Backup your HSM
Non-Partition Objects
The backup and restore operations are partition commands for HSM partition contents. There is no equivalent explicit backup or restore command for HSM Administrator / SO space objects - that is, objects that, for whatever reason, are not in the HSM partition User space. If you have objects stored in the HSM Adminstrator / SO space of your SafeNet Luna PCIe HSM, you can securely copy them to a locally connected HSM (such as a second SafeNet Luna PCIe HSM card in another slot in the host computer) with the hsm clone command.
To backup your HSM:
1.If the target HSM is SafeNet Luna USB HSM, then ensure that the HSM is connected to power and to the host computer's USB port. If the target is a SafeNet Luna PCIe HSM, ensure that it is installed in a nearby PCIe slot.
2.Start the LunaCM utility.
3.Login to the primary/source HSM as HSM Adminstrator / SO.
4.Run:
hsm clone -objects <objecthandle> -slot <slot#oftargethsm> -password targetHSMAdminpassword
for SafeNet Luna PCIe HSM with Password Authentication, or
hsm clone -objects <objecthandle> -slot <slot#oftargethsm>
for SafeNet Luna PCIe HSM
with PED Authentication.
To restore the HSM contents, reverse the cloning direction.
HSM Partition Backup
Partition backup securely clones partition objects (not including HSM Adminstrator / SO objects that are contained on the HSM, but not within an HSM Partition) from the HSM Partition, to a SafeNet Luna Backup HSM.
The options are:
>Your SafeNet Luna Backup HSM is connected directly to your HSM's USB port, described below. Use this option when you have just one HSM installed in the host computer.
>Your SafeNet Luna Backup HSM is connected to an administrative computer that is located remotely from the host computer containing your HSM, which is covered separately on Backup your HSM Partition Remotely.
To backup your HSM partition:
To backup a partition on your SafeNet Luna PCIe HSM, to a directly connected SafeNet Luna Backup HSM, have the Backup HSM connected to the AC mains power and to your HSM.
1.Start the LunaCM utility.
2.Select the slot to be backed up (if you have more than one HSM installed in the host computer.
3.Login to the source partition as User.
4.At the LunaCM prompt, type :
partition backup backup -slot direct -partition <partition-on-backup-hsm> -password <partition-challenge> -replace
Note that the partition on the source HSM needs no identification, other than the slot, since there is just one partition per HSM. You identify the target partition on the target SafeNet Luna Backup HSM because the Backup HSM is capable of containing multiple partitions as a backup repository for multiple SafeNet Luna PCIe HSMs or as multiple backups (on different days) of the same source SafeNet Luna PCIe HSM. A simple identification scheme is to use the text label of the source HSM when naming the target partition.
5.The content of the selected partition is copied to the named partition on the directly connected SafeNet Luna Backup HSM.
Disconnecting SafeNet Luna Backup HSM or SafeNet Luna USB HSM
The SafeNet Luna Backup HSM or the SafeNet Luna USB HSM is a USB device. It is not equipped with a power switch.
There is no special procedure for disconnecting or shutting down a SafeNet Luna Backup HSM or SafeNet Luna USB HSM.
If the Backup HSM or the SafeNet Luna USB HSM is connected to a workstation or host computer, then your only action is to perform the usual Windows (or other) dismount of a USB device (for the benefit of your workstation, not the HSM - “It is now safe to disconnect your USB Device”). Linux and UNIX platforms have their equivalent un-mount actions for USB. Then disconnect the cables.
