Backup your HSM Partition Remotely
The options to backup a partition on your SafeNet Luna PCIe HSM are:
>Local backup
>Remote backup
Local backup means that the SafeNet Remote Backup Device is co-located and physically connected to the SafeNet Luna PCIe HSM whose contents are to be backed up (that could be a SafeNet Luna PCIe HSM card inside a host computer, or a SafeNet Luna PCIe HSM appliance which is its own host for its internal HSM card).
In the case of SafeNet Luna PCIe HSM, you would most likely be using a laptop near the SafeNet Luna PCIe HSMM appliance to run your admin session (either by network SSH session or by a local serial connection), and would use locally connected Luna PEDs to provide the necessary authentication.
Remote backup means that the SafeNet Luna PCIe HSM in its host or appliance is at a remote location and you are working from a network connected computer where you open your SSH connection to the host (or SafeNet Luna PCIe HSM admin) shell, and you also have the SafeNet Luna Backup HSM connected to the computer, at least one SafeNet PED (which must be remote-capable), and the PED workstation software running.
Remote Backup Requirements
You will need:
| Quantity | Description |
|---|---|
| 1 | SafeNet Luna PCIe HSM 5.2 or newer |
| 1 | Windows computer with SafeNet Luna PCIe HSM 5.2 (or newer) client software installed |
| 1 | SafeNet Luna Backup HSM |
| 1 | Set of PED keys imprinted for the source HSM and partitions |
| 1 | Luna PED 2 (Remote PED with f/w 2.5.0 or later)* |
| 1 | Power cable for Luna PED 2 (Remote) |
| 2 | USB to mini USB cable for Luna PED 2 (Remote) and SafeNet Luna Backup HSM |
* The Luna PED that is connected to the Windows computer, in order to perform Remote PED operations with the distant SafeNet Luna PCIe HSM appliance, must be a Luna PED 2 (remote-capable version) and is used in Remote mode and in Local mode. You also have the option to connect a second SafeNet PED, which can be Remote capable or can be a local-only version, to the SafeNet Luna Backup HSM. This allows you to leave the Remote capable SafeNet PED connected to the workstation in Remote mode.
Assumptions
The following examples assume that you have set up RBS, as described in Prepare RBS to Support Backup / Restore.
>SafeNet Luna Backup HSM and your primary (source) SafeNet HSM are initialized with appropriate keys (blue SO and black Partition Crypto Officer/User PED keys, which can be the same for both devices, or can be different).
>Both devices must share the same domain or red PED key value.
>The workstation (Windows computer) has Remote PED and SafeNet Remote Backup software package installed including the appropriate driver.
>For SafeNet Luna PCIe HSM, NTLS is established between your workstation computer, acting as a SafeNet Luna PCIe HSM client, and the distant SafeNet Luna PCIe HSM - that is, the workstation is registered as a client with the partition.
>Remote PED session key (orange RPV key) has been created and associated with the distantSafeNet Luna PCIe HSM.
Before you begin setup of RBS:
1.Ensure that your Windows workstation has the PED USB driver (from the /USBDriver folder on the software CD) installed, and that the PEDServer.exe file (the executable program file that makes Remote PED operation possible) has been copied to a convenient directory on your hard disk.
2.Connect all of the components as follows:
| From | Using | To |
|---|---|---|
| Workstation | USB | Remote PED (Luna PED IIr in Remote mode) |
| DC power receptacle on Remote PED | PED Power Supply | mains AC power (wall socket) |
| Workstation | USB | SafeNet Luna Backup HSM |
| SafeNet Luna Backup HSM | Power Cord | mains AC power (wall socket) |
| SafeNet Luna Backup HSM | Micro-D to Micro-D (local PED) cable | Luna PED (can be a separate local-or-Remote PED, or can be your single Remote PED set to operate in local mode for the local connection) |
3.At the Remote Luna PED (Luna PED IIr connected to the USB port of the workstation:
a.Press < on the PED keypad to exit Local mode
b.Press 7 to enter Remote PED mode.
4.Start remote PED service on the administrative workstation (Windows) computer in a Command Prompt (DOS) window, change directory to the location of the PEDServer.exe file and run that file:
C:\>cd \Program Files\LunaClient
C:\Program Files\LunaClient>PEDServer -mode start
5.Open an administrative connection (SSH) to the distant SafeNet Luna PCIe HSM (for SafeNet Luna PCIe HSM appliance, log in as "admin". For another HSM host, log in with the appropriate ID. Start the PED Client (the Remote PED enabling process on the appliance):
lunash:> hsm ped connect -ip {ip_workStation} -port 1503
or
lunacm:> hsm ped connect -ip {ip_workStation} -port 1503
Insert the orange RPV PED key that matches the RPV of the distant SafeNet Luna PCIe HSM.
