friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8826eae394
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamzconfigssomgtcentral.htm

217 lines
15 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Scenario: Configure the Management Central servers for single signon" />
<meta name="abstract" content="View this scenario to learn how to configure your Management Central servers to participate in a single signon environment. After administrators complete the scenario for propagating a single signon configuration across multiple systems, they can do the necessary configuration so that their Management Central servers can participate in the single signon environment." />
<meta name="description" content="View this scenario to learn how to configure your Management Central servers to participate in a single signon environment. After administrators complete the scenario for propagating a single signon configuration across multiple systems, they can do the necessary configuration so that their Management Central servers can participate in the single signon environment." />
<meta name="DC.Relation" scheme="URI" content="rzamzscenarios.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzverifythatthedomainappears.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzcreateeimidentifiers.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzcreateidentifierassociations.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzconfigurethemanagementcentral.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzconfigurethemanagementcentralserverstouseeim.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamzconfigssomgtcentral" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Scenario: Configure the Management Central servers for single signon</title>
</head>
<body id="rzamzconfigssomgtcentral"><a name="rzamzconfigssomgtcentral"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Scenario: Configure the Management Central servers for single signon</h1>
<div><p>View this scenario to learn how to configure your Management Central
servers to participate in a single signon environment. After administrators
complete the scenario for propagating a single signon configuration across
multiple systems, they can do the necessary configuration so that their Management
Central servers can participate in the single signon environment.</p>
<div class="section" id="rzamzconfigssomgtcentral__situation"><a name="rzamzconfigssomgtcentral__situation"><!-- --></a><h4 class="sectionscenariobar">Situation</h4><p>You
are a system administrator for a medium-sized parts manufacturer. You have
been using the <span class="keyword">iSeries™ Navigator</span> Management
Central server to manage a central server and three endpoint servers for the
last three years. Your responsibilities include applying PTFs, creating new
users on the network and other administrative duties. You have always liked
having the ability to send and install PTFs to multiple systems from your
central server; this saves you time. Your company has just upgraded to V5R4,
and your company's security administrator has implemented a new security policy
for your company, which requires user passwords to be different on each system
in the network. Previously, the Management Central servers required that user
profiles and passwords be identical across the network. You've learned that
in <span class="keyword">i5/OS™</span> V5R4 that if you
enable the Management Central servers for single signon, you no longer need
to have matching user profiles and passwords on each endpoint system to use
the Management Central server's functions. This limits the need to manage
passwords on your <span class="keyword">i5/OS</span> systems.</p>
<p>You
completed the <a href="rzamzenablessoos400.htm">Scenario: Enable single
signon for i5/OS</a> for
one of your new systems, and then you completed the <a href="rzamzsynchconfig.htm#rzamzsynchconfig">Scenario: Propagate network authentication service and EIM across
multiple systems</a>. Now you want to want to configure all of your Management
Central servers to participate in this single signon environment.</p>
<div class="p">This
scenario has the following advantages:<ul><li>Reduces administration of user profiles on central and endpoint systems.</li>
<li>Reduces administrative password management for users on central and endpoint
systems.</li>
<li>Complies with the new company security policy, mandating that user passwords
be unique on each system.</li>
</ul>
</div>
</div>
<div class="section" id="rzamzconfigssomgtcentral__objective"><a name="rzamzconfigssomgtcentral__objective"><!-- --></a><h4 class="sectionscenariobar">Objectives</h4><p>You
