Privileges quality issues?
Wish to deploy role-based provisioning policies in ITIM?
Need granular compliance verification?

Eurekify's analytical software will help you rapidly implement true Role-based Identity Management. From the initial business case; to planning, preparation, and cleanup; to design, implementation and management of role-based provisioning. Eurekify also provides quick solutions to compliance issues: attestation, cleanup, and demonstration of SoD and IT controls.

To learn more please email sage@eurekify.com , or visit http://www.eurekify.com

Meet the 10,000 member who joined the Tivoli User Group community!
Neil Hart, a Storage Administrator, from the UK joined the TUG community in December 2006 as he "wanted to have access to a group of like minded professionals, where he could share information and learn from other experiences. He has been fortunate to be able to use the Free Tivoli Certification testing that has been available at his local TUG meeting." He found out about the community from a current TUG member. Lastly, he also thanked the TUG council for all the work they do for the community.

Congratulations to Peter Thernelis from Canada and Gayathiri Muthukrishnan of India who are a couple of our registration contest winners to receive an MP3 player.

Please take the Semi-Annual Tivoli User Group Website Satisfaction Survey today! Tivoli User Group Website Satisfaction Survey

HOT NEW Feature now available for our members! Top of Mind is a service which allows you to anonymously share your thoughts with the Community on a particular subject, and see what other members are thinking about on this same subject. Post and read comments today!

Check out the Tivoli Technical User Conference Blog! Share your insights, opinions and experiences with these IBM Tivoli executives on topics like: service management, product roadmap, customer experiences.

• Al Zollar, General Manager
• Alan Ganek, CTO and Vice President, Autonomic Computing
• Bob Madey, Vice President, Strategy and Market Management
• Laura Sanders, Vice President, Development

NEW TUGs:

Tivoli User Groups:

1) Brasil Tivoli Security & Systems z User Group
2) Atlanta Tivoli Storage User Group

Check out the TUG meetings: Plan to attend a scheduled 2007 TUG meeting near you today!

NEW, a message from IBM now available for reading! "After the acquisition: Moving with precision to bring you value more quickly." Read the article today!

New Redbook: Understanding SOA Security Design and Implementation All Senior security officers, architects and security administrators should downloaded this as a PDF file and/or order in hardcopy this great Redbook

The new IBM Service Management Industry Modeler Tool is now live.
The Industry Modeler Tool will take you through a series of questions to help guide you towards an IBM Service Management solution that fits your needs. Choose from Healthcare, Financial or Government industries to narrow down your specific needs and learn more about what IBM has to offer you.

CHECK Out, very cool: QEDWiki / Tivoli mashup video. Look at how TADDM, ITM, and TPM work together.

Now in OPAL, the release of the following packages for monitoring availability and performance of Tivoli Identity Manager, Tivoli Access Manager, and Tivoli Directory Server. These freely downloadable modules are based on the IBM Tivoli Monitoring Version 6.1 Universal Agent. Each comes packaged with a white paper that describes how to install and use it, and also describes in detail how the scripts were developed. This provides the user with enough information to modify and extend the monitoring solutions to capture any additional data desired.

• IBM Tivoli Identity Manager Monitoring Solution
• IBM Tivoli Access Manager Monitoring Solution
• IBM Tivoli Directory Server Monitoring Solution

IBM Tivoli Identity Management (ITIM) Implementation Tips
Access Control Perspective from Gergory Sonier, a TUG member

1) It is important for the Access Control staff to be part of the process for integrating applications into ITIM. This can be achieved by assigning an individual from the Access Control group as the team lead for each of the application integrations. Responsibilities for the lead could include; helping develop test cases, create provisioning / deprovisioning process documentation and training other staff members on the new processes.

2) It is critical that the application integration process include thorough testing. The Access Control team should help develop the provisioning / deprovisioning process test case documents. The test cases should test numerous scenarios including the creation of new accounts, modification of account permissions, suspension of accounts, deletion of accounts, and password resets. The test cases should also test for malformed data, i.e. special characters in application id's.

3) Application provisioning documentation should contain the following key areas of managing the application account management process: creation of new accounts, modification of accounts, account suspension, password resets, recertification, and approval workflow.

4) Training should be provided to all Access Control team members as applications are integrated into ITIM. The delivery mechanism should be suited to best fit your situation. For a geographic dispersed team, consider using computer based interactive sessions, ie. Microsoft Netmeeting or WebEx.

