sessions and Failover and to pass on the HttpOnly Set-Cookie header attribute
from back-end junction servers to browsers.
WebSEAL Miscellaneous auditing changes
This change is designed to minimize audit events for extraneous requests and responses. It
enables certain audit events to be filtered by MIME-type and by HTTP response code.
WebSEAL HTTP cookie authentication
This feature enhances the existing HTTP Header mechanism in WebSEAL to allow it to support
authentication using HTTP Cookies.
WebSEAL reauthentication at any level
WebSEAL now includes a configuration option that enables the administrator to specify whether
re-authentication is allowed to take place at a different authentication level and mechanism than
that which is currently held for the session. If enabled, the user can reauthenticate at a different
authentication level/mechanism with the same user ID; the authentication operation is allowed to
complete and the new credential replaces the old credential.
New Session Management Server (SMS) features
New Session Management Server features in this release include:
Configuration
GUI administration and configuration provided as a plug-in to the IBM Integrated Solutions
Console
Simplified administration using extended Integrated Solutions Console (ISC) GUI menu,
easily installed onto the WebSphere ISC. Session Management Server deployment can
now be handled through smscfg or the new Session Management Server ISC.
Command line configuration
The smscfg tool is now a console based Java™ application and does not require a GUI
display. GUI configuration of the Session Management Server is supported through the
new ISC extension.
Dynamic configuration
The Session Management Server application no longer requires a restart within
WebSphere in order to apply any configuration changes. These configuration updates are
now applied on-the-fly.
New pdsmsadmin command line
An alternative command line to pdadmin which simplifies SMS tasks and does not require full
integration with Tivoli Access Manager.
Chapter 1. About this release 3
Simplified fixpack upgrade management
New smscfg commands for installing and managing fix-pack upgrades.
Support for multiple instances
Multiple session management server installations (called instances) are now supported on a single
WebSphere Application Server. Each session management server instance can contain one or more
session realms, and each session realm can contain one or more replica sets. Using the session
management server administrative tools, you can easily view all available instances, deploy and
configure new instances, or swap from one instance to another to perform administrative tasks.
Session realm limits
You can now limit the maximum number of sessions for a particular session realm. Once the
maximum number of sessions has been reached, further session requests will be denied until the
number of sessions has dropped below the set threshold.
New Plug-in for Web Servers features
Session fixation prevention
Enhances security to prevent session fixation attacks.
HttpOnly cookie support
This feature allows WebSEAL to be configured to add the HttpOnly attribute to the Set-Cookie
headers it uses for Sessions and Failover and to pass on the HttpOnly Set-Cookie header attribute
from back-end junction servers to browsers.
Single-signoff enhancements for eCSSO
Design changes ensure that all hosts use the master authentication server (MAS) for vouch-for
requests, which allows customers to track them and log them all out. Authentication failures are
no longer redirected back to the requesting host, but are instead handled at the MAS. These
additional options enable customers to implement their own single-signoff solutions for
e-Community Single Sign On (eCSSO).
Improved integration with Session Management Server (SMS)
Changes to session state information, including new configuration stanzas for clustered
environments. Multiple Session Management Server instances may now be configured allowing
for load balancing and automatic failover/recovery.
HTTPOnly flag
Support for the HttpOnly flag (recognized by Internet Explorer version 6 and above) reduces the
risk of internal cookie information being exposed to client-side scripts.
Versions added or removed for this release
The following tables detail which versions have been added as supported and which versions are no
longer supported for this release.
Supported operating systems
Tivoli Access Manager supports updated versions of the following operating systems.
Operating systems Added this release Removed this release
AIX® None None
HP-UX 11iv3 11iv1
HP-UX on Integrity 11iv3 None
Linux® on x86 and Linux on x86_64 Red Hat Enterprise Linux
Server 5.0, SUSE LINUX
Enterprise 10
Red Hat Enterprise Linux 3.0,
SUSE LINUX Enterprise 8
4 Release Notes
Operating systems Added this release Removed this release
Linux on System z™ Red Hat Enterprise Linux
Server 5.0, SUSE LINUX
Enterprise 10
Red Hat Enterprise Linux 3.0,
SUSE LINUX Enterprise 8
Linux on POWER™ Red Hat Enterprise Linux
Server 5.0, SUSE LINUX
Enterprise 10
Red Hat Enterprise Linux 3.0,
SUSE LINUX Enterprise 8
Solaris None 8
Solaris on x86_64 None None
Windows® Windows Vista None
Supported user registries
Tivoli Access Manager supports updated versions of the following user registries:
User registries Added this release Removed this release
IBM Tivoli Directory Server 6.1 None, previous versions can
coexist with 6.1
Sun Java System Directory Server 6.1 None
SunOne Directory Server None None
IBM Lotus® Domino® Server 8.0 6.0.x
Microsoft Active Directory 6.0 5.0
Microsoft Active Directory Application
Mode (ADAM)
1.0 None
Novell eDirectory 8.8.x 8.6.2
z/OS® Security Server LDAP Server None None
z/OS Integrated Security Services
LDAP Server (ISS)
None None
IBM Tivoli Directory Server for z/OS 1.8 None
Chapter 1. About this release 5
Upgrades to the supported prerequisite product versions
Tivoli Access Manager supports updated versions of prerequisite products. The Tivoli Access
Manager installation wizards include an integrated installation of the updated versions of the
prerequisite products.
Prerequisite products Added this release Removed this release
IBM Java Runtime 1.5.0 SR5 1.4.2 SR2
IBM WebSphere Application Server 6.1 6.0.2
Global Security Kit (GSKit) v HP-UX on Integrity: 7.0.4.12
v All other platforms: 7.0.4.11
7.0-3.17
IBM Tivoli Directory Server 6.1 None, previous versions can
coexist with 6.1
DB2 Universal Database™ Enterprise
Server Edition (DB2®)
9.1 8.1
Upgrades to the supported Web server product versions
Tivoli Access Manager supports updated versions of the following servers. These servers are not
provided with Tivoli Access Manager and must already be installed before installing Tivoli Access
Manager.
Platform Added this release Removed this release
Apache Web Server 2.0.x 1.3.x
IBM HTTP Server 6.0, 2.0.x and 1.3.x None
Microsoft Internet Information
Services (IIS)
6.0 None
Sun servers Sun Java System Web Server 7.0 SunONE Web Server 6.0
IBM WebSphere Network Deployment
Edge component
6.1 6.0
Software download page for Tivoli Access Manager
Links to supplemental software downloads for Tivoli products can be found at:
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliAccessManagerfore-business.html
Follow the Software downloads (for registered users) link and then select IBM Tivoli Access Manager.
Enter your registered user name and password when prompted.
Backward compatibility
The following Tivoli Access Manager components can communicate with a version 6.1 policy server or
authorization server:
v Access Manager Runtime versions 6.1, 6.0 and 5.1
v Access Manager Runtime for Java versions 6.1, 6.0 and 5.1
The binary backward compatibility supported by Tivoli Access Manager version 6.1, 6.0 and 5.1
applications is as follows:
v Access Manager Runtime version 6.1 supports applications compiled against Tivoli Access Manager
version 6.0 and 5.1 ADKs for all platforms.
