Backup and Restore Using a G5-Based Backup HSM

SafeNet Luna Network HSM allows secure creation, storage, and use of cryptographic data (keys and other objects). It is critically important, however, to safeguard your important cryptographic objects against unforeseen damage or data loss. No device can offer total assurance against equipment failure, physical damage, or human error. Therefore, a comprehensive strategy for making regular backups is essential. There are multiple ways to perform these operations, depending on your implementation.

This section contains the following information:

>Backup and Restore Best Practices

>Planning Your Backup HSM Deployment

>About the SafeNet Luna G5 Backup HSM

Installing the Backup HSM

Installing or Replacing the Backup HSM Battery

Backup HSM Secure Transport and Tamper Recovery

Resetting the Backup HSM to Factory Conditions

>Backing Up and Restoring the Appliance Configuration

>Backup/Restore Using an Appliance-Connected Backup HSM

>Backup/Restore Using a Client-Connected Backup HSM

>Configuring a Remote Backup HSM Server

Backup and Restore Best Practices

To ensure that your data is protected in the event of a failure or other catastrophic event, Thales recommends that you use the following best practices as part of a comprehensive backup strategy:

CAUTION!   Failure to develop and exercise a comprehensive backup and recovery plan may prevent you from being able to recover from a catastrophic event. Although Thales provides a robust set of backup hardware and utilities, we cannot guarantee the integrity of your backed-up key material, especially if stored for long periods. Thales strongly recommends that you exercise your recovery plan at least semi-annually (every six months) to ensure that you can fully recover your key material.

Develop and document a backup and recovery plan

This plan should include the following:

>What is being backed up

>The backup frequency

>Where the backups are stored

>Who is able to perform backup and restore operations

>Frequency of exercising the recovery test plan

Make multiple backups

To ensure that your backups are always available, build redundancy into your backup procedures.

Use off-site storage

In the event of a local catastrophe, such as a flood or fire, you might lose both your working HSMs and locally-stored backup HSMs. To fully protect against such events, always store a copy of your backups at a remote location.

Regularly exercise your disaster recovery plan

Execute your recovery plan at least semi-annually (every six months) to ensure that you can fully recover your key material. This involves retrieving your stored Backup HSMs and restoring their contents to a test partition, to ensure that the data is intact and that your recovery plan works as documented.