The Remote PED Client in the SafeNet Luna PCIe HSM appliance or in the SafeNet Luna PCIe HSM or SafeNet Luna USB HSM host establishes a connection with the listening PED Server on your workstation.
6.Proceed to the Backup and Restore examples, below.
•RBS Remote Backup with Single Remote PED on Windows
•Restore to a SafeNet Luna PCIe HSM Slot
RBS Remote Backup with Single Remote PED on Windows
Just to indicate the versatility, this example uses a Windows 2012 64-bit client. PED Server is in Windows XP, SafeNet Luna Backup HSM is connected to Linux centOS 5.7.
This example shows a slot on a SafeNet Luna PCIe HSM being backed up. The same commands and sequences work for a SafeNet Luna PCIe HSM on a host computer. Just choose the desired HSM slot.
Backup from a SafeNet Luna PCIe HSM slot
This example assumes that you have already Prepare RBS to Support Backup / Restore.
That is, briefly:
>You have SafeNet Luna PCIe HSM Client software installed for your primary HSM (source of objects to be backed up).
>You have SafeNet Luna PCIe HSM Client software installed with the RBS option on the host computer connected to your Backup HSM.
>You have run RBS to generate private key/certificate, run RBS again to configure (select device(s) to support), run RBS again to launch the daemon (Linux/UNIX) or the service (Windows).
>You have copied the certificate (server.pem) to your primary HSM host computer (or SafeNet Luna PCIe HSM appliance).
>You have run vtl on the host computer (or appliance) to add the RBS server to the server list.
To backup from a SafeNet Luna PCIe HSM HSM slot:
1.Start the LunaCM utility (in Windows, it resides at C:\Program Files\SafeNet\LunaClient - in Linux/UNIX, it resides at /usr/safenet/lunaclient/bin):
C:\Program Files\SafeNet\LunaClient>lunacm.exe
LunaCM V7.0.0 - Copyright (c) 2006-2016 Gemalto, Inc.
Available HSM's:
Slot Id -> 1
HSM Label -> SA82_P1
HSM Serial Number -> 500409014
HSM Model -> LunaSA
HSM Firmware Version -> 6.10.1
HSM Configuration -> SafeNet Luna PCIe HSM HSM Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 2
HSM Label -> G5PKI
HSM Serial Number -> 701968008
HSM Model -> LunaSA
HSM Firmware Version -> 6.10.1
HSM Configuration -> SafeNet Luna PCIe HSM Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 3
HSM Label -> G5backup
HSM Serial Number -> 700101
HSM Model -> G5Backup
HSM Firmware Version -> 6.10.1
HSM Configuration -> Remote Backup HSM (PED) Backup Device
HSM Status -> OK
Slot Id -> 4
Tunnel Slot Id -> 6
HSM Label -> PCI422
HSM Serial Number -> 500422
HSM Model -> K6 Base
HSM Firmware Version -> 6.2.1
HSM Configuration -> Luna PCI (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 5
Tunnel Slot Id -> 7
HSM Label -> K6_328
HSM Serial Number -> 155328
HSM Model -> K6 Base
HSM Firmware Version -> 6.10.1
HSM Configuration -> Luna PCI (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 8
HSM Label -> G5180
HSM Serial Number -> 700180
HSM Model -> G5Base
HSM Firmware Version -> 6.10.1
HSM Configuration -> SafeNet Luna USB HSM (PED) Signing With Cloning Mode
HSM Status -> OK
Current Slot Id: 1
2.If the current slot is not the slot that you wish to backup, use the lunacm:> slot set command:
lunacm:> slot set slot 1
Current Slot Id: 1 ( SafeNet Luna PCIe HSM Slot 6.10.1 (PED) Signing With Cloning Mode)
Command Result : No Error
3.Establish that the HSM is listening for a Luna PED at the correct location (local or remote). In this example, we want the HSM to use a Luna PED that is not directly connected to the HSM - a Remote PED, at a specific location. The pedserver must already have been set up at that host.
lunacm:>ped get
HSM slot 1 listening to local PED (PED id=0).
Command Result : No Error
lunacm:> ped connect ip 192.20.10.190
Command Result : No Error
lunacm:> ped get
HSM slot 1 listening to remote PED (PED id=100).