6 Release Notes
Notes:
1. Because the AZN servers use the runtime for communication, the servers are backward compatible.
2. All components on a single machine must be at the same version.
3. When using Active Directory or Lotus Domino as the user registry, all Tivoli Access Manager
components must be at the version 6.1 level.
4. When using IBM Tivoli Directory Server as the user registry, you are not required to upgrade all
Tivoli Access Manager components in your secure domain to a 6.1 level.
Backward compatibility with previous Web ADK versions
The backward compatibility supported by Tivoli Access Manager WebSEAL versions 6.1, 6.0, 5.1 and 4.1
applications is as follows:
1. Access Manager Web Runtime version 6.1 supports applications compiled against Tivoli Access
Manager version 6.0, 5.1 and 4.1 Web ADKs for all platforms except Solaris.
2. Access Manager Web Runtime version 6.1 for Solaris supports applications compiled against the Tivoli
Access Manager version 6.0 and 5.1 Web ADK only.
Product compatibility
Tivoli Access Manager 6.1 is compatible with the following products:
v IBM Lotus Domino
v IBM Tivoli Access Manager for Operating Systems
v IBM Tivoli Configuration Manager
v IBM Tivoli Directory Server
v IBM Tivoli Federated Identity Manager
v IBM Tivoli Identity Manager
v IBM WebSphere Portal Server
v IBM Tivoli Directory Integrator
v Tivoli Compliance Insight Manager
v Tivoli Security Operations Manager
Chapter 1. About this release 7
8 Release Notes
Chapter 2. Installation, configuration, upgrade, and migration
information
This section is organized based on the following industry-standard definitions:
Installation
The process of adding a program, program option, or piece of hardware to an existing system in
a manner such that it runs and interacts properly with all affected parts of the system.
Migration
The process of replacing a component with another component.
Configuration
The process of implementing software and hardware in a way that allows the system as a whole
to operate properly. For a software product, configuration includes tasks such as choosing the
proper settings, setting up communication protocols, or setting up a printer. For hardware,
configuration might include setting up the hardware to optimize its performance for a particular
system. Sometimes referred to as customization.
Upgrade
The process of changing from one version of a product to a later or improved version of the same
product.
The line between installation and configuration is sometimes blurred. Installation information describes
what you need to do to start or run the program or machine. Configuration information describes what
you must do to make the program or machine operate appropriately now that the program or machine is
running.
© Copyright IBM Corp. 2005, 2008 9
Operating systems
The following sections provide tables that identify supported operating systems and required patches and
tables that identify which operating systems on which the Tivoli Access Manager components are
supported.
Supported operating systems and required patches
Attention: Apply the changes for daylight saving time (DST) 2007 and later for your operating system.
AIX
Tivoli Access Manager components for AIX are supported on 32-bit and 64-bit kernels in 32-bit
compatibility mode.
Table 1. AIX: Supported Tivoli Access Manager components
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
RS/6000® AIX 5.2 v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Apache Web Server 2.0.x
v Plug-in for IBM HTTP Server (v2.0.x/6.x)
v Plug-in for Sun Java Systems Web Server
v6.1, SP1
v Plug-in for WebSphere Application Server
Network Deployment Edge Server 6.1
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
v Service Pack (SP) 5200-08-2 or
above
v Technology Level (TL) 5200-08
or above
10 Release Notes
Table 1. AIX: Supported Tivoli Access Manager components (continued)
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
AIX 5.3 v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Apache Web Server v2.0.x
(Apache compiled in 31-bit mode only)
v Plug-in for WebSphere Application Server
Network Deployment Edge Server 6.1
v Plug-in for IBM HTTP Server (v2.0.x/6.x)
v Plug-in for Sun Java System Web Server
v6.1, SP1)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
v Service Pack (SP) 5200-04-02
or above
v Technology Level (TL) 5300-04
or above
Chapter 2. Installation, configuration, upgrade, and migration information 11
HP-UX
Table 2. HP-UX: Supported Tivoli Access Manager components
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
PA-RISC HP-UX 11iv2
(B.11.23)
v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
v PHSS_33449
v PHSS_33450
v PHSS_33405
HP-UX 11iv3
(B.11.31)
v Authorization server
v Attribute Retrieval Service
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
HP-UX on
Integrity
HP-UX 11iv2
(B.11.23)
v Authorization server
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
v PHSS_34859
v PHSS_35978
12 Release Notes
Table 2. HP-UX: Supported Tivoli Access Manager components (continued)
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
HP-UX 11iv3
(B.11.31)
v Authorization server
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
Linux on x86
Table 3. Linux on x86: Supported Tivoli Access Manager components
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
x86 Red Hat
Enterprise Linux
Server 4.0
v Authorization server
v Attribute Retrieval Service
v Development (ADK)
v Plug-in for IBM HTTP Server (v1.3.x)
v Plug-in for IBM HTTP Server (v2.0.x or 6.0)
v Plug-in for WebSphere Application Server
Network Deployment Edge Server 6.1
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
Update 5
Chapter 2. Installation, configuration, upgrade, and migration information 13
Table 3. Linux on x86: Supported Tivoli Access Manager components (continued)
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
Red Hat
Enterprise Linux
Server 5.0
v Authorization server
v Attribute Retrieval Service
v Development (ADK)
v Plug-in for IBM HTTP Server (v1.3.x)
v Plug-in for IBM HTTP Server (v2.0.x or 6.0)
v Plug-in for WebSphere Application Server
Network Deployment Edge Server 6.1
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
SUSE LINUX
Enterprise Server
9
v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for IBM HTTP Server (v1.3.x)
v Plug-in for IBM HTTP Server (v2.0.x or 6.0)
v Plug-in for WebSphere Application Server
Network Deployment Edge Server 6.1
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
Service Pack 1
14 Release Notes
Table 3. Linux on x86: Supported Tivoli Access Manager components (continued)
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
SUSE LINUX
Enterprise Server
10
v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for IBM HTTP Server (v1.3.x)
v Plug-in for IBM HTTP Server (v2.0.x or 6.0)
v Plug-in for WebSphere Application Server
Network Deployment Edge Server 6.1
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
Chapter 2. Installation, configuration, upgrade, and migration information 15
Linux on x86-64
Tivoli Access Manager components for Linux on x86–64 are supported on 64-bit AMD64/EM64T systems.
Table 4. Linux on x86–64: Supported Tivoli Access Manager components
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
x86-64 Red Hat Enterprise
Linux Server 4.0
v Authorization server
v Attribute Retrieval Service
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
Update 5
Red Hat Enterprise
Linux Server 5.0
v Authorization server
v Attribute Retrieval Service
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
SUSE LINUX
Enterprise Server 9
v Authorization server
v Attribute Retrieval Service
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
Service Pack 2
SUSE LINUX
Enterprise Server 10
v Authorization server
v Attribute Retrieval Service
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
16 Release Notes
Linux on System z
Tivoli Access Manager components for Linux on System z are supported on 64-bit System z kernels in
31-bit compatibility mode.
