token backup update capability
Update Backup Token Capability, using a capability update package that you have acquired from
SafeNet and transferred via scp to the SafeNet appliance. Before you can use this command, you must:
•acquire the secure package update file from SafeNet and send the file to the SafeNet Network HSM (using scp or pscp)
Note: Use of older PuTTY versions, and related tools, can result in the appliance refusing to accept a connection. This can happen if a security update imposes restrictions on connections with older versions. To ensure compatibility, always use the versions of executable files included with the current client installer.
•open the file on the SafeNet Network HSM with the lunash command package update <filename> -authcode <authcode>
Note: WHEN to USE lunash "token backup" commands, or use "vtl backup" commands?
LunaSH token backup commands operate a SafeNet Backup HSM attached directly to SafeNet Network HSM via USB, and are not intended for use with remotely connected backup devices.
You might have a locally-connected backup HSM
[ connects directly to a SafeNet Network HSM via USB cable ] and a locally connected serial terminal and be walking them from SafeNet Network HSM to SafeNet Network HSM in your server room to perform backups. Or you might be administering remotely via SSH and lunash:> commands, while a technician in your server center carries the backup HSM from one SafeNet Network HSM to the next. In either case, these "token backup" commands are the method to use.The important distinction is where the backup HSM is physically connected - from the SafeNet Network HSM perspective, those are both local backup operations to a Backup HSM that is locally connected to the appliance.
VTL backup commands operate a SafeNet Backup HSM connected to a computer, and located distantly from your primary SafeNet Network HSM appliance. The VTL backup commands are not for use with a SafeNet Backup HSM that is connected directly to your SafeNet Network HSM appliance.
For true, hands-off, lights-out operation of your SafeNet appliances, use a SafeNet Remote Backup HSM located in your administrator's office [ or other convenient location ], connected to a computer acting as a Remote Backup server [ this could be your administrative workstation, or it could be a completely separate computer ]. This means the computer and Backup HSM are located near you and remote/distant from your SafeNet Network HSM appliance(s). For that application, use the backup commands in the VTL utility supplied with the SafeNet Network HSM Client software [ which must be installed on the computer that is acting as Remote Backup server ] - the appliance token backup commands (previous paragraph) are not designed to work for Remote Backup.
A capability update or a firmware update is meant to be applied just one time to an HSM. If you attempt to re-apply a capability update to an HSM that already has the capability installed, the system throws an error like " C0000002 : RC_GENERAL_ERROR ". A similar result occurs if you attempt to install a particular firmware update more than once on one HSM. This is expected behavior.
Syntax
token backup update capability -serial <serialnum> -capability <capabilityname> [-force]
| -capability |
-c |
Specifies the capability name. |
| -force |
-f |
Force the action without prompting. |
| -serial |
-s |
Specifies the token serial number. |
Example
lunash:>token backup update capability -serial 667788 -capability newcapability
CAUTION: This command updates the Token Capability.
This process cannot be reversed.
Type 'proceed' to continue, or 'quit'
to quit now.
> proceed
This is a NON-destructive capability update
Update Result :0 (Capability newcapability added)
Command Result : 0 (Success)