We strongly recommend making a backup copy of all production objects residing on your production devices, particularly once the CMK has been generated on the YubiHSM 2. If there is a hardware failure of the production device, having a backup ensures that you can resume operations quickly. The backup process will result in two identical YubiHSM 2 devices with the same number of objects, keys, labels, etc.
Note
|
Making specific recommendations for governance of your critical key material is out of scope for this guide. Make sure to design these security procedures to meet the requirements of your organization - and then document them carefully, not least in order to be prepared for audits. |
Back up and restore the YubiHSM 2 according to the instructions in "Back Up and Restore Key Material" in the YubiHSM 2 Windows Deployment GuideāConfigure YubiHSM 2 Key Storage Provider for Microsoft Windows Server.