|
Home > |
Administration Guide > Backup and Restore HSMs and Partitions > Backing Up and Restoring Your HSM SO Space
|
|---|
HSM backup securely clones the SIM masking key from the SafeNet Network HSM SO space to a Backup HSM.
Backup/restore of the SO space is a local operation only, using LunaSH. The Backup HSM must be physically connected to the SafeNet Network HSM appliance. That is, there is no provision to backup a SafeNet Network HSM Admin partition remotely, and LunaCM does not support it.
The authentication type must match - if your source Backup HSM is password authenticated, then its contents can be restored onto a password authenticated HSM only; if your source Backup HSM is PED authenticated, then its contents can be restored onto a PED authenticated HSM only.
Note: The Backup HSM and the target HSM must share the same cloning domain.
Note: The hsm restore operation has an option to add material from a backup token to an HSM, rather than to replace any material that is already on the HSM, if that is desired. However, the hsm backup operation (from HSM onto token) is an overwrite operation, only.
To backup the SO space on a SafeNet Network HSM, have ready a SafeNet Remote Backup HSM, connected to the front-panel USB port of the SafeNet appliance.
1.Login to the SafeNet appliance as admin.
2.At the lunash prompt, type:
| Password authentication | hsm backup -password <HSM_Admin_password> -domain <domain_string> -tokenpw <password> |
| PED authentication | hsm backup |
If you see an error message about the token not being in "Factory Reset state", see Troubleshooting.
To restore the SO space on a SafeNet Network HSM, have ready a SafeNet Remote Backup HSM, connected to the front-panel USB port of the SafeNet appliance.
1.Login to the SafeNet appliance as admin.
2.At the lunash prompt, type:
| Password authentication | hsm restore -serial <backup_hsm_serialnum> -password <hsm_admin_password> -tokenadminpw <token_password> |
| PED authentication | hsm restore -serial <backup_hsm_serialnum> |