...

IBM Security Access Manager, Version 8.0, Appliance Standard Operating Procedures Version 1.2

by user

on
Category: Documents
18

views

Report

Comments

Transcript

IBM Security Access Manager, Version 8.0, Appliance Standard Operating Procedures Version 1.2
IBM Security Systems
Access Management
July, 2014
IBM Security Access Manager,
Version 8.0, Appliance
Standard Operating Procedures
Version 1.2
Author: Martin Schmidt
2|Page
Note: Before using this information and the product it supports, read the information in "Notices."
Edition notice
This edition applies to version 8.0 of IBM Security Access Manager and to all subsequent releases and
modifications until otherwise indicated in new editions.
© Copyright International Business Machines Corporation 2014.
Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule
Contract with IBM Corp.
3|Page
4|Page
Table of Contents
1 Introduction .......................................................................................8 1.1 Resources............................................................................................................................... 8 2 Accessing the appliance and committing changes ..........................8 2.1 Local management interface ............................................................................................... 8 2.2 Command line interface....................................................................................................... 9 2.3 REST APIs ............................................................................................................................ 9 3 Backup Strategy...............................................................................10 3.1 Backing up the virtual appliance ...................................................................................... 10 3.2 Appliance snapshots (Suggested) ...................................................................................... 11 3.3 Importing snapshots........................................................................................................... 13 3.3.1 Network Timeouts ........................................................................................................................................... 13 3.3.2 Uploading the snap file .................................................................................................................................... 14 3.4 Exporting and importing a security policy ...................................................................... 14 3.4.1 Importing ACLs ............................................................................................................................................... 14 3.4.2 Importing objects ............................................................................................................................................. 14 3.5 Backup Integration Example ............................................................................................ 15 3.5.1 Overview.......................................................................................................................................................... 15 3.5.2 PowerShell script ............................................................................................................................................. 16 3.5.3 Simplified bash and curl script ........................................................................................................................ 18 4 Monitoring........................................................................................20 4.1 Notifications ........................................................................................................................ 20 4.2 Monitoring the appliance .................................................................................................. 22 4.3 Monitoring instances.......................................................................................................... 25 4.4 Messages Catalog................................................................................................................ 27 5 Performance & Health ....................................................................27 5.1 Checking the state of the policy server (MGR) ............................................................... 27 5.2 Checking the state of WebSEAL instances ...................................................................... 28 6 Troubleshooting ...............................................................................30 6.1 Support Files....................................................................................................................... 30 6.2 Networking.......................................................................................................................... 30 6.2.1 Using the command line interface ................................................................................................................... 30 5|Page
7 Networking .......................................................................................32 7.1 Managing the M.1 and M.2 interfaces.............................................................................. 32 7.2 Managing the P.1-P.4 application interfaces ................................................................... 32 7.3 Managing network traffic routing .................................................................................... 32 7.4 Hosts File............................................................................................................................. 33 8 Certificate Maintenance..................................................................34 9 Appendix: Useful REST services....................................................35 6|Page
7|Page
1 Introduction
This document is a collection of Standard Operating Procedures (SOP) for the IBM Security Access Manager,
Version 8.0, appliance. It documents common tasks and practices for the daily operations and maintenance of a
deployment. It shows the tasks performed using the local management interface, command line interface, and REST
API whenever possible.
It does not cover deployment or migration.
1.1 Resources
The following are a list of resources that are available for managing the appliance.
•
•
•
Security Access Manager for Web product documentation on the IBM Knowledge Center at http://www01.ibm.com/support/knowledgecenter/SSPREK/welcome
Security Access Manager for Mobile product documentation on the IBM Knowledge Center at http://www01.ibm.com/support/knowledgecenter/SSELE6/welcome
Videos created by the IBM Security Systems Support team at
http://www.youtube.com/playlist?list=PL5VchNLXhuu-wEte77Cb7zBO-8419_tqK
2 Accessing the appliance and committing changes
You can access the appliance through three methods basic methods. The appliance uses a modify and commit
change model, which means any changes are not effective until committed. The local management interface
provides a visual reminder of this fact; the command line interface and REST API do not and requires due diligence.
