• 1 reply
  • Latest Post - ‏2013-05-26T23:22:14Z by daholmez
4 Posts

Pinned topic TAM integration with Datapower

‏2013-05-24T14:32:38Z |


We are using XI52 DP appliances. If we want to integrate TAM (for authentication through LDAP ) with Datapower, what are the options I can have ?

If we have the DP in DMZ, do we need to keep the TAM in DMZ as well ? Is there any best practices for this integration ?

Compared to the configuring directly the LDAP using AAA policy, TAM integration will provide any added advantage (Like centralizing the authentication across all the environments. Is this something possible) ?


Thanks in advance.

Updated on 2013-05-24T14:33:53Z at 2013-05-24T14:33:53Z by ERIC
  • daholmez
    5 Posts

    Re: TAM integration with Datapower


    The DataPower deployment model for TAM (now called ISAM) is the same as WebSEAL. That is, DataPower or WebSEAL resides in the DMZ, with the ISAM policy and registry (LDAP) servers located in a secure management or protected zone.

    Also like WebSEAL, replica registry servers should be configured for high availability and load balancing of ISAM-based authentication/authorization decisions. Check out these best practice technotes also - and

    Main benefit to using ISAM over direct interaction with the LDAP registry is consistency of user policy management across the enterprise. You're most likely considering using ISAM because you have already invested in an ISAM environment; it makes a lot of sense to extend that deployment to DataPower to - as you say - centralise access policy.