Software Announcement January 23, 2001 V3.7.1 Delivers Increased Functionality for UNIX Environments Overview New Security Engine This release provides a major enhancement to management of UNIX security in the form of a new UNIX security engine. The new engine is being offered as a replacement technology to provide the Tivoli Access Control Facility (TACF) function. The prior security engine provided in Tivoli SecureWay Security Manager was based on an engine known as the Security Operating System (or SeOS) licensed from Memco Software, a Computer Associates company. The new engine is based around Tivoli SecureWay Policy Director. Providing a security engine based on Tivoli SecureWay Policy Director allows Tivoli to make rapid future enhancements in the functions of the engine in the UNIX environment. In this release, the primary goal is to provide a functionally comparable alternative to SeOS. The new security engine provided in this release implements TACF using a component known as Policy Director for Operating Systems (PDOS). Simplifies Migration to PDOS Another major focus of this release is to minimize the effort required to migrate from the SeOS UNIX engine to the PDOS UNIX engine. The simplest form of migration will be the re-distribution of a security profile previously used for SeOS to a PDOS endpoint. Migration tools and additional assistance will be available for those that require them. Planned Availability Date February 9, 2001 At a Glance Replacing the security engine provides a number of enhancements for Tivoli SecureWay Security Manager: Integrates with Tivoli SecureWay Policy Director, a strategic component of the Tivoli SecureWay product family Enables you to implement new features based on Tivoli SecureWay Policy Director capabilities (such as access control list inheritance) Eases the migration from SeOS as an engine to PDOS Supports the resource types already found in Tivoli SecureWay Security Manager without altering the security profile Includes all Tivoli SecureWay Policy Director components required to implement the PDOS engine no additional purchases are required Allows Tivoli SecureWay Policy Director to become the center for security data through expansion using Tivoli SecureWay Policy Director add-on products This announcement is provided for your information only. For additional information, contact your IBM representative, call 800-IBM-4YOU, or visit the IBM home page at: http://www.ibm.com. IBM United States IBM is a registered trademark of International Business Machines Corporation. 201-010
Description provides a role-based, centralized mechanism for managing and implementing access control policy. Through the consistent configuration of access rights on operating systems from PC LANs to mainframes, Tivoli SecureWay Security Manager helps to ensure your own house is in order before exposing your applications to support e-business. can: Integrate with Tivoli SecureWay Policy Director for centralized management of Web access Integrate with Tivoli SecureWay User Administration for integrated user account and user access management Leverage the Tivoli Enterprise Console for centralized audit The product user interface or the command line can be used to teach your policy to Tivoli SecureWay Security Manager. Various tools are included to speed up this process, such as a role-based population function which helps configure a role-based access control model based on the existing configuration of one or more users and/or groups. provides a single, manageable interface to the variety of access control engines provided by different platforms, modifying native data, thus allowing local management tools to continue to operate. For most platforms, manipulates the native security system of the platform. For example we provide a single interface for managing Windows NT domain security, altering records in the OS/390 Security Server (RACF ) and so on. Native tools will show the results of modification made by Tivoli SecureWay Security Manager. For UNIX, provides a unique security engine. This engine allows us to treat all variations of UNIX in the same way. In addition, it resolves many security problems introduced by the user of a super user administrator such as root. This release provides a major enhancement to Tivoli s management of UNIX security in the form of a new UNIX security engine. The new engine is being offered as an alternative technology to provide the Tivoli Access Control Facility (TACF) function. The prior security engine provided in was based on an engine known as the Security Operating System (or SeOS) licensed from Memco