About IBM Security Access Manager
IBM Security Access Manager is an intermediate level certification is intended for deployment professionals working with IBM Security Access Manager V9.0 (ISAM). These deployment professionals plan, install, configure, administer, maintain, tune and troubleshoot ISAM installations.
Prerequisite for the exam
Basic knowledge of:
• operating systems and databases.
• hardware or virtual machines.
• networking and protocols.
• auditing and compliance.
• information security regulations (HIPPA, SOX).
• Public Key Infrastructure fundamentals (PKI).
• Directory services fundamentals.
• Web server fundamentals
• Firewall concepts
• Authentication and authorization concepts
• Single Sign-On protocols (Kerberos, SAML, OAuth, OpenID Connect)
• Multi-factor authentication (One-time password)
• Demonstrate a knowledge of the features and capabilities of the ISAM Base, ISAM Advanced Access Control Module, and ISAM Federation Module.
• Demonstrate knowledge of ISAM deployment patterns, including designing for high availability and determining capacity requirements.
• Apply detailed network design principles, including appropriate subnets interface, static routing, ports (firewall) and default gateway.
• Setup DNS, time, license, activation, firmware, and fixpack levels at the initial installation.
• Prepare for rack space, power, cabling, and management interface IP and install the hardware appliance.
• Prepare and install the appliance in different virtual environments.
• Prepare an external high volume database for use with ISAM.
3. Configure, customize and integrate
• Use PKI, including completing the task of generating certificate requests and/or importing certificates into the appropriate certificate repository (KDB file).
• Configure Web Components – Runtime and Reverse Proxy using LMI and REST API, including applying hard and soft limits to junctions, Single Sign-On method and junction type; configure Kerberos.
• Configure the Advanced Access Control Module using LMI and REST API, including Risk Profiles, Authentication, Policies, Custom Attributes, Obligations, PIP, and isamcfg.
• Configure Federation Components using LMI and REST API, including Federations, Partners, and Runtime including swap of metadata, mapping rules, cloud connectors and isamcfg.
• Configure Federated Directory(s).
• Configure Protocol Analysis Module (PAM).
• Create custom roles for delegated administration of the ISAM appliance functionality; externalize appliance authentication and authorization.
• Configure highly available ISAM environments using clustering, replicated proxies, DSC, front-end load balancer.
4. Administer and maintain
• Monitor critical performance metrics and availability, including events and alerts.
• Demonstrate an understanding of various backup and recovery strategies, including snapshots.
• Configure log files, including their roll over settings.
• Maintain SSL keystores, including identifying expired certificates.
• Use the ISAM stop, start, failover features to aim for limited down-time during maintenance slots.
• Perform policy administration.
• Monitor IBM support website for bulletins and fixpacks; apply as necessary.
5. Troubleshoot and tune
• Examine and tune settings, including advanced parameters for TCP/IP.
• Navigate to and view logs on the appliance and look for relevant messages.
• Enable and review network and ISAM-specific traces and understand auditing capabilities; perform network troubleshooting using ping, traceroute, connect.
• Take a support file extract and send and/or examine for issues and upload them to IBM Support as part of the PMR process.
Who this course is for:
- All Levels