Home > |
---|
While some applications might deal in ephemeral objects (keys, certs, other) that are erased after using, in many SafeNet HSM applications, the keys and objects within the HSM and partition have value and are meant to persist. For such valuable data, any security regime requires that the data be backed up in secure fashion, and stored securely.
For SafeNet Network HSM, the backup option is the SafeNet Remote Backup HSM, which can be connected directly to the SafeNet Network HSM to perform backup or restore operations on the spot. The Backup HSM can also be connected to a host computer, located at a distance from the source HSM, and can perform backup and restore operations over secure network connection. This is normally the case when the source HSM is kept in a secure server room or a lights-out facility. The Backup HSM is not able to perform cryptographic operations; it functions only in its secure backup/restore role. The Backup HSM configures itself to be Password Authenticated or PED Authenticated, according to the HSM that it backs up. This is negotiated at backup time. See the Administration Guide for more detailed information and instructions.
For SafeNet PCI-E HSM, the backup option is the SafeNet Remote Backup HSM, which can be connected directly to the SafeNet PCI-E HSM to perform backup or restore operations on the spot. The Backup HSM can also be connected to a host computer, located at a distance from the source HSM, and can perform backup and restore operations over secure network connection. This is normally the case when the source HSM is kept in a secure server room or a lights-out facility. The Backup HSM is not able to perform cryptographic operations; it functions only in its secure backup/restore role. The Backup HSM configures itself to be Password Authenticated or PED Authenticated, according to the HSM that it backs up. This is negotiated at backup time. See the Administration Guide for more detailed information and instructions.
For SafeNet USB HSM, the backup option is cloning of HSM or partition contents to another SafeNet USB HSM, which must be of the same authentication type (Password authenticated, or PED authenticated). See the Administration Guide for more detailed information and instructions.