Administration & Maintenance - Backup & Restore
The Luna Remote Backup HSM (for backing up and restoring HSM and partition contents) and the Luna G5 HSM (for PKI options) can be stored, with valuable contents, when not in use.
The battery that powers the NVRAM and RTC in either device must be installed for use, but some questions commonly arise if the device is to be stored for long periods.
As an administrator of HSMs, I need clear instructions on what to do/how to manage the battery in the Luna G5 and Luna Backup HSM so that I don't get into a situation where I can't retrieve my backups or use my HSM.
It is generally good practice to remove batteries when storing electronic devices, to preclude accidental damage from battery leakage. We use high-quality, industrial-grade batteries, that are unlikely to fail in a damaging fashion, but prudence suggests removing them, regardless. Also, if the unit is not in use, there is no need to maintain power to the RTC and NVRAM, so an externally stored battery will last longer (see specifications, below).
If main power is not connected, and the battery dies, or is removed, then NVRAM and the system's Real Time Clock lose power. The working copy of the MTK is lost.
The only key material that is lost is session objects (including working copies of stored keys) that are in use at the time. If the "originals" of those same objects are stored as HSM/partition objects, then they reside in non-volatile memory, and those are preserved.
There is no corruption of stored objects.
From any supplier that can match the specifications.
3.6 V Primary lithium-thionyl chloride (Li-SOCl2)
Fast voltage recovery after long term storage and/or usage
Low self discharge rate
10 years shelf life
Operating temperature range -55 ºC to +85 ºC
U.L. Component Recognition, MH 12193
Cells should be stored in a clean & dry area (less than 30 % Relative Humidity)
Temperature should not exceed +30 ºC
There is not a low battery indicator or other provision for checking status.
The battery discharge curve is such that the voltage remains constant until the very end of the battery life, at which point the discharge is extremely steep.
If your HSM is a Password-authenticated version,
OR
if your HSM is a PED-authenticated version, but you have not moved an MTK split out of the HSM (onto a purple SRK), then simply insert the battery, connect the HSM, power it up, and resume using it.
The MTK that was deleted by the tamper event (battery removal/discharge) is reconstituted from stored portions as soon as you log in. All your stored material is available for use.
If your HSM is a PED-authenticated version, and you have previously enabled SRK (moved one split of the MTK out of the HSM, onto a purple PED Key - the SRK), then the first time you attempt to use the HSM (after battery replacement and power-up), the HSM is unable to find the "missing" portion, in order to reconstitute the MTK. You are prompted to present the purple PED Key. As soon as the correct SRK is received, the MTK is reconstituted, and all your stored material is available for use.