partition archive restore
Restore partition objects from a backup. Use this command to restore objects from the specified backup partition, in a backup HSM, in a specified slot, to the current user partition.
Cloning is a repeating atomic action
When you call for a cloning operation (such as backup or restore), the source HSM transfers a single object, encrypted with the source domain. The target HSM then decrypts and verifies the received blob.
If the verification is successful, the object is stored at its destination – the domains are a match. If the verification fails, then the blob is discarded and the target HSM reports the failure. Most likely the domain string or the domain PED key, that you used when creating the target partition, did not match the domain of the source HSM partition. The source HSM moves to the next item in the object list and attempts to clone again, until the end of the list is reached.
This means that if you issue a backup command for a source partition containing several objects, but have a mismatch of domains between your source HSM partition and the backup HSM partition, then you will see a separate error message for every object on the source partition as it individually fails verification at the target HSM.
Syntax
If backup device is a slot in the current system:
partition archive restore -slot <backup_slot> -partition <backup_partition> -password <password> [-replace] [-debug] [-force]
If backup device is in a remote workstation:
partition archive restore -slot remote -hostname <hostname> -port <portnumber> -partition <backup_partition> -password <password> [-commandtimeout <seconds>] [-replace] [-debug] [-force]
If backup device is a USB-attached device:
partition archive restore -slot direct [-slot <backup_slot>] -partition <backup_partition> -password <password> [-replace] [-debug] [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -commandtimeout <seconds> | -ct | The command timeout for network communication. The default timeout is 10 seconds. The maximum timeout is 3600. This option can be used to adjust the timeout value to account for network latency. (optional) |
| -debug | -deb | Turn on additional error information. (optional) |
| -force | -f | Force action with no prompting. |
| -hostname <hostname> | -ho | Host name of remote workstation running remote backup server. (required when -s remote is used) |
| -partition <backup_partition> | -par | Partition on the backup device. (maximum length of 64 characters) . |
| -password <password> | -pas | User password for the specified partition. |
| -port <portnumber> | -po | Port number for remote backup server on remote workstation (required when -s remote is used). |
| -replace | -r | Allow objects in the target user partition with the same OUID as the backup objects to be deleted and replaced. Objects with the same OUID are replaced only if they differ from the backup objects in some way. For example, if the object attributes have changed since the last backup, the object is replaced. |
| -slot <see description> | -s |
Target slot containing the backup device. It can be specified by any of the following: > <slot number>, if the backup slot is in the current system. >remote -hostname <host name> -port <port number> if the backup device is in a remote work station. >direct to specify a USB attached backup device. If you know the slot number that contains the USB attached HSM, you can specify that slot number explicitly (for example, -s 5) |
Example
lunacm:> partition archive restore -slot 6 -password Pa$$w0rd -partition mybackupPar
Logging in to partition mybackupPar on slot 6 as the user.
Verifying that all objects can be restored...
1 object will be restored.
Restoring objects...
Cloned object 50 from partition mybackupPar (new handle 39).
Restore Complete.
1 objects have been restored from partition mybackupPar on slot 6.
Command Result : No Error
