66 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
have to deploy the IBM Tivoli Directory Server client 6.0 on any machine that has
an Access Manager 6.0 component installed.
The IBM Tivoli Directory Server 6.0 client can coexist with previous client
versions but there can only be one server version at the same time on a machine.
For example, if you keep Tivoli Directory Server client and server 5.2, you can
upgrade to Tivoli Directory Server client 6.0 without any problems.
All communication between Access Manager components over the network is
encrypted using SSL/TLS. The GSKit tool provides SSL services between
Access Manager components. Every version of Access Manager requires a
certain level of GSKit as a prerequisite. If you do not watch out for these the
installation/upgrade may fail.
2.7.2 Useful commands for the upgrade process
We have previously mentioned several commands that we used for the upgrade
process, like:
򐂰 pdbackup
򐂰 ivrgy_tool
򐂰 adreg_migrate
򐂰 adschema_update
򐂰 idsimigr
Besides these already mentioned commands, there are some other useful
commands that we can use during the upgrade process, and for everyday
For manipulating (checking the status, stopping and starting) of Access Manager
services installed on the server use:
pd_start {status | stop | start}
Verification of Access Manager environment
A useful tool for the verification of installed or upgraded Access Manager
software on any machine that has the Access Manager runtime component
deployed is:
More basic verification of your Tivoli Access Manager environment can be
performed with the following utilities:
1. Verify whether the user registry is up and running.
You have to use different tools depending on what type of user registry is
installed. For example, if you are using an LDAP-based user registry like IBM
Chapter 2. Planning 67
Tivoli Directory Server, then you can use the ldapsearch command to verify
whether the server is responsive.
2. Verifying the Policy Server
The pdadmin command can be used to verify the proper operation of the
Policy Server. Use the pdadmin command to log in as a Tivoli Access
Manager administrator:
pdadmin –a sec_master –p password
This is the first step of your validation. After that you can execute a few
commands to validate your environment. For example, you could list users
with the user list command.
pdadmin> user list * 100
3. Verifying the runtime environment
Every machine with the Access Manager runtime installed can be tested with
the pdadmin tool just as the Policy Server is. The pdadmin utility is installed
along with the Access Manager runtime.
4. Verifying WebSEAL
You can use a browser to verify that WebSEAL is operating properly. To verify,
enter the following URL into your browser:
Because a port number is not specified, it is assumed that WebSEAL is
listening on port 443 (HTTPS). Your browser might give you the following
a. The certificate received from this Web server was issued by a company
that you have not yet chosen to trust
b. The name within the certificate received from WebSEAL does not match
the name of the system from which it was received
If these warnings occur, they simply indicate that you have not yet purchased
your own server certificate for your WebSEAL server. Your browser is
complaining that it has received a default server certificate from WebSEAL
that contains default names for the issuing certificate authority and the name
of the Web server. Next, the browser prompts you to specify a Tivoli Access
Manager user name and password. Enter sec_master for the user name and
the password that you configured for sec_master during installation. If
authentication is successful, an image labeled Tivoli Access Manager for
WebSEAL appears.
If you are using Tivoli Access Manager Web Server plug-in the verification
process is the same, but as a result screen the default Web server page
68 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.