IBM: Test 934: IBM Tivoli Identity Manager V5.0 Implementation

Professional Certification
About the program
About the member site
Certifications
	By product
	Test information
	Updates and revisions
Policy
Process
News
Contact

Related links
	Member site sign in
	Mastery tests
	Training
	Linux certification
	Business Partner Training and certification
	IBM Press
	CEIS

Professional certification

Certifications

Test information

	Test 934: IBM Tivoli Identity Manager V5.0 Implementation

Overview

Objectives

alt="" height="1" width="30"

Test Preparation

Section 1: Planning

Given the existing organization and reporting structure, gather the requirements and develop the solution so that an Organization Structure design is created.

Gather organization structure requirements.
Discuss alternatives.
Formalize organization structure.
Document organization structure.

Given the desired services list and Organization Structure design, gather target platforms, business processes and develop the solution so that a Service design is created.

Gather services target platforms.
Define organization requirements.
Gather platform business processes.
Identify unsupported platforms.
Document services requirements.

Given the existing Human Resources data and the Services design, gather entity requirements and develop the solution so that an Entities design is created.

Validate Human Resource data.
Gather entity requirements.
Design entities.
Document entity design.

Given the existing and projected business processes, gather the lifecycle management requirements and develop the solution so that a Lifecycle Management design is created.

Gather lifecycle management requirements.
Design lifecycle management strategy.
Document lifecycle design.

Given the existing and projected business processes, gather the e-mail management requirements and develop the solution so that an E-mail Management design is created.

Determine e-mail volume and frequency.
Determine aggregation policy.
Determine format and content of the aggregated e-mail.

Given the existing role information and Organization Structure design, gather the role requirements and develop the solution so that a Roles design is created.

Gather role requirements.
Define organization requirements.
Design the high-level role structure.
Document role design.

Given the existing provisioning policies and Organization Structure design, gather requirements, discuss and formalize the design so that a Provisioning Policies design is created.

Gather policy requirements.
Define organization requirements.
Gather entitlement requirements.
Define membership.
Design high-level policy structure.
Define service selection policies.
Document policy design.

Given the existing workflows and services design, gather the requirements including workflow scope and approach and develop the solution so that the Workflow design is created.

Gather workflow requirements.
Define workflow scope.
Design workflow approach.
Document the workflow design.

Given the existing Human Resources data and the entities design, analyze and map the data to the IBM Tivoli Identity Manager LDAP attributes and develop the solution so that the Person/BP Person entity design is created.

Gather identity source requirements.
Analyze identity source data.
Map identity data to IBM Tivoli Identity Manager.
Document identity requirements.

Given the existing identity policies and guidelines, entities design and identity sources design, gather the Identity Policy and Organizational requirements and develop the solution so that the IBM Tivoli Identity Manager V5.0 Identity Policy design is created.

Gather identity policy requirements.
Define organizational requirements.
Design high-level ID policy approach.
Document ID policy design.

Given the existing password policies and services design, gather the requirements and define the scope so that the IBM Tivoli Identity Manager V5.0 Password Policies design is created.

Gather password policy requirements.
Define password policy scope.
Define password settings.
Document password policy design.

Given the existing application security policies, organization structure design, services design and entity design, gather the IBM Tivoli Identity Manager V5.0 access requirements and design Groups and ACIs so that the IBM Tivoli Identity Manager V5.0 Security Model design is created.

Gather IBM Tivoli Identity Manager access requirements.
Design IBM Tivoli Identity Manager Groups.
Design IBM Tivoli Identity Manager ACIs.
Document IBM Tivoli Identity Manager security model.

Given proper policies and documentation, gather the customization requirements and determine the feasibility and scope so the Customization design is created.

Gather customization requirements.
Determine customization feasibility.
Design high-level functionality.
Determine customization scope.
Document server customization design.

Given proper documentation, gather the adapter requirements and develop the solution so a custom adapter design is created.

Gather agent requirements including account and group access requirements.
Determine customization feasibility.
Design high-level functionality.
Determine customization scope.
Document agent customization design.

Given the hardware assets list, existing network configuration and the Services design, gather the system architecture requirements and design the solution so a System Architecture document is created.

Gather system architecture requirements.
Design system architecture.
Document system architecture.

Given the Services design and existing project plans, prioritize the platforms and determine the adapter phases so that an Adapter Project Plan is created.

