Security for WebSphere Applications

• describe the set-up of global security, administrative security, application security and Java 2 security
• configure administrative security for particular users to gain different access to the admin console
• set up security domains for admin security and application security
• set up the security cache and security auditing features
• create a secure web application using security constraints and security roles and mapping to specific groups and users
• configure the VMM
• explain the Public Key Infrastructure
• describe digital certificates and digital signatures using both Certificate Authorities and Self Signed Certificates
• configure SSL for JDBC connections and within the cell
• understand and setup cross cell authentication
• explain the new application policy sets that can be installed to define the integrity and confidentiality of messages and transactions for Web Services
• understand the use of CSIv2 when securing client to server applications
• use logs and traces to recognise problems
• use performance tools, recognise performance problems and tune accordingly.

Objectives & topics; WAS security implementation; Administrative security; Secure System Administration; Federated repositories feature; Simplified certificate and key management; Tips for configuring default security; Secure processes; Extensible, layered security infra-architecture; J2EE security features compared; Java2 security; JAAS (Java Authentication and Authorization Service; J2EE security roles; J2EE security the full picture explained; SSL - Secure Sockets Layer; Authentication; External WAS security components; JACC - Java Authorization Contract for Containers; J2EE Application Security (focus on); Security roles; Taken from EJB specification; EJB specification translated; J2EE container based security; Configuring application security; handling security role mappings from Admin console; Securing J2EE components in practice; Web components; Web module; Securing EJBs; Security Cache, Multiple Security Domains; Different application security realms.

Objectives & topics; How does it work; different types of VMM; configuring the VMM using default adapters; configuring VMM with Property Extension Repository (PER) and Entry Mapping Repository (EMR); configuring database repository in VMM.

Objectives and Topics; Cryptography in Internet applications; Public key cryptography overview; What is a digital certificate?; Public key & certificate; Uses for certificates in applications; CA and self signed certificates; Auto replacement of certificates; autosecurity and privacy; firewalls and encryption; Secure Sockets Layer; Secure communications using SSL; SSL administration.

Objectives and Topics; Overview of CSIv2; the protocol; three layers of authentication; identity assertion and mapping; security attribute propagation; configuration on the client and the server,

Objectives & topics; Resources for problem determination; Console messages; Log Files; WAS logs overview; Basic format for log/trace entry; If logs are not enough; To trace or not to trace; Trace strings; Web Server - Web container: mind the gap!; HTTP Server logs; Dump Name Space; Thread analyzer; Collector tool; First Failure Data Capture logs; HTTP session monitoring; Product installation information; Log and Trace analyzer for Autonomic Computing.

Objectives & topics; Performance enhancing technologies; Performance data; Transaction oriented; Built-in performance booster; Performance data and tools; PMI overview; PMI data; Performance data hierarchy; PMI data organization; Tivoli Performance Viewer; Performance Advisors; Performance (PMI) Servlet; JVMPI facility; PMI request metrics; Request Metrics functionality; What's the point?; Current architecture; Configuring Request Metrics; Limit the monitoring; Request Metrics output; Application Response Measurement (ARM); Dynamic Cache (optional section); Dynamic Cache functionality; What can be cached?; How it works; Dynamic Cache setup; Dynamic Cache monitoring; Security Cache and Auditing.