Command Result : No Error
4.[Skip this step if your source partition is Activated]
Log into the partition (this takes place at the currently selected slot). This step is needed only if the partition you are about to backup is not already in Activated state.
lunacm:> par login
Option -password was not supplied. It is required.
Enter the password: *******
User is activated, PED is not required.
Command Result : No Error
5.Disconnect the PED connection from your source HSM (slot 1 in this example), and connect to the SafeNet Luna Backup HSM (slot 3 in this example).
lunacm:> ped disconnect
Are you sure you wish to disconnect the remote ped?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Command Result : No Error
lunacm:> ped connect ip 192.20.10.190 -slot 3
Command Result : No Error
lunacm:> ped get -slot 3
HSM slot 3 listening to remote PED (PED id=100).
Command Result : No Error
6.Perform the backup from the current slot (slot 1 in the example, see above) to the partition that you designate on the Backup HSM. Now that the Backup HSM is listening correctly for a PED, the target partition can be created, with PED action for the authentication.
lunacm:> partition backup backup -slot 3 -par SAbck1
Logging in as the SO on slot 3.
Please attend to the PED.
Creating partition SAbck1 on slot 3.
Please attend to the PED.
Logging into the container SAbck1 on slot 3 as the user.
Please attend to the PED.
Creating Domain for the partition SAbck1 on slot 3.
Please attend to the PED.
Verifying that all objects can be backed up...
85 objects will be backed up.
Backing up objects...
Cloned object 99 to partition SAbck1 (new handle 19).
Cloned object 33 to partition SAbck1 (new handle 20).
Cloned object 108 to partition SAbck1 (new handle 23).
Cloned object 134 to partition SAbck1 (new handle 24).
Cloned object 83 to partition SAbck1 (new handle 25).
Cloned object 117 to partition SAbck1 (new handle 26).
Cloned object 126 to partition SAbck1 (new handle 27).
Cloned object 65 to partition SAbck1 (new handle 28).
Cloned object 140 to partition SAbck1 (new handle 29).
Cloned object 131 to partition SAbck1 (new handle 30).
Cloned object 94 to partition SAbck1 (new handle 31).
Cloned object 109 to partition SAbck1 (new handle 35).
Cloned object 66 to partition SAbck1 (new handle 36).
Cloned object 123 to partition SAbck1 (new handle 39).
Cloned object 74 to partition SAbck1 (new handle 40).
Cloned object 50 to partition SAbck1 (new handle 44).
Cloned object 43 to partition SAbck1 (new handle 45).
Cloned object 52 to partition SAbck1 (new handle 46).
Cloned object 124 to partition SAbck1 (new handle 47).
Cloned object 115 to partition SAbck1 (new handle 48).
Cloned object 98 to partition SAbck1 (new handle 49).
Cloned object 42 to partition SAbck1 (new handle 50).
Cloned object 48 to partition SAbck1 (new handle 51).
Cloned object 29 to partition SAbck1 (new handle 52).
Cloned object 54 to partition SAbck1 (new handle 53).
Cloned object 112 to partition SAbck1 (new handle 56).
Cloned object 69 to partition SAbck1 (new handle 57).
Cloned object 46 to partition SAbck1 (new handle 58).
Cloned object 116 to partition SAbck1 (new handle 59).
Cloned object 101 to partition SAbck1 (new handle 60).
Cloned object 122 to partition SAbck1 (new handle 61).
Cloned object 21 to partition SAbck1 (new handle 62).
Cloned object 45 to partition SAbck1 (new handle 63).
Cloned object 139 to partition SAbck1 (new handle 64).
Cloned object 127 to partition SAbck1 (new handle 65).
Cloned object 84 to partition SAbck1 (new handle 66).
Cloned object 30 to partition SAbck1 (new handle 70).
Cloned object 105 to partition SAbck1 (new handle 71).
Cloned object 132 to partition SAbck1 (new handle 72).
Cloned object 136 to partition SAbck1 (new handle 73).
Cloned object 28 to partition SAbck1 (new handle 74).
Cloned object 44 to partition SAbck1 (new handle 75).
Cloned object 26 to partition SAbck1 (new handle 76).
Cloned object 120 to partition SAbck1 (new handle 77).
Cloned object 104 to partition SAbck1 (new handle 78).
Cloned object 137 to partition SAbck1 (new handle 79).
Cloned object 61 to partition SAbck1 (new handle 80).
