Friday, September 30, 2011

Tivoli Security for Dummies

I've had the pleasure to work with a very entertaining IT consultant from the Land of Dracula recently. He's as self-deprecating as anyone I think I've ever met and constantly refers to himself as a Dummy. To be fair, he refers to himself as a Dummy when he is working with technology that is new to him - I don't for one minute believe that he is actually a Dummy!

When discussing the Tivoli security products, he would constantly over-state his Dummy credentials and ask me questions such as "How do dummies find out how to set up replication on these LDAPs?"

The standard response of reading the manual would be met by "I can't find the manual, or the manual isn't written for dummies like me. Why can't it be written in a format that dummies can understand."

On this particular issue - he's probably right. There are manuals, there are presentations, there are all sorts of documents scattered across the web but very few of them show a simple step-by-step approach to enabling replication for dummies.

"How does the dummy enable Single Sign On from WebSEAL to ITIM?" he would ask.

Again, there are plenty of documents around, but they haven't really been written for dummies and they are rarely complete!

It got me thinking... Maybe I should write a series of Dummies Guides covering some of the basics of the Tivoli Security suite of software. Of course, I'm sure the publishers of that well known series of guide books would take exception to my use of the word Dummies, so I'd need something else. Maybe "Tivoli Security for Newbies"?

Regardless of the title for the series, it seems like a worthwhile thing to-do as I'm conscious that my blog has become ever more technical as time passes with an assumption that my readers grow up alongside me. Refreshers for those readers would be useful and it may encourage the newbies to as well.

So, with that in mind, I'd like to call upon my readers to suggest topics that could be covered (taking the above two as givens for the start of the series). All topics will be considered!


Dave Hay said...

As my Aunt always says, make it suitable for Beano readers - how about "Tivoli Security for Beano Readers" ?

For those who haven't read The Beane, (a) shame on you and (b) give it a try, you'll love it

niall said...

Two suggestions could do with being 'Swanned':

a) WebSEAL SSO to WebSphere/Portal to include current thinking on LTPA vs TAI. I've asked IBM on their which is their prescribed method, and it met with a gallic shrug.

b) TIM and/or TAM backup strategies.

WorldOfDub said...

Another suggestion - WebSEAL in front of IIS. There seem to be a few ways of achieving this, so I'm wondering if you had any thoughts?

Not a current or expected requirement, but someone asked me about it recently & I pointed them at the manual/whitepapers.

Stephen Swann said...

Ah - WebSEAL in front of IIS. As you say, there are a number of ways of going about this one. A BA junction would work, but is a bit "meh". The TAM.NET plugin would work, but I've seen resistance from IIS Administrators to deploying that. The TAM.NET Lite plugin works well, but I refer you to my previous comment. And then you could do the SSO using SAML tokens and have ADFS create some claims to be consumed by IIS. This has worked very well at a deployment recently.

The short answer is that there are a number of approaches and that the best approach is probably going to be the TAM.NET approach with the support of the IIS Admins.