Admin - Backup and Restore
If your primary HSM partition (the partition onto which you will restore the backed-up objects) is in Activated state, then only the Backup HSM needs PED activity for authentication during restore. However, we add a couple of steps below to show that it is straightforward to use the single Remote PED with both HSMs, in the case where your HSM partition is not in Activated state when you begin the restore operation.
For the example, start by clearing the target partition before restoring objects into it, so it is obvious that any objects after the restore operation are, in fact, restored, and not left-overs. This example is a replacement restore operation, and not an appending or cumulative restore operation.
lunacm:> partition clear
You are about to delete all the user objects.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
85 objects were deleted.
Command Result : No Error
lunacm:> exit
C:\Program Files\SafeNet\LunaClient>lunacm.exe
LunaCM V2.3.3 - Copyright (c) 2006-2013 SafeNet, Inc.
Available HSM's:
Slot Id -> 1
HSM Label -> SA82_P1
HSM Serial Number -> 500409014
HSM Model -> LunaSA
HSM Firmware Version -> 6.10.1
HSM Configuration -> Luna SA Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 2
HSM Label -> G5PKI
HSM Serial Number -> 701968008
HSM Model -> LunaSA
HSM Firmware Version -> 6.10.1
HSM Configuration -> Luna SA Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 3
HSM Label -> G5backup
HSM Serial Number -> 700101
HSM Model -> G5Backup
HSM Firmware Version -> 6.10.1
HSM Configuration -> Remote Backup HSM (PED) Backup Device
HSM Status -> OK
Slot Id -> 4
Tunnel Slot Id -> 6
HSM Label -> PCI422
HSM Serial Number -> 500422
HSM Model -> K6 Base
HSM Firmware Version -> 6.2.1
HSM Configuration -> Luna PCI (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 5
Tunnel Slot Id -> 7
HSM Label -> K6_328
HSM Serial Number -> 155328
HSM Model -> K6 Base
HSM Firmware Version -> 6.10.1
HSM Configuration -> Luna PCI (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 8
HSM Label -> G5180
HSM Serial Number -> 700180
HSM Model -> G5Base
HSM Firmware Version -> 6.10.1
HSM Configuration -> Luna G5 (PED) Signing With Cloning Mode
HSM Status -> OK
Current Slot Id: 1
lunacm:>
lunacm:>ped get
HSM slot 1 listening to local PED (PED id=0).
Command Result : No Error
lunacm:>
lunacm:> ped connect ip 192.20.10.190 Command Result : No Error lunacm:>
lunacm:> partition deactivate Command Result : No Error lunacm:>
This would not be necessary if the partition was activated - we are demonstrating that if the partition was not in login state or activated state, it is straightforward to briefly switch the PED to the primary HSM partition before switching the PED back to the Backup HSM.
lunacm:> partition login
Option -password was not supplied. It is required.
Enter the password: *******
User is not activated, please attend to the PED.
Command Result : No Error
lunacm:> ped disconnect
Are you sure you wish to disconnect the remote ped?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Command Result : No Error
lunacm:>
lunacm:> ped connect ip 192.20.10.190 slot 3
Command Result : No Error
lunacm:> ped get
HSM slot 1 listening to local PED (PED id=0).
Command Result : No Error
lunacm:> ped get slot 3
HSM slot 3 listening to remote PED (PED id=100).
Command Result : No Error
lunacm:>
lunacm:> partition backup restore -slot 3 -par SAbck1
Logging in to partition SAbck1 on slot 3 as the user.
Please attend to the PED.
Verifying that all objects can be restored...
85 objects will be restored.
Restoring objects...
Cloned object 19 from partition SAbck1 (new handle 20).
Cloned object 20 from partition SAbck1 (new handle 21).
Cloned object 23 from partition SAbck1 (new handle 22).
Cloned object 25 from partition SAbck1 (new handle 25).
Cloned object 24 from partition SAbck1 (new handle 26).
Cloned object 26 from partition SAbck1 (new handle 28).
Cloned object 28 from partition SAbck1 (new handle 29).
Cloned object 27 from partition SAbck1 (new handle 30).
Cloned object 29 from partition SAbck1 (new handle 33).
Cloned object 30 from partition SAbck1 (new handle 34).
Cloned object 31 from partition SAbck1 (new handle 40).
Cloned object 35 from partition SAbck1 (new handle 44).
Cloned object 36 from partition SAbck1 (new handle 45).
Cloned object 39 from partition SAbck1 (new handle 48).
Cloned object 40 from partition SAbck1 (new handle 49).
Cloned object 44 from partition SAbck1 (new handle 53).
Cloned object 45 from partition SAbck1 (new handle 54).
Cloned object 46 from partition SAbck1 (new handle 55).
Cloned object 47 from partition SAbck1 (new handle 56).
Cloned object 48 from partition SAbck1 (new handle 57).
Cloned object 49 from partition SAbck1 (new handle 58).
Cloned object 50 from partition SAbck1 (new handle 59).
Cloned object 51 from partition SAbck1 (new handle 60).
