Planning Your Backup HSM Deployment
When setting up your backup deployment, you have multiple configuration options. This section will help you choose the right configuration for your organization, depending on where you prefer to keep your backups. You can use a SafeNet Luna Backup HSM or an application partition on any other Luna HSM for backup/restore operations.
Backup and restore operations require that cloning be enabled on the HSM/partition.
>Backup HSM Connected to the Host Workstation
>Backup HSM Installed Using Remote Backup Service (RBS)
NOTE The diagrams below depict the
Partition to Partition
You can clone objects from any Luna 7 application partition to any other Luna 7 partition that shares its cloning domain. You must have the Crypto Officer credential for both partitions. Both partitions must use the same authentication method (either password or PED).
See Cloning Objects to Another Application Partition.
Backup HSM Connected to the Appliance
In this configuration, the SafeNet Luna Backup HSM is connected directly to one of the USB ports on the SafeNet Luna PCIe HSM appliance. It is useful in deployments where backups are kept in the same location as the HSM. Backup and restore operations are performed using LunaSH commands via a serial or SSH connection. The Crypto Officer must have admin-level access to LunaSH on the appliance to use this configuration.
Figure 1: Locally-connected Backup HSM using password authentication
Figure 2: Locally-connected Backup HSM using local PED authentication
See
Backup HSM Connected to the Host Workstation
In this configuration, the SafeNet Luna Backup HSM is connected to a USB port on the
Figure 3: Host-connected Backup HSM using password authentication
Figure 4: Host-connected Backup HSM using local PED authentication
Figure 5: Host-connected Backup HSM using remote PED authentication
See Backup/Restore Using a Host-Connected G5 Backup HSM.
Backup HSM Installed Using Remote Backup Service (RBS)
In this configuration, the SafeNet Luna Backup HSM is connected to a remote client workstation that communicates with the
Figure 6: Remote backup (RBS) using password authentication
Figure 7: Remote backup (RBS) using remote PED authentication at the client
Figure 8: Remote backup (RBS) using remote PED authentication at the RBS server