Creating a device group

Depending on your organization requirements, you can create a device group to manage a subset of devices that have a restricted business use, such as LTO tape drives used by a single division. You must also create a role with a name that matches the name of the device group, including case. Name matching is case-sensitive.

About this task

This task uses the SKLMAdmin user ID and the IBM Security Guardium Key Lifecycle Manager interface to create an extra device group.

Your user ID must have either:
  • The securityOfficer role
  • Permission to the administrative actions (klmAdminDeviceGroup)

    If you have the klmAdminDeviceGroup permission, you can create, view, and delete a device group. It is not required that you first define a role for the device group. However, your other actions are limited by the permissions that you have. For example, if you have only klmAdminDeviceGroup permission, you cannot update the attributes after you create the device group.

Procedure

  1. Log on to IBM Security Guardium Key Lifecycle Manager.
    • Graphical user interface:

      On the browser Welcome page, type a user ID of SKLMAdmin and a password value, such as mypassword.

    • REST interface:
      • Open a REST client.
  2. Navigate to the appropriate page or directory:
    • Graphical user interface:
      Click Advanced Configuration > Device Group.
      1. In the Device Group table, click Create.
      2. In the Create Device Group dialog, complete the required fields and click Create.
    • REST interface:
      1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
      2. To invoke Device Group Create REST Service, send the HTTP POST request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.
        POST https://localhost:port/SKLM/rest/v1/deviceGroups/newGroup
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth authId=139aeh34567m
        {"deviceFamily":"LTO","shortName":"myLTO","longName":"my companyname 
        LTO devices"}
  3. Verify that the device group exists.
    • Graphical user interface:

      On the device group management page, scan the Device Group table to locate the device group.

    • REST interface:
      Send the following HTTP GET request by using a REST client:
      GET https://localhost:port/SKLM/rest/v1/deviceGroups
      Content-Type: application/json
      Accept : application/json
      Authorization: SKLMAuth authId=139aeh34567m
      Accept-Language : en

What to do next

Create a role with a name that matches the device group.