(1) (Hierarchical Storage Management) The automatic movement of files from hard disk to slower, less-expensive storage media. The typical hierarchy is from magnetic disk to optical disc to tape, or from magnetic disk to tape. HSM software constantly monitors hard disk capacity and moves data from one storage level to the next based on age, category and other criteria as specified by the network or system administrator. HSM often includes a system for routine backup as well.|
When a file is moved off the hard disk, it is replaced with a small stub file that indicates where the backup file is located. See tape backup, active archiving and demigration.
A data migration path in an HSM system might be from high-speed hard disk to slower speed optical disc to offline tape. In time, optical discs will almost surely replace magnetic media, but there will still be a need to take data off premises for protection against fire and accidents.
(2) (Hardware Security Module) A device used to generate cryptographic key pairs, keep the private key secure and generate digital signatures. It is widely used to secure the root key in a PKI system. Using the PKCS#11 programming interface, applications send a digest of the document to the HSM, which encrypts it with the private key, creating the digital signature. HSMs can be very sophisticated in order to keep intruders from gaining access to the private key. See digital certificate and digital signature.
SafeNet's Luna CA3 uses a pin entry device (PED), EEPROM-based data keys and a PC Card reader that attaches to the server via an LVDS cable and PCI adapter. Containing a processor, firewall, flash memory and RAM, the PC Card is built with extra epoxy and secured with triple DES encryption. The card will destroy its contents if compromised.
The PED combines and transfers information from the data keys to the PC card. The blue key is inserted into the PED by the security officer who sets up administrative rights, configures the HSM and determines how many people must use green keys. All parties must insert their green keys to activate the system. The black keys are used by administrators to generate and delete key pairs, and the red keys are used for grouping HSMs in domains. (Image courtesy of SafeNet, Inc., www.safenet-inc.com)