2.1 Local management interface
You can access the local management interface with any web browser either in non-secure (HTTP) or secure
(HTTPS) mode. The local management interface requires basic authentication.
The following illustration shows the login screen. The login ID is admin, and the default password is admin.
The following illustration shows the notification panel for a pending change.
This one shows the change deploy panel.
2.2 Command line interface
The command line interface is available with the ssh port and protocol. Use any ssh client to connect to the
management interface. You authenticate with the admin user. Even though you use ssh to connect to the appliance,
the interface is not a Unix style shell.
Type help to see the list of available commands.
2.3 REST APIs
You can call REST with a various tools, which include cURL, Directory Integrator, Microsoft ®Windows®
PowerShell™, and others. This document uses the Firefox™ REST Client plugin or other tools as appropriate.
You can find REST API documentation on the appliance under Help.
9|Page
Remember to always set the appropriate header for making a call.
The following illustration shows how to use the REST client to list any pending changes.
3 Backup Strategy
Perform backups either on a regular schedule or based on changes in the environment. The appliance creates
snapshots, which you can use as part of the change management and backup processes.
3.1 Backing up the virtual appliance
You can back up the virtual appliance at the virtualization level (ovf export). This level of backup is a full
backup of the appliance with all settings. Make backups at this level before making any major changes in the
environment. You must stop and shut down the appliance before an ovf export.
Note: The ovf export is not a VMware snapshot; snapshots are not supported due to the clustering. See
10 | P a g e
http://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.0.2/com.ibm.amweb.doc_8.0.0.2/admin/concept/con_cluster_ba
ckup.html?lang=en
3.2 Appliance snapshots (Suggested)
The appliance provides an internal snapshot mechanism, which creates backups of configurations, and restores them
as needed. See
http://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.0.2/com.ibm.amweb.doc_8.0.0.2/admin/task/alps_managing_sn
apshots.html?lang=en
Snapshots are compressed files that are stored on the system. You can download and then open them with any zip
compliant utility, such as WinRAR.
Store only a small number of snapshots on the system. Copy them regularly copied to a safe location and delete
them on the appliance.
Follow these steps:
1.
2.
Select Manage -> System Settings -> Snapshots.
Select New and enter a comment.
3.
4.
Select the snapshot and perform the required tasks to download, delete, apply, or edit.
Use the following REST APIs to automate this process.
11 | P a g e
Create Snapshot
List Snapshots
Note: The ID field is required for download.
12 | P a g e
Download snapshot
Delete Snapshot
3.3 Importing snapshots
When you have large snapshot files, perform the import process with care to accommodate network timeouts and
snapshot processing.
3.3.1 Network Timeouts
Large snapshot processing can take longer than the specified network timeout. To prevent timeouts, either disable or
set a high network timeout on your browser.
Use the following steps to set the timeout in Firefox:
1.
2.
3.
Open Firefox and navigate to about:config in the browser bar.
Enter a filter of network.http.response.timeout.
Set this value to either 0 (no timeout) or a large number of seconds.
13 | P a g e
3.3.2 Uploading the snap file
When selecting and uploading the snap file with Browse, you MUST WAIT until Comment is populated.
After Comment is populated, select Save Configuration. Wait on this page until the file shows up in the list.
Note: There is no indicator that processing is taking place. Watch the spinner in the status bar.
3.4 Exporting and importing a security policy
Use the Web Portal Manager interface to export and import parts of the security policy to XML. You can create
backups of the policy used on a resource and documentation, or you can migrate the policy to another environment.
3.4.1 Importing ACLs
1.
2.
Select Secure Web Settings -> Manage -> Policy Administration.
Log in with the sec_master password.
3.
4.
5.
6.
Select ACL -> Export All ACLs.
Do not enter an encryption string.
Select Export and save the file.
Select Import ACL to load a file.
3.4.2 Importing objects
1.
2.
3.
Select Object Space -> Browse Object Space.
