token backup init

Initializes the token with the specified serial number and prepares it to receive backup data. Both the "-label" and "-serial" parameters are required at the command line. For SafeNet Network HSM with Password Authentication, the domain and Token Admin (SO) password are prompted, and your input is obscured by asterisk (*) symbols.  For SafeNet Network HSM with Trusted Path authentication, any typed values for domain or password are ignored and you are prompted for SafeNet PED operations with PED Keys.

Note:  WHEN to USE lunash "token backup" commands, or use "vtl backup" commands?  

LunaSH token backup commands operate a SafeNet Backup HSM attached directly to SafeNet Network HSM via USB, and are not intended for use with remotely connected backup devices.
You might have a locally-connected backup HSM [ connects directly to a SafeNet Network HSM via USB cable ] and a locally connected serial terminal and be walking them from SafeNet Network HSM to SafeNet Network HSM in your server room to perform backups. Or you might be administering remotely via SSH and lunash:> commands, while a technician in your server center carries the backup HSM from one SafeNet Network HSM to the next. In either case, these "token backup" commands are the method to use.The important distinction is where the backup HSM is physically connected - from the SafeNet Network HSM perspective, those are both local backup operations to a Backup HSM that is locally connected to the appliance.

VTL backup commands operate a SafeNet Backup HSM connected to a computer, and located distantly from your primary SafeNet Network HSM appliance. The VTL backup commands are not for use with a SafeNet Backup HSM that is connected directly to your SafeNet Network HSM appliance.
For true, hands-off, lights-out operation of your SafeNet appliances, use a SafeNet Remote Backup HSM located in your administrator's office [ or other convenient location ], connected to a computer acting as a Remote Backup server [ this could be your administrative workstation, or it could be a completely separate computer ]. This means the computer and Backup HSM are located near you and remote/distant from your SafeNet Network HSM appliance(s). For that application, use the backup commands in the VTL utility supplied with the SafeNet Network HSM Client software [ which must be installed on the computer that is acting as Remote Backup server ]  - the appliance token backup commands (previous paragraph) are not designed to work for Remote Backup.

Syntax

token backup init -label <label> -serial <serialnum> [-domain <domain>] [-tokenadminpw <password>] [-force]

An external SafeNet HSM can be USB-connected to a SafeNet Network HSM appliance for:

•local backup/restore operations (SafeNet Backup HSM)

•PKI bundle operations (SafeNet USB HSM)

SafeNet Network HSM does not pass PED operations and data through to an externally connected SafeNet HSM from a SafeNet PED that is connected locally to the SafeNet Network HSM.

If the external HSM is PED-authenticated, then the options for SafeNet PED connection are:

•local PED connection, directly to the affected HSM, when needed, or

•Remote PED connection, passed through the SafeNet Network HSM 

Note:  Support for PKI Bundles with Remote PED begins at firmware version 6.10.1 in the external HSM.

Note:  Support for locally connected Backup HSM with Remote PED,
begins at firmware version 6.10.1 in the external HSM.

Note:  Use of Remote PED with an external device is made possible when you set up with the commands
hsm ped vector init -serial <serial#_of_external_HSM>
and
hsm ped connect -serial <serial#_of_external_HSM>
before using token pki or token backup commands.  

Example

[myluna] lunash:> token init -label mytoken -serial 667788 
Please enter a password for the Token Administrator:
> ********

Please enter a domain

> ********

Command result : 0 (Success)
[myluna] lunash:>

SafeNet Network HSM 6.3 Product Documentation
007-011136-015 Rev. A 14 July 2017 Copyright 2001-2017 Gemalto All rights reserved.