Exporting a device group

You can export device group data for the selected device group to an encrypted archive. Then, you can import this device group data into another instance of IBM® Security Guardium® Key Lifecycle Manager across operating systems.

About this task

You can use the Export Device Group dialog box to export a device group. Alternatively, you can use the Device Group Export REST Service.

Your role must have a permission to export device groups.

Note: During data migration from previous versions of IBM Security Guardium Key Lifecycle Manager, some of the certificates might not be associated with the correct device group. As a result, it is possible that a few certificates are falsely shown (in UI or REST) for a device group, such as 3592 or DS8000®, even though the certificates do not belong to the device group. When you export such device groups, only the certificates of the device group are exported. The falsely shown certificates are not exported.

Procedure

Go to the appropriate page or directory.
Graphical user interface
1. Log in to the graphical user interface.
2. On the Welcome page, click Administration > Export and Import. The Export/Import Device Groups page is displayed.
  Alternatively, in the Key and Device Management section, right-click a device group, and select Export.
REST interface

Open a REST client.
Export the device group data for the selected device group to the directory you specified.
Graphical user interface
1. On the Export/Import Device Groups page, click Export.
2. On the Export Device Group dialog box, the Device Group field specifies the selected device group.
3. To change the device group, click Select.
4. The Export repository location field displays the default SKLM_DATA directory path, where the export file is saved, for example, C:\Program Files\IBM\WebSphere\Liberty\products\sklm\data. For the definition of SKLM_DATA, see Definitions for HOME and other directory variables. Click Browse to specify a export repository location under the SKLM_DATA directory.
  Directory path in the Export repository location field changes based on the value that is set for the browse.root.dir property in the SKLMConfig.properties file.
5. In the Password field, specify a value for the encryption password. Ensure that you retain the encryption password for future use.
6. In the Retype password field, retype the password that you entered in the Password field.
7. In the Description field, specify additional information that indicates the purpose of the device group export file.
8. Click Export.
REST interface
1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
2. Run the Device Group Export REST Service. For example:
  POST https://localhost:port/SKLM/rest/v1/ckms/deviceGroupsExport {"name": "3592", "exportDirectory": "/opt/IBM/WebSphere/Liberty/products/sklm/data/", "password": "mypassword"}
When the export process is complete, a message box is displayed to indicate that the export operation is complete.

What to do next

Ensure that you retain this password for use when you later import and decrypt the device group export file into another instance of IBM Security Guardium Key Lifecycle Manager. Review the directory that contains the export archive to ensure that the export file exists. You can also verify whether the archive is listed in the table on the IBM Security Guardium Key Lifecycle Manager > Administration > Export and Import > Export/Import page.