Table 5. Linux on System z: Supported Tivoli Access Manager components
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
System z Red Hat Enterprise
Linux Server 4.0
v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Apache Web Server v2.0 x
(Apache compiled in 31-bit mode only)
v Plug-in for IBM HTTP Server (v1.3.x
v Plug-in for IBM HTTP Server (v.2.0.x or
6.0)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
v Update 5 or above
v compat-libstdc++-295-2.95.3-81.s390.rpm or higher version
v compat-libstdc++-295-2.95.3-81.s390x.rpm or higher version
v compat-libstdc++-33-3.2.3-47.3.s390.rpm or higher version
v compat-libstdc++-33-3.2.3-47.3.s390x.rpm or higher version
Red Hat Enterprise
Linux Server 5.0
v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Apache Web Server v2.0 x
(Apache compiled in 31-bit mode only)
v Plug-in for IBM HTTP Server (v1.3.x
v Plug-in for IBM HTTP Server (v.2.0.x or
6.0)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
v compat-libstdc++-295-2.95.3-81.s390.rpm or higher version
v compat-libstdc++-295-2.95.3-81.s390x.rpm or higher version
v compat-libstdc++-33-3.2.3-47.3.s390.rpm or higher version
v compat-libstdc++-33-3.2.3-47.3.s390x.rpm or higher version
Chapter 2. Installation, configuration, upgrade, and migration information 17
Table 5. Linux on System z: Supported Tivoli Access Manager components (continued)
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
SUSE LINUX
Enterprise Server 9
v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Apache Web Server v2.0 x
(Apache compiled in 31-bit mode only)
v Plug-in for IBM HTTP Server (v1.3.x)
v Plug-in for IBM HTTP Server (v2.0.x or
6.0)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
v Service Pack 3 or above
v compat-2004.7.1-1.2.s390x.rpm or
higher version
v compat-32bit-9-200407011411.s390x.rpm or higher
version
SUSE LINUX
Enterprise Server
10
v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Apache Web Server v2.0 x
(Apache compiled in 31-bit mode only)
v Plug-in for IBM HTTP Server (v1.3.x)
v Plug-in for IBM HTTP Server (v2.0.x or
6.0)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
v compat-2006.1.25-11.2.s390x.rpm
or higher version
v compat-32bit-2006.1.25-11.2.s390x.rpm or higher version
18 Release Notes
Linux on POWER
Tivoli Access Manager components for Linux on POWER are supported on 64-bit kernels in 32-bit
compatibility mode.
Table 6. Linux on POWER: Supported Tivoli Access Manager components
Architecture
Supported
operating
systems
Tivoli Access Manager systems Required patches
Power Red Hat
Enterprise Linux
Server 4.0
v Authorization server
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
Update 5 or above
Red Hat
Enterprise Linux
Server 5.0
v Authorization server
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
SUSE LINUX
Enterprise Server
9
v Authorization server
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
Service Pack 1
SUSE LINUX
Enterprise Server
10
v Authorization server
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
Chapter 2. Installation, configuration, upgrade, and migration information 19
Solaris
Table 7. Solaris: Supported Tivoli Access Manager components
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
Solaris 9 v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Apache Web Server v2.0.x
(Apache compiled in 31-bit mode only)
v Plug-in for IBM HTTP Server (v1.3.x)
v Plug-in for IBM HTTP Server (v2.0.x or
6.0)
v Plug-in for Sun Java System Web
Server (v6.1, SP1)
v Plug-in for Sun Java System Web
Server (v7.0)
v Plug-in for WebSphere Application
Server Network Deployment Edge
Server 6.1
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
Recommended patch cluster of
December 2007
20 Release Notes
Table 7. Solaris: Supported Tivoli Access Manager components (continued)
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
Solaris 10 v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Apache Web Server v2.0.x
(Apache compiled in 31-bit mode only)
v Plug-in for IBM HTTP Server (v2.0.x or
6.0)
v Plug-in for IBM HTTP Server (v1.3.x)
v Plug-in for Sun Java System Web
Server (v6.1, SP1)
v Plug-in for Sun Java System Web
Server (v7.0)
v Plug-in for WebSphere Application
Server Network Deployment Edge
Server 6.1
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
Recommended patch cluster of
October 2005
x86-64 Solaris 10 v Authorization server
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
Chapter 2. Installation, configuration, upgrade, and migration information 21
Windows client
Table 8. Windows client: Supported Tivoli Access Manager components
Architecture Tivoli Access Manager systems Required patches
Windows XP v Development (ADK)
v Runtime
v Runtime for Java
Professional version Service Pack 2
Windows Vista v Development (ADK)
v Runtime
v Runtime for Java
Windows 2003
Table 9. Windows 2003 Server x86: Supported Tivoli Access Manager components
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
x86 Standard Server v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Internet Information
Services 6.0
v Plug-in for WebSphere Application
Server Network Deployment Edge
Server 6.1
v Plug-in for IBM HTTP Server (v2.0.x or
6.0)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
Service Pack 1
22 Release Notes
Table 9. Windows 2003 Server x86: Supported Tivoli Access Manager components (continued)
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
Enterprise Server v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Plug-in for Internet Information
Services
v Plug-in for WebSphere Application
Server Network Deployment Edge
Server
v Plug-in for IBM HTTP Server (v2.0.x or
6.0)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Session management command line
v Session management server
v Web Portal Manager
v Web Security development (ADK)
v Web Security runtime
v WebSEAL
Service Pack 1
Windows 2003 (64-bit)
Table 10. Windows 2003 (64-bit): Supported Tivoli Access Manager components
Architecture
Supported
operating systems
Tivoli Access Manager systems Required patches
x86-64 Windows for 64-bit
Extended System
Editions
v Attribute Retrieval Service
v Authorization server
v Development (ADK)
v Policy server
v Policy proxy server
v Runtime
v Runtime for Java
v Web Portal Manager
Service Pack 1
Chapter 2. Installation, configuration, upgrade, and migration information 23
Tivoli Access Manager components by operating systems
The following sections provide tables that identify which operating systems on which the Tivoli Access
Manager components are supported.
