|
Home > |
|---|
Access the token backup partition commands to manage your backup partitions.
Note: WHEN to USE lunash "token backup" commands, or use "vtl backup" commands?
Luna Shell (lunash:>) token backup commands operate a Luna Backup HSM attached directly to Luna SA via USB, and are not intended for use with remotely connected backup devices.
You might have a and a locally connected serial terminal and be walking them from Luna SA to Luna SA in your server room to perform backups. Or you might be administering remotely via SSH and lunash:> commands, while a technician in your server center carries the backup HSM from one Luna SA to the next. In either case, these "token backup" commands are the method to use.The important distinction is where the backup HSM is physically connected - from the Luna SA perspective, those are both local backup operations to a Backup HSM that is locally connected to the appliance.
VTL backup commands operate a Luna Backup HSM connected to a computer, and located distantly from your primary Luna SA appliance. The VTL backup commands are not for use with a Luna Backup HSM that is connected directly to your Luna SA appliance.
For true, hands-off, lights-out operation of your Luna appliances, use a Luna Remote Backup HSM located in your , connected to a computer acting as a . This means the computer and Backup HSM are located near you and remote/distant from your Luna SA appliance(s). For that application, use the backup commands in the VTL utility supplied with the Luna SA - the appliance token backup commands (previous paragraph) are not designed to work for Remote Backup.
An external Luna HSM can be USB-connected to a Luna SA appliance for:
•local backup/restore operations (Luna Backup HSM)
•PKI bundle operations (Luna G5 HSM)
Luna SA does not pass PED operations and data through to an externally connected Luna HSM from a Luna PED that is connected locally to the Luna SA.
If the external HSM is PED-authenticated, then the options for Luna PED connection are:
•local PED connection, directly to the affected HSM, when needed, or
•Remote PED connection, passed through the Luna SA
Note: Support for PKI Bundles with Remote PED begins at firmware version 6.10.1 in the external HSM.
Note: Support for locally connected Backup HSM with Remote PED,
begins at firmware version 6.10.1 in the external HSM.
Note: Use of Remote PED with an external device is made possible when you set up with the commands
hsm ped vector init -serial <serial#_of_external_HSM>
and
hsm ped connect -serial <serial#_of_external_HSM>
before using token pki or token backup commands.
token backup partition
delete
list
show
| Parameter | Shortcut | Description |
|---|---|---|
| delete | d | Delete a backup partition. See |
| list | l | List the backup partitions. See |
| show | s | List the objects on a backup token. See |