Software, a Computer Associates company. The new engine is based around Tivoli SecureWay Policy Director. Providing a security engine based on Tivoli SecureWay Policy Director allows Tivoli to make rapid future enhancements in the functions of the engine in the UNIX environment. In this release, the primary goal is to provide a functionally comparable alternative to SeOS. The new security engine provided in this release implements TACF using a component known as Policy Director for Operating Systems (PDOS). Another major focus of this release is to minimize the effort required to migrate from the SeOS UNIX engine to the PDOS UNIX engine. The simplest form of migration will be the redistribution of a security profile previously used for SeOS to a PDOS endpoint. Migration tools and additional assistance will be available for those that require them. Utilizes the same TACF interface we have always used. The resources supported through Tivoli SecureWay Security Manager (such as FILE, TCP, PROCESS, CONNECT etc.) are all supported in the same format under PDOS. A Security Manager security profile that was previously distributed to a SeOS target system can now be distributed to a PDOS system to secure that system in the same way. The profile will require few (if any) changes to achieve this. Provides robust and innovative UNIX security management. PDOS relies on Tivoli SecureWay Policy Director for access control data management. This provides a robust and well-established platform. At the same time, the interface to the operating system where we intercept security-relevant system calls has been built from the ground up using a multi-threaded model to provide state-of-the-art control within a UNIX operating system. Enables tight integration with Tivoli SecureWay Policy Director, a strategic component of the Tivoli SecureWay product family. This provides benefits such as data reuse and allows new features to be developed based around the Policy Director security model (such as access control list inheritance). Eases migration from SeOS as an engine to PDOS. The new engine can be installed using standard Tivoli mechanisms and then the simplest data migration would be the re-distribution of an existing Tivoli SecureWay Security Manager security profile. Supports the resource types already found in Tivoli SecureWay Security Manager without altering the security profile. The same UNIX records in a security profile are used for the PDOS security engine. Includes all Tivoli SecureWay Policy Director components required to implement the PDOS engine no additional purchases are required. Allows Tivoli SecureWay Policy Director to become the center for security data through expansion using Tivoli SecureWay Policy Director add-on products. Reuses the same Tivoli SecureWay Policy Director components and data for other Tivoli SecureWay Policy Director-protected resource types by adding the relevant Tivoli SecureWay Policy Director product. Can exploit an existing Tivoli SecureWay Policy Director implementation and share existing user data. If you are already using Tivoli SecureWay Policy Director, that implementation can be exploited and extended to support your UNIX platforms. Makes available the Authorization Application Programming Interface (aznapi) for your own applications. The aznapi provides a sophisticated interface to add authorization to your own applications. Euro Currency This program is not impacted by euro currency. Statement of Direction As a future enhancement to the national language support capability of PDOS, it is the intention of Tivoli Systems to translate PDOS in the next Tivoli SecureWay Security Manager release, currently targeted for June 2001. Main Features of this Release Version 3.7.1 of : 201-010 -2-
Reference Information Refer to: Software Announcement 200-017, dated February 15, 2000. Software Announcement 200-100, dated April 25, 2000. Trademarks SecureWay, OS/390, and RACF are registered trademarks of International Business Machines Corporation in the United States or other countries or both. Windows NT is a trademark of Microsoft Corporation. UNIX is a registered trademark in the United States and other countries exclusively through X/Open Company Limited. Tivoli and Tivoli Enterprise Console are registered trademarks of International Business Machines Corporation or Tivoli Systems Inc. in the United States or other countries or both. Other company, product, and service names may be trademarks or service marks of others. -3-201-010