Base components
AIX
5.2,
5.3
HP-UX
11iV2,
11iV3
HP-UX
on
Integrity
11iV2,
11iV3
Linux
on
System
z
Linux
on
POWER
Linux
on
x86
Linux
on
x86-64
Solaris
9, 10
Solaris
on
x86_64
10
Windows
2003
Adv, Ent
Windows
XP,
Vista
Windows
2003
Server
Adv, Ent
on x86
Windows
2003
Server:
Adv, Ent
on x86_64
Access
Manager
Runtime
U U U U U U U U U U U U U
Access
Manager
Runtime for
Java
U U U U U U U U U U U U U
Access
Manager
Policy Server
U U U U U U U U U U U U
Access
Manager
Policy Proxy
Server
U U U U U U U U U U U U
Access
Manager
Authorization
Server
U U U U U U U U U U U U
Access
Manager
Application
Development
Kit
U U U U U U U U U U U U U
Access
Manager Web
Portal
Manager
U U U U U U U U U U U U
Access
Manager
Attribute
Retrieval
Service
U U U U U U U U U U
24 Release Notes
Web security components
AIX
5.2,
5.3
HP-UX
11iV2,
11iV3
HP-UX
on
Integrity
11iV2,
11iV3
Linux
on
System
z
Linux
on
POWER
Linux
on x86
Linux
on
x86_64
Solaris
9, 10
Solaris
10 on
x86_64
Windows
XP,
Vista
Windows
2003
Server
Adv, Ent
on x86
Windows
2003
Server
Adv, Ent
on
x86_64
Access Manager
Web Security
Runtime
U U U U U U U U U
Access Manager
Plug-in for
Edge Server
U U U U
Access Manager
WebSEAL
U U U U U U U U U
Access Manager
Web Security
Application
Development
Kit
U U U U U U U U U
Plug-in for Web Servers
AIX
5.2,
5.3
HP-UX
11iV2,
11iV3
HP-UX
on
Integrity
11iV2,
11iV3
Linux
on
x86
Linux
on
x86-64
Linux
on
System
z
Linux
on
POWER
Solaris
9, 10
Solaris
on
x86_64 9
and 10
Windows
XP, Vista
Windows
2003
Server
Adv and
Ent on x86
Windows
on
x86_64
Apache Web
Server 2.0.x
U U U
IBM HTTP
Server 1.3.x
U U U U
IBM HTTP
Server 2.0.x
and 6.0
U U U U U
Sun Java
System Web
Server 6.1
U U
Sun Java
System Web
Server 7
U
Microsoft
Internet
Information
Services (IIS)
6.0
U
Session management components
AIX
5.2,
5.3
HP-UX
11iV2,
11iV3,
HP-UX
on
Integrity
11iV2,
11iV3,
Linux
on
System
z
Linux
on
POWER
Linux
on
x86
Linux
on
x86_64
Solaris
9, 10
Solaris
on
x86_64
10
Windows
XP,
Vista
Windows
2003 Server
Adv and Ent
on x86
Windows
2003 Server
Adv and Ent
on x86-64
Access
Manager
Session
Management
Server
U U U U U U
Chapter 2. Installation, configuration, upgrade, and migration information 25
AIX
5.2,
5.3
HP-UX
11iV2,
11iV3,
HP-UX
on
Integrity
11iV2,
11iV3,
Linux
on
System
z
Linux
on
POWER
Linux
on
x86
Linux
on
x86_64
Solaris
9, 10
Solaris
on
x86_64
10
Windows
XP,
Vista
Windows
2003 Server
Adv and Ent
on x86
Windows
2003 Server
Adv and Ent
on x86-64
Access
Manager
Session
Management
Command
Line
U U U U U U
Web application servers supported by operating systems
The following sections provide tables that identify which operating systems on which Web application
servers are supported.
IBM WebSphere servers
AIX
5.2
and
5.3
HP-UX
11iV2,
11iV3,
HP-UX
on
Integrity
11iV2,
11iV3,
Linux
on x86
Linux
on
System
z
Linux
on
POWER
Linux
on
AMD64/
EM64T
Solaris
9, and
10
Solaris
on
x86_64
10
Windows
XP, Vista
Windows
2003 Adv
and Ent
on x86
Windows
2003 Adv
and Ent on
x86-64
IBM
WebSphere
Edge
Server
U
RH 3.0,
SLES
8,
SLES 9
8, 9 8, 9 U
IBM
WebSphere
Application
Server
U U U U U U U U U
IBM
WebSphere
Network
Deployment
U U U U U U U U U
Windows 2003 (Windows only if AD registry)
26 Release Notes
Single or cluster IBM WebSphere Application Server
The following sections provide tables that identify which WebSphere environments (single server or
cluster) are supported for Session Management Server and Web Portal Manager.
Attention: Session Management Server requires WebSphere Application Server 6.1.0.13 or greater
Session Management Server on IBM WebSphere Application Server
Single server Cluster
IBM WebSphere Express U
IBM WebSphere Application Server U
IBM WebSphere Network Deployment U U
Web Portal Manager on IBM WebSphere Application Server
Single server Cluster
IBM WebSphere Application Server U
IBM WebSphere Network Deployment U
Chapter 2. Installation, configuration, upgrade, and migration information 27
Software requirements
This section includes information about the Tivoli Access Manager software prerequisites and the Web
browsers tested and supported on Tivoli Access Manager 6.1.
Tivoli Access Manager software prerequisites
The versions supported on Tivoli Access Manager are provided in the following table:
IBM DB2 Universal Database Enterprise Server
Edition
9.1 fix pack 2 or above
IBM Tivoli Directory Server (client and server) 6.1, fix pack 1 or above and fix 6.1.0.6 or above
IBM Global Security Kit (GSKit) 7.0.4.11 (HP-UX on Integrity: 7.0.4.12)
IBM Java Runtime 1.5.0 SR5
IBM WebSphere Application Server 6.1
IBM WebSphere Application Server Network
Deployment
6.1
IBM WebSphere Network Deployment Edge
component
6.1
Microsoft Internet Information Services (IIS) 6.0
SunONE Web server 5.1
Sun Java System Web Server 5.2 and 6.x
IBM HTTP Server 1.3.x
IBM HTTP Server 2.0.x
IBM HTTP Server 6.0
Apache Web Server 1.3.x with mod SSL
Apache Web Server 2.0.x
28 Release Notes
Tivoli Access Manager supported Web browsers
Although other Web browsers might work with Tivoli Access Manager, the following versions of Web
browsers have been tested for Tivoli Access Manager 6.1:
v AIX platforms: Mozilla 1.7.8, Firefox 1.5
v HP-UX platforms: Mozilla 1.7.8, Firefox 1.5
v Linux: Mozilla 1.7.8, Firefox 1.5
v Solaris platforms: Mozilla 1.7.8, Firefox 1.5
v Windows platforms: Mozilla 1.7.8, Firefox 1.5, Internet Explorer versions 6.0 Service Pack 1
Note: If you are using the Mozilla browser on AIX, Linux on x86, Solaris, or HP-UX operating systems,
you might see incorrect results when using the keyboard in the Web Administration Tool. See the
systems requirements for IBM Tivoli Directory Server 6.1 for more information.
Chapter 2. Installation, configuration, upgrade, and migration information 29
Installation and configuration notes
This section provides additional details about some of the installation and configuration fixes.
Upgrade notes
v If you have a version of DB2 that is not supported, you must upgrade to a supported version. On AIX,
you must upgrade to a 64-bit version.
v Migrating WebSEAL to 6.1 on AIX 5.1 is supported only with an LDAP registry and an Active
Directory registry.
v Upgrade of a previous Web Portal Manager system is not supported. You must install Web Portal
Manager 6.1.
v Access Manager Runtime requires the Tivoli Directory Server client 6.1 and GSKit 7.0.4.11 (7.0.4.12 on
HP-UX on Integrity) for all platforms unless the directory server is Lotus Domino or Microsoft Active
Directory. For Lotus Domino, the Notes client is required and it is only available on Windows. For
Microsoft Active Directory, Tivoli Directory Server client 6.1 is required for all servers except the policy
server, which must be on a Windows server.
Supported registries
Tivoli Access Manager supports the following user registries, their supported operating systems, and any
necessary prerequisite software.
v Microsoft Active Directory
v IBM Lotus Domino Enterprise Server
v Supported Lightweight Directory Access protocol (LDAP) servers.
