Creating a GPFS endpoint

Depending on your organization requirements, you can create an endpoint to manage a subset of devices that have a restricted business use, such as GPFS used by a single division. You must also create a role with a name that matches the name of the endpoint, including case. Name matching is case-sensitive.

About this task

This task uses the SKLMAdmin user ID and the IBM Guardium Key Lifecycle Manager interface to create an endpoint.

Your user ID must have either:
  • The securityOfficer role
  • Permission to the administrative actions (klmAdminDeviceGroup)

    If you have the klmAdminDeviceGroup permission, you can create, view, and delete an endpoint. It is not required that you first define a role for the endpoint. However, your other actions are limited by the permissions that you have. For example, if you have only klmAdminDeviceGroup permission, you cannot update the attributes after you create the endpoint.

Procedure

  • Using the graphical user interface
    1. Log in to the graphical user interface.
    2. On the home page, click the menu icon (Menu icon) at the upper left of the page.
    3. Click Endpoint management > Catalog.
    4. Alternatively, on the home page, click the catalog icon (Menu icon) in the Configured endpoints section.
    5. On the Catalog page, from the Product type list, select GPFS.
    6. On the GPFS tile, click Add.
    7. On the Add endpoint or client name window, specify an endpoint name and click Add.
    8. To verify that the endpoint exists, from the menu, click Endpoint management > Configured endpoints.
    9. Alternatively, on the home page, you can view the endpoint name in the Configured endpoints widget.
  • Using a REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI.
    2. Authenticate and authorize to access the IBM Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
    3. Run Endpoint (Device Group) Create REST Service by sending the HTTP POST request. Pass the user authentication identifier that you obtained in Step 2 along with the request message as shown in the following example. 
      POST https://localhost:port/GKLM/rest/v1/deviceGroups/newGroup
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
{"deviceFamily":"GPFS","shortName":"myGPFS","longName":"my companyname 
GPFS devices"}
    4. Verify that the endpoint exists by sending the following HTTP GET request. 
      GET https://localhost:port/GKLM/rest/v1/deviceGroups
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en

What to do next

Create a role with a name that matches the endpoint.