HSM Backup Device

The following provides information about the HSM Backup Device.

For successful operations with the HSM Backup Device, it is necessary to have an up-to-date device connected to the appliance.

The HSM Backup Device can be attached locally on the appliance, or on a remote workstation with a running Remote Backup Service (RBS).

Remote use of the HSM Backup Device is only supported on Windows or Linux computers.

The backup device is delivered zeroized and in Secure Transport Mode (STM). Before using the device for the first time, it must be removed from STM. For further information please refer to Remove the STM from the Backup Device.
After being removed from STM the backup device must be initialized via webconf.

Several backup devices can be connected when using the Remote Backup Service (RBS).
Only two backup devices can be used with a local connection.

All connected Backup Devices are displayed on the Overview page in the section Device Overview and on the Security page in the HSM Backup Management section, including:

• The name of the device with its HSM Backup Device Serial Number.

• The status is also displayed, which can be:

  • Connected

  • Zeroized or

  • Secure Transport Mode

• The number of backups and the possible maximum, e.g. 0/100.

Initialize the Backup Device

• For a local backup device connection, ensure that the device is properly connected to the appliance. Use the supplied USB-C to USB-A cable via the USB-C port.
  Use the front USB ports of the appliance. Do not use the USB port of the HSM.

• For a remote backup device connection, ensure that the PED server and client are properly configured.

• The STM must be removed.

• Make sure the labeled PED Keys are within reach.
  The USB 3.1 Gen1 adapter is required to connect the necessary PED Keys to the backup device.

1. Log in to your Next Generation Hardware Appliance.

2. Open the Security page.

3. In the HSM Backup Management section the listed backup device is displayed as Zeroized.

4. Click Initialize on the right to open the HSM Guided Setup window.

5. Click Next Step.

6. The pop-up HSM Backup Device initialization window opens.

7. Click Start Setup.

8. Several steps are called up with queries of the various PED Keys by the backup device.
   When the process is complete, click Finalize to end and exit the initialization.

Local Backup Device Connection

Prerequisites:
The backup device must be

• connected directly to the appliance

• released from STM

• initialized.

The backup device is Ready and can be used to Backup Slots.

Remote Backup Service (RBS) Targets

Prerequisites:

• To connect backup devices remotely the RBS must be configured on a remote working station.
  For further information refer to Remote Backup Service (RBS).

• The backup device must be released from STM.

• The backup device must be initialized.

1. Log in to your Next Generation Hardware Appliance.

2. Open the Security page

3. In the section RBS Targets click Add RBS to open a form.

   1. Host: Enter the IPv4/v6 address or the host name of the device on which the RBS is running.

   2. Port: Enter the port of the remote backup service daemon.

   3. RBS Server Certificate: Upload the server certificate used by the RBS by dropping the file into the field or selecting the file.

4. Click Add RBS to finish the process.

5. The RBS is now listed. The Remove option is now available in the Action column.

6. Use Test RBS to test whether the remote HSM backup target is reachable.

The Remote Backup Service is prepared for operation.