72 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
and they forward the request on to the backend cluster that holds the
Configuration improvements for the user registry
When using previous versions of Access Manager with Directory Server, the
configuration of the Access Manager Policy Server overwrote all ACL entries
configured on existing suffixes. This means that if Access Manager was
configured into an existing LDAP server where other applications were already
configured, it could prevent them from functioning until the ACL entries were
manually reinstated. This behavior has been changed for Access Manager v6.0.
When configuring the Access Manager 6.0 Policy Server, new ACL entries are
added to existing suffixes (to allow the Access Manager services to read and
write data) but the existing entries are not modified. Those Access
Manager-specific ACL entries for any LDAP are:
򐂰 cn=SecurityGroup,secAuthority=Default
򐂰 cn=ivacld-servers,cn=SecurityGroup,secAuthority=Default
򐂰 cn=remote-acl-users,cn=SecurityGroup,secAuthority=Default
The new data model (called the
minimal model) reduces the number of LDAP
objects created per user (from a minimum of three to a minimum of two) and also
removes all Access Manager-specific data from the
public part of the LDAP
directory (where the shared user and group objects are stored). The previous
data model (called the
standard model) is still supported and available and would
usually be used if migrating to Access Manager 6.0 from a previous version of
Access Manager (especially if the migration must be done with zero downtime).
The new minimal data model does not provide any significant performance
improvement over the standard data model used in Access Manager 5.1. All of
the reductions in number of queries that are possible with the minimal model are
also possible using the standard model.
3.1.2 Installation methods
The installation of the Access Manager security environment can be grouped into
three categories:
򐂰 Tivoli Access Manager base systems
򐂰 Tivoli Access Manager Web security systems
򐂰 Tivoli Access Manager distributed sessions management systems
The following sections provide an installation overview of all Access Manager
components grouped by those categories. First, we describe the installation
All Access Manager components can be installed in the following ways:
򐂰 Installation wizards
Chapter 3. Installation 73
򐂰 Native installation utilities
򐂰 Software Distribution installation method
Installation wizards
You can run a single program to set up one of a variety of Tivoli Access Manager
systems. Software prerequisites and product patches are automatically installed
in the appropriate order. Operating system patches are not installed
automatically. Use installation wizards to simplify installation and configuration of
Tivoli Access Manager systems. The Tivoli Access Manager components
support installation wizards running in:
򐂰 Graphical mode
򐂰 Text-based console mode
򐂰 Response file (silent) mode
This flexibility of installation methods allows you to create multiple solutions for
deploying your software.
All installation wizards have the same prefix
install_ followed by component
name. For the list of all components wizards, refer to IBM Tivoli Access Manager
Version 6.0 Administration Guide, SC32-1686. If using an installation wizard to
install and configure a Tivoli Access Manager system, IBM Java Runtime 1.4.2
SR2 provided with Tivoli Access Manager is required.
Occasionally, there are times when there is no graphical display device available
or you want to run the installer without the graphical user interface when installing
the Tivoli Access Manager packages. Console mode is an interactive installation
without the use of a graphical user interface. To launch the installation wizard in
console mode, enter:
install_component_name - console
The installation wizard can also be used for the silent type of installation. All
answers to questions during the installation process of any component are
placed in a response file. The installation process reads the information from the
response file instead of prompting you to fill in the blanks. Each Tivoli Access
Manager component can be installed by using a response file. The installation
wizards use a template file, provided by Tivoli Access Manager, to create a file
known as an options file, which contains all possible responses. Response files,
created using these template files, are then used to perform the silent mode
installations. A response file streamlines installation and configuration of Tivoli
Access Manager components.
Native installation utilities
You can use platform-specific utilities to install Tivoli Access Manager
components. Unlike automated installation wizards, you must manually install

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.