Prioritize platforms.
Group adapters into phases.
Determine timeline for phases.
Document adapter rollout plan.

Given the proper documentation, gather the initial timeline requirements and determine the initial solution rollout timeline so that an Initial Solution Rollout Project Plan is created.

Gather timeline requirements.
Determine timeline for production rollout.
Document timeline/plan.

Given the System Architecture design and existing backup processes, gather the backup requirements and develop the solution so a Backup and Recovery Strategy design is created.

Gather backup requirements.
Design backup strategy.
Document backup strategy.

Given proper documentation, analyze the current system and upgrade requirements so an Upgrade Planning document is created.

Analyze current system.
Determine system changes from upgrade.
Analyze customizations.
Design the customization upgrade plan.
Develop overall upgrade plan.
Document upgrade plan.

Given the proper documentation, analyze the business processes and requirements so that a custom reporting requirements document is created.

Gather business requirements.
Define reporting data.
Define report form.
Document requirements.

Given the existing account recertification process, gather the account recertification requirements and develop the solution so that a Recertification design document is created.

Gather recertification management requirements.
Design recertification management strategy.
Document recertification design.

Given the IT infrastructure definition, the projected user population to be managed, and the business continuity requirements, gather the availability and scalability requirements so that an availability and scalability requirements document is created.

Gather IT infrastructure information.
Gather network topology information.
Gather enterprise data and application information.
Analyze the gathered information.
Produce hardware recommendations.
Produce middleware configuration recommendations.
Document the Identity Management availability and scalability recommendations.

Given the existing organization and IT environment, gather the user interface requirements and develop the solution so that a Self Service User Interface design is created.

Gather user activity requirements.
Gather interface customization requirements.
Identify activities to be grouped together.
Document interface design.

Given the Component and Server layout within the various security zones, identify the transport channels and select their protection methodology, identify components and their security needs, and design a comprehensive security solution so that a plan to protect ITIM data as it is stored and transported in and between the various components is created.

Identify transport channels.
Select channel protection methodology.
Select component protection methodology.
Document security design.

Given the architecture design document, create an ITIM acceptance test strategy so that the delivered result can be validated.

Define test phases and scope.
Gather requirements for testing the components
Define testing objectives and requirements.
Analyze the risk assessment.
Define the testing levels, types and phases.
Document the criteria and acceptance test steps.

Section 2: Installation

Given prerequisite and patch software, install and configure prerequisite software so that the system is ready for the ITIM installation.

Gather hardware and platform specifications.
Validate and update hardware to IBM Tivoli Identity Manger specifications.
Determine the prerequisite software patch level required for IBM Tivoli Identity Manager Install prerequisite software.
Install prerequisite software patches.
Configure prerequisite software for IBM Tivoli Identity Manager installation.
Verify the installation and configuration are successful.

Given the IBM Tivoli Identity Manager Server software and access to InfoCenter, review the installation guides and install the software so that the ITIM server passes a basic functionality test.

Review installation documentation.
Gather environment data.
Install software including latest fixpack.
Verify the installation is successful.

Given the IBM Tivoli Identity Manager adapter software, install the adapter on the managed resource and the adapter profile on the IBM Tivoli Identity Manager server so that the adapter is properly installed and functioning.

Install adapter software.
Install adapter profile on IBM Tivoli Identity Manager server.
Configure the adapter.
Verify the installation and configuration are successful.

Given the installed adapter, create a Certificate Signing Request (CSR) and install the certificate so that the adapter functions properly with its certificate.

Gather information required for certificate signing request.
Create certificate signing request.
Install certificate.
Test communication.

Given an installed IBM Tivoli Identity Manager application and a test plan, log in and utilize the system functions to validate IBM Tivoli Identity Manager is running properly.

Start up IBM Tivoli Identity manager environment.
Review logs to ensure clean startup.
Execute the test plan and verify success.
Document results.

Given the IBM Tivoli Directory Integrator software, functioning ITIM server and the server which ITDI will be installed on, install and configure ITDI server so that the ITDI server is running properly.

Review installation documentation.
Gather environment data.
Install software including latest fixpack.
Verify installation is successful.

Section 3: Implementation

Given a newly installed ITIM Server, evaluate and configure the environment values so that the ITIM server settings are optimally configured.

