|
Home > |
|---|
The "Legacy Cloning Domain" for Password authenticated HSM partitions is the text string that was used as a cloning domain on the legacy token HSM whose contents are to be migrated to the SafeNet Network HSM partition.
The "Legacy Cloning Domain" for PED authenticated HSM partitions is the cloning domain secret on the red PED key for the legacy PED authenticated token HSM whose contents are to be migrated to the SafeNet Network HSM partition.
Your target SafeNet Network HSM partition has, and retains, whatever modern partition cloning domain was imprinted (on a red PED Key) when the partition was created. The "partition setLegacyDomain" command takes the domain value from your legacy HSM's red PED Key and associates that with the modern-format domain of the partition, to allow the partition to be the cloning (restore...) recipient of objects from the legacy (token) HSM.
You can repeat the "partition setLegacyDomain" command in SafeNet Shell (lunash:>) or in Lunacm, appending a different legacy domain to the partition's own domain, allowing you to consolidate the content of multiple legacy HSMs/Tokens onto a single modern partition, if desired.
The following table illustrates what happens when objects from several legacy tokens (SafeNet CA4) are migrated to SafeNet Network HSM 5 partitions. Shown are different scenarios for the legacy domain(s) and for the SafeNet Network HSM partition domain(s).
| Source Token/HSM | Target HSM Partition | ||||
|---|---|---|---|---|---|
| Token Name | Token Contents | Token Domain | Partition Name | Partition Contents | Partition Domain |
|
Example = four legacy tokens (different legacy domains) to four partitions (where all partitions have different modern domains) |
|||||
| MyToken1 | Key1a, Key1b, Cert1 | LegacyDomain1 | MyPartition1 | Key1a, Key1b, Cert1 | ModernDomain1 (with LegacyDomain1 set) |
| MyToken2 | Key2a, Key2b, Cert2 | LegacyDomain2 | MyPartition2 | Key2a, Key2b, Cert2 | ModernDomain2 (with LegacyDomain2 set) |
| MyToken3 | Key3a, Key3b, Cert3 | LegacyDomain3 | MyPartition3 | Key3a, Key3b, Cert3 | ModernDomain3 (with LegacyDomain3 set) |
| MyToken4 | Key4a, Key4b, Cert4 | LegacyDomain4 | MyPartition4 | Key4a, Key4b, Cert4 | ModernDomain4 (with LegacyDomain4 set) |
|
Example = four legacy tokens (different legacy domains) to four partitions (where all partitions have same modern domain) |
|||||
| MyToken1 | Key1a, Key1b, Cert1 | LegacyDomain1 | MyPartition1 | Key1a, Key1b, Cert1 | ModernDomain1 (with LegacyDomain1 set) |
| MyToken2 | Key2a, Key2b, Cert2 | LegacyDomain2 | MyPartition2 | Key2a, Key2b, Cert2 | ModernDomain1 (with LegacyDomain2 set) |
| MyToken3 | Key3a, Key3b, Cert3 | LegacyDomain3 | MyPartition3 | Key3a, Key3b, Cert3 | ModernDomain1 (with LegacyDomain3 set) |
| MyToken4 | Key4a, Key4b, Cert4 | LegacyDomain4 | MyPartition4 | Key4a, Key4b, Cert4 | ModernDomain1 (with LegacyDomain4 set) |
|
Example = four legacy tokens (shared legacy domain) to four partitions (where all partitions have different modern domains) |
|||||
| MyToken1 | Key1a, Key1b, Cert1 | Common LegacyDomain1 |
MyPartition1 | Key1a, Key1b, Cert1 | ModernDomain1 (with LegacyDomain1 set) |
| MyToken2 | Key2a, Key2b, Cert2 | MyPartition2 | Key2a, Key2b, Cert2 | ModernDomain2 (with LegacyDomain1 set) | |
| MyToken3 | Key3a, Key3b, Cert3 | MyPartition3 | Key3a, Key3b, Cert3 | ModernDomain3 (with LegacyDomain1 set) | |
| MyToken4 | Key4a, Key4b, Cert4 | MyPartition4 | Key4a, Key4b, Cert4 | ModernDomain4 (with LegacyDomain1 set) | |
|
Example = four legacy tokens (shared legacy domain) to four partitions (where all partitions have same modern domain) |
|||||
| MyToken1 |
Key1a, Key1b, Cert1 | Common LegacyDomain1 |
MyPartition1 | Key1a, Key1b, Cert1 | ModernDomain1 (with LegacyDomain1 set i.e., same modern domain for all 4 partitions and same legacy domain associated to all 4 partitions) |
| MyToken2 |
Key2a, Key2b, Cert2 | MyPartition2 | Key2a, Key2b, Cert2 | ||
| MyToken3 |
Key3a, Key3b, Cert3 | MyPartition3 | Key3a, Key3b, Cert3 | ||
| MyToken4 |
Key4a, Key4b, Cert4 | MyPartition4 | Key4a, Key4b, Cert4 | ||
|
Example = four legacy tokens to one partition (legacy tokens all have same domain - run "partition setLegacyDomain" once before starting to clone the first legacy token content) |
|||||
| MyToken1 | Key1a, Key1b, Cert1 |
Common LegacyDomain1 |
MyPartition1 | Key1a, Key1b, Cert1 Key2a, Key2b, Cert2 Key3a, Key3b, Cert3 Key4a, Key4b, Cert4 (i.e. contents of 4 tokens into one partition) |
ModernDomain1 (with LegacyDomain1 set) |
| MyToken2 | Key2a, Key2b, Cert2 |
||||
| MyToken3 | Key3a, Key3b, Cert3 |
||||
| MyToken4 | Key4a, Key4b, Cert4 |
||||
|
Example = four legacy tokens to one partition (legacy tokens all have different domains - run "partition setLegacyDomain" once before starting to clone each and EVERY legacy token's content) (LHSM-9834) |
|||||
| MyToken1 | Key1a, Key1b, Cert1 |
LegacyDomain1 | MyPartition1 | Key1a, Key1b, Cert1 Key2a, Key2b, Cert2 Key3a, Key3b, Cert3 Key4a, Key4b, Cert4 (i.e. contents of 4 tokens into one partition) |
ModernDomain1 (with LegacyDomain1 set) |
| MyToken2 | Key2a, Key2b, Cert2 |
LegacyDomain2 | ModernDomain1 (with LegacyDomain2 set) | ||
| MyToken3 | Key3a, Key3b, Cert3 |
LegacyDomain3 | ModernDomain1 (with LegacyDomain3 set) | ||
| MyToken4 | Key4a, Key4b, Cert4 |
LegacyDomain4 | ModernDomain1 (with LegacyDomain4 set) | ||
Contact SafeNet Technical Support -- e-mail: support@safenet-inc.com or phone 800-545-6608 (+1 410-931-7520 International) for the relevant Key Migration document, which includes explicit instructions to migrate your cryptographic objects between different types of SafeNet HSM (generally from legacy models to current models of HSM).