HIGH AVAILABILITY RECOVERY Menu Functions

The HIGH AVAILABILITY RECOVERY menu provides the following functions:

# Function Description
(49) HA Current Status

This option is used against the HA virtual partition slot, and returns, within 3 seconds(*), a list of all partitions in the HA group, with the current HA status of each member. This option expects the input/selection of the HA virtual slot number. This option invokes the PKCS#11 function CA_GetCurrentHAState

(50) HA Init

This option is used for HA Login setup and requires that an RSA key pair has been previously created on the primary partition, the private key has been cloned to the user space (and optionally to the SO spaces) of all tokens within that environment. This option requires the handle to the session (of the user that owns the key pair), and the handle to the login private key itself.

>If you are using Luna HSM Client 10.2.0 or older, this option prompts you to specify the HA Login private key handle.

>If you are using Luna HSM Client 10.3.0 or newer and

the target HSM is running Luna HSM Firmware 7.4.2 or older, this option prompts you for the HA Login public or private key

the target HSM is running Luna HSM Firmware 7.7.0 or newer, this option prompts for initialization or revocation of the HA Login credentials. If you are initializing, then it will prompt for the HA Login private key PKC chain or the HA Login private key handle. If the HA Login private key already exists on the partition, the PKC chain will be pulled directly from the HA Login private key. If the HA Login private key does not already exist on the partition, the PKC chain can be obtained by using ckdemo to display all of the HA Login private key object attributes. For more information, refer to OBJECT MANAGEMENT Menu Functions.

(51) HA Login

This option initiates several functions, including creation of a TWC (Token Wrapping Certificate) blob and HA Login Challenge (secondary token in the current HA domain) and Acceptance (primary token), as described in the document Extensions to PKCS#11, Cryptographic Token Interface Standard.

(52) HA Status

Display the current status for a specified HA slot.