The following servers are supported LDAP servers that use LDAP for storing user and group
information:
– IBM Tivoli Directory Server
– IBM z/OS LDAP Server
– Novell eDirectory
– Sun Java System Directory Server (Sun ONE Directory Server)
– Microsoft Active Directory Application Mode (ADAM)
Special support has been added to allow for IBM Tivoli Directory Server multi-domain support and to
enable Tivoli Access Manager for e-business to import Sun ONE Directory Server dynamic groups.
IBM Tivoli Directory Server
Tivoli Access Manager supports the use of IBM Tivoli Directory Server 6.1, 6.0 and 5.2.
Notes:
1. IBM Tivoli Directory Server 6.1 is included with Tivoli Access Manager 6.1.
2. Only a single version of Tivoli Directory Server can exist on a system at a time.
3. The Tivoli Directory Server client is required when an LDAP type of user registry is selected during
installation.
4. You can install the Tivoli Directory Server client 6.1 on the same system with previous Tivoli
Directory Server client versions.
5. If you have an existing Tivoli Directory Server that you want to use for Tivoli Access Manager, ensure
that you upgrade the server to a supported level. For upgrade instructions, see the IBM Tivoli Access
Manager for e-business: Upgrade Guide.
6. If you have a pre-existing version of an LDAP client from a vendor other than IBM, remove it before
installing the IBM Tivoli Directory Server client provided with Tivoli Access Manager. If you attempt
30 Release Notes
to install the Tivoli Directory Server client without removing the other vendor’s version, the resulting
file name conflicts might prevent either version from working.
Chapter 2. Installation, configuration, upgrade, and migration information 31
IBM Tivoli Directory Server Web Administration Tool
IBM Tivoli Directory Server supports the use of the IBM Tivoli Directory Server Web Administration Tool
6.1. You can install the Web Administration Tool on a computer with or without the Tivoli Directory
Server client or server. The Web Administration Tool can be used to administer the following types of
LDAP servers:
v IBM Tivoli Directory Server, Versions 6.1, 6.0 and 5.2
v z/OS Security Server LDAP Server Version 1.4
v z/OS Integrated Security Services LDAP Server (ISS) 1.6
v IBM Tivoli Directory Server for z/OS 1.8.
To find out the supported platforms for IBM Tivoli Directory Server Web Administration Tool 6.1, see the
online release notes at this Web site:
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?toc= /com.ibm.IBMDS.doc/toc.xml
To use the Web Administration Tool, you also need IBM WebSphere Application Server Version 6.1, which
is provided with Tivoli Access Manager 6.1.
IBM Tivoli Directory Server supported Web browsers
One of the following Web browsers on the computer from which you will use the Web Administration
Tool. (This computer might or might not be where the Web Administration Tool is installed):
v AIX platforms: Mozilla 1.6, 1.7, 1.75 (Firefox 1.0)
v HP-UX platforms: 1.6, 1.7, 1.75 (Firefox 1.0)
v Linux on x86 platforms: 1.6, 1.7, 1.75 (Firefox 1.0)
v Linux on iSeries®, POWER, and System z platforms: No browser support is available. You must use
another system to access the Web Administration Tool on these Linux platforms.
v Solaris platforms: 1.6, 1.7, 1.75 (Firefox 1.0)
v Windows 2003 platforms: Internet Explorer, Version 5.5+, 6.x
v Windows XP Professional platform: Internet Explorer 5.5+, 6.x; Mozilla 1.6, 1.7, 1.75 (Firefox 1.0)
IBM z/OS LDAP Server
Tivoli Access Manager supports the use of z/OS Security Server LDAP Server version 1.4, z/OS
Integrated Security Services LDAP Server (ISS) 1.6 and IBM Tivoli Directory Server for z/OS 1.8.
For product information, see the z/OS Internet Library Web site at:
http://www.ibm.com/servers/eserver/System z/zos/bkserv/
Customers can also obtain softcopy publications on the CD-ROM z/OS: Collection, SK3T-4269.
IBM Lotus Domino Server
Tivoli Access Manager supports the use of IBM Lotus Domino Version 6.5, 7.0.1, 7.0.2 or 8.0 as a user
registry only on the Windows platform. The Domino server runs on all supported Domino platforms.
Attention: When Lotus Domino is used as the registry:
v The IBM Tivoli Directory Server client is not required.
v If you install a Lotus Notes® client, it must be installed prior to installing the Access Manager Runtime
component.
v Tivoli Access Manager supports the Lotus Notes client 6.5, 7.0.1, 7.0.2 or 8.0.
32 Release Notes
Microsoft Active Directory Application Mode (ADAM)
Tivoli Access Manager supports the use of Microsoft Active Directory Application Mode (ADAM) as a
user registry.
ADAM users can run Tivoli Access Manager with Windows Server 2003 Standard Edition, Windows
Server 2003 Enterprise Edition, Windows XP Professional Edition and Windows Vista. See Microsoft
documentation for the complete list of supported systems.
ADAM is available with the Microsoft Server 2003 R2 product and as a separate download, including
example lab testing files.
Microsoft Active Directory
Tivoli Access Manager supports the use of Active Directory for Windows 2003 Enterprise Server as a user
registry.
Active Directory users can run Tivoli Access Manager on all Windows, UNIX® or Linux platforms
currently supported in the Tivoli Access Manager product.
UNIX or Linux platforms make use of the Tivoli Directory Server client to communicate with Active
Directory. This LDAP client is also used in cases where the policy server domain differs from the domain
of the local host name.
Note that the Tivoli Access Manager policy server is supported on Windows 2003 systems only.
Novell eDirectory
Tivoli Access Manager supports the use of Novell eDirectory 8.7.x and 8.8.x as a user registry.
For installation information, consult the product documentation that came with your Novell eDirectory
server. Novell eDirectory product documentation is available at:
http://www.novell.com/documentation/a-z.html
The latest patches to these products are available at:
http://support.novell.com/filefinder/5069/index.html
Attention:
v If you have an existing Novell eDirectory server that you want to use for Tivoli Access Manager,
ensure that you upgrade the server to a supported level.
v The Novell eDirectory server has built-in SSL capability. You must install GSKit onto the directory
server system only if the Access Manager Runtime component is installed on the same system.
v The IBM Tivoli Directory Server client is required.
Sun Java System Directory Server
Tivoli Access Manager supports the use of Sun Java System Directory Server 5.2 and 6.x, or SunONE
Directory Server 5.1 as a user registry.
For installation information, consult the product documentation that came with your server.
Attention:
v If you have an existing iPlanet Directory Server or a SunONE Directory Server that you want to use for
Tivoli Access Manager, ensure that you upgrade the server to a supported level. For upgrade
instructions, see Sun documentation at the following Web address:
Chapter 2. Installation, configuration, upgrade, and migration information 33
http://docs.sun.com/db/prod/s1dirsrv
v The Sun Java System Directory Server and SunONE Directory Server have built-in SSL capability. You
must install GSKit onto the directory server system only if the Access Manager Runtime component is
installed on the same system.
34 Release Notes
Disk space requirements
Tivoli Access Manager binaries and libraries can require a large amount of disk space. You should ensure
that there is enough disk space in the file systems where you are going to install these files. As each
Tivoli Access Manager component or system is added to a secure domain, additional disk space is
required. Ensure that there is enough available disk space to allow for future installation of Tivoli Access
Manager software.