Check out the TOP 10 most recent downloads from the Tivoli Information Exchange:

1) Best Practices on Monitoring 6.1 and more
2) ITM6 agent remote configuration
3) Tivoli Monitoring data sheet
4) "2006 - Takeaways- ITM and IT Process Mgrs tech pr
5) "2006 - Takeaways - TEC, Netview, TPM, TCM tech pr
6) Chicago TUG Endpoint Health scripts
7) Process events from wtdumprl
8) List running desktops
9) T/EC event hit report
10)"2006 - Takeaways - TDW,TBSM, TSLA, ITCAM tech pre

More downloads here!

Best Practices for Composite Application Management
Today's business processes often depend on a number of complex applications. These composite applications use business logic and data that span Web servers, J2EE application servers, integration middleware and mainframe systems. Although most businesses have traditional monitoring tools to manage individual resources at a high level, many lack an integrated solution to automatically monitor, analyze and resolve problems at the service, transaction, application and resource levels. In this webcast, Stacy Joines and Kendall Lock will provide you with Best Practices advice on how to isolate, diagnose and fix business-critical application performance problems.

To access a recording of the webcast, click on http://www- 306.ibm.com/software/tivoli/resource- center/application-management/app- mgmt_wescast5.jsp where you will be invited to register. Follow the instructions and once registered you can access the webcast.

All you ever wanted to know about Online Support
You have seen the web page. You may have missed the live presentation, but now see the video by clicking Online Support.

A conference you won't want to miss. Save 10 - 15% with the TUG member discount into the Tivoli Technical User Conferences for San Francisco, May 7-10 and Rome, June 11-15 Just a few sessions you could experience and so much more:

• Tivoli Application, Availability and Business Service Management Portfolio Strategy
• Event Monitoring and Management Essentials
• What's New in IBM Tivoli Monitoring 6.2
• Combining IBM Tivoli Monitoring and Netcool monitoring now and beyond
• Introduction to Netcool/OMNIbus and the evolution path for co-existence of Tivoli Enterprise Console and OMNIbus
• 5 Steps to Plan for IT Service Management Implementation
• Create a Meaningful Service Catalog
• Tivoli Directory Server Insider Tips
• Tivoli Identity Manager Graphical Configuration Editor and Data Feed Reporting Tools
• Tivoli Access Manager: User session management with session management server
• Optimization of and Issues with Tivoli Storage Manager using Small File Clients
• Tivoli Storage Manager Data Protection for Applications and Databases
• IBM Tivoli Netcool Proviso Portal Customization
• Leveraging Tivoli Netcool Impact to extend the value and reach of Service Management
• Providing End-to-End Service Management with Tivoli Business Service Manager and Tivoli Vallent ServiceAssure
• zSecure Audit and InSight help you fine-tune your Identity Management

The Tivoli Technical User Conference are now coming to a Asia Pacific country near you!

23-25 May, India
5-7 June, Bangkok , Thailand
30-31 July, Melbourne, Australia
July, Seoul , Korea
July, Japan

2007 Tivoli Monitoring Customer Technical Workshop, presented by Americas Level 2 Support Organization for FREE!!
19-20, June 2007 in Austin, TX
A technical workshop focused on providing Customers "All you need to know" for an ITM 6.1 deployment.

• Essential information leveraging the Level 2 Support team's experience
• Documentation not easily found by customers - we'll help
• Reinforced communications network with Level 2 for facilitation of PMR management
• Forum to communicate and learn from the experiences of other users

TUG Security Webcast! Sign up today
When: May 16, 2007 @ 9:00 am central
Title: Tivoli and the Consul InSight Product Suite: Integration and Roadmap
Description: This presentation will introduce the Consul InSight product suite and will cover the various modules that make up the solution. The session will also cover the value of the combined Tivoli and Consul products, along with how the solution fits into the IBM security portfolio. The future product roadmap and upcoming integration plans for interfaces to the Tivoli solutions will also be discussed.

Webcast! Preventing Application Security Control Conflicts: The Benefits of Deploying Identity and Access Management with Continuous Controls Monitoring

IBM and Approva will also demonstrate a new integrated solution that builds compliance into your user provisioning process by marrying IBM's Tivoli Identity Management solution with Approva's continuous controls monitoring and audit solution.