Document the initial settings for the ITIM Server Application, WebSphere Application Server, ITIM HTTP Server, ITIM Database, and ITIM Directory Server.
Refer to the ITIM Performance Tuning Guide for recommended initial configuration settings for each component.
Set the initial configuration parameters for each component.
Document the new configuration settings for each component.

Given the appropriate organizational design documents, create the required organizational containers so that the organization structure is configured.

Create any additional organizations.
Create organizational units.
Create locations.
Create business partner organizations.
Create admin domains.

Given the appropriate IBM Tivoli Identity Manager Group and ACI design and access to the ITIM GUI, create the ITIM Groups, ACIs and relationship expressions such that the ITIM security model meets customer expectations.

Create IBM Tivoli Identity Manager Groups.
Create organizational ACIs.
Create provisioning ACIs.
Create report ACIs.
Create category ACIs.
Create required LDAP indices for attributes defined in relationship expressions.

Given object classes, an appropriate list of attributes and access to the LDAP tool, create and configure custom attributes such that the schema is extended.

Add attributes to LDAP.
Create new custom class.
Create custom labels.
Add attributes to the service schema.
Add attributes to the adapter schema.
Add indexes as needed.

Given the Entities design document, create custom entities so that customer requirements are met.

Add entity.
Configure default search attribute.
Configure name attribute.
Configure mapped attributes.
Create custom operation definitions.
Save entity.

Given the appropriate Forms design, configure the Forms so that all required Forms meet the design requirements.

Select Form to be customized.
Add or remove tabs.
Add or remove attributes.
Change control types.
Populate attribute lists.
Configure attributes' parameters.
Save form template.

Given the appropriate organizational Roles design, create the static and/or dynamic role such that the roles are configured.

Create static roles.
Create dynamic roles, including LDAP filter.

Given the appropriate Services design and managed services data, create IBM Tivoli Identity Manager service objects such that the service is configured and functioning.

Determine service type including manual services.
Populate service form.
Test service connectivity.
Save service.
Set policy enforcement type.
Configure compliance alert method.

Given the appropriate Workflow design and custom workflow extensions, create workflows such that the workflows satisfy customer requirements.

Determine workflow type.
Define workflow data.
Add elements to workflow.
Configure elements.
Connect elements.
Configure notification templates.
Configure Action Text.
Save workflow.

Given the appropriate service selection policy design and the JavaScript extensions, enter the definition for each service selection policy so that the service selection policies function as required.

Populate general information.
Determine service type.
Enter JavaScript definition.
Save changes to policy.

Given the appropriate Provisioning Policy design, add entitlements, memberships and targets such that the provisioning policies are properly configured.

Populate general information.
Add memberships.
Add entitlement.
Set target type.
Configure parameter lists.
Associate workflow.
Save changes to policy.

Given the appropriate Join Directives design and custom Join Directive extension, set the join directives for each profile so that the join directives are set.

Select service profile.
Select attribute.
Set join type.
Save join directives.

Given the Password Policy design and custom password policy extension, create the password policy such that it creates the appropriate passwords for the specified service type.

Copy custom password policy extension files.
Edit password policies file.
Edit custom labels file.
Restart ITIM server.
Populate general information.
Choose target service types/instances.
Set password rules.
Save changes to policy.

Given the Identity Policy design, create identity policy such that it creates the appropriate IDs for the specified service type.

Populate general information.
Choose target service types/instances.
Enter JavaScript definition.
Save policy changes.

Given the Password Configuration design, configure password settings such that passwords are handled appropriately throughout IBM Tivoli Identity Manager.

Configure lost password behavior.
Configure challenge/response settings.
Enable or disable password editing.
Enable or disable password synchronization.
Set password expiration period.
Set password retrieval period.
Set maximum number of invalid login attempts.
Save password settings.

Given the appropriate User Interface Parameters design and access to the ui.properties file, configure the ui.properties file so that the user interface requirements meet customer expectations.

Configure the customer logo.
Configure page size.
Configure page link maximum.
Configure search results maximum.
Configure console title bar.
Configure console banner
Configure console footer.
Configure post office template size limits.
Configure report limits.

Given the appropriate installation and custom files, configure e-mail properties for password notification so that the settings are configured.

Configure the password notification method.
Configure the property files.
Add custom password notification workflows.

