token backup init
Initializes the token with the specified serial number and prepares it to receive backup data. Both the -label and -serial parameters are required at the command line. For SafeNet Luna Network HSM with Password Authentication, the domain and Token Admin (SO) password are prompted, and your input is obscured by asterisk (*) symbols. For SafeNet Luna Network HSM with Trusted Path authentication, any typed values for domain or password are ignored and you are prompted for Luna PED operations with PED keys.
WHEN to USE LunaSH "token backup" commands:
LunaSH token backup commands operate a SafeNet Luna Backup HSM attached directly to SafeNet Luna Network HSM via USB, and are not intended for use with remotely connected backup devices.
You might have a locally-connected backup HSM (connects directly to a SafeNet Luna Network HSM via USB cable) and a locally connected serial terminal and be walking them from SafeNet Luna Network HSM to SafeNet Luna Network HSM in your server room to perform backups. Or you might be administering remotely via SSH and lunash:> commands, while a technician in your server center carries the backup HSM from one SafeNet Luna Network HSM to the next. In either case, these token backup commands are the method to use. The important distinction is where the backup HSM is physically connected - from the SafeNet Luna Network HSM perspective, those are both local backup operations to a backup HSM that is locally connected to the appliance.
If the computer and Backup HSM are located near you and remote/distant from your SafeNet Luna Network HSM appliance(s), use the backup commands in the lunacm utility supplied with the SafeNet Luna Network HSM Client software (which must be installed on the computer that is acting as Remote Backup server) - the appliance token backup commands are not designed to work for Remote Backup.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
token backup init -label <label> -serial <serialnum> [-domain <domain>] [-tokenadminpw <password>] [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -domain <domain> | -d | Backup Token Domain (required for Password authenticated HSMs, ignored for PED authenticated - if you prefer to not type it in the clear, on the command line, it is prompted later). |
| -force | -f | Force the action without prompting. |
| -label <label> | -l | Token label. |
| -serial <serialnum> | -s | Token serial number. |
| -tokenadminpw <password> | -t | Token Admin / SO Pas.sword (required for Password authenticated HSMs, ignored for PED authenticated - if you prefer to not type it in the clear, on the command line, it is prompted later). |
An external SafeNet Luna Backup HSM can be USB-connected to a SafeNet Luna Network HSM appliance for local backup/restore operations.
SafeNet Luna Network HSM does not pass PED operations and data through to an externally connected SafeNet Luna backup HSM from a Luna PED that is connected locally to the SafeNet Luna Network HSM.
If the external HSM is PED-authenticated, then the options for Luna PED connection are:
>local PED connection, directly to the affected HSM, when needed, or
>Remote PED connection, passed through the SafeNet Luna Network HSM
Example
lunash:>token backup init -label sa7docbackup -serial 496771
Please enter a password for the Token Administrator:
> ********
Please re-enter password to confirm:
> ********
Please enter a cloning domain used when initializing this HSM:
> *********
Please re-enter cloning domain to confirm:
> *********
CAUTION: Are you sure you wish to initialize the backup
token named: sa7docbackup
Type 'proceed' to continue, or 'quit' to quit now.
> proceed
'token backup init' successful.
Command Result : 0 (Success)