are one of three system administrators that work for your company. You and
the other two administrators, Amanda and George, want to create a small single
signon environment that decreases your administrative expense and simplifies
your access to centrally managed applications and network assets.</p>
<div class="p">The
objectives of this scenario are as follows:<ul><li>To comply with your company's new security policy by enabling the <span class="keyword">i5/OS</span> V5R4 Management Central servers
for single signon.</li>
<li>To simplify password management by eliminating the need to have the same
user profile and password on every endpoint system that is managed by the
Management Central server.</li>
<li>To allow all endpoint systems managed by the Management Central server
to participate in a single signon environment.</li>
<li>To ensure asset security within the enterprise by mapping users to EIM
identifiers instead of using policy associations.</li>
</ul>
</div>
</div>
<div class="section" id="rzamzconfigssomgtcentral__details"><a name="rzamzconfigssomgtcentral__details"><!-- --></a><h4 class="sectionscenariobar">Details</h4><p>The
following figure illustrates the network environment for this scenario:</p>
<img src="rzamz503.gif" alt="This figure shows the relationship of the Central system, iSeriesMC1 (also designated as the model system for this scenario), to three Endpoint systems: iSeries A, iSeries B, and iSeries C. Additionally, the PC used by the administrator to manage the network is displayed. " /><div class="p">The figure illustrates the following points
relevant to this scenario.<ul><li><strong>Central system iSeriesMC1 (also specified as the model system):</strong><ul><li>Runs <span class="keyword">i5/OS</span> Version
5 Release 4 (V5R4) with the following options and licensed products installed:<ul><li><span class="keyword">i5/OS</span> Host Servers
(5722-SS1 Option 12)</li>
<li><span class="keyword">i5/OS</span> Access for Windows<sup>®</sup> (5722-XE1)</li>
</ul>
</li>
<li>Stores, schedules, and runs synchronize settings tasks for each of the
endpoint systems.</li>
<li>Configured for network authentication service and EIM.</li>
<li>Selected model system from which the network authentication service and
EIM configurations are propagated to the target systems.<div class="note"><span class="notetitle">Note:</span> The model system
should be configured similarly to the system identified as <span class="keyword">iSeries</span> A
in the <a href="rzamzenablesso.htm#rzamzenablesso">Scenario:
Create a single signon test environment</a>. Refer to this scenario to
ensure that all of the single signon configuration tasks on the model system
are completed and verified.</div>
</li>
</ul>
</li>
<li><strong>Endpoint systems <span class="keyword">iSeries</span> A, <span class="keyword">iSeries</span> B, and <span class="keyword">iSeries</span> C:</strong><ul><li>Runs <span class="keyword">i5/OS</span> Version
5 Release 4 (V5R4) with the following options and licensed products installed:<ul><li><span class="keyword">i5/OS</span> Host Servers
(5722-SS1 Option 12)</li>
<li><span class="keyword">iSeries Access for Windows</span> (5722-XE1)</li>
</ul>
</li>
<li>Configured for network authentication service and EIM.</li>
</ul>
</li>
<li><strong>Administrator's PC:</strong><ul><li>Runs <span class="keyword">iSeries Access for Windows</span> (5722-XE1).</li>
<li>Runs <span class="keyword">iSeries Navigator</span> with the
following subcomponents:<ul><li>Network</li>
<li>Security</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> Only required for PC used to administer network authentication
service.</div>
</li>
</ul>
</li>
</ul>
</div>
</div>
<div class="section" id="rzamzconfigssomgtcentral__prereq"><a name="rzamzconfigssomgtcentral__prereq"><!-- --></a><h4 class="sectionscenariobar">Prerequisites
and assumptions</h4><div class="p">Successful implementation of this scenario requires
that the following assumptions and prerequisites are met:<ul><li><strong>Central system iSeriesMC1 (also specified as the model system):</strong><div class="note"><span class="notetitle">Note:</span> This
scenario assumes that the central system is properly configured for single
signon. Refer to the <a href="rzamzenablesso.htm">Scenario: Create a single
signon test environment</a> to ensure that all of the single signon configuration
tasks on the central system are completed and verified.</div>
<ul><li>All system requirements, including software and operating system installation,