Given an e-mail management design, configure the IBM Tivoli Identity Manager Post Office settings such that the e-mail management requirements have been met.

Configure the System-wide Post Office setting.
Configure the collection interval.
Configure the Post Office settings on the manual activity nodes.
Define the aggregate message.

Given an e-mail management design, configure the workflow notification templates such that the e-mail management requirements have been met.

Configure the default escalation limit.
Configure reminder interval.
Customize default notification templates.

Given the default e-mail notification template, perform the modifications, test, and implement steps so that the e-mail notification contains the requested information that can be shared across multiple workflows.

Clone the default template.
Define the subject and body.
Determine the xhtml content.
Include the notification in a workflow.

Given the standard self service view, perform the customizations so that customer requirements are met.

Locate the default views.
Modify tasks content available for a specified view.
Create ACIs for view content.
Modify operations to enable a task in the view.
Re-order tasks on the homepage.
Control page layout.
Modify content for custom specifications.
Customize style sheets to match a corporate specification.

Given the appropriate Self Service Interface parameters and the SelfServiceUI.properties file, configure the SelfServiceUI.properties file so that the Self Service Interface satisfies the customer requirements.

Configure the page size.
Configure page link maximum.
Configure search results maximum.
Configure layout options.
Configure user search attributes.

Section 4: Data Management

Given the detailed design, Human Resources data and the IBM Tivoli Identity Manager schema, determine the identity data sources and the load method so that an identity loading process is created.

Identify data sources.
Determine load method (ITDI, JNDI, DSML, LDAP, AD).
Map external data to IBM Tivoli Identity Manager schema.
If using ITDI, configure ITDI assembly line.

Given an HR feed data file and the Organization Structure design, create an IBM Tivoli Identity Manager HR feed service, schedule and run a reconciliation such that the data is loaded correctly into the ITIM repository.

Create HR Feed service (DSML, ITDI, AD, LDAP).
Define placement rule.
Schedule reconciliation.
Initiate reconciliation.
Validate reconciled user data.

Given the IBM Tivoli Identity Manager adapter and service definition, migrate existing accounts so that the accounts are associated with appropriate identities.

Define reconciliation for services.
Define adoption rules at the appropriate level.
Run initial reconciliation.
Verify reconciliation results.

Given orphan accounts and their appropriate owners, configure the correct owners’ person records so that the orphan accounts are adopted.

Identify orphan accounts.
Identify owners for orphan accounts.
Map the account to the owner using JavaScript or the preferred user ID.
Define a method to manage system accounts.
Run reconciliation again.
Verify orphans get adopted by correct person records

Section 5: Troubleshooting

Given access to the relevant logs and files, review logs so that the issues are identified.

Gather log files.
Review IBM Tivoli Identity Manager log files.
Review middleware logs (DB2, IDS, WAS).
Determine problem category.
Increase logging level for appropriate category.
Reproduce problem if possible.

Given a problem description, analyze the data flow so that the component that is the source of the problem is isolated.

Determine the source of the data.
Determine all components that store or move the data.
Isolate the components that perform operations on the data.
Analyze logs and audit records to verify data integrity at all steps.
Identify components where the data is mishandled.

Given adapter related problems, troubleshoot the source of the problem so that the problem is identified.

Analyze the completed and/or pending requests view.
Gather log data from adapter and server.
Analyze log data and audit records.
Modify server and adapter logging levels as necessary.

Section 6: Production

Given a functioning test environment and production systems, copy configurations to the production environment such that the production system mirrors the test systems and functions with production agents.

Enable security on the production system.
Promote customizations from test to production using appropriate tools.
Promote ITIM configuration data to production using appropriate tools.
Modify services to match production adapters.
Reconcile supporting data from production adapters.
Test the production system.

Given a list of services and a schedule for the reconciliations, create reconciliation schedules for each service with appropriate filters so that reconciliation data is available.

Determine systems to be reconciled.
Determine frequency of reconciliation for each service.
Define any reconciliation filters for each service.
Create reconciliation schedule for each service.

Given a production environment copied from a functioning test environment and the acceptance test plan, perform production verification and acceptance so that the production system is functional.

Execute the test plan.
Validate communication between ITIM server and all adapters.
Validate provisioning policy changes using Policy Preview.
Validate e-mail notifications are reaching the appropriate target(s).
Validate the user interface.

