Planning Your Backup HSM Deployment

When setting up your backup deployment, you have multiple configuration options. This section will help you choose the right configuration for your organization, depending on where you prefer to keep your backups. You can use a SafeNet Luna Backup HSM or an application partition on any other Luna HSM for backup/restore operations.

Backup and restore operations require that cloning be enabled on the HSM/partition.

>Partition to Partition

>Backup HSM Connected to the Host Workstation

>Backup HSM Installed Using Remote Backup Service (RBS)

NOTE   The diagrams below depict the host workstation as the remote PED server, but you can also use a separate remote PED station. Since remote PED is supported on Windows clients only, this will be necessary if you use Linux/UNIX clients.

Partition to Partition

You can clone objects from any Luna 7 application partition to any other Luna 7 partition that shares its cloning domain. You must have the Crypto Officer credential for both partitions. Both partitions must use the same authentication method (either password or PED).

See Cloning Objects to Another Application Partition.

Backup HSM Connected to the Host Workstation

In this configuration, the SafeNet Luna Backup HSM is connected to a USB port on the SafeNet Luna PCIe HSM host workstation. It is useful in deployments where the partition Crypto Officer keeps backups at the local host. This allows you to perform backup/restore operations for all application partitions that appear as visible slots in LunaCM. You can restore a partition backup to the original source partition or to another existing Luna application partition that shares the same cloning domain.

Figure 1: Host-connected Backup HSM using password authentication

 

Figure 2: Host-connected Backup HSM using local PED authentication

 

Figure 3: Host-connected Backup HSM using remote PED authentication

See Backup/Restore Using a Host-Connected Backup HSM.

Backup HSM Installed Using Remote Backup Service (RBS)

In this configuration, the SafeNet Luna Backup HSM is connected to a remote client workstation that communicates with the SafeNet Luna PCIe HSM host via the Remote Backup Service (RBS). It is useful in deployments where backups are stored in a separate location from the SafeNet Luna PCIe HSM, to mitigate the consequences of catastrophic loss (fire, flood, etc).

Figure 4: Remote backup (RBS) using password authentication

 

Figure 5: Remote backup (RBS) using remote PED authentication at the client

 

Figure 6: Remote backup (RBS) using remote PED authentication at the RBS server

See Configuring a Remote Backup HSM Server.


Customer Support Portal

SafeNet Luna PCIe HSM 7.4 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.