Security - PowerPoint PPT Presentation

1 / 50

About This Presentation

Title:

Security

Description:

No dependencies on any of the other Tivoli products ... Ensure business continuance. Reduce administrative costs. Maximize current hardware investment ... – PowerPoint PPT presentation

Number of Views:100

Avg rating:3.0/5.0

Slides: 51

Provided by: VTU1

Category:

more less

Transcript and Presenter's Notes

Title: Security

1
Security Storage Management using Tivoli
Wrap up!Part 1 2
2
Agenda

Part 1
Few Security Concepts
Security Management Portfolio
Tivoli Identity Manager
Tivoli Access Manager
Part 2
Storage Management Portfolio Concept
Tivoli Storage Manager Express
Tivoli Continuous Data Protection for files

3
Tivoli Software Pillars

Infrastructure management products
Storage
Tivoli Storage Manager
No dependencies on any of the other Tivoli
products
Integration points with the other Tivoli products
Security
Identity Access Management
Automation
Performance, Availability,Configuration and
Operations

4
Security Management
5
Authentication

Authentication
The process of identifying an individual who is
attempting to log in to a secure domain
The process of linking a person or process with
his or her electronic identity
It gives the answer on the question
Who are you?

6
Authorization

Authorization
The act of determining what resources an
authenticated user can access or
The Process of deciding whether a particular user
can perform a requested action on a given point
In a simplest form authorization provides you
with a yes or no answer to this question
Are you authorized (do you have permission) to
access/manipulate the requested object?

7
AuditingIntegrityPrivacy

Auditing
The recording of the system events
Integrity
The ability to tell if a message has been altered
since it was sent
Privacy
The ability to exchange messages without a third
party being able to read them

8
User Registry

A database of the user identities that are known
to access manager
A representation of groups in access manager that
users have membership with
A data store of metadata required to support
additional functions
The default user registry is LDAP-based, and
Access Manager consolidates its registry support
around a number of LDAP directory products

9
User Registry

Access Manager can use the following directory
products for its user registry
IBM Tivoli Directory Server
Novell eDirectory
Sun Java System Directory Server
Microsoft Active Directory
IBM Lotus Domino Server
IBM z/OS LDAP Server
The IBM Tivoli Directory Server is included with
Access Manager and is the default LDAP directory
for implementing the user registry

10
Directory Information Tree (DIT)

An LDAP-based user registry stores its data as
objects and organizes it hierarchical in a tree
structure called the Directory Information Tree
(DIT).
An LDAP-based user registry can have multiple
DITs.
Objects are described with various attributes.

11
DIT

The user registry for Access Manager contains
threetypes of objects
User objects, which contain basic user
attributes.
Group objects, which represent roles that user
objects may be associated with.
Access Manager metadata objects, which contain
special Access Manager attributes that are
associated with user and group objects. The
metadata includes information that helps linking
an Access Manager user ID to its corresponding
registry user object

12
PKI Public Key Infrastructure

Public-key infrastructure provides public-key
encryption and digital signature services
The purpose is to manage keys and certificates
PKI enables the use of encryption and digital
signature services across a wide variety of
applications

13
Identity, Risk and Compliance Management
Federated Identity Manager
Security Compliance Manager
Risk Manager
14
Identity, Risk and Compliance Management
Federated Identity Manager
Security Compliance Manager
Risk Manager
15
Tivoli Identity Manager Overview
Identity change (add/del/mod)
Tivoli Identity Manager
HR Systems/ Identity Stores
16
Tivoli Access Manager Family

IBM Tivoli Access Manager for e-business (ITAMeb)
Tivoli Access Manager for Business Integration
(ITAMBI)
Tivoli Access Manager for Operating Systems
(ITAMOS)

17
ITAMeb - Core Components

A user registry
An authorization service consisting of an
authorization database and an authorization
engine that performs the decision making action
on the request.
Resource Manager (WebSEAL) responsible to
apply security policy to resources

18
Tivoli Access Manager for e-business
BEFORE

Too many passwords to remember
Multiple admins with multiple access control
tools
User and access control information everywhere
Compliance? To what?

