Identifying drives

You can identify a 3592 tape drive for use with IBM Security Guardium Key Lifecycle Manager. Before you begin, create the wrapping keys that you want to associate with the devices that you are about to identify.

About this task

You can use the Add Tape Drive dialog or the Device Add REST Service to add a device. Your role must have the permission to the create action and a permission to the appropriate device group.

You can make any of the following choices for serving keys to devices.
Only accept manually added devices for communication
All incoming devices are not added to the data store. You must manually specify key service to each device.
Hold new device requests pending my approval
All incoming devices of a valid device group are added to the device store, but are not automatically served keys upon request. You must accept or reject a device in the pending devices list before the device is served keys upon request.
Automatically accept all new device requests for communication
All new incoming devices of a valid device group are added to the data store and are automatically served keys upon request.
Note: Do not use this setting if you intend to move the new device to another device group. Instead, select manual or pending approval mode to allow an opportunity to move the device into the appropriate device group before any keys are served.

Procedure

  • Using graphical user interface
    1. Log in to the graphical user interface.
    2. In the Key and Device Management section on the Welcome page, select 3592.
    3. Click Go to > Guided key and device creation. Alternatively, right-click 3592 and select Guided key and device creation.
    4. Click Step 2: Identify Drives.
    5. Choose how to handle requests from new devices.
      For example, to hold new device requests for your approval, select Hold new device requests pending my approval.
    6. To add a device, in the Devices table, click Add.
    7. On the Add Tape Drive dialog, select the default and partner wrapping keys. Optionally, add a description.
    8. Click Add Tape Drive.
  • Using REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI.
    2. Authenticate and authorize to access the REST APIs. For more information, see Authentication process for REST services.
    3. Use the Device Group Attribute Update REST Service to set the value of the device.AutoPendingAutoDiscovery attribute.
      For example, you can send the following HTTP request:
      PUT https://localhost:port/SKLM/rest/v1/deviceGroupAttributes
      Content-Type: application/json
      Accept : application/json
      Authorization: SKLMAuth authId=139aeh34567m
      {"name":"3592","attributes":"device.AutoPendingAutoDiscovery 2"}
    4. You can use the Device Add REST Service to add a device.
      For example, you can send the following HTTP request:
      POST https://localhost:port/SKLM/rest/v1/devices
      Content-Type: application/json
      Accept : application/json
      Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20
      Accept-Language : en
      {"type":"3592","serialNumber":"CDA39403AQJF","attributes":"worldwideName
      ABCdeF1234567890,description marketingDivisionDrive"}

What to do next

Next, use the 3592 Key and Device Management page to view all wrapping keys and devices.