Navigate to the object you want to export and select it.
Select Export.
14 | P a g e
4.
5.
Mark Export Object including Children.
Do not enter an encryption string.
6.
7.
Save the file.
Use Import Object to load the file.
3.5 Backup Integration Example
When the backup infrastructure does not directly support the invocation of REST API calls, collect the snapshots on
a shared drive on Windows or Unix system and then regularly back up this drive*.
The script shown below will create email alerts if any part of the operation fails.
You can schedule the script on a regular basis to create and collect the snapshots.
3.5.1 Overview
The following diagram shows the architecture implementing this solution.
A windows based server is used to collect the snapshot file from the appliances. The file is stored on a network
drive. The files stored on the network drive are backed up using the existing backup solution.
If any error is encountered during the process, an email is sent to the administrators.
15 | P a g e
3.5.2 PowerShell script
You can use the following PowerShell script on the windows server to download the snap file as shown above.
##########################################################################
#
# A script to create appliance snapshots.
# The script will create a snapshot, download it, and remove the
# oldest snapshot on the appliance.
# If there is an error, an email notification is sent.
#
##########################################################################
#------------------------------------------------------------------------# Create directory date string
Function getDateString() {
$a = Get-Date
$d = ""
[string]$d = "{0:D4}" -f ($a.Year) + "{0:D2}" -f ($a.Month) + "{0:D2}" -f ($a.Day)
return $d
}
#------------------------------------------------------------------------# Send notification email.
Function alertMail ($body) {
$to = "[email protected]"
$from = "[email protected]"
$srv = "smtp.ibm.com"
$sub = "Automated message: SAM Snapshot Alert"
Send-MailMessage -To $to -From $from -Subject $sub -SmtpServer $srv -Body $body
}
#------------------------------------------------------------------------# Create the basic auth header entry.
Function createAuth($name,$pwd) {
$authInfo = ("{0}:{1}" -f $name,$pwd)
$authInfo = [System.Text.Encoding]::UTF8.GetBytes($authInfo)
$authInfo = [System.Convert]::ToBase64String($authInfo)
return "Basic {0}" -f $authInfo
}
Function getSnapshots ($name,$pwd,$target) {
16 | P a g e
$auth = createAuth $name $pwd
$headers = @{Accept=("application/json");"ContentType"=("application/json");Authorization=$auth}
$uri = "https://"+$target+"/snapshots"
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$web = New-Object System.Net.WebClient;
$web.Headers.add("Accept","application/json");
$web.Headers.add("Content-Type","application/json");
$web.Headers.add("Authorization",$auth);
$res = $web.DownloadString($uri);
$res = $res | ConvertFrom-Json
return $res
}
Function createSnapshot ($name,$pwd,$target,$desc) {
$auth = createAuth $name $pwd
$headers = @{Accept=("application/json");"ContentType"=("application/json");Authorization=$auth}
$body = '{"comment":"'+ $desc + '"}';
$uri = "https://"+$target+"/snapshots"
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$res = Invoke-WebRequest -Uri $uri -headers $headers -Method POST -Body $body
return $res
}
Function downloadSnapshot ($name,$pwd,$target,$id,$fn) {
$auth = createAuth $name $pwd
$headers = @{Accept=("application/json");"ContentType"=("application/json");Authorization=$auth}
$uri = "https://"+$target+"/snapshots/download?record_ids="+$id
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$web = New-Object System.Net.WebClient;
$web.Headers.add("Accept","application/json");
$web.Headers.add("Content-Type","application/json");
$web.Headers.add("Authorization",$auth);
$fn
$uri
$res = $web.DownloadFile($uri,$fn);
return $res
}
Function deleteSnapshot ($name,$pwd,$target,$id) {
$auth = createAuth $name $pwd
$headers = @{Accept=("application/json");"ContentType"=("application/json");Authorization=$auth}
$uri = "https://"+$target+"/snapshots/"+$id
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$res = Invoke-WebRequest -Uri $uri -headers $headers -Method DELETE
return $res
}
17 | P a g e
Function getLastSnapshotID($name,$pwd,$target) {
$sl = getSnapshots $name $pwd $target
return $sl[$sl.Count-1].id
}
Function getFirstSnapshotID($name,$pwd,$target) {
$sl = getSnapshots $name $pwd $target
return $sl[0].id
}
#
# This function does the work for creating a snapshot and downloading it.
Function performSnapshot($name,$pwd,$target,$root) {
try {
# create the snapshot on the appliance
$snap = createSnapshot $name $pwd $target
# Get the snapshot ID (always the first one)
$bid = getFirstSnapshotID $name $pwd $target
# Build the target file name and directory
$d = getDateString
$dest = $root +"/" + $d + "/"
$a = md -Force $dest
$dest = $root +"/" + $d + "/" + $target + ".zip"
# Download the snapshot
downloadSnapshot $name $pwd $target $bid "$dest"
# Get the last (oldest) snapshot ID
$lastid = getLastSnapshotID $name $pwd $target
# Delete the snapshot on the target.
deleteSnapshot $name $pwd $target $lastid
} catch {
#send an email alert if there is an error.
alertMail $Error
}
}
# Clear any existing Errors.
$Error.Clear();
# Duplicate the below line for any additional appliances.
# performSnapshot <adminid> <adminpwd> <appliance> <target Directory>
performSnapshot admin admin appliance1.ibm.com c:/temp
3.5.3 Simplified bash and curl script
The following script is a simplified version of the PowerShell script for AIX. It uses cURL and bash.
#!/usr/bin/bash
# -x
#
# Bash script that uses curl to backup a ISAM appliance.
#
#
# A script to create appliance snapshots.
# The script will create a snapshot, download it, and remove it
# from the appliance.
#
18 | P a g e
#------------------------------------------------------------------------# The root directory for the backups.
TODAY=`date +%Y%m%d`
BACKDIR="/BACKUP/DEV/${TODAY}/"
DOMAIN=".ibm.com"
#------------------------------------------------------------------------function getSnapshots {
curl -H "Accept:appliaction/json" --user "$1" "https://$2/snapshots" 2>>/dev/null
}
#------------------------------------------------------------------------function getLastSnapshotID {
sl=`getSnapshots $1 $2`
echo $sl | sed 's/,/ \
/g' | grep "\"id\":" | tail -1 | sed 's/.*":"//' | sed 's/"//'
}
#------------------------------------------------------------------------function getFirstSnapshotID {
sl=`getSnapshots $1 $2`
echo $sl | sed 's/,/ \
/g' | grep "\"id\":" | head -1 | sed 's/.*":"//' | sed 's/"//'
}
#------------------------------------------------------------------------function createSnapshot {
data="{\"comment\":\"$3\"}"
curl -H "Accept:appliaction/json" -d "$data" --user "$1" "https://$2/snapshots"
2>>/dev/null
}
#------------------------------------------------------------------------function createGetSnapshot {
r=`createSnapshot $1 $2 "$3"`
echo $r | sed 's/,/ \
/g' | grep "\"id\":" | sed 's/.*":"//' | sed 's/"//'
}
#------------------------------------------------------------------------function downloadSnapshot {
curl -H "Accept:appliaction/json" --user "$1"
"https://$2/snapshots/download?record_ids=$3" > "$4" 2>>/dev/null
}
#------------------------------------------------------------------------function deleteSnapshot {
curl -H "Accept:appliaction/json" -X DELETE --user "$1" "https://$2/snapshots/$3"
2>>/dev/null
}
#=========================================================================
function takeShot {
sid=`createGetSnapshot $1 "$2${DOMAIN}" "Created by backup script"`
if [ -z "$sid" ]; then
echo "ERROR Trying to backup $2"
echo "ERROR Trying to backup $2" | mail -s "Backup Error" [email protected]
else
`downloadSnapshot $1 "$2${DOMAIN}" $sid "${BACKDIR}${2}.zip"`
`deleteSnapshot $1 "$2${DOMAIN}" $sid `
Fi
}
#=========================================================================
# Main program.
R=`mkdir -p ${BACKDIR}`
takeShot 'admin:admin' appmgr01
takeShot 'admin:admin' appweb01
19 | P a g e
exit 0
4 Monitoring
You can monitor the appliance for system alerts with the methods documented at
http://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.0.2/com.ibm.amweb.doc_8.0.0.2/admin/task/alps_configuring_
system_alerts.html?lang=en
You can also use third-party monitoring tools for REST API queries to obtain the system’s state information and
perform actions based on predefined criteria.
4.1 Notifications
The notifications panel in the Home Dashboard provides a quick view of the appliance’s health. It includes:
•
•
•
Certificates that are due to expire.
Reverse proxy instances that are not currently running.
Notices that:
o The disk space utilization exceeded the warning threshold.
o The database size reached the warning threshold, which is 80% capacity.
o The CPU utilization exceeded the warning threshold.
You can configure the following thresholds from Manage Systems Settings -> System Settings -> Advanced
Tuning Parameters. The following list shows the defaults:
•
•
•
•
•
•
•
•
sys.notifications.disk.usage_warning_percentage = 80
sys.notifications.disk.usage_alert_percentage = 90
sys.notifications.cpu.usage_warning_percentage = 80
sys.notifications.cpu.usage_alert_percentage = 90
sys.notifications.cert.expiration_date_warning_days = 30
sys.notifications.cert.expiration_date_alert_days = 14
sys.notifications.hvdb.usage_warning_percentage = 80
sys.notifications.hvdb.usage_alert_percentage = 90
In the following example, the value was set to 2 to show the resulting message:
The following illustrations shows the resulting notifications with the instances stopped.
You can also make the following REST call.
20 | P a g e
Note: Any non-null return triggers an alert.
This following illustration shows an empty result.
The following Powershell script shows how to use the REST APIs.
#------------------------------------------------------------------------# Convert epoch to a nice date
Function get-epochdate ($epochdate) {
[timezone]::CurrentTimeZone.ToLocalTime(([datetime]'1/1/1970').AddSeconds($epochdate))
}
#------------------------------------------------------------------------# Create the basic auth header entry.
Function createAuth($name,$pwd) {
$authInfo = ("{0}:{1}" -f $name,$pwd)
$authInfo = [System.Text.Encoding]::UTF8.GetBytes($authInfo)
$authInfo = [System.Convert]::ToBase64String($authInfo)
return "Basic {0}" -f $authInfo
}
Function getNotifications ($name,$pwd,$target) {
$auth = createAuth $name $pwd
$headers = @{Accept=("application/json");"ContentType"=("application/json");Authorization=$auth}
21 | P a g e
$uri = "https://"+$target+"/isam/widgets/notifications.json"
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$web = New-Object System.Net.WebClient;
$web.Headers.add("Accept","application/json");
$web.Headers.add("Content-Type","application/json");
$web.Headers.add("Authorization",$auth);
$res = $web.DownloadString($uri);
$res = $res | ConvertFrom-Json
return $res
}
Function alertMail ($body) {
$to = "[email protected]"
$from = "[email protected]"
$srv = "smptp.ibm.com"
$sub = "Automated message: SAM Alert"
Send-MailMessage -To $to -From $from -Subject $sub -SmtpServer $srv -Body $body
}
Function checkNotifications ($u,$p,$t) {
$r = getNotifications $u $p $t
if ($r.items) {
$r.items | % {
get-epochdate $_.timestamp
$_.message
alertMail($_.message);
}
} else {
"No messages"
}
}
checkNotifications "admin" "admin" "labsamweb01m1.tivlab.austin.ibm.com"
4.2 Monitoring the appliance
Monitor the appliance from the local management interface dashboard for the following items:
•
•
•
•
•
•
Notifications
Disk Space
Memory
CPU Usage
Certificate Life time
Events
The following illustration shows the dashboard.
22 | P a g e
Use the following REST APIs to collect similar information:
Hard Drive space
The values of interest are the root entries for size, used, and avail.
23 | P a g e
CPU Usage
Memory Usage
24 | P a g e
Certificates lifetime
The result requires post processing to:
•
•
•
Extract the expiry.
Convert from epoch to an actual date or compare to the current epoch + Xdays.
Raise an alert if any are lower.
Event Log
4.3 Monitoring instances
Monitor various WEB instances for:
•
•
Status
Instance Log File
25 | P a g e
Status
Any health value that is not 0 denotes an issue.
Instance Log File
Retrieve the last 300 lines of the msg__webseald-xxx.log file. See the following example URL:
https://<server>/wga/reverseproxy_logging/instance/Test/msg__webseald-Test.log?options=line-numbers&size=300
26 | P a g e
4.4 Messages Catalog
The following table contains the more common messages. Use the message codes to filter these for special
processing.
(Note that some messages are Warnings as well as Errors!)
Code
Message
WGASY0002W
Certificate expires in <d> days: <name>
WGASY0002E
Certificate expires in <d> days: <name>
WGASY0003E
Certificate expired: <name>
WGASY0004E
Reverse Proxy is not running: <name>
GLGRS1003I
The CLI operator <name> has shut down the appliance.
WGASY0000W
High CPU utilization: <cpu>%
WGASY0000E
High CPU utilization: <cpu>%
GLGPL1001I
The LMI operator, <name>, has modified the System Alerts settings.
5 Performance & Health
This section describes how to monitor the performance and health of the appliance and instances. Do this task after
you apply changes to the system or end users experience problems. In general, access patterns for resources do not
change unless there are changes in the environment.
5.1 Checking the state of the policy server (MGR)
You can check the following files for the current state of the policy server.
1.
Select Monitor -> Application Log Files ->isam_runtime -> policy_server.
27 | P a g e
5.2 Checking the state of WebSEAL instances
You can check the following files for the current state of the WebSEAL instances.
1.
2.
3.
Select Secure Web Settings -> Reverse Proxy.
Mark the instance.
Select Manage -> Logging.
4.
Use the following additional local management interface pages to check the state of the junctions:
a. Select Monitor ->Logs -> Reverse Proxy Log Files.
b.
Select Monitor -> Network Graphs -> Application Interface Statistics.
28 | P a g e
c.
Select Monitor -> Reverse Proxy Graphs -> Reverse Proxy Traffic.
d.
Select Monitor -> Reverse Proxy Graphs -> Reverse Proxy Throughput.
29 | P a g e
6 Troubleshooting
This section describes some common troubleshooting steps.
6.1 Support Files
The appliance has a built in function to create and manage support file snapshots.
1.
2.
Select Manage -> System Settings -> Support Files.
Use this page to create and download support snap files.
3.
Delete the files when you no longer need them.
6.2 Networking
You have several tools for evaluating network issues. If you cannot access the appliance, use either the attached or
virtual console.
6.2.1 Using the command line interface
1.
2.
3.
Log in to the command line interface or the console, if you cannot access the server cannot through the
network.
Enter tools.
Use the ping and nslookup commands to determine network connectivity.
a. Ping the appliance and the appliance gateway.
b. If neither works, make sure the appliance networking (vlan) is set correctly.
4.
Get current network setting for M.1
30 | P a g e
5.
From the top, enter the following:
a. management
b. interfaces
c. show
6.
If the configuration values are incorrect, you can use the set command to make changes. It performs the
same steps as documented for the initial appliance configuration.
31 | P a g e
7 Networking
This section details steps for network- related operations.
7.1 Managing the M.1 and M.2 interfaces
1.
Select Management -> Network Settings -> Management Interfaces.
2.
Use the tabs to set the system related network settings, DNS, and the interface settings.
7.2 Managing the P.1-P.4 application interfaces
1.
Select Management -> Network Settings -> Application Interfaces.
2.
3.
Use the tabs and operations to set the interface settings.
Use the Test button to validate networking with a ping operation.
7.3 Managing network traffic routing
Manage the network traffic routing on the appliance. By default all traffic is routed through the M.1 interface, which
means all network outgoing traffic goes through it.
