Adding a device

You can add a device to the IBM Guardium Key Lifecycle Manager database.

About this task

If device.enableMachineAffinity is set to true, adding a device requires that you also add a relationship between a device and a machine. Otherwise, keys are not served to the added device. Using machine affinity, you can set key serving for specific device and machine combinations. Similarly, if device.enableVolserAffinity is set to true, adding a device requires that you also add a relationship between a device and its volume serial number.

You can use the Add device dialog or the Device Add REST Service to add a device. Your role must have the permission to the create action and a permission to the appropriate endpoint.

You can make any of the following choices for serving keys to devices.
Only accept manually added devices for communication
All incoming devices are not added to the data store. You must manually specify key service to each device.
Hold new device requests pending my approval
All incoming devices of a valid endpoint are added to the device store, but are not automatically served keys upon request. You must accept or reject a device in the pending devices list before the device is served keys upon request.
Automatically accept all new device requests for communication
All new incoming devices of a valid endpoint are added to the data store and are automatically served keys upon request.
Note: Do not use this setting if you intend to move the new device to another endpoint. Instead, select manual or pending approval mode to allow an opportunity to move the device into the appropriate endpoint before any keys are served.

Procedure

  • Using the graphical user interface
    1. Log in to the graphical user interface.
    2. On the home page, click the menu icon (Menu icon) at the upper left of the page.
    3. Click Endpoint management > Configured endpoints.
    4. On the Configured endpoints page, select your DS5000 endpoint and click the overflow menu icon (Options).
    5. From the overflow menu options, click View.
    6. Alternatively, on the home page, click your DS5000 endpoint link in the Configured endpoints section.
    7. On the DS5000 endpoint management page, click Add Device.
    8. On the Add device dialog, type the required and optional information. Then, click Add device.
  • Using a REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI.
    2. Authenticate and authorize to access the REST APIs. For more information, see Authentication process for REST services.
    3. To invoke the Device Add REST Service, send the HTTP POST request. Pass the user authentication identifier that you obtained in Step 2 along with the request message as shown in the following example. 
      POST https://localhost:port/GKLM/rest/v1/devices
Content-Type: application/json
Accept : application/json
Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20
Accept-Language : en
{"type":"DS5000","serialNumber":"CDA39403AQJF","attributes":"worldwideName
ABCdeF1234567890,description marketingDivisionDrive"}

What to do next

Next, you can associate the device with a machine.