Managing keys, key groups, and drives

To administer keys, key groups, and devices, you map key groups to drives. You can add, modify, or delete specific keys, key groups, or devices.

About this task

Use the LTO Key and Device Management to map key groups to drives. You can add, modify, or delete specific keys, key groups, or devices. Your role must have permissions to the view action and to the appropriate device group.

To change the view of information, select:

View Key Groups and Drives
View the key group names and drive serial numbers. Additionally, this view lists the key group, key, or system default that a drive uses.
View Keys, Key Group Membership and Drives
View the keys and key membership in key groups. Additionally, this view lists drive serial numbers and the key group, key, or system default that a drive uses.

Before you begin, examine the columns on the page, which provides buttons to add, modify, or delete a table item. To sort information, click a column header.

The table is organized in these areas:

  • In left columns, information about keys or key groups.

    For a key, the information indicates in which key group the key is a member. For a key group, the information indicates whether the key group is used as the default, and the number of keys in the group.

  • In right columns, information about drives.

    The information indicates the drive serial number and the key group or specific key that the drive uses. For example, a drive might use the System Default key group.

  • Icons indicate the type of keys.
    Table 1. Icons and their meanings
    Icon Description
    Symmetric key or private key
    A symmetric key or private key. A private key is an asymmetric key in a key pair with a public key and a private key.
    Key group
    A key group

Procedure

  1. Log on to the graphical user interface:
    1. In the Key and Device Management section on Welcome page, select LTO.
    2. Click Go to > Manage keys and devices.
    3. Alternatively, right-click LTO and select Manage keys and devices.

    Descriptions of some steps describe alternatives by using the graphical user interface or the REST interface. For any one work session, do not switch between interfaces.

    Descriptions of some tasks might mention task-related properties in the SKLMConfig.properties file. Use the graphical user interface or the REST interface to change these properties.

  2. On the LTO Key and Device Management, you can add, modify, or delete a key, a key group, or drive.

    You can do the following administrative tasks:

    • Refresh the list.

      Click the refresh icon icon: Refresh to refresh items in the table.

    • Add

      Click Add. Alternatively, you can select a step-by-step process to create key groups, and drives.

      • Key group

        On the Create Key Group dialog, specify the required information such as the key group name. You can also specify that this group serves keys as the default key group. There can be only one default key group. Then, click Create Key Group. Your role must have the permission to the create action and a permission to the appropriate device group.

      • Tape drive

        On the Add Tape Drive dialog, type the drive serial number and other information. Then, click Add Tape Drive. Your role must have the permission to the create action and a permission to the appropriate device group.

      • Use step by step process for key groups, keys, and drive creation

        On the Step1: Create Key Groups and Step2: Identify Drives pages, enter the necessary information, and click the appropriate button to complete the task.

      A success indicator varies, showing a key group or device.

    • Modify

      To change a key group, key, or drive, select a key group, key, or drive, and then click Modify. Alternatively, right-click the selected key group, key, or drive. Then, click Modify.

      • Key Group

        Specify changes on the Modify Key Group dialog. Then, click Modify Key Group. Your role must have permissions to the modify action and to the appropriate device group.

      • Key

        Specify changes on the Modify Key Membership dialog. Then, click Modify Key Membership. Your role must have permissions to the modify action and to the appropriate device group.

      • Tape drive

        Specify changes on the Modify Tape Drive dialog. Then, click Modify Tape Drive. Your role must have permissions to the modify action and to the appropriate device group.

      A success indicator varies, showing a change in a column for the key group, key, or device. Changes to optional information such as the value of a drive description might not be provided in the table.

    • Delete

      To delete a key group, key, or drive, select a key, a key group, or drive, and then click Delete. Alternatively, right-click the selected key group, key, or drive. Then, click Delete.

      • Key group

        You cannot delete a key group that is associated with a device, or a key group that is marked as default. Deleting a populated key group also deletes all the keys in the key group.

        To confirm deletion, click OK. Your role must have permissions to the delete action and to the appropriate device group.

      • Key

        Deleting a key removes the key from any key group with which the key is associated. To confirm deletion, click OK. You cannot delete a key that is associated with a drive. Your role must have permissions to the delete action and to the appropriate device group.

      • Tape drive

        Metadata for the drive that you delete, such as the drive serial number, is removed from the IBM Security Guardium Key Lifecycle Manager database. To confirm deletion, click OK. Your role must have permissions to the delete action and to the appropriate device group.

      A success indicator is the deletion of the key group, key, or device from the management table.