Please join this informative session by registering for the replay.

Webcast! IBM Governance and Risk Management live simulcast
Title: When IT Governance Impacts Business Performance-Managing Risk, Delivering Services, and Creating Visibiability
When: May 15th, 2007 at 8:45 a.m. Central Daylight time during the Forrester IT event in Nashville, Tennessee

Join IBM and its guest speakers for real-world scenarios and key strategic insights helping you envision how your company can:

• protect value and improve its security posture
• create and manage value, enabling quality service delivery at minimal cost
• preserve value and ensure optimal business continuity

IBM Tivoli Training at User Group Meetings
The Tivoli Access Manager South New England User Group and the Northwest Ohio TSM User's Group had free training direct from Tivoli Education at their last meetings and YOU CAN TOO. In the April and October 2006 surveys of the Tivoli User Group community, we asked you . . . "What is the best way for IBM to reward you for being a good IBM customer?" Almost 50% of those who responded selected "Free Education Classes" as the best reward. So, in 2007, Tivoli Training is offering free, in-depth technical training delivered by technical product experts via emeeting at regularly scheduled Tivoli User Group meetings. And you and your User Group Leader select the product and topics to be taught at your meeting from a list of over 225 courses covering over 80 Tivoli products. The process to hold a free, technical Tivoli Training class at your next meeting has been explained to your User Group Leaders during the January world wide Leaders meetings. The Leaders have the list of courses to select from. What do you need to do to make this happen? Contact your User Group Leader and work with him/her and the other members of your User Group to select the product, course and topics you want taught at your next User Group meeting.

Your One-stop Shop for IBM Tivoli Netcool Offerings
Go to the source for the latest IBM Tivoli Netcool Offerings including new courses, service offerings or product certifications. Whether it's the expanded Netcool/Proviso curriculum, the latest Netcool/Impact and Netcool/Realtime Active Dashboard courses or the latest Netcool Service Offerings, go right to the source.

New IBM Tivoli Composite Application Manager 6.1 Courses
The suite of new IBM Tivoli Composite Application Manager (ITCAM) 6.1 courses is ready. Start with the complimentary ITCAM 6.1 Introduction web-based course to learn fundamentals and how the family of products fit together. Next you'll be ready for a host of other courses for products including: ITCAM for Websphere 6.1, ITCAM for J2EE 6.1, ITCAM for Service Oriented Architecture and many more. For more detail and to register for this class go to: http://www- 306.ibm.com/software/tivoli/education/edu_prd.html#D 009390P89643O90

IBM Tivoli Provisioning Manager 5.1 Workshops are Now Available
These hands-on instructor-led workshops give students the opportunity for practical hands-on experience. The IBM Tivoli Provisioning Manager 5.1: Administration and Workflow Development Workshop with Labs, allow the student administer, configure reporting and administer, configure reporting and notification, develop workflows and automation packages, and manage the Tivoli Common Agent environment for Tivoli Provisioning Manager 5.1. The IBM Tivoli Provisioning Manager 5.1: Operations Management Workshop addresses managing operating system deployments, software installations, compliance management, and discovery and inventory management. For more detail and to register for these workshops go to: http://www- 306.ibm.com/software/tivoli/education/edu_prd.html# W106277U73511R50

Free IBM Tivoli Training
Did you know that IBM Tivoli Training offers free training every month? Did you know that you only have to visit one web page to find a list of all the training that is currently free? The list is sorted by product and currently lists over 70 free Web Based courses. For details on IBM Tivoli Training that is currently free go to: http://www.ibm.com/software/tivoli/edu cation/edu_prd_free.html

Check the above link and this web page at least once each month for special offers.

Free IBM Tivoli Training Roadmaps
Not sure which Tivoli course you should take? What about prerequisites or product certification? You need a Skills Roadmap. BM Tivoli Training has individual Skills Roadmaps available for a majority of our products. The roadmaps list the prerequisite requirements, classroom courses, Web Based Training courses, certification information and other education (white papers, RedBI). The Skills Roadmaps are in PDF format and can be downloaded individually or combined in a single . compressed file from: http://www.ibm.com/software/tivoli/edu cation/eduroad_prod.html

Looking for Training on the latest IBM Tivoli Solutions?
Use the following links to find the training for the latest IBM Tivoli solutions.

