lunash token Commands
WHEN to USE lunash "token backup" commands, or use "vtl backup" commands?
Luna Shell (lunash:>) token backup commands operate a Luna Backup HSM attached directly to Luna SA via USB, and are not intended for use with remotely connected backup devices.
You might have a and a locally connected serial terminal and be walking them from Luna SA to Luna SA in your server room to perform backups. Or you might be administering remotely via SSH and lunash:> commands, while a technician in your server center carries the backup HSM from one Luna SA to the next. In either case, these "token backup" commands are the method to use.The important distinction is where the backup HSM is physically connected - from the Luna SA perspective, those are both local backup operations to a Backup HSM that is locally connected to the appliance.
VTL backup commands operate a Luna Backup HSM connected to a computer, and located distantly from your primary Luna SA appliance. The VTL backup commands are not for use with a Luna Backup HSM that is connected directly to your Luna SA appliance.
For true, hands-off, lights-out operation of your Luna appliances, use a Luna Remote Backup HSM located in your , connected to a computer acting as a . This means the computer and Backup HSM are located near you and remote/distant from your Luna SA appliance(s). For that application, use the backup commands in the VTL utility supplied with the Luna SA - the appliance token backup commands (previous paragraph) are not designed to work for Remote Backup.
| Name | (short) | Description |
|---|---|---|
| init | i | Initialize |
| login | logi | Login Backup Token Admin |
| logout | logo | Logout Backup Token Admin |
| list | li | List All Backup Tokens |
| show | s |
Get Backup Token Information |
| factoryReset | f | Factory Reset PKI Token |
| partition | p | > Partition |
| update | u | > Update Commands |
PED interactions with an external HSM require that the PED be directly connected to that HSM.
If you perform an operation toward any that is connected (via USB) to your Luna SA appliance, such as:
- a directly connected Luna Backup HSM (for token backup)
or
- a directly connected Luna G5 HSM or a Luna DOCK2 (for PKI operations),
then you must ensure that a Luna PED is connected to the external HSM (not just to the Luna SA onboard HSM) when you are prompted to do so.
Commands and data to-and-from an externally connected HSM are not passed through Luna SA from a Luna PED connected to the Luna SA front panel. Similarly, if your Luna SA is acting as a PED Client (for use with Remote PED), those PED interactions are not passed to external HSMs.
When labeling HSMs or partitions, never use a numeral as the first, or only, character in the name/label. Token backup commands allow slot-number OR label as identifier which can lead to confusion if the label is a string version of a slot number.
For example, if the token is initialized with the label "1" then the user cannot use the label to identify the target for purposes of backup, because VTL parses "1" as signifying the numeric ID of the first slot rather than as a text label for the target in whatever slot it really occupies (the target is unlikely to be in the first slot), so backup fails.
Luna shell (lunash:> token backup commands on Luna SA would be unable to see Luna Backup HSM slots maintained by Remote Backup server. Either connect the Backup HSM locally to the Luna SA USB port to use token backup commands, or use VTL commands directed to a Luna Remote Backup HSM connected to a computer configured as a backup server.