Introduction

UiPath Robots log in to Windows machines to perform automated functions using username and passwords. Integrating the UiPath Robotic Process Automation (RPA) platform with the nShield Hardware Security Module (HSM) provides strong client authentication. When HSM-integrated Robots log in to domain systems, they are using certificate-based login.

Product configurations

Entrust has successfully tested nShield HSM integration in the following configurations:

Product Version

UiPath Orchestrator (Local and Cloud)

2022.4

UiPath Studio (Robot)

2022.4

Operating system for the Robot machine

Windows Server 2022

nShield 5c

13.3.2

PowerShell

5.1 or later

.NET Framework

4.7.2 or later

IIS

8 or later

Supported nShield hardware and software versions

Entrust has successfully tested with the following nShield hardware and software versions:

Connect XC

Security World Software Firmware Image OCS Softcard Module

12.80.4

12.72.1 (FIPS 140-2 certified)

12.80.5

13.3.2

12.72.1 (FIPS 140-2 certified)

12.80.5

Entrust has successfully tested with the following nShield hardware and software versions:

nShield 5c

Security World Software Firmware Image OCS Softcard Module

13.3.2

13.2.2

13.3.2

Supported nShield HSM functionality

Feature Support

Module-Only key

No

OCS cards

No

Softcards

Yes

nSaaS

Yes

FIPS 140 Level 3

Yes 1

1 When using FIPS 140 Level 3, ECDSA credential is required for the Robot to force Windows PKINIT to use something other than SHA-1.

Requirements

An nShield Security World Software installation is required prior to using UiPath RPA. Instructions on how to set up an nShield Connect, a Remote File System (RFS) for the nShield Connect, a client computer, and installation instructions for the nShield Security World are included in the nShield Installation Guide and nShield User Guide.

To access and use cryptographic keys from within a Security World, you must:

  • Load or create a Security World on the nShield Connect.

  • Map the key management data folder (kmdata) from your container host machine into the running application containers.

Before installing these products, read the associated documentation:

  • For the nShield HSM: Installation Guide and User Guide.

  • If nShield Remote Administration is to be used: nShield Remote Administration User Guide.

  • UiPath documentation (https://docs.uipath.com/).

In addition:

  • The integration between nShield HSMs and UiPath RPA requires:

    • A correct quorum for the Administrator Card Set (ACS).

    • On the Firewall, configure 9004 for the HSM (hardserver).

  • The following design decisions have an impact on how the HSM is installed and configured:

    • Whether your Security World must comply with FIPS 140 Level 3 standards.

      If using FIPS 140 Level 3, it is advisable to create an OCS for FIPS authorization. For information about limitations on FIPS authorization, see the Installation Guide of the nShield HSM.

      Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks.
    • Whether to instantiate the Security World as recoverable or not.

More information

For more information about OS support, contact your UiPath sales representative or Entrust nShield Support, https://nshieldsupport.entrust.com.

Access to the Entrust nShield Support Portal is available to customers under maintenance. To request an account, contact nshield.support@entrust.com.