Preparing for an IBM Tivoli Identity Manager 4.6 Implementation teaches the student to build a comprehensive deployment strategy for Tivoli Identity Manager. The students step through the planning required to ensure a successful Tivoli Identity Manager deployment that is aligned with business objectives.
During class students first learn to identify key business requirements. Then, through lecture and group discussions, they learn to design a deployment strategy modeled around the business requirements as well as the security policy. Important planning considerations covered in class will include user repositories, access control, organization trees, policies, and so on. At the completion of this two-day course, the students will be able to help plan the IBM Tivoli Identity Manager implementation project for their organizations.
Objectives
After taking this course, the student will be able to:
Describe the planning steps that will enable a successful IBM Tivoli Identity Manager deployment.
Identify the components of the system architecture.
Describe the deployment architecture.
Assist in planning an IBM Tivoli Identity Manager deployment.
Course outline
Identifying Requirements
Identify the authoritative sources of users (HR, external companies, customers database, and so on).
Identify the services whose accounts are to be managed.
Decide whether to provision used on a role basis or on demand.
The Security Policy
Review the corporate security policy to identify elements that IBM Tivoli Identity Manager could implement or help to implement.
Identify which IBM Tivoli Identity Manager features are needed in an environment using the business requirements.
Identify other security products in the environment, such as IBM Tivoli Access Manager and single sign-on, and choose their level of interaction with IBM Tivoli Identity Manager.
Decide the appropriate approvals for each service, along with escalations.
The Centralized User Repository
Explain why creating a centralized user repository is an important part of most ITIM implementations.
Decide which information will need to be held in the centralized user repository.
Develop a strategy to collect that information.
Decide whether or not to standardize user IDs, and if so, what will be the main ID for existing users.
Decide how new users will be allocated a main ID.
Design an appropriate user naming standard.
Access Control
Identify delegated administrators and their portions of the organization.
Describe the purpose of ITIM groups.
Explain Access Control Items (ACIs) and their importance.
The Organization Tree
List the considerations in designing an organization tree.
List the advantages and disadvantages various organization trees.
Identify the appropriate organization tree for an ITIM installation.
Decide where in the organization tree to locate users, roles, and services.
Describe admin domains and explain where it is appropriate to use them.
Service Policies
Explain provisioning policies.
Identify where in the organization tree to locate provisioning policies.
Explain service selection policies.
Identify where in the organization tree to locate service selection policies.
User Policies
Explain identity policies.
Identify where in the organization tree to locate identity policies.
Locate the current password rules on common services.
Choose password rules that make sense for a particular organization.
Identify the advantages and disadvantages of password synchronization.
Choose the appropriate method for users to receive new passwords.
Existing Accounts
Describe the purpose of reconciliation.
Define and identify system accounts.
Decide whether system accounts should be managed by ITIM or not.
Identify the changes to the organizational tree that might be required to manage system accounts.
Entitlement Workflows
Define entitlement workflows.
Decide which approval process is appropriate for services based on a security policy.
Physical Architecture
Choose a redundancy option for IBM Tivoli Identity Manager.
Identify the information needed to decide on server capacity for the servers.
Decide on the topological location of the servers.
The Implementation Plan
Identify people to assist in the planning, design, and implementation of IBM Tivoli Identity Manager.
Choose whether to use a phased approach, and if so which services to provision first.
Explain the advantages and disadvantages of having separate IBM Tivoli Identity Manager setups for development and quality assurance.
Identify the possibly synergies and problems that can be caused by other security related IT projects.
Who will benefit from this course
People who will participate in the IBM Tivoli Identity Manager implementation project
If you are unable to locate a course at the time and location you desire, including
training for prior product releases, please feel free to contact your regional delivery
management team:
