Securing WebSphere on z/OS Eğitimi

Ön Kayıt ve Fiyat Bilgi Formu

Tarih ve lokasyonlar

Bu eğitimi özel sınıf olarak kendi kurumunuzda talep edebilirsiniz.
Lütfen bizimle iletişime geçin:

+90 212 282 7700

Talep Formu
Eğitim Tipi ve Süresi

3 Days ILT    

Securing WebSphere on z/OS (OZ66G)

IBM Course Code: OZ660

WebSphere Application Server (WAS) Version 6.1 (V6) for z/OS provides a Java 2 Enterprise Edition (J2EE) runtime environment for Enterprise JavaBeans (EJB), along with servlets and Java Server Pages (JSP) in Web applications.

This course focuses on security and security-related topics and provides technical details to design and implement secure solutions with WebSphere. It will provide information technology (IT) Architects, IT Specialists, application designers, application developers, application assemblers, application deployers, and consultants with information necessary to design, develop, and deploy secure e-business applications using IBM WebSphere Application Server V6.1.

This course not only discusses theory but also provides exercises and sample applications that you will use during the labs.

Implementing security in a WebSphere environment requires that security administration, systems programming, and WebSphere application development staff work closely together.

Learn how to secure the WebSphere V6.1 for z/OS infrastructure, and how to secure EJB applications and Web applications.

Reinforce the concepts you learn in lectures with extensive hands-on laboratory exercises.

Note: This course does not address Java application development for z/OS, and it and does not teach the use of programming tools such as IBM Rational Application Developer 7.0 . However we will use the Application Server Toolkit (ASTK) to change the deployment descriptors of the applications we will install in order to set the security artifacts.

What You'll Learn

  • Plan for the modification of the installation security configuration necessary to support J2EE application security
  • Describe the security options available for WebSphere V6 client authentication/identification, secure communications, and authorizing access to resources
  • Describe what is involved in securing resources in a J2EE environment. Applications are often created, assembled, and deployed in different phases, by people in different roles
  • Compare the various J2EE client authentication options including options usable across multiple platform types
  • Assist developers by implementing infrastructure for the following J2EE authorization techniques
  • EJB roles
  • RunAs
  • resauth
  • Synch to OS thread
  • Assist developers by implementing infrastructure for the following web client authentication options
  • Basic authentication
  • Forms-based authentication
  • Client certificates

Who Needs to Attend

This intermediate course is intended for experienced z/OS system programmers responsible for securing the infrastructure of WAS V6, along with Information Technology (IT) professionals responsible for the secure deployment of EJB and Web applications into WAS V6 on z/OS.

It is recommended that teams of two or three individuals from an enterprise attend this course. Teams should include the z/OS system programmer responsible for the installation of WAS V6, an application assembler responsible for deploying EJB and Web applications, and possibly a WAS specialist. The range of skills needed for securing WebSphere e-business applications is such that it is rare for one IT professional to have expertise in all areas of WebSphere and RACF.


You should have:

  • Experience with the installation and customization of z/OS and its subsystems, including the Security Server (Resource Access Control Facility (RACF)), or equivalent product.
  • Experience with the administration of WebSphere on z/OS, including the usage of the admin console to deploy applications.

This course assumes that the initial zWebSphere installation and customization have already been implemented in a network deployment cell configuration, including a Deployment Manager, Node Agent, and Application server. The basic implementation of zWebSphere is not covered in this course. Individuals who need training in the implementation of WebSphere on z/OS should consider completing other appropriate courses in the curriculum prior to attending this course.

Follow-On Courses

There are no follow-ons for this course.

Course Outline

Day 1

  • (00:30) Welcome
  • (01:00) Unit 1: Overview of WebSphere for z/OS version 6
  • (02:00) Unit 2: WebSphere and J2EE security overview
  • (02:00) Unit 3: WebSphere infrastructure and SAF security: Initial RACF setup
  • (03:00) Lab 1: WAS security setup, enabling administrative and application security

Day 2

  • (02:00) Lab 1 (Continued)
  • (02:00) Unit 4: WebSphere and SSL
  • (02:30) Unit 5: J2EE security

Day 3

  • (01:00) Unit 6: Enabling basic authentication
  • (00:30) Lab 2: Enabling HTTP basic authentication
  • (01:00) Lab 3: Exploring WebSphere bindings
  • (00:30) Unit 7: Enabling form based authentication
  • (01:00) Lab 4: Enabling SSL client authentication
  • (00:30) Unit 8: Enabling EJB authorization and RunAs
  • (00:30) Lab 5: Enabling form based authentication
  • (00:30) Lab 6: EJB security
  • (00:30) Lab 7: runas and sync to os thread (optional)
  • (00:30) Lab 9: Java 2 security (optional)

Day 4

  • (01:30) Unit 9: Connector security J2C connectors
  • (00:30) Unit 10: Connector security JDBC
  • (01:30) Unit 11: Web Services Security (WS-Security)
  • (01:00) Lab 8: Connector security (optional)
  • (01:00) Lab 10: LDAP security (optional)

Eğitim içeriğini PDF olarak indir

Eğitim Sağlayıcı ve Kategori

IBM  » z/OS Eğitimler
IBM  » Operating Systems Eğitimler