IBM US Announcement Supplemental Information January 23, 2001 Education Support Training is available for all Tivoli products, Education is offered through IBM Education and Training, and through Tivoli Systems. Worldwide information about education offerings is available on the IBM Education and Training home page on the Internet at: http://www.training.ibm.com For current information on Tivoli Systems education, call 512-436-8000 or visit the Tivoli Systems home page on the Internet at http://www.tivoli.com/services/education Offering Information Product information will be available on day of announcement through Offering Information (OITOOL) at: http://www.ibm.com/wwoi Publications The following publications can be ordered immediately after planned availability. Title Order Number Tivoli SecureWay Security Manager V3.7 User s Guide GC32-0706 V3.7 Release Notes GI11-0802 V3.7 Supplement for MS Windows 2000 GC32-0474 V3.7 Supplement for AS/400 GC32-0658 Redbook SG24-5101 Supplement for Policy Director V3.7.1 GC32-0473 for Policy Director Release Notes V3.7.1 GI11-0759 Technical Information Specified Operating Environment Hardware Requirements: Server Platforms: Tivoli Management Region requires a Tivoli Management Region (TMR) Server running Tivoli Management Framework Version 3.6.3. The standard requirements for a TMR server are: Hardware Platforms: RS/6000 Sun Sparc running Solaris HP 9000/700 or 800 Series Intel x86 or Pentium Approximately 40MB footprint required for UNIX platforms, 30MB for Intel. Software Platforms: AIX 4.2.1, 4.3, 4.3.1, 4.3.2, 4.3.3 Sun Solaris Version 2.6.x, 7, 8 HP-UX 10.20, 11.0 Windows NT 4.0 SP3, SP4, SP5, SP6 Tivoli Gateway Platforms: exploits the capabilities of a Tivoli Gateway. Depending on the configuration, the Gateway may be the same system as the TMR server or it can be a standalone system. The requirements for a Tivoli Gateway are the same as for a TMR Server, plus approximately 25 MB for gateway files. Supported Targets (Tivoli Client Hardware/Software Platforms): Client space requirements vary see Release Notes for specific details. IBM OS/390 Security Server (RACF ) (support available as a separate MLIC) IBM OS/400 V4R3, V4R4 running on IBM AS/400 Windows NT 4.0 SP3, SP4, SP5, SP6 running on Intel x86 or Pentium Windows 2000 running on Intel x86 or Pentium Novell NetWare 4.10, 4.11, 4.2, 5.0 running on Intel x86 or Pentium Workspace on Demand R2 V3, R2 V4, R Win 32, Warp Server SMP V3, V4, OS/2 Warp Server V3, V4, Warp Connect V3, V4, Warp Server for e-business, Warp Server for e-business SMP feature running on Intel x86 or Pentium Tivoli SecureWay Policy Director V3.7 V3.7.1 can manage components of Tivoli SecureWay Policy Director V3.7 (such as NetSEAL, WebSEAL and Policy Director for Operating Systems). requires the use of a Tivoli Managed Node as a proxy station for managing This announcement is provided for your information only. For additional information, contact your IBM representative, call 800-IBM-4YOU, or visit the IBM home page at: http://www.ibm.com. IBM United States IBM is a registered trademark of International Business Machines Corporation. 201-010
Tivoli SecureWay Policy Director. Depending on the configuration the Tivoli Managed Node may be the same system as the TMR Server or a Tivoli gateway, or it may be the Policy Director management server, or it may be a standalone system. If a standalone system is used it will have the same hardware and software requirements as a TMR Server. has no other specific requirements for managing Tivoli SecureWay Policy Director and can manage Policy Director running on IBM RS/6000 running AIX, Sun SPARC running Solaris, HP 9000/700 and 800 running HP-UX and Intel x86 or Pentium systems running Windows NT. For detailed requirements for a Policy Director Management Server refer to Software Announcement 200-404, dated November 14, 2000. As of V3.7.1 of, the management of UNIX targets is performed using a Tivoli SecureWay Policy Director extension called Policy Director for Operating Systems (PDOS). PDOS requires a Tivoli SecureWay Policy Director Management Server (provided with Tivoli SecureWay Security Manager) which has the standard requirements of Tivoli SecureWay Policy Director (see above). The UNIX platforms that can be managed by Tivoli SecureWay Security Manager v3.7.1 using PDOS are: IBM RS/6000 running AIX 4.3.1, 4.3.2, or 4.3.3 Sun SPARC running Solaris Version 2.6 (with patch 105181-23), 7, or 8 HP 9000/700 and 800 series running HP-UX 11.0 at level 47 and above Planning Information Direct Customer Support: Direct customer support is provided by the Tivoli Support Center. This fee service enhances customers productivity by providing voice and electronic access into the