Introduction
This document describes how to integrate Microsoft SQL Server with the nShield Database Security Option Pack (nDSOP V2.1) using an Entrust nShield hardware security module (HSM) as a Root of Trust.
Product configurations
Entrust tested the integration with the following versions:
| Product | Version |
|---|---|
Base OS |
Windows Server Datacenter 2019 and 2022 |
SQL Server |
Microsoft SQL Server Standard or Enterprise - 2016, 2019, and 2022 |
Microsoft SQL Server Management Studio |
v19.1 |
Supported nShield hardware and software versions
Entrust tested the integration with the following nShield HSM hardware and software versions, and SQLEKM provider:
| Product | Security World | Firmware | Netimage |
|---|---|---|---|
Connect XC |
12.60.11 |
12.60.10 |
|
Connect XC |
12.80.4 |
12.80.4 |
|
Connect XC |
12.80.4 |
12.80.5 |
|
nShield 5c |
13.3.2 |
13.2.2 |
13.3.2 |
Supported nShield SQLEKM provider:
| Product | Version |
|---|---|
nDSOP |
hotfix-Z166345-TAC1058 |
Supported nShield functionality
| Functionality | Support |
|---|---|
FIPS 140 Level 3 |
Yes |
Key Management |
Yes |
Key Generation |
Yes |
Key Recovery |
Yes |
1 of N Card Set |
Yes |
Softcards |
Yes |
Module Only Key |
No |
Fail Over |
Yes |
Load Balancing |
Yes |
nSaaS |
Yes |
Requirements
Be familiar with:
-
The Microsoft SQL Server features and documentation.
-
The Microsoft SQL Server Management Studio features and documentation.
-
The T-SQL language. The minimum requirement for T-SQL is a basic understanding of SQL tasks such as creating a database or tables.
-
Database security concepts and practices.
-
The documentation for the HSM.
| Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks. |