Adding a device

You can add a device to the IBM Security Key Lifecycle Manager database.

About this task

If machine affinity is enabled, adding a device requires that you also add a relationship between a device and a machine. Otherwise, keys are not served to the added device. Using machine affinity, you can set key serving for specific device and machine combinations.

You can use the Add Device dialog, the tklmDeviceAdd command, or Device Add REST Service to add a device. Your role must have a permission to the create action and a permission to the appropriate device group.

1. Go to the appropriate page or directory.
   • Graphical user interface:
     1. Log on to the graphical user interface.
     2. In the Key and Device Management section on Welcome page, select DS5000.
     3. Click Go to > Manage keys and devices.
     4. Alternatively, right-click DS5000 and select Manage keys and devices.
     5. On the management page for DS5000, click Add.
     6. Click Device.
   • Command-line interface
     1. Go to the <WAS_HOME>/bin directory. For example,

        Windows

        cd drive:\Program Files\IBM\WebSphere\AppServer\bin

        Linux

        cd /opt/IBM/WebSphere/AppServer/bin

     2. Start the wsadmin interface by using an authorized user ID, such as SKLMAdmin. For example,

        Windows

        wsadmin.bat -username SKLMAdmin -password mypwd -lang jython

        Linux

        ./wsadmin.sh -username SKLMAdmin -password mypwd -lang jython

   • REST interface:
     • Open a REST client.
2. Add a device.
   • Graphical user interface:

     On the Add Device dialog, type the required and optional information. Then, click Add Device.

   • Command-line interface:

     Type tklmDeviceAdd to add a device. You must specify the device serial number and device group. For example, type:

     print AdminTask.tklmDeviceAdd ('[-type DS5000 -serialNumber CDA39403AQJF 
     	 -attributes "{worldwideName ABCdeF1234567890} 
     		{description marketingDivisionDrive} 
     		{keyPrefix AEF}
     		{numberOfKeys 10}
     		{deviceText abcdefghijklmnopqrst}
     		{machineID 3042383030303437000000000000}"]')

   • REST interface:
     1. Obtain a unique user authentication identifier to access IBM Security Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
     2. To invoke Device Add REST Service, send the HTTP POST request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.

        POST https://localhost:<port>/SKLM/rest/v1/devices
        Content-Type: application/json
        Accept : application/json
        Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20
        Accept-Language : en
        {"type":"DS5000","serialNumber":"CDA39403AQJF","attributes":"worldwideName
        ABCdeF1234567890,description marketingDivisionDrive"}

What to do next

Next, you can associate the device with a machine.