IBM support organization. The Tivoli Support Center will help answer questions pertaining to usage, and suspected software defects for eligible products. Packaging: is distributed with: International Program License Agreement (Z125-3301) License Information document (LC23-4474) Nine CDs and seven publications Security, Auditability, and Control uses the security and auditability features of the operating system software and Tivoli Management Framework. The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities. Ordering Information Basic License: Current licensees of Tivoli SecureWay Security Manager will be sent a program reorder form that can be returned directly to IBM Software Delivery and Fulfillment (SDF). Reorder forms are scheduled to be mailed after planned availability. Reorder forms returned to SDF will be processed within 10 days of receipt. When V3.7.1 is available, V3.7.0 will no longer be available. For program 5698-SEC, customers must ensure that they have previously ordered adequate Tivoli Management Points to add this product to the customer environment. If additional Tivoli Management Points are required for this product, also specify the OTC feature number for Tivoli Management Points in the quantity desired. New Licensees Orders for new licenses will be accepted now. Shipment will begin on the planned availability date. New users should specify: Program Number: 5698-SEC Program Name: To order a basic license, specify the program number, feature number 9001 for asset registration, and the feature number of the desired distribution medium. Also, specify the one-time charge feature number from the table below in the quantity desired (maximum quantity of 250 per feature number). The quantity of Tivoli Management Points is based on servers. Use the following table to order the program products listed below. Tivoli Management Points Product Number Product Name Qty 1 Qty 250 5698-SEC Tivoli SecureWay 0039 0040 Security Manager Tivoli Systems Support Although the first year of support is included in the product price, a no-charge order must be placed using program number 5698-SPT specifying feature number 9001 for asset registration and the appropriate First Year Standard Support No Charge feature number. This 5698-SPT order establishes entitlement records worldwide. If a 5698-SPT order is not placed, the customer will not be entitled to support even during the first year of a license. Prior to the end of the first 12 months support period, customers will be notified of their support renewal options. Unless the customer notifies IBM/Tivoli to discontinue or alter the level of support currently being received, support will automatically be renewed for annual billing at the same level as selected in the first year. Once the subsequent year support feature numbers are in place, renewals are automatic and billed annually unless support is cancelled by the customer. 201-010 -2-
Tivoli Systems offers a variety of support options in response to diverse customer requirements. summarize these offerings. The table below Standard Support Categories Standard 24 Select Support Coverage via Normal 7 x 24 7 x 24 Web, Phone, Fax and e-mail Bus Hrs Web Support Tools (TIPS, FAQs, Yes Yes Yes White papers, Tools, Patch downloads) Maintenance and Upgrades Yes Yes Yes Support News Yes Yes Yes Escalation Process Yes Yes Yes Initial Tivoli Select Support No No Yes Review (one customer location and one review per contract) Heightened Responsiveness Severity 1 1 hour No No Yes Severity 2 2 hour No No Yes Severity 3 4 hour No No Yes Severity 4 4 hour No No Yes Fast Path to Tivoli Select No No Yes Level 2 Engineer Heightened Resolution Priority No No Yes Proactive Tivoli Management No No Yes Notification Onsite when Required No No Yes (two trips per year not to exceed six days in total) Tivoli Select Support review No No Quarterly and recommendations (customer to identify single point of control site) Minimum of 40,000 renewable Tivoli No No Yes Management points required in aggregate 1. Tivoli Standard Support This offering provides: Technical support via Web, telephone, fax, and e-mail during normal IBM/Tivoli business hours Monday through Friday, except local holidays Corrections (PTFs) or patches that fix substantial deviations of unmodified Tivoli products from the then-current code, publications, and/or informal documentation (that is, release notes and memos) Software product updates that are improvements, extensions, or other changes which IBM/Tivoli, at its discretion, deems to be reasonable Customer Self-Help Options available via Web 24x7 including: Support Procedures Maintenance renewal information and registration for access to support Product-Specific Support Pages Technical Documentation including FAQs, Quick Solution Hints and Tips, Product Certification Information, Release Notes, Installation Guides, Redbooks, White Papers, and Fix READMEs Knowledge Base Search engine providing answers to many technical questions; databases include APARs, FAQs and Fix READMEs Education and Training Support Services Databases allowing customers to download code fixes and report or update problems Links to Support Contacts providing the Tivoli Support phone number nearest the customer -3-201-010
