|
Home > |
|---|
You can backup the non-User (non-partition) objects on your HSM - which would be either public objects or objects owned by the SO - with the "clone" feature.
HSM cloning securely clones HSM objects (not including objects that are contained within HSM Partitions), from the HSM to another HSM in your computer. To backup the HSM, have ready a blank HSM, or one that is acceptable to re-initialize (initializing, or re-initializing an HSM destroys any material that was on the HSM).
1.Have two HSMs connected to your computer.
2.Start the lunacm utility.
3.Login to the primary/source Luna HSM as SO.
4.At the lunacm prompt, type :
hsm clone -objects <handles> -slot <slot number> [-password <password>]
(the '-password <password>' is needed only if your HSMs are Password Authenticated
the source HSM is the current slot while the target HSM is the slot that you indicate in the command).
5.Secure the receiving/target HSM. Best practice for important keys and objects is to have a backup HSM in onsite secure lockup, for quick resumption of service in case of damage or loss of the primary HSM, and another backup HSM in secure off-site storage for disaster recovery.
To later restore the SO's token objects, perform a cloning operation from the backup token to the HSM that needs the objects.
See "Backup (Clone) Your HSM Partition" for separate handling of partition objects.
Backing-up/cloning the SO-space to a target requires that the target HSM be initialized as part of the process.
If there are no SO objects to clone (a common situation), then the process halts.