Given the existing security strategy and SSL certificates, install the certificates and enable SSL on all components so that secure communication between ITIM and the middleware and adapters is configured.

Configure the ITIM HTTP Server for HTTPS only communications with the user and install the certificate.
Install certificates in WebSphere.
Install certificates in ADK adapters.
Install certificates in ITDI.
Enable SSL on ADK adapters and ITDI.
Install certificates on LDAP server.
Configure LDAP server to use SSL.
Configure ITIM to use SSL for LDAP connections.

Section 7: Maintenance

Given the IBM Tivoli Identity Manager systems, implement monitoring procedures so that the ITIM deployment can be monitored.

Monitor connectivity to database, LDAP and adapters.
Monitor disk space of application servers and repositories.
Track logs and log sizes.
Monitor error logs for problems.
Monitor LDAP recycle bin if enabled.
Monitor cluster members.
Schedule system backups.
Monitor performance.

Given the IBM Tivoli Identity Manager version upgrade software and documentation, upgrade ITIM on test and production systems so that it is functioning properly.

Determine middleware components to upgrade.
Obtain server component upgrade software.
Request backup of all ITIM components.
Request backup of all system components.
Create Test environment.
Install upgrade on Test.
Repackage custom applications with upgraded API JAR files.
Validate Test upgrade environment .
Install upgrade on production server.
Test server.

Given the adapter software and documentation, upgrade and test the IBM Tivoli Identity Manager adapters so that they are upgraded and functioning properly.

Obtain new adapter software.
Determine components to install.
Request backup systems to be upgraded.
Install new adapter/upgrade.
Install adapter profile.
Verify certificates.
Test adapter.

Given the ITIM fixpack software and documentation, install the appropriate fixpack on the test and production systems such that the software is functioning properly.

Obtain fixpack software.
Determine requirements for fixpack from fixpack documents.
Create Test environment.
Install fixpack on Test.
Perform function test on items fixed by fixpack.
Request backup system.
Install fixpack on production server.
Test the fixpack.

Given the Performance Tuning Guide and customer's hardware specifications, configure system settings such that IBM Tivoli Identity Manager is tuned and functioning properly.

Identify IBM Tivoli Identity Manager deployment parameters and settings.
Utilize Performance Tuning Guide.
Set memory settings.
Configure logging levels, options and file sizes.
Set messaging - timeout values.
Set disk usage limits.

Given workload information and archive requirements, configure and schedule directory and database cleanup so that historical and temporary objects are removed.

Enable the recycle bin.
Configure recycle bin age limit.
Create cron job for recycle bin cleaning.
Perform database backup.
Create SQL command for database cleaning.

Section 8: Enhancements in V5.0

Given an access plan and the target resource, define and validate the access entitlements for each participant so that it is verified that the access entitlements are configured correctly for the resource.

Select participants.
Define access entitlements.
Validate access entitlements.

Given the security and compliance requirements and a deployed Identity Management solution, create and schedule a recertification policy so that a recertification policy is created.

Define general parameters.
Choose type and target.
Set the schedule for execution.
Define the policy actions.
Select / customize the E-mail notifications.
Define Customizations to the workflow.

Given the appropriate Self Server User Interface design, configure the Self Service User Interface so that it meets customer requirements.

Configure the main page layout by modifying the SelfServiceUI.properties file.
Configure the screen text by modifying the SelfServiceScreenText_.properties file.
Customize the web content by modifying the files in the itim_self_service.war/custom directory.
Customize the help content by modifying the SelfServiceHelp.properties file.
Configure the default home page properties by modifying the SelfServiceHomePage.properties file.
Define Views from the Self Service UI Configuration page.

Given the proper documentation and extension jar file, configure a new JavaScript extension so that the JavaScript extension satisfies the customization requirements..

Gather extension documentation.
Define required IBM Tivoli Identity Manager modules affected.
Modify scriptframework.properties as required.
Modify the WebSphere properties as required.
Document modifications to current system.

Given the existing reporting requirements and the ITIM report pack, install the Tivoli Common Reporting Server so that reports are created.

Install Tivoli Common Reporting Server.
Deploy ITIM report pack.
Customize ITIM reports as necessary.
Run reports and verify accuracy.

Test registration

Authorized Prometric test centers (worldwide testing)