Specifying a rollover key group

You can specify a key group for future use as the system default.

About this task

You can use the graphical user interface or the Key Group Default Rollover Add REST Service to add a default key group rollover on a specific date to serve keys to a device group. Your role must have the permission to the create action and a permission to the appropriate device group.

Procedure

  1. Go to the appropriate page or directory:
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select LTO.
      3. Click Go to > Manage default rollover.
      4. Alternatively, right-click LTO and select Manage default rollover.
  2. Specify an existing key group to be a future system default.
    • Graphical user interface:
      1. On the management page for LTO, click Add.
      2. On the Add Future Write Default dialog, specify the required information.
      3. Click Add Future Write Default.
      Note:
      • Do not specify two defaults for the same rollover date.
      • If a key group does not exist at the time of rollover, IBM® Security Guardium® Key Lifecycle Manager continues to use the current default key group.
      • You can add or delete table entries, but cannot modify an entry.
  3. A success indicator varies, depending on the interface:
    • Graphical user interface:

      The rollover key group is listed in the table of rollover key groups on the LTO management page.

  4. To delete a key group from the rollover table, your role must have permission to the delete action.
    • Graphical user interface:

      Select a key group and click Delete.