Secure domain overview

The computing environment in which Security Access Manager enforces security policies for authentication, authorization, and access control is called a secure domain.

The initial secure domain, called the management domain, is created when you install and configure the following systems:

Policy server: Maintains the master authorization database for the management domain. In addition, it updates authorization database replicas and maintains location information about other Security Access Manager servers.
Registry: Provides a database of the user identities that are known to Security Access Manager. It also provides a representation of groups in Security Access Manager roles that are associated with users.

These core systems must exist for Security Access Manager to complete fundamental operations, such as permitting or denying user access to protected objects (resources). All other Security Access Manager services and components are built on this base.

You can deploy Security Access Manager on multiple systems to configure and use the management domain on one stand-alone system. A single system setup is useful only when prototyping a deployment or developing and testing an application.

After you configure the policy server and registry server, you can set up more systems in the management domain. For example, you could set up an authorization server or application development system. You can also create more secure domains (if you use an LDAP registry) to securely partition data into separate, logical groupings. For information about creating multiple domains, see the Administering topics in the IBM Knowledge Center.