As part of daily duties I document (a lot) of information and instructions for various IDMWorks customers as such the following contains the instructions for installing and configuring a Tivoli Authorization Server on Red Hat Enterprise Linux (RHEL) v5 as part of an IBM Tivoli Access Manager for e-business (TAM) deployment in the <Customer A> environment.
This following includes instructions for installing Authorization server in a new environment, and migrating the Authorization server for an existing environment to a new PD RHEL.
This installation guidance that I am providing will give you directions for installing and configuring Authorization Server on RHEL as part of a TAM deployment in <Customer A>. while Authorization Server mirrors the Policy Director’s ACL database for a TAM deployment.
Architecture
Tivoli Access Manager provides authentication and authorization services, allowing secure access to enclave resources. When a user attempts to access a protected resource, they must authenticate to the TAM environment. Resource access passes through WebSEAL server junctions, which contact the TAM policy director for access control decisions.
User identity information and role assignments are stored in Tivoli Directory Server. Tivoli Web Portal Manager and the Directory Server Web Administration Tool provided web-based graphical administration tools for the TAM system.
First Up: Prerequisites
Installation Environment
The optimal system specifications for a Policy Director server in your environment will depend on the number of users and the anticipated load in that environment. The table below lays out recommended minimum system specifications for several different servers & environments.
Recommended Minimum System Specifications
| Environment | Server Type | OS | CPUs | RAM | Disk Space | Can use VMs? |
| Development / Testing with 50,000+ users and / or heavy load on the systems | PD | RHEL v5 32-bit | 2 | 2 Gb | Min 2 Gb free | Yes |
| Development / Testing with less than 50,000 users, light load on the systems | PD | RHEL v5 32-bit | 1 | 1 Gb | Min 2 Gb free | Yes |
| Production | PD | RHEL v5 32-bit | 2 | 2 Gb | Min 2 Gb free | Yes |
Pre-Install Task – Time Synchronization!!!
It is imperative that all the servers be time synchronized. On VMware, the time synchronization will be handled by the VMware software. On physical machines, NTP or a similar product should be used for time synchronization. If NTP is used for time synchronization in your environment, the status of NTP on RHEL can be checked with the following command: # service ntpd status
Next Up: Install Authorization Server (ACLD)