Every time new key material is generated or the administrators change on the HSM, the HSM must be backed up. From SAKA's point of view, the only time new key material is generated on the HSM is after a new SAKA domain is created.
These backups come in the form of encrypted database files created from the MBK. It is recommended that the backups are kept on USB flash drives as well as on the SAKA file system. Because the files are encrypted and they will be protected under the root user, there shouldn't be too much of a security concern. The files can be maintained solely on USB backups if ferred, but from an operations perspective it is easier to have them where they are needed.
Copyright (c) 2001-2024 StrongAuth, Inc. (dba StrongKey) All Rights Reserved