Figure 1. Unified, Policy-Based Security for the
Web
Security policy
User group info
Audit
19
Java API for Access Manager

The IBM Tivoli Access Manager Runtime for Java
component includes the Java language version of a
subset of the Tivoli Access Manager API
The authorization API consists of a set of
classes that provide Java applications with the
ability to interact with Tivoli Access Manager to
make authentication and authorization decisions

20
Access Manager based Authorization for MS.net

IBM Tivoli Access Manager provides integration
and support for implementing Access Manager-based
authorization for Microsoft .NET applications.
Access Manager APIs are exposed at the .NET
Common Language Runtime level.
This exposes the functionality to all .NET
languages such as Managed C, C, and Visual
Basic .NET.

21
IBM Global Security Kit(GSKit)

Tivoli Access Manager Components communicate in a
secure way over the network
Tivoli Access Manager provides data encryption
through the use of the IBM Global Security Kit
(GSKit)

22
Authentication and single sign-on mechanism

Authentication describes the process of
exchanging credentials to identify the
communication partners. Authentication can be
directional or mutual
Single sign-on is the process of forwarding
information about a users identity in a secure
way to another system

23
Links

http//www.ibm.com/software/tivoli/
http//www.ibm.com/software/tivoli/solutions/secur
ity/
IT System Security Management
http//www.redbooks.ibm.com/abstracts/redp4107.htm
l?Open

24
For EDUSAT Coordinators

Please send the session wise attendance sheets
to
ibmvtu_at_gmail.com
Students post your questions _at_
http//forum.vtu.ac.in
Thank You!

25
Storage Management
26
What is Storage Management

Centralized administration for data and storage
Efficient management of information growth
High-speed automated server recovery
Customized backup solutions for major groupware,
enterprise resource planning (ERP) applications,
and database products
Data protection
Disaster recovery

27
IBM Tivoli Storage Manager Portfolio

Tivoli Storage Manager base products
IBM Tivoli Storage Manager
LAN Clients, base libraries (notgt3 drives, 40
slots)
IBM Tivoli Storage Manager Extended Edition
Tivoli Disaster Recovery Manager, NDMP NAS, Large
Libraries
IBM Tivoli Storage Manager for Data Retention
Tivoli Storage Manager complementary licenses
IBM Tivoli Storage Manager for Space Management
(HSM),
IBM Tivoli Storage Manager for SANs (LAN-free
clients)
IBM Tivoli Storage Manager for System Backup and
Recovery (AIX)
IBM Tivoli Storage Manager for .(Database, Mail,
Hardware, Application Servers, Enterprise
Resource Planning)
Oracle, MS SQL MS Exchange, Domino, ESS, WAS, R/3
Third party and complementary products
IBM DB2 backup, IBM Informix backup, IBM Content
Manager

28
IBM Tivoli Storage Manager

Complete Storage Management
backup / restore
archive / retrieve
disaster recovery
Hierarchical space management (hsm)
database and application protection
bare machine recovery
data retention
Scaleable from PC servers through UNIX and
mid-range servers to OS/390 mainframe servers
Heterogeneous platform coverage for 13 different
operating environments

http//www-3.ibm.com/software/tivoli/solutions/sto
rage/
29
IBM Tivoli Storage Manager Architecture
Administration
User Interface
WEB
Local Area Network
Log
Database
Storage
Repository
Servers, Clients, Application systems
Storage Area Network
TSM Server
TSM Storage pools
TSM Clients
30
Backup / Restore
BACKUP
TSM Client
RESTORE
TSM Server
DB

Progressive / selective / adaptive subfile
differencing / point-in-time / volume level
Multiple versions kept
Policy managed
System assisted restore
Automated scheduling

Hard Disk
Single File
Data Protection
31
Archive / Retrieve
Archive
TSM Client
Retrieve
TSM Server
DB

Long-term storage
Point in time copy
Retention period
Policy managed

Audit
Records Retention
32
Tivoli Disaster Recovery Manager
Source TSM Server
Target TSM Server
Copies
DB
DB
DB
Recovery Plan File

Automatically generated disaster recovery plan
Detailed tracking of off-site volumes

Business Continuity
33
IBM Tivoli Storage for Space Management
Migrate
TSM Client
Recall
TSM Server
DB

Migrates inactive data
Transparent recall
Policy managed
Integrated with backup

Cost/Disk Full Reduction
Efficient Use of Storage
34
Database and Application Protection
DB
Backup
TSM Client
Restore
TSM Server

Online (hot) backup
Incremental backup
Data integrity
Automation and Scheduling
Seamless integration

