Remote Backup Service (RBS)

Remote use of the HSM Backup Device is only supported on Windows or Linux computers.

Remote Backup Service (RBS) for Linux

Prerequisites:
To be able to use the RBS successfully, a workstation must first be configured.
The PED Server Software must be downloaded and installed on the remote workstation (PED Server).
The backup device(s) must be connected to the device on which the Remote Backup Service is running and should be in the same network as the HSM.

On the Workstation:

Steps 1-7 are not necessary if you have already installed the software for using the remote PED and have also selected RBS.

1. Log in to the Next Generation Hardware Appliance.

2. Open the Security page.

3. Click the Download for Linux in the PED Server Software section.
   The download starts and stores a .tar file.

4. Open a terminal, navigate to the download directory of your browser and extract the .tar file.

5. Change to the installation directory for Linux cd LunaClient_10.7.2-16_Linux/64/.

6. Install the software sudo ./install.sh.

7. Follow the instructions and make sure you select Luna Backup HSM to install the RBS.

8. Connect the relevant backup device(s) to the remote workstation.

9. After the installation, generate the key that is specific to the test system.
   sudo /usr/safenet/lunaclient/rbs/bin/rbs --genkey

10. Enter a password and Confirm.
    Make sure you save the password as it is used to start the RBS daemon.

11. To list the backup devices connected to the workstation, use the command: sudo /usr/safenet/lunaclient/bin/lunacm.
    Some information about the connected devices is displayed.

12. The following command also lists the serial numbers of all connected backup HSMs.
    sudo /usr/safenet/lunaclient/rbs/bin/rbs --config Enter 1 and then x again.

13. Make sure you add the port and serial number of the backup devices you want to support in the following file: vim /etc/Chrystoki.conf.

14. The server file for RBS should be created in the following directory:
    /usr/safenet/lunaclient/rbs/server/server.pem
    Copy the file to where it is easily accessible.

15. Start the RBS daemon.
    sudo /usr/safenet/lunaclient/rbs/bin/rbs --daemon
    The password from step 10 is requested.

On the Next Generation Hardware Appliance:

To successfully add the RBS in webconf, you need the server.pem from step 14.

Please refer to Remote Backup Service (RBS) Targets and follow up the instructions.
The Remote Backup Service is now available in webconf.

If configurations are adjusted, the daemon must be restarted for the changes to take effect.

Remote Backup Service (RBS) for Windows

Steps 1-8 are not necessary if you have already installed the software for using the remote PED and have also selected RBS.

Prerequisites:
To be able to use the RBS successfully, a workstation must first be configured.
The PED Server Software must be downloaded and installed on the remote workstation (PED Server).
The backup device(s) must be connected to the device on which the Remote Backup Service is running and should be in the same network as the HSM.

The purpose of the RBS is to perform HSM slot backups and restores remotely.

On the Workstation:

1. Log in to your Next Generation Hardware Appliance.

2. Open the Security page.

3. In the section PED Server Software click Download for Windows.

4. The download starts and stores a .zip file.

5. Navigate to the download directory of your browser and extract the .zip file.

6. Execute the LunaHSMClient.exe and select Luna Device.

7. In the window that appears, select all devices in the table.

8. Click Install and close the window.

9. Open a terminal as administrator.

10. Go to the installation directory for Windows C:/Program Files/SafeNet/LunaClient.

11. Generate the key that is specific to the test system /rbs.exe --genkey.
    Enter a password. Make sure you save the password as it is used to start the RBS daemon.

12. To list the backup devices connected to the workstation, use command /lunacm.exe.
    Some information about the connected devices is displayed.

13. To configure which backup device is to be used, use the command /rbs.exe --config.

14. Start the RBS daemon and enter the password set in step 11 /rbs.exe.

On the Next Generation Hardware Appliance:

To successfully add the RBS in webconf on the appliance side, you need the server.pem, which should be located at C:/Program Files/SafeNet/LunaClient/cert/serve.

Please refer to Remote Backup Service (RBS) Targets and follow up the instructions.
The Remote Backup Service is now available in webconf.

If configurations are adjusted, the daemon must be restarted for the changes to take effect.