Administration & Maintenance - Backup & Restore
HSM backup securely clones HSM objects from the HSM SO space to a Backup HSM. This does not including objects that are contained within HSM Partitions - for partition contents, separate backup/restore operations are available.
Backup of HSM objects is a local operation - meaning that the Backup HSM must be physically connected to the Luna SA appliance - and is run from the lunash:> command line, only. That is, there is no provision to backup the SO space of a Luna SA HSM remotely, and lunacm does not support it. Partition backups are different; "Backup your HSM Partition Locally" and "Backup your HSM Partition Remotely".
To backup the HSM on your Luna SA, have ready a Luna Remote Backup HSM, connected to the front-panel USB port of the Luna appliance.
The hsm restore operation has an option to add material from a backup token to an HSM, rather than to replace any material that is already on the HSM, if that is desired. However, the backup operation (from HSM onto token) is an overwrite operation, only.
To backup your HSM:
If you see an error message about the token not being in "Factory Reset state", go to this page.
To restore the HSM contents, go to "Restore Your HSM from Token".
Disconnecting Luna Backup HSM
The Luna Backup HSM is a USB device. It is not equipped with a power switch.
There is no special "procedure" for disconnecting or shutting down a Luna Backup HSM.
If the Backup HSM is used in “Remote” configuration for Luna SA, therefore connected to a workstation acting as Backup server, then your only action is to do the usual Windows (or other) . Linux and UNIX platforms have their equivalent unmount actions for USB. Then disconnect the cables.
If the Backup HSM is connected to Luna SA for local backup, you have no access to the Luna SA’s internal hardened kernel, so you cannot issue an un-mount instruction. Simply disconnect the cables and the system figures it out at either end. Both Luna SA and the Backup HSM accept this treatment very robustly.