have been verified. To verify that these licensed programs have been installed,
complete the following:<ul><li>In <span class="keyword">iSeries Navigator</span>, expand your <span class="uicontrol">iSeries
server→Configuration and Service→Software→Installed Products</span>.</li>
<li>Ensure that all the necessary licensed programs are installed.</li>
</ul>
</li>
<li>All necessary hardware planning and setup is complete.</li>
<li>TCP/IP and basic system security are configured and tested.</li>
<li>Secure Sockets Layer (SSL) has been configured to protect the transmission
of data between these servers.<div class="note"><span class="notetitle">Note:</span> When you propagate network configuration
service configuration among servers, sensitive information like passwords
are sent across the network. You should use SSL to protect this information,
especially if it is being sent outside your Local Area Network (LAN). See <a href="../rzain/rzainmc.htm">Scenario: Secure all
connections to your Management Central server with SSL</a> for details.</div>
</li>
</ul>
</li>
<li><strong>Endpoint systems <span class="keyword">iSeries</span> A, <span class="keyword">iSeries</span> B, and <span class="keyword">iSeries</span> C:</strong><ul><li>All system requirements, including software and operating system installation,
have been verified. To verify that these licensed programs have been installed,
complete the following:<ul><li>In <span class="keyword">iSeries Navigator</span>, expand your <span class="uicontrol">iSeries
server→Configuration and Service→Software→Installed Products</span>.</li>
<li>Ensure that all the necessary licensed programs are installed.</li>
</ul>
</li>
<li>All necessary hardware planning and setup is complete.</li>
<li>TCP/IP and basic system security are configured and tested.</li>
<li>Secure Sockets Layer (SSL) has been configured to protect the transmission
of data between these servers.<div class="note"><span class="notetitle">Note:</span> When you propagate network configuration
service configuration among servers, sensitive information like passwords
are sent across the network. You should use SSL to protect this information,
especially if it is being sent outside your Local Area Network (LAN). See <a href="../rzain/rzainmc.htm">Scenario: Secure all
connections to your Management Central server with SSL</a> for details.</div>
</li>
</ul>
</li>
<li>You have already configured network authentication service and EIM on
your central system and endpoint systems (see<a href="rzamzenablessoos400.htm">Scenario:
Enable single signon for i5/OS</a> and <a href="rzamzsynchconfig.htm#rzamzsynchconfig">Scenario: Propagate network authentication service and EIM across
multiple systems</a> for information).</li>
<li>You are using Microsoft<sup>®</sup> Windows Active Directory as a Kerberos
server.</li>
<li>You have already added <span class="keyword">i5/OS</span> service
principal names to the Kerberos server (you perform this task in <a href="rzamzenablessoos400.htm">Scenario:
Enable single signon for i5/OS</a>).</li>
<li>You have already tested the network authentication services configuration
(you perform this task in <a href="rzamzsynchconfig.htm#rzamzsynchconfig">Scenario: Propagate network authentication service and EIM across
multiple systems</a>).</li>
</ul>
</div>
</div>
<div class="section" id="rzamzconfigssomgtcentral__steps"><a name="rzamzconfigssomgtcentral__steps"><!-- --></a><h4 class="sectionscenariobar">Configuration
steps</h4><p>To enable single signon for users of the Management Central
servers, complete the following tasks:</p>
</div>
</div>
<div>
<ol>
<li class="olchildlink"><a href="rzamzverifythatthedomainappears.htm">Verify that the domain appears in Domain Management</a><br />
</li>
<li class="olchildlink"><a href="rzamzcreateeimidentifiers.htm">Create EIM identifiers</a><br />
</li>
<li class="olchildlink"><a href="rzamzcreateidentifierassociations.htm">Create identifier associations</a><br />
</li>
<li class="olchildlink"><a href="rzamzconfigurethemanagementcentral.htm">Configure the Management Central servers to use network authentication service</a><br />
</li>
<li class="olchildlink"><a href="rzamzconfigurethemanagementcentralserverstouseeim.htm">Configure the Management Central servers to use EIM</a><br />
</li>
</ol>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzscenarios.htm" title="Use this information to review scenarios that illustrate typical single signon implementation situations to help you plan your own certificate implementation as part of your server security policy.">Scenarios</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink