The Luna Backup HSM G5 allows you to safeguard your important cryptographic objects by making secure backups, and restoring those backups to an application partition.
For setup, management and backup/restore procedures, refer to the following sections:
>Luna Backup HSM G5 Hardware Installation
>Backup/Restore Using Client-Connected Luna Backup HSM G5
>Managing the Luna Backup HSM G5
>Configuring a Remote Backup Server Using Luna Backup HSM G5
The Luna Backup HSM G5 can be configured to back up either password- or multifactor quorum-authenticated partitions. You must specify the authentication method when you initialize the Luna Backup HSM G5. Once initialized, the backup HSM can only be used with partitions sharing the same authentication type. The only way to change the authentication method is to restore the backup HSM to factory condition and re-initialize it.
The storage capacity and maximum number of backup partitions allowed on the backup HSM is determined by the firmware. You can check the capacity using lunacm:> hsm showinfo. To update the backup HSM firmware to a version that allows more backups, see Updating the Luna Backup HSM G5 Firmware.
NOTE Objects stored on a Backup HSM may be smaller than their originals. For example, symmetric keys are 8 bytes smaller when stored on a Backup HSM. This size difference has no effect on backup and restore operations.
Considerations when Performing Cloning and Backup-Restore Operations, when SKS is Involved
If you invoked scalable key storage (SKS) for your applications to create and store large numbers of keys, then the partition is V1. If you perform cloning operations (including HA) or Backup and Restore, see Cloning or Backup / Restore with SKS.