1.
Select Management -> Network Settings -> Routing.
32 | P a g e
2.
Add static routes as needed.
7.4 Hosts File
The appliance has a host file that is managed with the following interface.
1.
Select Management -> Network Settings -> Hosts File.
2.
Use this interface to manage the hosts file entries.
Note: To add entries to an existing IP, make sure the IP is highlighted before you select New.
33 | P a g e
8 Certificate Maintenance
The appliance greatly simplified the maintenance of the SSL certificates.
The home page Certificate Expiry panel shows a list of certificates listed by expiration date. Inspect it regularly and
renew or replace certificates as they are about to expire.
In addition, the home page notification panel displays any expired certificates.
1.
2.
3.
4.
5.
Select Manage -> Secure Settings -> SSL Certificates
Select the Certificate Database.
Select Manage -> Edit SSL Certificate Database.
Find the expired certificate and delete them.
Import new certificates or create certificate requests as needed.
34 | P a g e
9 Appendix: Useful REST services
The following are some useful REST services.
Get EPOCH
Gets current time on the appliance as an epoch.
35 | P a g e
36 | P a g e
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products,
services, or features discussed in this document in other countries. Consult your local IBM representative for
information on the products and services currently available in your area. Any reference to an IBM product,
program, or service is not intended to state or imply that only that IBM product, program, or service may be used.
Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right
may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM
product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The
furnishing of this document does not give you any license to these patents. You can send license inquiries, in
writing, to:
IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A.
For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property
Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan, Ltd. 19-21, NihonbashiHakozakicho, Chuo-ku Tokyo 103-8510, Japan
The following paragraph does not apply to the United Kingdom or any other country where such provisions
are inconsistent with local law :
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.
Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement
might not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the
information herein; these changes will be incorporated in new editions of the publication. IBM may make
improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time
without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for
this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring
any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of
information between independently created programs and other programs (including this one) and (ii) the mutual use
of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road
Austin, TX 78758 U.S.A.
Such information may be available, subject to appropriate terms and conditions, including in some cases payment of
a fee.
The licensed program described in this document and all licensed material available for it are provided by IBM
under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent
agreement between us.
Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained
in other operating environments may vary significantly. Some measurements may have been made on developmentlevel systems and there is no guarantee that these measurements will be the same on generally available systems.
37 | P a g e
Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of
this document should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products and cannot confirm the
accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the
capabilities of non-IBM products should be addressed to the suppliers of those products.
All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and
represent goals and objectives only.
All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer
prices may vary.
This information is for planning purposes only. The information herein is subject to change before the products
described become available.
This information contains examples of data and reports used in daily business operations. To illustrate them as
completely as possible, the examples include the names of individuals, companies, brands, and products. All of these
names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely
coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming techniques
on various operating platforms. You may copy, modify, and distribute these sample programs in any form without
payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming
to the application programming interface for the operating platform for which the sample programs are written.
These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply
reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample
programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing
application programs conforming to IBM's application programming interfaces.
Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as
follows:
© IBM 2014. Portions of this code are derived from IBM Corp. Sample Programs. © Copyright IBM Corp 2014. All
rights reserved.
If you are viewing this information in softcopy form, the photographs and color illustrations might not be displayed.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in
many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list
of IBM trademarks is available on the Web at Copyright and trademark information at ibm.com/legal/copytrade.shtml.
Statement of Good Security Practices
IT system security involves protecting systems and information through prevention, detection and response to improper access
from in and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or
misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product
should be considered completely secure and no single product, service or security measure can be completely effective in
preventing improper use or access. IBM systems, products and services are designed to be part of a comprehensive security
approach, which will necessarily involve additional operational procedures, and may require other systems, products or services
to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE
FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY
PARTY.
38 | P a g e
© International Business Machines Corporation 2014
International Business Machines Corporation
New Orchard Road Armonk, NY 10504
Produced in the United States of America 07-2014
All Rights Reserved
References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in
39 | P a g e
which IBM operates.
40 | P a g e
Fly UP