Chapter 3. IBM TMTP architecture 79
TMTP users and roles
TMTP uses WebSphere Application Server 5.0 security. This means that TMTP
authentication can be performed using the operating system, that is, standard
operating system user accounts, LDAP, or a custom registry. Also, the TMTP
Application defines over 20 roles, which can be assigned to TMTP users in order
to limit their access to the various functions which TMTP offers. Users are
mapped to TMTP roles utilizing standard WebSphere Application Server 5.0
functionality. The process of mapping users to roles within WebSphere is
described in Chapter 4, “TMTP WTP Version 5.2 installation and deployment” on
page 85. Also, as TMTP uses WebSphere Security, it is possible to configure
TMTP for Single Sign On (the details of how to do this are beyond the scope of
this redbook; however, the documentation that comes with WebSphere 5.0.1
discusses this in some depth). The redbook IBM WebSphere V5.0 Security,
SG24-6573 is also a useful reference for learning about WebSphere 5.0 security.
3.5 TMTP implementation considerations
Every organization’s transaction monitoring requirements are different, which
means that no two TMTP implementations will be exactly the same. However,
there are several key considerations that must be made.
Where to place the Management Server
Previous versions of TMTP made this decision for you, as placing the
Management Server (previously called TIMS) anywhere other than in the DMZ
necessitated opening excessive additional incoming ports through your firewall.
This release of TMTP includes the Store and Forward agent, which allows
communications from the Management Agents to the Management Server to be
consolidated and passed through a firewall via a single configured port. The
Store and Forward agent can also be chained in order to facilitate communicate
through multiple firewalls in a secure way. In general, the placement of the
Management Server will be in a secure zone, such as the intranet.
Where to place Store and Forward agents
SnF agents can be placed within each DMZ in order to allow communications
with the Management Server. By default, the SnF agent communicates directly
with the Management Server; however, should your security infrastructure
necessitate it, it is possible to use the SnF agent in order to connect multiple
DMZs. This configuration is discussed in Chapter 4, “TMTP WTP Version 5.2
installation and deployment” on page 85.
Where and why to place QoSs
Placement of the QoS component is usually dictated by the placement of your
Web Application Infrastructure Components. The QoS sits in front of your Web