token backup init
Initializes the Backup HSM with the specified serial number and prepares it to receive backup data. Both the -label and -serial parameters are required at the command line. For password-authenticated Luna Backup HSMs, the domain and HSM SO password are prompted, and your input is obscured by asterisk (*) symbols. For multifactor quorum-authenticated HSMs, any typed values for domain or password are ignored and you are prompted for Luna PED operations with PED keys.
An external Luna Backup HSM can be USB-connected to a Luna Network HSM 7 appliance for local backup/restore operations.
Luna Network HSM 7 does not pass Luna PED operations and data through to an externally-connected Luna Backup HSM from a Luna PED connected locally to the Luna Network HSM 7.
If the Backup HSM is multifactor quorum-authenticated, then the options for Luna PED connection are:
>local SCP-PED connection directly to the Backup HSM (Luna Backup HSM G5 only)
>Remote PED connection, passed through the Luna Network HSM 7 (Luna Backup HSM G5, Luna Backup HSM 7 v1 or v2, requires minimum Luna Appliance Software 7.7.0, use procedure for Luna Backup HSM 7 Connected to Luna Network HSM 7 Using Remote Multifactor Quorum Authentication)
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
token backup init -label <label> -serial <serialnum> [-domain <domain>] [-tokenadminpw <password>] [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -domain <domain> | -d | Backup partition domain (required for password-authenticated HSMs, ignored for multifactor quorum-authenticated - if you prefer to not type it in the clear, on the command line, it is prompted later). |
| -force | -f | Force the action without prompting. |
| -label <label> | -l | Backup partition label. |
| -serial <serialnum> | -s | Luna Backup HSM serial number. |
| -tokenadminpw <password> | -t | Backup HSM SO password (required for password-authenticated HSMs, ignored for multifactor quorum-authenticated - if you prefer to not type it in the clear, on the command line, it is prompted later). |
Example
lunash:>token backup init -label sa7docbackup -serial 496771
Please enter a password for the Token Administrator:
> ********
Please re-enter password to confirm:
> ********
Please enter a cloning domain used when initializing this HSM:
> *********
Please re-enter cloning domain to confirm:
> *********
CAUTION: Are you sure you wish to initialize the backup
token named: sa7docbackup
Type 'proceed' to continue, or 'quit' to quit now.
> proceed
'token backup init' successful.
Command Result : 0 (Success)
