Installing a standalone TAM ESSO IMS Server took about 2 hours to install including the database. That was version 8.0. IBM released version 8.1 this past December and I spent this week going through the upgrade process to see what will be in store for folks who want to jump right into the new stuff. It didn't take the whole week to do this upgrade, however I had to take it slow so that I could capture documentation for future reference.
The big news is that TAM ESSO v8.1 requires IBM WebSphere Application Server. When I first saw this I thought "ugggh". But the reality is that you had to know this was coming and it makes sense to run IBM's single sign on solution on their own application server.
This changes a lot though. First off, deployments will take a little longer. The fact is, even with the wizard installation tools, WAS is still a big pile of software to install. You also need IBM HTTP Server. Both need to be patched once you install them and you can't even patch the software until you download the patch installer first (IBM UpdateInstaller). But Windows shops should be used to that anyhow as you need install Microsoft's update software in order to get Windows updates.
First, is the upgrade worth it? Of course. If you want the best support for your software keep on the latest and greatest. Everyone has heard the same thing on a typical tech support phone call where the support guy asks,"What version of software are you running?" and you say, "1.2". No doubt the support guy will suggest you try the latest version. Sometimes it really comes down to which version has the fewest warts? Because you know that the latest version of software will have something wrong with it, but you hope the latest has fewer warts than the older version and lets face it, which version is getting the most attention?
The new version of TAM ESSO does not look any different than the prior release as far as the end user is concerned. But when you think about it, if TAM ESSO is doing it's job, the user does not even know it is there. All the user knows is that they login to Windows, launch their applications and they are magically signed in. Not much to see there. But, for the implementer or tech support team there is plenty to be happy about in the new release.
1.) IBM has opened up the doors to more 2 factor devices. Generic smart card support – this will leverage 3rd party products for smart card life cycle management and leverage windows smart card authentication for certificate authentication. Also Serial ID Service Provider Interface (SPI) has been introduced to allow any vendor with a serial ID device to integrate with TAM ESSO. BIO-Key support has been added which will also widen the choices of 2-factor devices supported.
2.) Wider platform coverage. Windows 7 is coming and shops already starting to buy machines with Windows 7 want to be sure AccessAgent will work. While IBM does not list Windows 7 specifically in the compatibility list, Kiosk support has been added for Vista and 64-bit Windows is supported for AccessAgent although there may be some issues with certain 3rd party strong authentication devices. Word on the street is that Windows 7 will show up on the list when it is Microsoft certified.
3.) New features in AccessStudio should make profiling a little easier. The undo button is a nice option we take for granted in Word documents. I like it in AccessStudio very much. Another really nice feature that was added is the ability to take an existing trigger and convert it to a different type. To me that's a welcome new enhancement. The ability to save your profile as an image was there in version 8.0.1, but it's listed as a new feature for 8.1. I like it nonetheless so thanks IBM. Enhanced logging messages are also a big help. Any time they make improvements to this area, I'll welcome it.
4.) Firefox finally! I knew a lot of people that were really turned off by the lack of support for Firefox. At first I was a little the same way, but I got used to using both IE and Firefox anyhow for reasons that have nothing to do with SSO. I look forward to working with Firefox in profiling.
Well, I'm off to another SSO project. Stay tuned for more on this later.