|
Home > |
Administration Guide > Backup and Restore HSMs and Partitions > Backing Up and Restoring Your HSM SO Space
|
|---|
HSM backup securely clones the SIM masking key from the Luna SA HSM SO space to a Backup HSM.
Backup/restore of the SO space is a local operation only, using LunaSH. The Backup HSM must be physically connected to the Luna SA appliance. That is, there is no provision to backup a Luna SA Admin partition remotely, and LunaCM does not support it.
The authentication type must match - if your source Backup HSM is password authenticated, then its contents can be restored onto a password authenticated HSM only; if your source Backup HSM is PED authenticated, then its contents can be restored onto a PED authenticated HSM only.
Note: The Backup HSM and the target HSM must share the same cloning domain.
Note: The hsm restore operation has an option to add material from a backup token to an HSM, rather than to replace any material that is already on the HSM, if that is desired. However, the hsm backup operation (from HSM onto token) is an overwrite operation, only.
To backup the SO space on a Luna SA, have ready a Luna Remote Backup HSM, connected to the front-panel USB port of the Luna appliance.
1.Login to the Luna appliance as admin.
2.At the lunash prompt, type:
| Password authentication | hsm backup -password <HSM_Admin_password> -domain <domain_string> -tokenpw <password> |
| PED authentication | hsm backup |
If you see an error message about the token not being in "Factory Reset state", see "Troubleshooting".
To restore the SO space on a Luna SA, have ready a Luna Remote Backup HSM, connected to the front-panel USB port of the Luna appliance.
1.Login to the Luna appliance as admin.
2.At the lunash prompt, type:
| Password authentication | hsm restore -serial <backup_hsm_serialnum> -password <hsm_admin_password> -tokenadminpw <token_password> |
| PED authentication | hsm restore -serial <backup_hsm_serialnum> |