Note: This table lists the disk space for Tivoli Access Manager components only. Keep in mind that you
must also factor in additional requirements, such as operating system or Web server estimates (if
installing a plug-in).
Table 11. Disk space requirements
Component Recommend Disk
Space (MB)
Disk Space for ACL
database (MB)
Add Disk Space for
Log Files (MB)
Tivoli Access Manager prerequisite software
Global Security Kit 20 — —
IBM Tivoli Directory Server client 10 — —
Tivoli Security Utilities 20 — —
IBM Java Runtime Solaris 200
non-Solaris 100
— —
Tivoli Access Manager base components
Access Manager Runtime 60 — —
Access Manager Runtime for Java 4 — —
Access Manager Policy Server 2 5
1, 2 10
Access Manager Policy Proxy Server 1 — 10
Access Manager Authorization
Server
2 15
2 10
Access Manager Application
Development Kit
5 — —
Access Manager Web Portal Manager 15 — —
Tivoli Access Manager—provided servers
IBM Tivoli Directory Server
(including prerequisite software)
650–1000
4 — 10
IBM WebSphere Application Server 1200 — —
Tivoli Access Manager Web security components
Access Manager Web Security
Runtime
3 —
Access Manager WebSEAL 20 15
2 200
3
Access Manager Web Security
Application Development Kit
3 — —
Access Manager Plug-in for IBM
HTTP Server
25 15
2 10
Access Manager Plug-in for Apache
Web Server
25 15
2 10
Access Manager Plug-in for Sun Java
System Web Server
25 15
2 10
Chapter 2. Installation, configuration, upgrade, and migration information 35
Table 11. Disk space requirements (continued)
Component Recommend Disk
Space (MB)
Disk Space for ACL
database (MB)
Add Disk Space for
Log Files (MB)
Access Manager Plug-in for Internet
Information Services
25 15
2 10
Access Manager Plug-in for Edge
Server
15 — —
Access Manager Attribute Retrieval
Service
5 — —
Tivoli Access Manager session management components
Access Manager Session
Management Command Line
2 — 10
Access Manager Session
Management Server
5
5 — 10
Common Auditing and Reporting Service
Common Auditing and Reporting
Service Server
30
7 — 15 GB
8
Notes:
1 The size is for the default domain only. For each additional domain, increase the recommended disk
space by this amount.
2 This number is based on the approximate requirement for an ACL database with 10,000 objects,
equally spread across 10 object spaces and about 30 ACLs attached to 20% of the objects. Except for
the policy server, the size is tripled to account for a backup copy and an additional copy created
during replication.
3 This number includes Web server request logs. The WebSEAL web server request logs are not
automatically pruned by WebSEAL. The logs will grow until manually pruned or the file system in
which they are placed becomes full. The specified disk space is sufficient to record about a million
requests.
4 IBM Tivoli Directory Server estimates include an empty database. Add an additional 10KB per Tivoli
Access Manager user.
5 This number does not include disk space for the SMS user login and session information, which
varies depending upon the configurations options chosen. At minimum the SMS user login
information takes about 100 bytes per Tivoli Access Manager user. If a database is chosen for session
information, the disk requirements grow to approximately 15KB per logged in user.
7 Additional disk space (2 GB) is recommended to install the IBM WebSphere and DB2 prerequisites
for the Common Auditing and Reporting Service Server, if not already installed.
8 This number (15 GB) is the additional disk space needed for every 10 million events that are stored.
36 Release Notes
Memory requirements
This table lists memory requirements for Tivoli Access Manager components only. Keep in mind that you
must also factor in additional requirements, such as operating system or Web server estimates (if
installing a plug-in).
Table 12. Memory requirements
Component Minimum Memory
(MB)
Recommend Memory
(MB)
Memory per additional
domain
Tivoli Access Manager prerequisite software
Global Security Kit
3 3 —
Tivoli Directory Server client
3 3 —
Tivoli Security Utilities
3 3 —
IBM Java Runtime
3 3 —
Tivoli Access Manager base components
Access Manager Runtime
3 3 —
Access Manager Runtime for Java
3 3 —
Access Manager Policy Server 40 50 5
Access Manager Policy Proxy Server 40 50 —
Access Manager Authorization
Server
40 50 —
Access Manager Application
Development Kit
— — —
Access Manager Web Portal
Manager
64
1 128
1 —
Tivoli Access Manager—provided servers
IBM Tivoli Directory Server
(including prerequisite software)
768
2 2048
2 —
IBM WebSphere Application Server 512 1024 —
Tivoli Access Manager Web security components
Access Manager Web Security
Runtime
3 3 —
Access Manager WebSEAL 100 300
4 —
Access Manager Web Security
Application Development Kit
— — —
Access Manager Plug-in for IBM
HTTP Server
75
5 150
5 —
Access Manager Plug-in for Apache
Web Server
75
5 150
5 —
Access Manager Plug-in for Sun Java
System Web Server
75
5 150
5 —
Access Manager Plug-in for Internet
Information Services
200
5 250
5 —
Access Manager Plug-in for Edge
Server
15 30 —
Access Manager Attribute Retrieval
Service
10 15 —
Tivoli Access Manager distributive session management components
Chapter 2. Installation, configuration, upgrade, and migration information 37
Table 12. Memory requirements (continued)
Component Minimum Memory
(MB)
Recommend Memory
(MB)
Memory per additional
domain
Access Manager Session
Management Command Line
3 3 —
Access Manager Session
Management Server
7 7 —
Common Auditing and Reporting Service
Common Auditing and Reporting
Service Server
1 GB9 2–4 GB —
Notes:
1 The WPM memory requirements are in addition to those for WebSphere.
2 768 MB (minimum) and 2 GB (recommended) memory are for less than one million Tivoli Access
Manager users. For more than one million users, increase this amount to 2 GB (minimum) and 4 GB
(recommended) memory.
3 Memory requirements for these components are part of the memory requirements of the servers that
use them.
4 Includes memory for maximum default cache growth. Increase this amount if cache parameters are
increased.
5 This is in addition to the memory required for the Web server into which the plug-in is configured.
6 Included with the memory requirements for the Web Portal Manager.
7 Does not include memory for SMS session information, which varies depending upon the
configurations options chosen. At minimum, the SMS session information is configured to reside on
disk, such as in a DB2 or Cloudscape™ database, and takes no additional memory. If the session
information is configured to reside in memory, the memory requirements grow to 40KB per user
session.
9 This number includes memory required to run both CARS and its prerequisites.
38 Release Notes
Chapter 3. Internationalization notes
This chapter provides information related to installing and using versions of Tivoli Access Manager in a
language other than English.
© Copyright IBM Corp. 2005, 2008 39
40 Release Notes
Chapter 4. Uninstallation information
The following uninstallation problems are known to exist in Tivoli Access Manager. Workarounds are
provided if they are available. Report any other problems to IBM Customer Support for Tivoli products.
© Copyright IBM Corp. 2005, 2008 41
42 Release Notes
Chapter 5. Known limitations, problems, and workarounds
The following problems and limitations are known to exist in Tivoli Access Manager. Workarounds are
provided if they are available. Report any other problems to IBM Customer Support for Tivoli products.
Note: If you are using a version of IBM Tivoli Access Manager for e-business in a language other than
English, be sure to also review the information in Chapter 3, “Internationalization notes,” on page
39.