Cloned object 110 to partition SAbck1 (new handle 81).
Cloned object 125 to partition SAbck1 (new handle 82).
Cloned object 129 to partition SAbck1 (new handle 83).
Cloned object 53 to partition SAbck1 (new handle 84).
Cloned object 130 to partition SAbck1 (new handle 85).
Cloned object 73 to partition SAbck1 (new handle 86).
Cloned object 41 to partition SAbck1 (new handle 87).
Cloned object 135 to partition SAbck1 (new handle 88).
Cloned object 114 to partition SAbck1 (new handle 89).
Cloned object 22 to partition SAbck1 (new handle 90).
Cloned object 57 to partition SAbck1 (new handle 91).
Cloned object 79 to partition SAbck1 (new handle 92).
Cloned object 121 to partition SAbck1 (new handle 96).
Cloned object 34 to partition SAbck1 (new handle 97).
Cloned object 103 to partition SAbck1 (new handle 98).
Cloned object 89 to partition SAbck1 (new handle 99).
Cloned object 128 to partition SAbck1 (new handle 103).
Cloned object 119 to partition SAbck1 (new handle 104).
Cloned object 107 to partition SAbck1 (new handle 105).
Cloned object 118 to partition SAbck1 (new handle 106).
Cloned object 111 to partition SAbck1 (new handle 107).
Cloned object 133 to partition SAbck1 (new handle 108).
Cloned object 138 to partition SAbck1 (new handle 109).
Cloned object 93 to partition SAbck1 (new handle 110).
Cloned object 49 to partition SAbck1 (new handle 111).
Cloned object 100 to partition SAbck1 (new handle 112).
Cloned object 25 to partition SAbck1 (new handle 113).
Cloned object 47 to partition SAbck1 (new handle 114).
Cloned object 62 to partition SAbck1 (new handle 115).
Cloned object 51 to partition SAbck1 (new handle 118).
Cloned object 113 to partition SAbck1 (new handle 119).
Cloned object 106 to partition SAbck1 (new handle 120).
Cloned object 58 to partition SAbck1 (new handle 121).
Cloned object 102 to partition SAbck1 (new handle 124).
Cloned object 70 to partition SAbck1 (new handle 125).
Cloned object 78 to partition SAbck1 (new handle 128).
Cloned object 88 to partition SAbck1 (new handle 129).
Cloned object 40 to partition SAbck1 (new handle 130).
Backup Complete.
85 objects have been backed up to partition SAbck1
on slot 3.
Command Result : No ErrorThe backup operation is complete. See below for an example of restoring from backup.
Restore to a SafeNet Luna PCIe HSM Slot
If your primary HSM partition (the partition onto which you will restore the backed-up objects) is in Activated state, then only the Backup HSM needs PED activity for authentication during restore. However, we add a couple of steps below to show that it is straightforward to use the single Remote PED with both HSMs, in the case where your HSM partition is not in Activated state when you begin the restore operation.
1.For the example, start by clearing the target partition before restoring objects into it, so it is obvious that any objects after the restore operation are, in fact, restored, and not left-overs. This example is a replacement restore operation, and not an appending or cumulative restore operation.
lunacm:> partition clear
You are about to delete all the user objects.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
85 objects were deleted.
Command Result : No Error
lunacm:> exit2.In our test setup, we have each of several SafeNet Luna PCIe HSM products. An easy way to see an updated summary of all HSMs and slot assignments is to exit LunaCM and restart the utility.
C:\Program Files\SafeNet\LunaClient>lunacm.exe
LunaCM V7.0.0 - Copyright (c) 2006-2016 Gemalto, Inc.
Available HSM's:
Slot Id -> 1
HSM Label -> SA82_P1
HSM Serial Number -> 500409014
HSM Model -> LunaSA
HSM Firmware Version -> 6.10.1
HSM Configuration -> SafeNet Luna PCIe HSM Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 2
HSM Label -> G5PKI
HSM Serial Number -> 701968008
HSM Model -> LunaSA
HSM Firmware Version -> 6.10.1
HSM Configuration -> SafeNet Luna PCIe HSM Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 3
HSM Label -> G5backup
HSM Serial Number -> 700101
HSM Model -> G5Backup
HSM Firmware Version -> 6.10.1
HSM Configuration -> Remote Backup HSM (PED) Backup Device
HSM Status -> OK
Slot Id -> 4
Tunnel Slot Id -> 6
HSM Label -> PCI422
HSM Serial Number -> 500422
HSM Model -> K6 Base
HSM Firmware Version -> 6.2.1
HSM Configuration -> Luna PCI (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 5
Tunnel Slot Id -> 7
HSM Label -> K6_328
HSM Serial Number -> 155328
HSM Model -> K6 Base
HSM Firmware Version -> 6.10.1
HSM Configuration -> Luna PCI (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 8
HSM Label -> G5180
HSM Serial Number -> 700180
HSM Model -> G5Base
HSM Firmware Version -> 6.10.1
HSM Configuration -> SafeNet Luna USB HSM (PED) Signing With Cloning Mode
HSM Status -> OK
Current Slot Id: 13.Verify which slot is listening for PED and whether it is expecting local or remote:
lunacm:>ped get
HSM slot 1 listening to local PED (PED id=0).