2. Tivoli Standard-24 Support This offering provides: All components offered in Tivoli Standard Support In addition, Tivoli Standard-24 Support provides enhanced features including Technical support via Web, telephone, fax, and e-mail, 7x24 including holidays Off-shift and holiday support provided on Severity 1 issues only 3. Tivoli Select Support This offering provides: All components offered in Tivoli Standard-24 Support In addition, Tivoli Select provides enhanced features including: Initial Tivoli Select support review Heightened responsiveness Severity 1 1 hour Severity 2 2 hours Severity 3 4 hours Severity 4 4 hours Fast path to Tivoli Select Level-2 Engineers Heightened Resolution Priority Proactive Tivoli Management Notification Customer Initiated On-Site Support available up to twice per contract period Tivoli Select Support review and recommendations Support provided in English only A minimum purchase/installation of 40,000 renewable points of Tivoli products in aggregate is required to acquire this support option. Support Upgrade During the first year of a license, the customer may upgrade to the Tivoli Standard-24 or Tivoli Select Support option by ordering the applicable one-time charge (OTC) feature number from the table below. The OTC feature numbers may be specified on the initial order or later via an MES during the first year only. Ordering this OTC feature will not result in an extension of the no-charge support period. In subsequent years, if a customer wants to upgrade to the Tivoli Standard-24 or Tivoli Select Support option, an MES order must be entered to discontinue the existing support option feature number and to add the feature number for the desired options After an MES order is entered, the support will be renewed and billed annually at that support level unless support is cancelled by the customer. 5698-SPT First-Year Support Options Use the following table to order support (5698-SPT) for the program products listed below. Upgrade Upgrade from Upgrade from 1st Year from 1st Year Std-24 1st Year to to 1st Year to Std-24 Select Select Support Support Support Support Support No One-Time One-Time One-Time for Charge Charge Charge Charge Program Support for Feature Feature Feature Feature Number Program Name Number Number Number Number 5698-SEC Tivoli SecureWay Security Manager Qty of 1 0629 0617 0618 0619 Qty of 250 0630 0620 0621 0622 201-010 -4-
5698-SPT Subsequent Year Options Use the following table to order support (5698-SPT) for the program products listed below. Standard Std-24 Select Support Support Support Support Annual Annual Annual for Charge Charge Charge Program Support for Feature Feature Feature Number Program Name Number Number Number 5698-SEC Tivoli SecureWay Security Manager Qty of 1 0623 0624 0625 Qty of 250 0626 0627 0628 The Standard Support option, Standard-24 Support option and Select Support option are not transferable among the Tivoli Enterprise products. If support is desired, support option feature numbers must be ordered for each licensed product. The quantity of the billable feature numbers for support must be equal to the quantity of Tivoli Management Points for a licensed product. Customers with support contracts may access the latest product information(including migration tool updates) at: http://www.tivoli.com/support/prodman/html/ab.html#security (This site requires a support login ID) End of Support: Tivoli support for V3.7.0 will be discontinued 12 months after the general availability of V3.7.1. Basic Machine-Readable Material Feature Distribution Language Number Medium English 5809 CD-ROM French 5819 CD-ROM Brazilian Portuguese 5839 CD-ROM German 5849 CD-ROM Spanish 5859 CD-ROM Italian 5869 CD-ROM Japanese 5829 CD-ROM Simplified Chinese 5879 CD-ROM Traditional Chinese 5899 CD-ROM Korean 5889 CD-ROM Customization Options: Select the appropriate feature numbers to customize your order with delivery options desired. These features can be specified on the initial or MES