Chapter 3. Installation 75
Figure 3-1 Access Manager basic system and common software
The figure also shows all Access Manager components that are part of the base
system. The rest of this section provides an installation overview of those
components.
3.2.1 GSKit
The bottom layer of any Access Manager installation is GSKit, which provides a
set of tools for SSL communication between Access Manager components.
GSKit provides a C API command line tool gsk7ikm (and a Java API equivalent
ikeyman) that helps you set up and maintain a basic PKI environment. This tool
can create a new certificate database (it supports all types of standard certificate
databases), open an existing certificate database, create self-signed certificates,
submit certificate requests to another CA, revoke a certificate, and create a
certificate revocation list (CRL) list.
In addition to providing SSL communication between Access Manager
components, very often GSKit is utilized in the WebSEAL configuration for
setting up HTTPS communication between WebSEAL and clients, for example,
between WebSEAL and back-end servers (this communication is realized
through an SSL-junction). More details are presented in Chapter 4,
“Configuration and customization” on page 91.
Once installation of the GSKit package is complete, no configuration of the GSKit
is necessary.
PDMgr PDAcld PDProxy
PDAuthADK
Operating System
GSKit
LDAP Client
Tivoli Security Utilities
PDRTE
PD lic
Common Softare
Access Manager
Base
Components
Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
