Restore your HSM Partition Locally

The options, in restoring to a partition are:

>To restore from a backup partition on a SafeNet Luna Backup HSM (modern backup and restore).

>To restore from a legacy backup token in a SafeNet DOCK slot (legacy restore, one way only, using legacy domain).

To restore one HSM Partition, you must have:

>The SafeNet Luna Backup HSM (also called Token) containing the objects to be restored to that partition

>The authentication for the Backup HSM and for the HSM Partition

The Backup Token and the HSM with the target partition must share the same cloning domain.

If you have Private Key Cloning switched off for the current partition, then the Backup operation proceeds, but skips over any private keys, and clones only the permitted objects onto the Backup token. Similarly, if you restore from a token that includes private keys, but the target partition has Private Key Cloning disallowed, then all other objects are recovered to the partition, but the private keys are skipped during the operation.

1.Insert a SafeNet Backup token into the token-reader slot on the SafeNet appliance front panel.

2.Choose an HSM Partition, and type:

partition restore -partition HSMPartitionname -password ClientPassword -replace

NOTE   In the command above, you could have used -add instead of -replace.

Example – partition restore Command

lunash:> partition restore -partition myRoom -password 9YWt6L56FXqGC6sL -replace

In that example, either the password came from the Luna PED of a SafeNet Luna PCIe HSM with Trusted Path Authentication, or it was a Password Authentication Partition Password created by someone very enthusiastic about passwords.

On restore, you may add to existing HSM Partition contents or replace them. Adding may result in unwanted behaviors, such as having two keys with the same label, if one existed in the HSM Partition and one on the backup token.