Command Result : No Error
4.Connect to Remote PED:
lunacm:> ped connect ip 192.20.10.190 Command Result : No Error
5.Deactivate (just to demonstrate using PED with both HSMs):
lunacm:> partition deactivate Command Result : No Error
6.Log into the partition. This would not be necessary if the partition was activated - we are demonstrating that if the partition was not in login state or activated state, it is straightforward to briefly switch the PED to the primary HSM partition before switching the PED back to the Backup HSM.
lunacm:> partition login
Option -password was not supplied. It is required.
Enter the password: *******
User is not activated, please attend to the PED.
Command Result : No Error
lunacm:> ped disconnect
Are you sure you wish to disconnect the remote ped?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Command Result : No Error
7.Now, (re)connect the Remote PED to the Backup HSM (which, in this example, is slot 3).
lunacm:> ped connect ip 192.20.10.190 slot 3
Command Result : No Error
lunacm:> ped get
HSM slot 1 listening to local PED (PED id=0).
Command Result : No Error
lunacm:> ped get slot 3
HSM slot 3 listening to remote PED (PED id=100).
Command Result : No Error
8.The currently selected slot is "slot 1" (see the LunaCM startup summary, above).
Now restore to the current slot from the slot that corresponds to the Backup HSM (slot 3).
lunacm:> partition backup restore -slot 3 -par SAbck1
Logging in to partition SAbck1 on slot 3 as the user.
Please attend to the PED.
Verifying that all objects can be restored...
85 objects will be restored.
Restoring objects...
Cloned object 19 from partition SAbck1 (new handle 20).
Cloned object 20 from partition SAbck1 (new handle 21).
Cloned object 23 from partition SAbck1 (new handle 22).
Cloned object 25 from partition SAbck1 (new handle 25).
Cloned object 24 from partition SAbck1 (new handle 26).
Cloned object 26 from partition SAbck1 (new handle 28).
Cloned object 28 from partition SAbck1 (new handle 29).
Cloned object 27 from partition SAbck1 (new handle 30).
Cloned object 29 from partition SAbck1 (new handle 33).
Cloned object 30 from partition SAbck1 (new handle 34).
Cloned object 31 from partition SAbck1 (new handle 40).
Cloned object 35 from partition SAbck1 (new handle 44).
Cloned object 36 from partition SAbck1 (new handle 45).
Cloned object 39 from partition SAbck1 (new handle 48).
Cloned object 40 from partition SAbck1 (new handle 49).
Cloned object 44 from partition SAbck1 (new handle 53).
Cloned object 45 from partition SAbck1 (new handle 54).
Cloned object 46 from partition SAbck1 (new handle 55).
Cloned object 47 from partition SAbck1 (new handle 56).
Cloned object 48 from partition SAbck1 (new handle 57).
Cloned object 49 from partition SAbck1 (new handle 58).
Cloned object 50 from partition SAbck1 (new handle 59).
Cloned object 51 from partition SAbck1 (new handle 60).
Cloned object 52 from partition SAbck1 (new handle 61).
Cloned object 53 from partition SAbck1 (new handle 62).
Cloned object 56 from partition SAbck1 (new handle 65).
Cloned object 57 from partition SAbck1 (new handle 66).
Cloned object 58 from partition SAbck1 (new handle 67).
Cloned object 59 from partition SAbck1 (new handle 68).
Cloned object 60 from partition SAbck1 (new handle 69).
Cloned object 61 from partition SAbck1 (new handle 70).
Cloned object 62 from partition SAbck1 (new handle 71).
Cloned object 63 from partition SAbck1 (new handle 72).
Cloned object 64 from partition SAbck1 (new handle 73).
Cloned object 65 from partition SAbck1 (new handle 74).
