After you have created the administrator smart cards, it is a good idea to create a set of Backup Operator Group smart cards so that a known state of the Atalla HSM can be quickly restored.
Security Administrators use their smart cards and the SCA-3 to create a Backup Operator Group. The group contains a number of Backup Operator smart cards (2 to 20 cards) in the group. Each Backup Operator smart card receives a share of a secret key. Backup Operator Group configuration data consists of the security association, Master File Key (MFK), Pending Master File Key (PMFK) and the HSM security policy. Once the group is created, a file which is encrypted under the secret key containing the current HSM security policy is written to the encrypted hard drive on the HSM.
When it comes time to initialize a replacement HSM, the USB drive that has the file of the encrypted security policy is installed in the replacement HSM. When the HSM is powered on, the required number of Backup Operator smart card users use the SCA-3 to initialize the HSM.
For complete information on Backup Operator smart cards, refer to Chapter 6 of the Atalla Secure Configuration Assistant-3 User Guide.
On the first power-on, wait 10 minutes for the software update sequence to complete before attempting to establish communications with the Atalla HSM. After the initial successful software update, when the Atalla HSM is powered on, it will complete the system startup sequence in approximately 6-10 minutes.