Administering devices, keys, and device associations

To administer DS5000 storage servers, you map a device to keys or machines.

About this task

Your role must have permissions to the view action and to the appropriate device group. Use the DS5000 Key and Device Management page to add, modify, or delete a device, key, or association. These actions require more permissions.

Before you begin, examine the columns on the page, which provides buttons to add, modify, or delete a table item. To sort information, click a column header.

The table is organized in the following information areas:

  • Devices and any associated machines.
  • Current key that the device uses and a description of the device.

Procedure

  1. Log on to the graphical user interface.
    1. In the Key and Device Management section on Welcome page, select DS5000.
    2. Click Go to > Manage keys and devices.
    3. Alternatively, right-click DS5000 and select Manage keys and devices.

    Descriptions of some steps describe alternatives by using the graphical user interface or the REST interface. For any one work session, do not switch between interfaces.

    Descriptions of some tasks might mention task-related properties in the SKLMConfig.properties file. Use the graphical user interface or the REST interface to change these properties.

  2. You can add, modify, or delete a key, device, or machine association.

    You can do the following administrative tasks:

    • Refresh the list.

      Click the refresh icon icon: Refresh to refresh items in the table.

    • Add

      Click Add.

      • Device

        On the Add Device dialog, type the device serial number and other information. Then, click Add Device. Your role must have the permission to the create action and a permission to the appropriate device group.

      • More Keys

        Select a device and then select Add > More Keys. On the Add Key dialog, specify the necessary information such as the number of keys to create, up to a maximum of 12 keys. Then, click Add > More Keys. Your role must have the permission to the create action and a permission to the appropriate device group.

      • Association

        When you select the Machine affinity check box on the Key and Device Management page, value of the device.enableMachineAffinity property is set to true. Using machine affinity, you can set key serving for specific device and machine combinations.

        When machine affinity is enabled, use the Add Association dialog to specify the necessary information such as the machine ID. Then, click Add Association. Your role must have the permission to the create action and a permission to the appropriate device group.

      A success indicator varies, showing the addition of a device, keys, or association.

    • Modify

      To change a device or keys, select the device and then click Modify. Alternatively, right-click the selected device. Then, click one of the choices, such as Modify Device.

      • Device

        Specify changes on the Modify Device dialog. Then, click Modify Device. Your role must have permissions to the modify action and to the appropriate device group.

      • Keys

        Select a key on the Modify Keys dialog. Then, click Delete. Your role must have permissions to the delete action and to the appropriate device group.

      A success indicator varies, showing a change in a column for the device or key.

    • Delete

      To delete a device, select the device, and then click Delete. Alternatively, right-click the selected device. Then, click Delete. Before you delete the device, use the Machine Device Delete REST Service to remove the association of a device from an existing machine identifier in the IBM® Security Guardium® Key Lifecycle Manager database.

      Metadata for the device that you delete, such as the device serial number, is removed from the IBM Security Guardium Key Lifecycle Manager database. Key data is also removed. To confirm deletion, click OK. Your role must have permissions to the delete action and to the appropriate device group.

      A success indicator is deletion of the device from the table.