Luna Cloud HSM allows secure creation, storage, and use of cryptographic data (keys and other objects). It is critically important to safeguard your important cryptographic objects against unforeseen damage or data loss. No device can offer total assurance against equipment failure, physical damage, or human error. Therefore, a comprehensive strategy for making regular backups is essential. There are multiple ways to perform these operations, depending on your implementation.
This section contains the following information:
>Key Concepts for Backup and Restore Operations
•Credentials Required to Perform Backup and Restore Operations
•Client Software Required to Perform Backup and Restore Operations
>Planning Your Backup HSM Deployment
>Backup and Restore Best Practices
Luna Cloud HSM can perform backup and restore operations using the legacy Luna Backup HSM G5,
Key Concepts for Backup and Restore Operations
A Crypto Officer (CO) can use the backup HSM to back up and restore the objects in any partition they can log in to, provided that:
>The
> The CO has the required credentials on the backup HSM.
You can perform backup/restore operations on your application partitions by connecting the backup HSM to the HSM Client workstation. When you connect the backup HSM to a HSM Client workstation, the backup HSM Admin partition is added to the slots listed in LunaCM, allowing you to clone objects between the source application partition and the target backup partition.
Backups are created and stored as partitions within the Admin partition on the backup HSM.
Credentials Required to Perform Backup and Restore Operations
You require the following credentials to perform backup/restore operations:
| Source Luna Cloud HSM |
Crypto Officer (CO). Required to access the objects in the source Domain. Required to allow objects to be cloned between the source |
| Target Backup HSM |
HSM Security Officer (SO). Required to create or access the target backup partition in the Admin slot, where all backups are archived. Note: You create new credentials for both roles on HSM initialization, and use them for subsequent backups to the target backup HSM. |
|
Target Backup Partition |
Partition Security Officer (PO). Required to access the target backup partition on a Luna Backup HSM 7. Crypto Officer (CO). Required to access the objects in the target backup partition. Note: You create new credentials on the initial backup, and use them for subsequent backups to the target backup partition. |
Client Software Required to Perform Backup and Restore Operations
You must install the HSM Client software and USB driver for the backup HSM on the workstation you intend to use to perform backup and restore operations. The Luna Backup HSM 7 v1 requires minimum HSM Client 10.1.0. The Luna Backup HSM 7 v2 requires minimum HSM Client 10.4.0. Refer to HSM Client Software Installation.
NOTE Ensure that the backup HSM is not connected to the HSM Client workstation when you install or uninstall the client software. Failure to do so may result in the backup HSM becoming unresponsive.
When you install the client software, you must select the following options:
>The Backup option. This installs the driver for the backup HSM and components required for the Remote Backup Service (RBS).
>The USB option. This installs the driver for the backup HSM.
Planning Your Backup HSM Deployment
When setting up your backup deployment, you have multiple configuration options. This section will help you choose the right configuration, depending on where you prefer to keep your backups. You can use a Luna Backup HSM or an application partition on another Luna HSM for backup/restore operations.
Backup and restore operations require that cloning be enabled.
>Client Software Required to Perform Backup and Restore Operations
Partition to Partition
You can clone objects from any Luna 7 application partition to any other Luna 7 partition that shares its cloning domain. You must have the Crypto Officer credential for both partitions.
See Cloning Objects to Another Application Partition.
Backup HSM Connected to the Client Workstation
In this configuration, the Luna Backup HSM is connected to a USB port on the client workstation. It is useful in deployments where the partition Crypto Officer keeps backups at the client. This allows you to perform backup/restore operations for all application partitions that appear as visible slots in LunaCM. You can restore a partition backup to the original source partition or to another existing Luna application partition that shares the same cloning domain.
Depending on your Luna Backup HSM version, refer to:
>Backup/Restore Using Luna Backup HSM 7 v2
>Backup/Restore Using Luna Backup HSM 7 v1
>Backup/Restore Using Luna Backup HSM G5
Backup and Restore Best Practices
To ensure that your data is protected in the event of a failure or other catastrophic event, Thales recommends that you use the following best practices as part of a comprehensive backup strategy:
CAUTION! Failure to develop and exercise a comprehensive backup and recovery plan may prevent you from being able to recover from a catastrophic event. Although Thales provides a robust set of backup hardware and utilities, we cannot guarantee the integrity of your backed-up key material, especially if stored for long periods. Thales strongly recommends that you exercise your recovery plan at least semi-annually (every six months) to ensure that you can fully recover your key material.
Develop and document a backup and recovery plan
This plan should include the following:
>What is being backed up
>The backup frequency
>Where the backups are stored
>Who is able to perform backup and restore operations
>Frequency of exercising the recovery test plan
Make multiple backups
To ensure that your backups are always available, build redundancy into your backup procedures.
Use off-site storage
In the event of a local catastrophe, such as a flood or fire, you might lose both your working HSMs and locally-stored backup HSMs. To fully protect against such events, always store a copy of your backups at a remote location.
Regularly exercise your disaster recovery plan
Execute your recovery plan at least semi-annually (every six months) to ensure that you can fully recover your key material. This involves retrieving your stored Backup HSMs and restoring their contents to a test partition, to ensure that the data is intact and that your recovery plan works as documented.