Limitations, known problems and workarounds
Installation wizard fails with an unhandled error while searching for Java Virtual Machine
If an installation wizard fails with an unhandled error while searching for Java Virtual Machine,
ensure that IBM Java Runtime 1.5.0 SR5 is set in the PATH environment variable.
Note: To determine if IBM Java Runtime 1.5.0 SR5 is already in the path, use the java –version
command.
Errors occur with Java 2 security enabled
Under certain circumstances, exceptions may occur on application startup when Java 2 security is
enabled. On startup, Tivoli Access Manager for Java ensures that the JVM is properly configured
for refreshing certificate expirations. If Java 2 security is enabled, some security methods need to
be invoked with privileged security enabled. The solution is to update the JVM java.policy file (or
was.policy file if running in a WebSphere application server) with the following entries:
permission java.security.SecurityPermission "insertProvider.IBMJCE";
permission java.security.SecurityPermission "putProviderProperty.IBMJCE";
Error occurs during IBM Tivoli Directory Server White Pages installation
If an error occurs during installation of IBM Tivoli Directory Server White Pages on Solaris from
CD, run the installer with the following path:
# /cdrom/cdrom0/solaris/itds_whitepages/install_SolarisWp.bin
WebSEAL fails to start when configured to use Hardware Cryptographic devices
WebSEAL can fail to start when configured to use hardware cryptographic devices on SUSE
Linux Enterprise Server Version 9 for IBM System z. A similar error can occur if gsk7ikm fails to
open CMS Cryptographic Token when running on the same platform. A message similar to the
following is written to the WebSEAL log:
DPWIV1210W Function call, gsk_environment_init, failed error: 000001af GSK_ERR
OR_PKCS11_TOKEN_NOTPRESENT.
A message similar to the following is written to /var/log/messages:
openCryptokiModule[4422]: DL_Load: dlload of [/usr/lib/
pkcs11/stdll/PKCS11_ICA.so] failed; dlerror = [/usr/lib/libica.so: undefined sym
bol: AES_set_decrypt_key].
This problem can occur because of conflicting cryptographic libraries (/usr/lib/libcrypto.so.0.9.7)
that are used by GSKit versions 7.0 through 7.4 and openSSL, and because SUSE Linux Enterprise
Server Version 9 allows the GSKit version to be used by other libraries, even though the files are
loaded for local use.
To avoid this problem, when starting a WebSEAL instance that is configured to use hardware
cryptographic devices on SUSE Linux Enterprise Server Version 9 for IBM System z, specify
LD_PRELOAD as follows:
© Copyright IBM Corp. 2005, 2008 43
LD_PRELOAD=/usr/lib/libcrypto.so.0.9.7 pdweb start default
On a 64-bit SUSE Linux Enterprise Server Version 9 system, several messages similar to the
following examples will appear, which can be ignored:
ERROR: ld.so: object ’/usr/lib/libcrypto.so.0.9.7’ from LD_PRELOAD cannot be pre loaded:
ignored.
An alternative is to start WebSEAL by specifying the webseald binary directly:
# LD_PRELOAD=/usr/lib/libcrypto.so.0.9.7 /opt/pdweb/bin/webseald -config
etc/webseald-default.conf
For the GSKit IKEYMAN program, the workaround is to specify LD_PRELOAD when starting:
# LD_PRELOAD=/usr/lib/libcrypto.so.0.9.7 gsk7ikm
xmllogviewer installation error on Solaris or Solaris on x86_64
During the install of xmllogviewer on Solaris or Solaris on x86_64, the following error might
occur:
ERROR: cannot find product /product.xml
If you encounter this error, perform the following workaround:
v Solaris:
Go to the /cdrom/cdrom0/solaris/xmllogviewer directory and issue the java command with
the fully qualified path to setup.jar; for example:
#pwd
/cdrom/cdrom0/solaris/xmllogviewer
#java -cp /cdrom/cdrom0/solaris/xmllogviewer/setup.jar run
v Solaris on x86_64
Go to the /cdrom/cdrom0/solaris_x86/xmllogviewer directory and issue the java command
with the fully qualified path to setup.jar; for example:
#pwd
/cdrom/cdrom0/solaris_x86/xmllogviewer
#java -cp /cdrom/cdrom0/solaris_x86/xmllogviewer/setup.jar run
IBM ObjectGrid toolkit patch required
Problem: The Tivoli Session Management Server makes use of the IBM ObjectGrid toolkit to
manage and distribute session information across the various nodes within a WebSphere cluster.
A patch to the Tivoli Access Manager-supplied version of ObjectGrid is required in order to fix a
problem with the toolkit.
Workaround: Obtain the ObjectGrid v6.1.0.1 cumulative fix 2 (or later) patch from the following
Web site:
http://www-128.ibm.com/developerworks/wikis/display/objectgridprog/Release+notes
Using the WebSphere Update Installer, apply the patch to all nodes within the WebSphere cluster.
Installation wizard panel help incorrect for session management server command line SSL
configuration
During a wizard installation of the session management server command line, you might
encounter a wizard panel that allows you to configure Secure Sockets Layer (SSL) communication
between the IBM Tivoli Access Manager session management command line and the Web service.
The panel is titled "Configuring SSL communication." The help text associated with the
"Configuring SSL communication" panel is incorrect. The correct help text is:
Configuring SSL communication
Set the configuration options for Secure Sockets Layer (SSL) communication between the IBM
Tivoli Access Manager session management command line and the Web service.
Complete these fields. An asterisk by the field name indicates that the field is required.
44 Release Notes
SSL key file with full path
The fully qualified path where the existing SSL client key file is located. The key file
holds the client-side certificates that are used in SSL communication. The key file is used
when communicating with the IBM Tivoli Access Manager session management server.
The file extension is always .kdb. For example: c:\keytab\mykeys.kdb
If you plan to enable SSL, copy the SSL key file to any directory on your local system.
This key file must be obtained (copied) from the Web service, such as the IBM WebSphere
Application Server. To specify the SSL client key file, perform one of the following tasks:
v Type the fully qualified path and file name for the key file. The key file must already
exist.
v Browse and choose an existing key file.
Default: None
SSL stash file with full path
The fully qualified path where the existing SSL client key stash file is located. Typically,
the stash file has the same location and file name as the key file. The file extension is
always .sth. For example: c:\keytab\mykeys.sth
If a password stash file is associated with the key file, the password is obtained from the
password stash file. A stash file can be used by some applications so that the application
does not have to know the password to use the key file. To specify the SSL stash file,
perform one of the following tasks:
v Type a new installation path location and file name for the stash file. The stash file
must already exist.
v Browse for and choose an existing stash file.
Default: None
Certificate label
The label for the SSL client certificate. This label is valid only when SSL is being used and
when the Web service has been configured to require client authentication. The certificate
label is any alphanumeric, case-sensitive string that you choose. String values should be
characters that are part of the local code set. For example: PDSMS
Use a certificate label to distinguish between multiple certificates within the SSL key file
or when using a certificate other than the default certificate in the key file. Otherwise,
leave this field blank.
Default: None
Navigation buttons:
Browse
Click to go to the "Select a directory" window to choose an existing directory.
Back Click to return to the previous installation window. Information is maintained
when you return to this window.
