Home > |
---|
While some applications might deal in ephemeral objects (keys, certs, other) that are erased after using, in many Luna HSM applications, the keys and objects within the HSM and partition have value and are meant to persist. For such valuable data, any security regime requires that the data be backed up in secure fashion, and stored securely.
For Luna SA, the backup option is the Luna [Remote] Backup HSM, which can be connected directly to the Luna SA HSM to perform backup or restore operations on the spot. The Backup HSM can also be connected to a host computer, located at a distance from the source HSM, and can perform backup and restore operations over secure network connection. This is normally the case when the source HSM is kept in a secure server room or a lights-out facility. The Backup HSM is not able to perform cryptographic operations; it functions only in its secure backup/restore role. The Backup HSM configures itself to be Password Authenticated or PED Authenticated, according to the HSM that it backs up. This is negotiated at backup time. See the Administration Guide for more detailed information and instructions.
For Luna PCI-E, the backup option is the Luna [Remote] Backup HSM, which can be connected directly to the Luna PCI-E HSM to perform backup or restore operations on the spot. The Backup HSM can also be connected to a host computer, located at a distance from the source HSM, and can perform backup and restore operations over secure network connection. This is normally the case when the source HSM is kept in a secure server room or a lights-out facility. The Backup HSM is not able to perform cryptographic operations; it functions only in its secure backup/restore role. The Backup HSM configures itself to be Password Authenticated or PED Authenticated, according to the HSM that it backs up. This is negotiated at backup time. See the Administration Guide for more detailed information and instructions.
For Luna G5, the backup option is cloning of HSM or partition contents to another Luna G5 HSM, which must be of the same authentication type (Password authenticated, or PED authenticated). See the Administration Guide for more detailed information and instructions.