hsm backup
Backup data or objects in the HSM's SO (or HSM Admin) space to a backup token. The hsm backup command copies crucial HSM backup information to a special SafeNet backup device. The connected backup HSM, indicated by its serial number, is initialized and used during this process. The user is prompted to confirm that this destructive command should continue ("destructive" to any contents currently on the backup device, not destructive to the source HSM).
The hsm backup command backs up only data or objects in the HSM's SO (or HSM Admin) space. It does not back up the partition data. For that, you must use the partition backup commands.
Dual mode backup tokens are initialized to the same level (SafeNet Luna HSM with Password Authentication or SafeNet Luna HSM with PED (Trusted Path) Authentication) as the HSM.
CAUTION! When labeling HSMs or partitions, never use a numeral as the first, or only, character in the name/label. Token backup commands allow a slot-number OR a label as identifier, which can lead to confusion if the label is a string version of a slot number.
For example, if the token is initialized with the label "1
", the user cannot use the label to identify the target for backup purposes, because VTL parses "1
" as the numeric ID of the first slot rather than as a text label for the target in the actual occupied slot.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
hsm backup -serial <serialnumber> [-password <password>] [-tokenadminpw <password>]
Argument(s) |
Shortcut |
Description |
---|---|---|
-serial <serialnumber> | -s | Specifies the serial number of the target backup HSM. This indicates which backup device to work with. |
-password <password> | -p | Specifies the source HSM Admin's (or SO's) text password. This parameter is required on password-authenticated HSMs. It is ignored on PED-authenticated HSMs. |
-tokenadminpw <password> | -t |
Specifies the password of the backup target HSM. On PED-authenticated HSMs, the Luna PED is used for the PIN and this value is ignored. The token password need not be the same password or PED key as used for the HSM partition. |
Example
lunash:>hsm backup -serial 667788
CAUTION: Are you sure you wish to initialize the backup
token named:
no label
Type 'proceed' to continue, or 'quit' to quit now.
> proceed
Luna PED operation required to initialize backup token - use Security Officer (blue) PED key.
Luna PED operation required to login to backup token - use Security Officer (blue) PED key.
Luna PED operation required to generate cloning domain on backup token - use Domain (red) PED key.
Luna PED operation required to login as HSM Administrator - use Security Officer (blue) PED key.
Luna PED operation required to login to backup token - use Security Officer (blue) PED key.
'hsm backup' successful.
Command Result : 0 (Success)