Moving devices between device groups

Use the device update function to move device from one existing device group to another existing device group. For example, you might want to move a device to the MYDS5000 device group.

About this task

You can use the Modify Device page or Device Update REST Service to move a device that contacts IBM Security Guardium Key Lifecycle Manager from one device group to another within the same device family. For example, you might want to move a device to the MYDS5000 device group within the DS5000 device family.

For more information about creating a device group, see Creating a device group.

Procedure

  1. Navigate to the appropriate page or directory:
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select DS5000.
      3. Right-click DS5000.
      4. Click Manage keys and devices.
    • REST interface:
      • Open a REST client.
  2. Locate the device that you want to move to another device group within a parent device family.
    • Graphical user interface:

      On the Key and Device Management DS5000 page, locate the device in the device table. For example, the device might have a serial number such as aaa123.

    • REST interface:
      1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
      2. To invoke Device List Type REST Service, send the HTTP GET request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.
        GET https://localhost:port/SKLM/rest/v1/devices?type=DS5000
        Content-Type: application/json
        Accept : application/json
        Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20
        Accept-Language : en
        In the success response locate the value of the device uuid. For example:
        Status Code : 200 OK
        Content-Language: en
        [
        {
        "Description": "My long description",
        "Serial Number": "aaa123",
        "Device uuid": "DEVICE-b7678b4d-3898-4f8c-9557-dbb2f381fc8a",
        "Device group": "DS5000",
        "World wide name": "",
        "Sym alias": "DS5K-aaa123"
        },
        ]
  3. Ensure that the target device group exists.
    • Graphical user interface:

      On the Key and Device Management DS5000 page, in the device table, select the device and click Modify > Device.

      On the Modify Device page, in the Currently assigned device group field, expand the list to determine whether the MYDS5000 device group is available.

    • REST interface:
      Send the following HTTP request:
      GET https://localhost:port/SKLM/rest/v1/deviceGroups?deviceFamily=DS5000
      Content-Type: application/json
      Accept: application/json
      Authorization: SKLMAuth authId=139aeh34567m
      Accept-Language : en
      Locate the device group. For example:
      Status Code : 200 OK
      Content-Language: en
      [
      {
      "Device Group UUID": "10000",
      "Device Group Name": "MYDS5000",
      "Device Family": "DS5000",
      "symmetricKeySet": null,
      "drive.default.alias1": null,
      "drive.default.alias2": null,
      "shortName": MYDS5000group,
      "longName": my companyname DS5000 devices,
      "roleName": "MYDS5000",
      "device.AutoPendingAutoDiscovery": "0",
      "enableKMIPDelete": "false"
      },
      ]
  4. Update the device to specify the new device group.
    • Graphical user interface:

      On the Modify Device page, in the Currently assigned device group field, select the MYDS5000 device group

      Click Modify Device.

    • REST interface:
      Send the following HTTP request:
      PUT https://localhost:port/SKLM/rest/v1/devices
      Content-Type: application/json
      Accept : application/json
      Authorization: SKLMAuth authId=139aeh34567m
      {"uuid":"DEVICE-b7678b4d-3898-4f8c-9557-dbb2f381fc8a","type":
      "MYDS5000"}
  5. Validate that the device is in the new device group.
    • Graphical user interface:

      On the Key and Device Management DS5000 page, the device is no longer listed in the device table. Open the Key and Device Management MYDS5000 page and ensure that the device is listed in the device table.

    • REST interface:
      Send the following HTTP request:
      GET https://localhost:port/SKLM/rest/v1/devices?type=MYDS5000
      Content-Type: application/json
      Accept : application/json
      Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20
      Accept-Language : en
      Success response contains the uuid value of the device and the name of the new device group as shown in the following example:
      Status Code : 200 OK
      Content-Language: en
      [
      {
      "Description": "My long description",
      "Serial Number": "aaa123",
      "Device uuid": "DEVICE-b7678b4d-3898-4f8c-9557-dbb2f381fc8a",
      "Device group": "MYDS5000",
      "World wide name": "",
      "Sym alias": "DS5K-aaa123"
      },
      ]