partition archive
Access the partition archive commands.
An archive (backup) device can be one of the following:
>An HSM in another slot in the current system
>A backup HSM connected to a remote workstation
>A USB-attached HSM connected directly to a SafeNet Luna PCIe HSM
Device configuration
In each scenario, the HSM that is being used as a backup device should be configured as a backup device; the HSM capability Enable full (non-backup) functionality (9) is disabled.
If the HSM is not configured as a backup device then you will not be able to create new backup partitions on the HSM. You will only be able to backup/restore to/from any existing partitions.
NOTE If the domains of your source and target HSMs do not match or the policy settings do not permit backup, the partition archive backup command fails. No objects are cloned to the target HSM but the command creates an empty backup partition. In this circumstance, you must manually delete the empty backup partition.
Specifying the backup device
To specify a backup device in another slot in the current system, use the -s option and give the actual slot number (for example, -s 4).
To specify a backup device in a remote work station, use the -s option and include the keyword remote (for example, -s remote). When specifying a remote device, you must also provide a hostname and port number using the -hostname and -port options. (The -hostname option also accepts an IP address.)
To specify a USB attached backup device directly connected to the HSM in the current slot, use the -s option and include the keyword direct (for example, -s direct). If you know the slot number that contains the USB attached HSM, you can specify that slot number explicitly (for example, -s 5).
Password-authenticated SafeNet Luna Backup HSM
When using a password-authenticated SafeNet Luna Backup HSM, the SO password, partition password, and domain values cannot be specified with the command. This is because the network connection is not secured and the passwords should not be transferred across the network in the clear. If these values are required, they are prompted on the remote workstation console.
Device initialization
Before a backup HSM can be used, it must be initialized. To initialize a backup HSM, you must set your backup HSM as your current slot and use the hsm init command. If your backup HSM is in a remote workstation, then you must initialize it locally at that workstation, or remotely using remote PED if it is supported.
Appending objects to an existing backup partition
When backing up, the append option can be used to add objects to the existing backup partition. If the specified partition does not exist, then this option cannot be used. If the partition does exist and this option is not used, the existing partition is deleted and a new partition is created. If the append option is not used and the specified partition does not exist, it is created. If the partition must be created or resized, the SO password for the backup HSM is required.
Remote backups
To perform remote backup (-s remote), a remote backup server must be running on the remote work station. To start a remote backup server, run LunaCM on the remote workstation, select the slot you wish to use as a remote backup HSM, and use the command remotebackup start. The remote backup server will accept commands and execute them against the current slot.
Syntax
partition archive
backup
contents
delete
list
restore
Argument(s) | Shortcut | Description |
---|---|---|
backup | b | Back up objects from the current slot to a backup partition in a backup device in a specified slot. See partition archive backup. |
contents | c | List the contents of a backup partition in a backup device in a specified slot. See partition archive contents. |
delete | d | Delete the specified backup partition in a backup device in a specified slot. See partition archive delete. |
list | l | List the backup partitions on a backup device in a specified slot. See partition archive list. |
restore | r | Restore objects from the specified backup partition in a backup device in a specified slot to the current user partition. See partition archive restore. |