To administer keys, key groups, and devices, you map key groups to drives. You can add,
modify, or delete specific keys, key groups, or devices.
About this task
Use the LTO
Key and Device Management to map key groups to drives. You
can add, modify, or delete specific keys, key groups, or devices. Your role must have permissions to the view action and to the
appropriate device group.
To
change the view of information, select:
- View Key Groups and Drives
- View the key group names and drive serial numbers. Additionally,
this view lists the key group, key, or system default that a drive
uses.
- View Keys, Key Group Membership and Drives
- View the keys and key membership in key groups. Additionally,
this view lists drive serial numbers and the key group, key, or system
default that a drive uses.
Before you begin, examine the columns on the page,
which provides buttons to add, modify, or delete a table item. To
sort information, click a column header.
The table is organized
in these areas:
- In left columns, information about keys or key groups.
For a
key, the information indicates in which key group the key is a member.
For a key group, the information indicates whether the key group is
used as the default, and the number of keys in the group.
- In right columns, information about drives.
The information
indicates the drive serial number and the key group or specific key
that the drive uses. For example, a drive might use the System Default
key group.
- Icons indicate the type of keys.
Table 1. Icons and their
meanings
Icon |
Description |
|
A symmetric key or private
key. A private key is an asymmetric key in a key pair with a
public key and a private key. |
|
A key group |
Procedure
-
Log on to the graphical user interface:
- In the Key and Device Management section on Welcome page, select LTO.
- Click .
- Alternatively, right-click LTO and select Manage
keys and devices.
Descriptions of some steps describe alternatives by using the graphical user
interface or the REST interface. For any one work session, do not switch between interfaces.
Descriptions of some tasks might
mention task-related properties in the SKLMConfig.properties
file. Use the graphical user
interface or the REST interface to change these
properties.
-
On the LTO
Key and Device Management, you can add, modify, or delete a
key, a key group, or drive.
You can do the following administrative tasks:
- Refresh the list.
Click the refresh icon
to refresh items in the table.
- Add
Click Add. Alternatively, you can select a step-by-step process to
create key groups, and drives.
- Key group
On the Create Key Group dialog, specify the required
information such as the key group name. You can also specify that this group serves keys as the
default key group. There can be only one default key group. Then, click Create Key
Group. Your role must have the permission to the create action and a
permission to the appropriate device group.
- Tape drive
On the Add Tape Drive dialog, type the drive serial number and
other information. Then, click Add Tape Drive. Your role must have the permission to the create action and a
permission to the appropriate device group.
- Use step by step process for key groups, keys, and drive creation
On the Step1:
Create Key Groups and Step2: Identify Drives pages, enter the
necessary information, and click the appropriate button to complete the task.
A success indicator varies, showing a key group or device.
- Modify
To change a key group, key, or drive, select a key group, key, or drive, and then click
Modify. Alternatively, right-click the selected key group, key, or drive.
Then, click Modify.
- Key Group
Specify changes on the Modify Key Group dialog. Then, click Modify Key
Group. Your role must have permissions to the modify action and to
the appropriate device group.
- Key
Specify changes on the Modify Key Membership dialog. Then, click Modify Key
Membership. Your role must have permissions to the modify action and to
the appropriate device group.
- Tape drive
Specify changes on the Modify Tape Drive dialog. Then, click Modify Tape
Drive. Your role must have permissions to the modify action and to
the appropriate device group.
A success indicator varies, showing a change in a column for the key group, key, or device.
Changes to optional information such as the value of a drive description might not be provided in
the table.
- Delete
To delete a key group, key, or drive, select a key, a key group,
or drive, and then click Delete. Alternatively, right-click the selected key
group, key, or drive. Then, click Delete.
- Key group
You cannot delete a key group that is associated with a device, or a key group that
is marked as default. Deleting a populated key group also deletes all the keys in the key
group.
To confirm deletion, click OK. Your role must have permissions to the delete action and to
the appropriate device group.
- Key
Deleting a key removes the key from any key group with which the key is associated. To
confirm deletion, click OK. You cannot delete a key that is
associated with a drive.
Your role must have permissions to the delete action and to
the appropriate device group.
- Tape drive
Metadata for the drive that you delete, such as the drive serial number, is removed
from the IBM® Security Guardium® Key Lifecycle Manager database. To confirm
deletion, click OK. Your role must have permissions to the delete action and to
the appropriate device group.
A success indicator is the deletion of the key group, key, or device from the management
table.