Cloned object 52 from partition SAbck1 (new handle 61).
Cloned object 53 from partition SAbck1 (new handle 62).
Cloned object 56 from partition SAbck1 (new handle 65).
Cloned object 57 from partition SAbck1 (new handle 66).
Cloned object 58 from partition SAbck1 (new handle 67).
Cloned object 59 from partition SAbck1 (new handle 68).
Cloned object 60 from partition SAbck1 (new handle 69).
Cloned object 61 from partition SAbck1 (new handle 70).
Cloned object 62 from partition SAbck1 (new handle 71).
Cloned object 63 from partition SAbck1 (new handle 72).
Cloned object 64 from partition SAbck1 (new handle 73).
Cloned object 65 from partition SAbck1 (new handle 74).
Cloned object 66 from partition SAbck1 (new handle 75).
Cloned object 70 from partition SAbck1 (new handle 79).
Cloned object 71 from partition SAbck1 (new handle 80).
Cloned object 72 from partition SAbck1 (new handle 81).
Cloned object 73 from partition SAbck1 (new handle 82).
Cloned object 74 from partition SAbck1 (new handle 83).
Cloned object 75 from partition SAbck1 (new handle 84).
Cloned object 76 from partition SAbck1 (new handle 85).
Cloned object 77 from partition SAbck1 (new handle 86).
Cloned object 78 from partition SAbck1 (new handle 87).
Cloned object 79 from partition SAbck1 (new handle 88).
Cloned object 80 from partition SAbck1 (new handle 89).
Cloned object 81 from partition SAbck1 (new handle 90).
Cloned object 82 from partition SAbck1 (new handle 91).
Cloned object 83 from partition SAbck1 (new handle 92).
Cloned object 84 from partition SAbck1 (new handle 93).
Cloned object 86 from partition SAbck1 (new handle 94).
Cloned object 85 from partition SAbck1 (new handle 95).
Cloned object 87 from partition SAbck1 (new handle 96).
Cloned object 88 from partition SAbck1 (new handle 97).
Cloned object 89 from partition SAbck1 (new handle 98).
Cloned object 91 from partition SAbck1 (new handle 99).
Cloned object 90 from partition SAbck1 (new handle 100).
Cloned object 92 from partition SAbck1 (new handle 101).
Cloned object 96 from partition SAbck1 (new handle 105).
Cloned object 97 from partition SAbck1 (new handle 106).
Cloned object 98 from partition SAbck1 (new handle 107).
Cloned object 99 from partition SAbck1 (new handle 108).
Cloned object 103 from partition SAbck1 (new handle 112).
Cloned object 104 from partition SAbck1 (new handle 113).
Cloned object 105 from partition SAbck1 (new handle 114).
Cloned object 106 from partition SAbck1 (new handle 115).
Cloned object 107 from partition SAbck1 (new handle 116).
Cloned object 108 from partition SAbck1 (new handle 117).
Cloned object 110 from partition SAbck1 (new handle 118).
Cloned object 109 from partition SAbck1 (new handle 119).
Cloned object 111 from partition SAbck1 (new handle 120).
Cloned object 112 from partition SAbck1 (new handle 121).
Cloned object 113 from partition SAbck1 (new handle 122).
Cloned object 114 from partition SAbck1 (new handle 123).
Cloned object 115 from partition SAbck1 (new handle 124).
Cloned object 118 from partition SAbck1 (new handle 127).
Cloned object 119 from partition SAbck1 (new handle 128).
Cloned object 120 from partition SAbck1 (new handle 129).
Cloned object 121 from partition SAbck1 (new handle 130).
Cloned object 124 from partition SAbck1 (new handle 133).
Cloned object 125 from partition SAbck1 (new handle 134).
Cloned object 128 from partition SAbck1 (new handle 137).
Cloned object 129 from partition SAbck1 (new handle 138).
Cloned object 130 from partition SAbck1 (new handle 139).
Restore Complete.
85 objects have been restored from partition SAbck1 on slot 3.
Command Result : No Error
lunacm:> partition backup list -slot 3
HSM Storage Information for slot 3:
Total HSM Storage Space: 16252928
Used HSM Storage Space: 43616
Free HSM Storage Space: 16209312
Number Of Allowed Partitions: 20
Number Of Allowed Partitions: 1
Partition list for slot 3
Number of partition: 1
Name: SAbck1
Total Storage Size: 41460
Used Storage Size: 41460
Free Storage Size: 0
Number Of Objects: 85
Command Result : No Error
lunacm:>
Restore from backup, using RBS, is complete.
To restore onto a different remote Luna HSM, the same arrangement is required, but the remote HSM must already have a suitable partition (if the restore-target HSM is a Luna SA, the target partition can have any name - it does not need to match the name of the source partition on the backup device), and your workstation must be registered as a client to that partition.
To restate: the backup operation can go from a source partition (on a Luna HSM) to an existing partition on the Luna Remote Backup HSM, or if one does not exist, a new partition can be created during the backup -- but the restore operation cannot create a target partition on a Luna SA; it must already exist and have a registered NTLS link.