Introduction
This document describes how to integrate Microsoft SQL Server with the nShield Database Security Option Pack (nDSOP) using an Entrust nShield hardware security module (HSM) as a Root of Trust. Entrust nShield HSMs (referred to as HSM in this guide) provide FIPS certified solutions to generate and secure the keys used to encrypt and decrypt the database.
Product configurations
Entrust tested the integration with the following versions:
| Product | Version |
|---|---|
Base OS |
Windows Server Datacenter 2025 |
SQL Server |
Microsoft SQL Server Enterprise 2022 |
Microsoft SQL Server Management Studio (SSMS) |
v20.2.1 |
Supported nShield hardware and software versions
Entrust has successfully tested with the following nShield hardware and software versions:
| HSM | Security World Software | Firmware | Netimage |
|---|---|---|---|
Connect XC |
13.6.8 |
13.6.7 |
|
nShield 5c |
13.6.8 |
13.6.7 |
Security World Software v13.6.8 is the first release supporting Window Server 2025.
Supported nShield functionality
| Functionality | Support |
|---|---|
FIPS 140 Level 3 |
Yes |
Key Management |
Yes |
Key Generation |
Yes |
Key Recovery |
Yes |
1 of N Card Set |
Yes |
Softcards |
Yes |
Module Only Key |
No |
Fail Over |
Yes |
Load Balancing |
Yes |
nSaaS |
Yes |
Requirements
-
Access to the Entrust TrustedCare Portal.
Be familiar with:
-
The Microsoft SQL Server features and documentation.
-
The Microsoft SQL Server Management Studio features and documentation.
-
The T-SQL language. The minimum requirement for T-SQL is a basic understanding of SQL tasks such as creating a database or tables.
-
Database security concepts and practices.