Querying IBM Security Guardium Key Lifecycle Manager server for KMIP
KMIP clients can run Query operation with Server
Information query function to find out whether the IBM® Security Guardium® Key Lifecycle Manager server is stand-alone, master, clone, or
multi-master.
When you run the
Query operation, IBM Security Guardium Key Lifecycle Manager server returns
VendorInformation, which contains ServerType details.| Server Type | ServerType Information in Query Operation |
|---|---|
| Stand-alone | No ServerType field in VendorInformation. |
| Master | ServerType=master in VendorInformation. |
| Clone | ServerType=clone in VendorInformation. |
| Multi-Master | ServerType=multi-master in VendorInformation. |
Sample query request and response for Multi-Master type of server
The following sample query request and response shows how to check the type of IBM Security Guardium Key Lifecycle Manager
server.
<RequestMessage>
<RequestHeader>
<ProtocolVersion>
<ProtocolVersionMajor type="Integer" value="1"/>
<ProtocolVersionMinor type="Integer" value="0"/>
</ProtocolVersion>
<MaximumResponseSize type="Integer" value="2048"/>
<BatchCount type="Integer" value="1"/>
</RequestHeader>
<BatchItem>
<Operation type="Enumeration" value="Query"/>
<RequestPayload>
<QueryFunction type="Enumeration" value="QueryServerInformation"/>
</RequestPayload>
</BatchItem>
</RequestMessage<ResponseMessage>
<ResponseHeader>
<ProtocolVersion>
<ProtocolVersionMajor type="Integer" value="1"/>
<ProtocolVersionMinor type="Integer" value="0"/>
</ProtocolVersion>
<TimeStamp type="DateTime" value="2017-11-02T16:21:22+05:30"/><BatchCount type="Integer" value="1"/>
</ResponseHeader>
<BatchItem>
<Operation type="Enumeration" value="Query"/>
<ResultStatus type="Enumeration" value="Success"/>
<ResponsePayload>
<Operation type="Enumeration" value="Create"/>
<Operation type="Enumeration" value="Register"/>
<Operation type="Enumeration" value="CreateKeyPair"/>
<Operation type="Enumeration" value="Get"/>
<Operation type="Enumeration" value="Activate"/>
<Operation type="Enumeration" value="AddAttribute"/>
<Operation type="Enumeration" value="Check"/>
<Operation type="Enumeration" value="DeleteAttribute"/>
<Operation type="Enumeration" value="Destroy"/>
<Operation type="Enumeration" value="GetAttributeList"/>
<Operation type="Enumeration" value="GetAttributes"/>
<Operation type="Enumeration" value="GetUsageAllocation"/>
<Operation type="Enumeration" value="Locate"/>
<Operation type="Enumeration" value="ModifyAttribute"/>
<Operation type="Enumeration" value="ObtainLease"/>
<Operation type="Enumeration" value="Query"/>
<Operation type="Enumeration" value="Revoke"/>
<Operation type="Enumeration" value="ReKey"/>
<Operation type="Enumeration" value="ReKeyKeyPair"/>
<Operation type="Enumeration" value="Certify"/>
<Operation type="Enumeration" value="ReCertify"/>
<ObjectType type="Enumeration" value="SymmetricKey"/>
<ObjectType type="Enumeration" value="Template"/>
<ObjectType type="Enumeration" value="SecretData"/>
<ObjectType type="Enumeration" value="PrivateKey"/>
<ObjectType type="Enumeration" value="PublicKey"/>
<ObjectType type="Enumeration" value="Certificate"/>
<VendorIdentification type="TextString" value="SKLM 3.0.0.0 KMIP 1.3 BUILD 201711071556 KMIP_SSL_TIMEOUT 5
SERVER_TYPE=Multi-Master CLUSTER_DETAILS=WIN-764BULETAOD:5696:0,master2:5696:0,WIN-RJF3F58VAJ6:5696:0
HADR_STATUS= master2:CONNECTED WIN-RJF3F58VAJ6:CONNECTED,WIN-764BULETAOD:CONNECTED HADR_STATUS_CODE=0"/>
<ServerInformation/>
</ResponsePayload>
</BatchItem>
</ResponseMessage>- CLUSTER_DETAILS
- Indicates host names of the master servers in the cluster, for example, WIN-764BULETAOD, master2, WIN-RJF3F58VAJ6.
- HADR_STATUS
- Indicates HADR status of IBM Security Guardium Key Lifecycle Manager master
servers. Possible values are as follows.CONNECTED
DISCONNECTED
NOT_IN_CLUSTER - HADR_STATUS_CODE
- Indicates HADR status of IBM Security Guardium Key Lifecycle Manager
Multi-Master cluster. Possible values are as
follows.
0All instances in the cluster are connected.
-1Few instances in the cluster are connected.
-2None of the instances in the cluster are connected.
Sample query request and response for Master type of server
The following sample query request and response shows how to check the type of IBM Security Guardium Key Lifecycle Manager
server.
<RequestMessage>
<RequestHeader>
<ProtocolVersion>
<ProtocolVersionMajor type="Integer" value="1"/>
<ProtocolVersionMinor type="Integer" value="0"/>
</ProtocolVersion>
<MaximumResponseSize type="Integer" value="2048"/>
<BatchCount type="Integer" value="1"/>
</RequestHeader>
<BatchItem>
<Operation type="Enumeration" value="Query"/>
<RequestPayload>
<QueryFunction type="Enumeration" value="QueryServerInformation"/>
</RequestPayload>
</BatchItem>
</RequestMessage<ResponseMessage>
<ResponseHeader>
<ProtocolVersion>
<ProtocolVersionMajor type="Integer" value="1"/>
<ProtocolVersionMinor type="Integer" value="0"/>
</ProtocolVersion><TimeStamp type="DateTime" value="2020-07-06T10:20:41Z"/>
<BatchCount type="Integer" value="1"/>
</ResponseHeader>
<BatchItem>
<Operation type="Enumeration" value="Query"/>
<ResultStatus type="Enumeration" value="Success"/>
<ResponsePayload>
<VendorIdentification type="TextString" value="SKLM 4.0.0.2 KMIP 2.0
BUILD 202007061059 KMIP_SSL_TIMEOUT 5 SERVER_TYPE=master
INCREMENTAL_ENABLED=yes INTERVAL=60"/>
<ServerInformation/>
</ResponsePayload>
</BatchItem>
</ResponseMessage>- INCREMENTAL_ENABLED
- Indicates whether incremental replication is enabled or not.
- INTERVAL
- Indicates the frequency (in seconds) at which the incremental replication operation, when enabled, runs.