Home > |
---|
Backup data or objects in the HSM's SO (or HSM Admin) space, such as the HSM's masking key (used in Scalable Key Storage) information, to a backup token. The hsm backup command copies crucial HSM backup information to a special SafeNet backup device. The connected backup HSM, indicated by its serial number, is initialized and used during this process. The user is prompted to confirm that this destructive command should continue ("destructive" to any contents currently on the backup device, not destructive to the source HSM).
The hsm backup command backs up only data or objects in the HSM's SO (or HSM Admin) space. It does not back up the partition data. For that, you must use the partition backup commands.
Dual mode backup tokens are initialized to the same level (SafeNet HSM with Password Authentication or SafeNet HSM with PED (Trusted Path) Authentication) as the HSM.
When labeling HSMs or partitions, never use a numeral as the first, or only, character in the name/label. Token backup commands allow slot-number OR label as identifier which can lead to confusion if the label is a string version of a slot number.
For example, if the token is initialized with the label "1" then the user cannot use the label to identify the target for purposes of backup, because VTL parses "1" as signifying the numeric ID of the first slot rather than as a text label for the target in whatever slot it really occupies (the target is unlikely to be in the first slot), so backup fails.
hsm backup -serial <serialnumber> [-password <password>] [-tokenAdminPw <password>] [-force]
Parameter |
Shortcut |
Description |
---|---|---|
-serial | -s | Specifies the serial number of the target backup HSM. This indicates which backup device to work with. |
-password | -p | Specifies the source HSM Admin's (or SO's) text password. This parameter is required on password-authenticated HSMs. It is ignored on PED-authenticated HSMs. |
-tokenAdminPw | -t |
Specifies the password of the backup target HSM. On PED-authenticated HSMs, the SafeNet PED is used for the PIN and this value is ignored. The token password need not be the same password or PED key as used for the HSM partition. |
-force | -f | Force the action without prompting. |
lunash:>hsm backup -serial 667788
CAUTION: Are you sure you wish to initialize the backup
token named:
no label
Type 'proceed' to continue, or 'quit' to quit now.
> proceed
Luna PED operation required to initialize backup token - use Security Officer (blue) PED key.
Luna PED operation required to login to backup token - use Security Officer (blue) PED key.
Luna PED operation required to generate cloning domain on backup token - use Domain (red) PED key.
Luna PED operation required to login as HSM Administrator - use Security Officer (blue) PED key.
Luna PED operation required to login to backup token - use Security Officer (blue) PED key.
'hsm backup' successful.
Command Result : 0 (Success)