Next Click to accept the configuration settings and continue the installation.
Cancel
Click to stop the installation and exit the installation wizard. No settings are
saved.
Help Click to get help on your current task.
Chapter 5. Known limitations, problems, and workarounds 45
46 Release Notes
Chapter 6. Deprecated items
The following features have been deprecated in Tivoli Access Manager 6.1:
Table 13.
Deprecation Recommended Migration Action
Edge component Load Balancer function that is
associated with the following capabilities:
v Content-based routing (CBR) component
v Site Selector component
v Cisco CSS Controller component
v Nortel Alteon Controller component
v Generic routing encapsulation (GRE)
v Network address translation (NAT) forwarding
method
v CBR forwarding method
v Remote administration
v Rules-based load balancing
v Wide-area load balancing
v Mutual high availability
v Simple Network Management Protocol (SNMP)
subagent support
v User Datagram Protocol (UDP) support
Use the Edge component Load Balancer with Media
Access Control (MAC) forwarding in conjunction with
one of the following:
v WebSphere Application Server Network Deployment
proxy server
v IBM HTTP Server plug-in in WebSphere Application
Server Network Deployment
Edge component Caching Proxy function Use the Edge component Load Balancer with Media
Access Control (MAC) forwarding in conjunction with
one of the following:
v WebSphere Application Server Network Deployment
proxy server
v IBM HTTP Server plug-in in WebSphere Application
Server Network Deployment
ivadmin_pop_getipauth2() API Use the replacement API: ivadmin_pop_getipauth3()
Web Logic Server
Session management Web interface Use the Session Management Server Integrated Solutions
Console (ISC) extension.
© Copyright IBM Corp. 2005, 2008 47
48 Release Notes
Chapter 7. Documentation updates
The installation and configuration problems and workarounds specific to the Common Auditing and
Reporting Service are described in the IBM Tivoli Access Manager for e-business: Auditing Guide.
The release notes and Information Center for IBM Tivoli Directory Server 6.1 can be found at these Web
sites:
http://www-306.ibm.com/software/tivoli/products/directory-server/platforms.html
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?toc= /com.ibm.IBMDS.doc/toc.xml
The required hardware and software for IBM WebSphere Application Server can be found at this Web
site:
http://www-306.ibm.com/software/webservers/appserv/doc/latest/prereq.html
© Copyright IBM Corp. 2005, 2008 49
50 Release Notes
Chapter 8. Contacting software support
Before contacting IBM Tivoli Software Support with a problem, refer to the IBM Tivoli Software Support
site by clicking the Tivoli support link at the following Web address:
http://www.ibm.com/software/support
and selectingIBM Tivoli Access Manager for e-business from the Select a category drop-down menu.
http://www.ibm.com/software/support
If you need additional help, contact software support by using the methods described in the IBM Software
Support Guide at the following Web address:
http://techsupport.services.ibm.com/guides/handbook.html
The guide provides the following information:
v Registration and eligibility requirements for receiving support
v Telephone numbers, depending on the country in which you are located
v A list of information you should gather before contacting customer support
© Copyright IBM Corp. 2005, 2008 51
52 Release Notes
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the
products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any
reference to an IBM product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product, program, or service that
does not infringe any IBM intellectual property right may be used instead. However, it is the user’s
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this
document. The furnishing of this document does not give you any license to these patents. You can send
license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property
Department in your country or send inquiries, in writing, to:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan
The following paragraph does not apply to the United Kingdom or any other country where such
provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION ″AS IS″
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.
Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore,
this statement might not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically
made to the information herein; these changes will be incorporated in new editions of the publication.
IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in
any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of
the materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without
incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the
exchange of information between independently created programs and other programs (including this
one) and (ii) the mutual use of the information which has been exchanged, should contact:
© Copyright IBM Corp. 2005, 2008 53
IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758 U.S.A.
Such information may be available, subject to appropriate terms and conditions, including in some cases
payment of a fee.
The licensed program described in this document and all licensed material available for it are provided
by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or
any equivalent agreement between us.
Any performance data contained herein was determined in a controlled environment. Therefore, the
results obtained in other operating environments may vary significantly. Some measurements may have
been made on development-level systems and there is no guarantee that these measurements will be the
same on generally available systems. Furthermore, some measurement may have been estimated through
extrapolation. Actual results may vary. Users of this document should verify the applicable data for their
specific environment.
Information concerning non-IBM products was obtained from the suppliers of those products, their
published announcements or other publicly available sources. IBM has not tested those products and
cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of
those products.
All statements regarding IBM’s future direction or intent are subject to change or withdrawal without
notice, and represent goals and objectives only.
All IBM prices shown are IBM’s suggested retail prices, are current and are subject to change without
notice. Dealer prices may vary.
This information is for planning purposes only. The information herein is subject to change before the
products described become available.
This information contains examples of data and reports used in daily business operations. To illustrate
them as completely as possible, the examples include the names of individuals, companies, brands, and
products. All of these names are fictitious and any similarity to the names and addresses used by an
actual business enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs
in any form without payment to IBM, for the purposes of developing, using, marketing or distributing
application programs conforming to the application programming interface for the operating platform for
which the sample programs are written. These examples have not been thoroughly tested under all
conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these
programs. You may copy, modify, and distribute these sample programs in any form without payment to
IBM for the purposes of developing, using, marketing, or distributing application programs conforming
to IBM‘s application programming interfaces.
Each copy or any portion of these sample programs or any derivative work, must include a copyright
notice as follows:
© (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. ©
Copyright IBM Corp. _enter the year or years_. All rights reserved.
54 Release Notes
If you are viewing this information in softcopy form, the photographs and color illustrations might not be
displayed.
Trademarks
IBM, the IBM logo, AIX, DB2, IBMLink™, Informix®, OS/2®, OS/390®, OS/400®, Tivoli, Tivoli Enterprise
Console®, and TME® are trademarks or registered trademarks of International Business Machines
Corporation in the United States, other countries, or both.
Adobe®, Acrobat, PostScript® and all Adobe-based trademarks are either registered trademarks or
trademarks of Adobe Systems Incorporated in the United States, other countries, or both.
Cell Broadband Engine™ and Cell/B.E.™ are trademarks of Sony Computer Entertainment, Inc., in the
United States, other countries, or both and is used under license therefrom.
Intel®, Intel logo, Intel Inside®, Intel Inside logo, Intel Centrino®, Intel Centrino logo, Celeron®, Intel
Xeon®, Intel SpeedStep®, Itanium®, and Pentium® are trademarks or registered trademarks of Intel
Corporation or its subsidiaries in the United States and other countries.
IT Infrastructure Library® is a registered trademark of the Central Computer and Telecommunications
Agency which is now part of the Office of Government Commerce.
ITIL® is a registered trademark, and a registered community trademark of the Office of Government
Commerce, and is registered in the U.S. Patent and Trademark Office.
Java and all Java-based trademarks and logos are trademarks or registered trademarks
of Sun Microsystems, Inc. in the United States, other countries, or both.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT®, and the Windows logo are trademarks of Microsoft Corporation in
the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Other company, product, and service names may be trademarks or service marks of others.
Notices 55
56 Release Notes
����
Printed in USA
GC23-6501-00