IT Service Management (ITSM)
IBM Tivoli Application Dependency Discovery Manager
IBM Tivoli Availability Process Manager
IBM Tivoli Change and Configuration Management Database (CCMDB)
IBM Tivoli Release Process Manager
IBM Tivoli Storage Process Manager
IBM Tivoli Unified Process Composer

Service-Oriented Architect
Service-Oriented Architect skills roadmap

IBM Tivoli Composite Application Management
IBM Tivoli Composite Application Management

IBM Tivoli Federated Management or Security Compliance
IBM Tivoli Federated Identity Manager
IBM Tivoli Security Compliance Manager

IBM Tivoli Express Products
IBM Tivoli Identity Manager Express
IBM Tivoli Monitoring Express
IBM Tivoli Storage Manager Express

Integration of Netcool and Tivoli Products
IBM Tivoli Netcool

Issue #11 of the Tivoli Advisor, a Tivoli technical publication is available and we encourage everyone to check out all these articles.

• Business excellence through service management
• Tivoli Provisioning Manager for Software version 5.1: Coexistence with Tivoli Configuration Manager
• Securing an SOA: Part 2
• Managing cached TEC events

One article in particular we'd like to highlight for you: Managing cashed TEC events
This article outlines a possible solution for both Tivoli Management Environment (TME) and non-TME utility agents to minimize the delay in delivering events to the Tivoli Enterprise Console (TEC) server. The aim is to facilitate normal operations, such as service level agreement (SLA) evaluation and timer rule execution, within the rule base. It is always advisable to provide a highly available infrastructure for event management.

Read the Tivoli Advisor today.

Back in December of 2006 I, John Taylor, GTUG council member provided you with some important Security related information. In the Identity Management piece, I provided an overview of the business drivers and the key things to watch out for when undertaking such an implementation. In this article I will provide some advice on architectural decisions that need to be undertaken to make the implementation successful.

The key when putting in a solution for identity management is to remember resiliency and disaster recovery. One of the key learning's from this experience is that if the architecture fails then the impact is quite wide and can be very painful. Why do I raise this?

During the design, we put quite a bit of effort in ensuring that the Access Manager component of the solution was built with a high level of fail over as it was protecting our internal and external business sites. What we failed to do, and this was a collective team and IBM decision, to put the same amount of resiliency within the Identity Manager component. We all believed that if the LDAP failed then people would still be able to access the systems and there would not be a problem as it is just checking a password. Right? Wrong as it turned out.

Ensure that the LDAP in the solution is very resilient with 1 Master only and at least 2 slave directories. This will ensure that effective synchronisation is undertaken and if in the event that the slave being used fails then the secondary slave can be automatically used to provide access. We also had the management updates done on the Master and the system ran off the primary slave.

A further tip in the architecture is extensively use Directory Integrator. This is a very good product and allows you to do some very impressive integration with legacy systems and proprietary web based systems. By ensuring that you link your solution with both the web space and the legacy system space you will ensure that real business value is realised.

From a platform perspective, though the Access Manager documentation does state that it is supported on wintel platforms, we found this very restrictive when it came to load. We had undertaken a temporary implementation using windows XP and found that under load the performance of the system had a very strong glass ceiling no matter how big or how many boxes were deployed. Stick with Unix platform and treat the infrastructure as a big installation and not just something that is handling access checking. It may do in theory but consider that every connection will traverse this infrastructure.

From a usability and administration perspective, the interfaces for both Access Manager and more so, Identity Manager are not very user friendly. A fair bit of work needs to be undertaken to customise the user interface for both the end user to utilise to reset passwords etc and any administration staff. The good news is that once it is done, it is done but is a gap in the product that comes as a surprise.

It sounds a corny, consultant/audit statement but ensure that you have your password, account management or other relevant policies and standards defined before you start. You can refine as you go but you will be making business impacting decisions as you go and you only want to change things once otherwise your customers will not appreciate the solution as much as they should.

Overall, Access Manager is a good product that helps pull together the web security space effectively. Identity Manager, whilst having gaps in functionality, is getting better and does link together nicely with Access Manager to bring the legacy and web environments together. This is a difficult, multi stakeholder area that needs perseverance, strong management/sponsorship and more importantly very capable people to undertake the implementation. The outcomes are rewarding but without taking the time to plan, your implementation can cause a lot of pain.