Configuring a Remote Luna Backup HSM (G5) Server
In this configuration, the Luna Backup HSM is connected to a remote client workstation that communicates with the
RBS is a utility, included with the Luna HSM Client software, that runs on a workstation hosting one or more Backup HSMs. When RBS is configured and running, other clients or HSMs registered to it can see its Backup HSM(s) as slots in LunaCM. RBS is compatible with both Luna G5 and G7 Backup HSMs.
Installing/Configuring the Remote Backup Service
RBS is installed using the Luna HSM Client installer. You must create a certificate for the RBS workstation and register it on all clients/appliances that will use the remote Backup HSMs. These instructions will allow you to install and configure RBS.
Prerequisites
>On any Luna PCIe HSM
•Network: The Network component includes utilities that are required for remote backups
•Remote PED: if you are backing up PED-authenticated partitions
NOTE The Luna HSM Client version installed on the RBS workstation must be the same version installed on the client workstation(s). Ensure that you use a client version that is compatible with your Backup HSM firmware.
>Install the Luna Backup HSM(s) at the workstation that will host RBS (see Installing the Backup HSM).
>[PED Authentication] Initialize the remote PED vector for each Backup HSM. You will need the orange PED key for backup/restore operations (see Initializing the Backup HSM Remote PED Vector).
To install and configure RBS
1.On the workstation hosting the Backup HSM(s), install the Backup component of the Luna HSM Client
2.Navigate to the Luna HSM Client home directory (/usr/safenet/lunaclient/rbs/bin on Linux/Unix) and generate a certificate for the RBS host.
> rbs --genkey
You are prompted to enter and confirm an RBS password. The certificate is generated in:
•Linux/UNIX: <LunaClient_install_directory>/rbs/server/server.pem
•Windows: <LunaClient_install_directory>\cert\server\server.pem
3.Specify the Backup HSM(s) that RBS will make available to clients.
> rbs --config
RBS displays a list of Backup HSMs currently connected to the workstation. Select the ones you want to provide remote backup services. When you have specified your selection, enter X to exit the configuration tool.
4.Launch the RBS daemon (Linux/UNIX) or console application (Windows).
•Linux/UNIX: # rbs --daemon
•Windows: Double-click the rbs application. A console window will remain open.
You are prompted to enter the RBS password.
5.Securely transfer the RBS host certificate (server.pem) to your
6.On the
> vtl addServer -n <Backup_host_IP> -c server.pem
7.[Optional] Launch LunaCM on the client to confirm that the Backup HSM appears as an available slot.
NOTE If you encounter issues, try changing the RBS and PEDclient ports from their default values. Check that your firewall is not blocking ports used by the service.
You can now use the Backup HSM(s) as though they were connected to the