hsm backup

Backup data or objects in the HSM's SO (or HSM Admin) space to a backup token. The hsm backup command copies crucial HSM backup information to a special SafeNet backup device. The connected backup HSM, indicated by its serial number, is initialized and used during this process. The user is prompted to confirm that this destructive command should continue ("destructive" to any contents currently on the backup device, not destructive to the source HSM).

The hsm backup command backs up only data or objects in the HSM's SO (or HSM Admin) space. It does not back up the partition data. For that, you must use the partition backup commands.

Dual mode backup tokens are initialized to the same level (SafeNet Luna HSM with Password Authentication or SafeNet Luna HSM with PED (Trusted Path) Authentication) as the HSM.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

hsm backup -serial <serialnumber> [-password <password>] [-tokenadminpw <password>]

Argument(s)

Shortcut

Description
-serial <serialnumber> -s Specifies the serial number of the target backup HSM. This indicates which backup device to work with.
-password <password> -p Specifies the source HSM Admin's (or SO's) text password. This parameter is required on password-authenticated HSMs. It is ignored on PED-authenticated HSMs.
-tokenadminpw <password> -t

Specifies the password of the backup target HSM. On PED-authenticated HSMs, the Luna PED is used for the PIN and this value is ignored. The token password need not be the same password or PED key as used for the HSM partition.

Example

lunash:>hsm backup -serial 667788
     
CAUTION:  Are you sure you wish to initialize the backup  
    token named:  
      no label  
    Type 'proceed' to continue, or 'quit' to quit now.   
    >  proceed  
Luna PED operation required to initialize backup token - use Security Officer (blue) PED key.  
Luna PED operation required to login to backup token - use Security Officer (blue) PED key.  
Luna PED operation required to generate cloning domain on backup token - use Domain (red) PED key.  
Luna PED operation required to login as HSM Administrator - use Security Officer (blue) PED key.  
Luna PED operation required to login to backup token - use Security Officer (blue) PED key.  
'hsm backup' successful. 

Command Result : 0 (Success)


Customer Support Portal

SafeNet Luna Network HSM 7.4 Product Documentation  16 December 2019  Copyright 2001-2019 Thales. All rights reserved.