orders. Example: If publications are not desired for the initial order, specify feature number 3470 to ship media only. For future updates, specify feature number 3480 to ship media updates only. If, in the future, publication updates are required, order an MES to remove feature number 3480; then, the publications will ship with the next release of the program. Description Feature Number Initial Shipments Serial Number Only (suppresses shipment 3444 of media and documentation) Ship Media Only (suppresses initial 3470 shipment of documentation) Ship Documentation Only (suppresses 3471 initial shipment of media) Update Shipments Ship Media Updates Only (suppresses 3480 update shipment of documentation) Ship Documentation Only (suppresses 3481 update shipment of media) Suppress Updates (suppresses update 3482 shipment of media and documentation) -5-201-010
Description Feature Number Expedite Shipments Local IBM Office Expedite 3445 (for IBM use only) Customer Expedite Process Charge 3446 ($30 charge for each product) Expedite shipments will be processed to receive 72-hour delivery from the time SDF receives the order. SDF will then ship the order via overnight air transportation. Terms and Conditions Agreement: IBM International Program License Agreement (IPLA), IBM International Agreement for Acquisition of Programs and Support (IIAAPS), IBM Agreement for Acquisition of Support (IAAS), with the Attachment for Support and its Addendum for Tivoli Systems, and an Order Form Transferable: Applies except when Support is in effect Limited Warranty Applies: Yes Guarantee: Two months Getting Started Period: Not applicable Usage Restriction: Yes. Usage is limited to the quantity of Tivoli Management Points acquired for a one-time charge. Educational Allowance Available: Yes, to qualified educational institutional customers Percentage: 15% Volume Orders: Not applicable Upgrade Protection Applies: Covered as long as Support remains in effect Licensed Program Materials Availability: Object Code only Entitled Upgrade for Current Upgrade Protection Licensees: As announced for each program Tivoli Support: Support Center applies: Yes Access is available through the Tivoli Support Center, 800-TIVOLI8 (848-6548) Availability: Available until the product is discontinued: Applicable for: APAR Mailing Address: The first year of Tivoli Support is available at no additional charge. The first year starts when the product is shipped to the customer. Subsequent years of Tivoli Support are available for a fee as the IAAS, IIAAPS, or any equivalent agreement Twelve months after written notice of product discontinuance (that is, end-of-life (EOL)) The current release The immediate previous release level for twelve months after the general availability of the current release Tivoli Systems Inc. 9442 Capital of Texas Highway Austin, TX 78759 USA Attention: Product Development Support Line: No 201-010 -6-
Product Web Site: A complete list of products, terminology definitions, and licensing documents are available at the following Web site: http://www.tivoli.com/products/licensing/ Prices Customer Financing: IBM Global Financing offers attractive financing to credit-qualified commercial and government customers and Business Partners in more than 40 countries around the world. IBM Global Financing is provided by the IBM Credit Corporation in the United States. Offerings, rates, terms, and availability may vary by country. Contact your local IBM Global Financing organization. Country organizations are listed on the Web at: http://www.financing.ibm.com Prices are based on Tivoli Management points. The prices per Tivoli Management point are unaffected by this announcement. Refer to the following announcements for pricing information: Software Announcement 200-017, dated February 15, 2000 Software Announcement 200-100, dated April 25, 2000 Trademarks SecureWay, AS/400, RS/6000, AIX, OS/390, RACF, OS/400, and OS/2 are registered trademarks of International Business Machines Corporation in the United States or other countries or both. Pentium is a trademark of Intel Corporation. Intel is a registered trademark of Intel Corporation. Windows and Windows NT are trademarks of Microsoft Corporation. UNIX is a registered trademark in the United States and other countries exclusively through X/Open Company Limited. Tivoli is a registered trademark of International Business Machines Corporation or Tivoli Systems Inc. in the United States or other countries or both. Notes is a trademark of Lotus Development Corporation. Other company, product, and service names may be trademarks or service marks of others. -7-201-010