DB
Online Backup
35
Tivoli Storage Managers Bare Machine Recovery

Brings back system to state of last backup
Recovers all the OS changes and customizations
Streamlines and automates the OS recovery process
Eliminates the need for highly skilled
professionals to manually reinstall hardware,
network, patches
Speeds up the recovery time
Integrates bare machine backups directly to
Tivoli Storage Manager server

Ensure business continuance
Reduce administrative costs
Maximize current hardware investment

36
Progressive Incremental Backup

ONLY new or changed files backed up
NO redundant backups
Restores dont require the same file to be
restored multiple times
NO wasteful weekly full backups and their
dependent incremental/differential
Data tracked at file level
Accurate restores

Monday
Tuesday
Friday
Wednesday
Thursday
A1
A2
A
B
B1
B3
B2
C
C3
C1
C2
D
D1
A1 B1 C1 D1
C3
B2 C2
A2
B3
Full Incremental
5 Tapes 9 Files
A1 B1 C1 D1
A2 B2 C2
A2 B2 B3 C2 C3
Full Differential
B2 C2
A2 B2 C2 C3
2 Tapes 9 Files
A1 A2 B1 B2 B3 C1 C2 C3 D1
Progressive Backup
1 Tapes 4 Files
37
Policy Management
TSM Server
DB

Centrally defined polices
What data?
Where to store it?
How long to keep it?
File-Level granularity
Changes retroactively applied to already backed
up data

Domain 2
Domain 1
38
Storage Hierarchy
TSM Server
Disk pools

Storage pool virtualization
Parallel backup of multiple clients
Mixed retention on same tape
Direct restore from tape to client
Fast, direct restore from disk to client
Scheduled migrations
Automatic migration to new tape technology
Automatic migration to tape outside of backup
window

Optical pools
DB
Tape pools
39
Tape Reclamation

Better utilizes tapes, thus, saving money
Tape utilization constantly monitored
User-defined reclamation threshold
When free space reaches threshold
Tape is mounted
Valid data moved to another tape
Original tape is returned to the scratch pool
Can be scheduled to occur at specified times

100

40
Collocation

Reduces tape mounts on restore, thus, expediting
restores
Stacks all data for a client , file system or
group of clients onto the same tape or group of
tapes

Hi Threshold
Disk Pool
A
C
A
B
B
B
Lo Threshold
C
A
B
Migration
Migration
Client A
A
Client A
Client B
Client C
Client B
B
Tape Pool
B
B
B
C
A
A
A
C
C
Client C
C
B
41
Operational Reporting

Tivoli Storage Manager server(s) status reports
sent directly to you
Customized reports
Daily report
Scheduled monitoring report
Status of backup report to end user
Reports available via
Email
Desk top alerts
Pages
TSM Microsoft Management Console
Export to a website

Preconfigured reports based on best practices
Utilizes information that has always been
available in the Tivoli Storage Manager db
Customize reports to fit your companys needs

42
Enterprise Storage Management
IBM Tivoli Storage Manager is a lot more than
just a backup tool...
IBM Tivoli Storage Manager
LOG
DB
log
A single, integrated storage management
architecture Many non-priced base features web
GUIs, archive, encryption, mobile backup
43
TSM Express
44
Continuous Data Protection
45
Why is CDP for Files Needed?

Most data protection solutions miss the most
valuable data (what the user is working on now)
Daily backup allows too much productivity loss
WORSE, 70 of corporate data resides on
desktops/laptops and fewer than 8 are backed-up
at all
End-users everywhere simply do not backup
because no solution has been as transparent as
air bags, until now

46
Why is CDP for Files Needed?

Increases in data volumes increase length of
backup window
Business and regulatory requirements for data
continuity are increasing
Disk costs declining making replication
technologies more cost effective
Critical data assets found in remote offices,
laptops, desktops often not protected
Employee productivity declines due to data loss
which is a growing concern
Many data protection solutions miss the most
valuable data (what the user is working on now)

Companies would like to improve backup/recovery
time
70 of corporate data resides on desktops/laptops
and fewer than 8 are backed-up. IDC Gartner
studies
30 of small businesses have no formal data
protection procedure. Imation April 2003
40 of small businesses rank automated data
backup and recovery as their primary IT need. ECT
News Network
Disk costs declining making replication
technologies more cost effective
Replication and backup will increasingly overlap

47
What is IBM Tivoli Continuous Data Protection for
File?
An evolution in data protection using a unique
hybrid approach
Replication Traditional Backup CDP