Luna Concepts
The "Legacy Cloning Domain" for Password authenticated HSM partitions is the text string that was used as a cloning domain on the legacy token HSM whose contents are to be migrated to the Luna SA HSM partition.
The "Legacy Cloning Domain" for PED authenticated HSM partitions is the cloning domain secret on the red PED key for the legacy PED authenticated token HSM whose contents are to be migrated to the Luna SA HSM partition.
Your target Luna SA HSM partition has, and retains, whatever modern partition cloning domain was imprinted (on a red PED Key) when the partition was created. The "partition setLegacyDomain" command takes the domain value from your legacy HSM's red PED Key and associates that with the modern-format domain of the partition, to allow the partition to be the cloning (restore...) recipient of objects from the legacy (token) HSM.
Once the first legacy domain has been associated with your Luna SA HSM Partition, that legacy domain is attached until the partition is deleted.
The following table illustrates what happens when objects from several legacy tokens (Luna CA4) are migrated to Luna SA 5 partitions. Shown are different scenarios for the legacy domain(s) and for the Luna SA partition domain(s).
| Source Token/HSM | Target HSM Partition | ||||
|---|---|---|---|---|---|
| Token Name | Token Contents | Token Domain | Partition Name | Partition Contents | Partition Domain |
|
Example = four legacy tokens (different legacy domains) to four partitions (where all partitions have different modern domains) |
|||||
| MyToken1 | Key1a, Key1b, Cert1 | LegacyDomain1 | MyPartition1 | Key1a, Key1b, Cert1 | ModernDomain1 (with LegacyDomain1 set) |
| MyToken2 | Key2a, Key2b, Cert2 | LegacyDomain2 | MyPartition2 | Key2a, Key2b, Cert2 | ModernDomain2 (with LegacyDomain2 set) |
| MyToken3 | Key3a, Key3b, Cert3 | LegacyDomain3 | MyPartition3 | Key3a, Key3b, Cert3 | ModernDomain3 (with LegacyDomain3 set) |
| MyToken4 | Key4a, Key4b, Cert4 | LegacyDomain4 | MyPartition4 | Key4a, Key4b, Cert4 | ModernDomain4 (with LegacyDomain4 set) |
|
Example = four legacy tokens (different legacy domains) to four partitions (where all partitions have same modern domain) |
|||||
| MyToken1 | Key1a, Key1b, Cert1 | LegacyDomain1 | MyPartition1 | Key1a, Key1b, Cert1 | ModernDomain1 (with LegacyDomain1 set) |
| MyToken2 | Key2a, Key2b, Cert2 | LegacyDomain2 | MyPartition2 | Key2a, Key2b, Cert2 | ModernDomain1 (with LegacyDomain2 set) |
| MyToken3 | Key3a, Key3b, Cert3 | LegacyDomain3 | MyPartition3 | Key3a, Key3b, Cert3 | ModernDomain1 (with LegacyDomain3 set) |
| MyToken4 | Key4a, Key4b, Cert4 | LegacyDomain4 | MyPartition4 | Key4a, Key4b, Cert4 | ModernDomain1 (with LegacyDomain4 set) |
|
Example = four legacy tokens (shared legacy domain) to four partitions (where all partitions have different modern domains) |
|||||
| MyToken1 | Key1a, Key1b, Cert1 | Common LegacyDomain1 |
MyPartition1 | Key1a, Key1b, Cert1 | ModernDomain1 (with LegacyDomain1 set) |
| MyToken2 | Key2a, Key2b, Cert2 | MyPartition2 | Key2a, Key2b, Cert2 | ModernDomain2 (with LegacyDomain1 set) | |
| MyToken3 | Key3a, Key3b, Cert3 | MyPartition3 | Key3a, Key3b, Cert3 | ModernDomain3 (with LegacyDomain1 set) | |
| MyToken4 | Key4a, Key4b, Cert4 | MyPartition4 | Key4a, Key4b, Cert4 | ModernDomain4 (with LegacyDomain1 set) | |
|
Example = four legacy tokens (shared legacy domain) to four partitions (where all partitions have same modern domain) |
|||||
| MyToken1 |
Key1a, Key1b, Cert1 | Common LegacyDomain1 |
MyPartition1 | Key1a, Key1b, Cert1 | ModernDomain1 (with LegacyDomain1 set i.e., same modern domain for all 4 partitions and same legacy domain associated to all 4 partitions) |
| MyToken2 |
Key2a, Key2b, Cert2 | MyPartition2 | Key2a, Key2b, Cert2 | ||
| MyToken3 |
Key3a, Key3b, Cert3 | MyPartition3 | Key3a, Key3b, Cert3 | ||
| MyToken4 |
Key4a, Key4b, Cert4 | MyPartition4 | Key4a, Key4b, Cert4 | ||
|
Example = four legacy tokens to one partition (legacy tokens must all have same domain) |
|||||
| MyToken1 | Key1a, Key1b, Cert1 |
Common LegacyDomain1 |
MyPartition1 | Key1a, Key1b, Cert1 Key2a, Key2b, Cert2 Key3a, Key3b, Cert3 Key4a, Key4b, Cert4 (i.e. contents of 4 tokens into one partition) |
ModernDomain1 (with LegacyDomain1 set) |
| MyToken2 | Key2a, Key2b, Cert2 |
||||
| MyToken3 | Key3a, Key3b, Cert3 |
||||
| MyToken4 | Key4a, Key4b, Cert4 |
||||
Contact SafeNet Technical Support -- e-mail: support@safenet-inc.com or phone 800-545-6608 (+1 410-931-7520 International) for the relevant Key Migration document, which includes explicit instructions to migrate your cryptographic objects between different types of Luna HSM (generally from legacy models to current models of HSM).