Cloned object 66 from partition SAbck1 (new handle 75).
Cloned object 70 from partition SAbck1 (new handle 79).
Cloned object 71 from partition SAbck1 (new handle 80).
Cloned object 72 from partition SAbck1 (new handle 81).
Cloned object 73 from partition SAbck1 (new handle 82).
Cloned object 74 from partition SAbck1 (new handle 83).
Cloned object 75 from partition SAbck1 (new handle 84).
Cloned object 76 from partition SAbck1 (new handle 85).
Cloned object 77 from partition SAbck1 (new handle 86).
Cloned object 78 from partition SAbck1 (new handle 87).
Cloned object 79 from partition SAbck1 (new handle 88).
Cloned object 80 from partition SAbck1 (new handle 89).
Cloned object 81 from partition SAbck1 (new handle 90).
Cloned object 82 from partition SAbck1 (new handle 91).
Cloned object 83 from partition SAbck1 (new handle 92).
Cloned object 84 from partition SAbck1 (new handle 93).
Cloned object 86 from partition SAbck1 (new handle 94).
Cloned object 85 from partition SAbck1 (new handle 95).
Cloned object 87 from partition SAbck1 (new handle 96).
Cloned object 88 from partition SAbck1 (new handle 97).
Cloned object 89 from partition SAbck1 (new handle 98).
Cloned object 91 from partition SAbck1 (new handle 99).
Cloned object 90 from partition SAbck1 (new handle 100).
Cloned object 92 from partition SAbck1 (new handle 101).
Cloned object 96 from partition SAbck1 (new handle 105).
Cloned object 97 from partition SAbck1 (new handle 106).
Cloned object 98 from partition SAbck1 (new handle 107).
Cloned object 99 from partition SAbck1 (new handle 108).
Cloned object 103 from partition SAbck1 (new handle 112).
Cloned object 104 from partition SAbck1 (new handle 113).
Cloned object 105 from partition SAbck1 (new handle 114).
Cloned object 106 from partition SAbck1 (new handle 115).
Cloned object 107 from partition SAbck1 (new handle 116).
Cloned object 108 from partition SAbck1 (new handle 117).
Cloned object 110 from partition SAbck1 (new handle 118).
Cloned object 109 from partition SAbck1 (new handle 119).
Cloned object 111 from partition SAbck1 (new handle 120).
Cloned object 112 from partition SAbck1 (new handle 121).
Cloned object 113 from partition SAbck1 (new handle 122).
Cloned object 114 from partition SAbck1 (new handle 123).
Cloned object 115 from partition SAbck1 (new handle 124).
Cloned object 118 from partition SAbck1 (new handle 127).
Cloned object 119 from partition SAbck1 (new handle 128).
Cloned object 120 from partition SAbck1 (new handle 129).
Cloned object 121 from partition SAbck1 (new handle 130).
Cloned object 124 from partition SAbck1 (new handle 133).
Cloned object 125 from partition SAbck1 (new handle 134).
Cloned object 128 from partition SAbck1 (new handle 137).
Cloned object 129 from partition SAbck1 (new handle 138).
Cloned object 130 from partition SAbck1 (new handle 139).
Restore Complete.
85 objects have been restored from partition SAbck1 on slot 3.
Command Result : No Error9.Verify that the restored slot now looks like it did just before the backup was originally performed.
lunacm:> partition backup list -slot 3
HSM Storage Information for slot 3:
Total HSM Storage Space: 16252928
Used HSM Storage Space: 43616
Free HSM Storage Space: 16209312
Number Of Allowed Partitions: 20
Number Of Allowed Partitions: 1
Partition list for slot 3
Number of partition: 1
Name: SAbck1
Total Storage Size: 41460
Used Storage Size: 41460
Free Storage Size: 0
Number Of Objects: 85
Command Result : No Error
Restore from backup, using RBS, is complete.
To restore onto a different remote SafeNet Luna PCIe HSM, the same arrangement is required, but the remote HSM must already have a suitable partition (if the restore-target HSM is a SafeNet Luna PCIe HSM, the target partition can have any name - it does not need to match the name of the source partition on the backup device), and your workstation must be registered as a client to that partition.
To restate: the backup operation can go from a source partition (on a SafeNet Luna PCIe HSM) to an existing partition on the SafeNet Luna Backup HSM, or if one does not exist, a new partition can be created during the backup. But the restore operation cannot create a target partition on a SafeNet Luna PCIe HSM; it must already exist and have a registered NTLS link.
