Introduction
UiPath Robots log in to Windows machines to perform automated functions using username and passwords. Integrating the UiPath Robotic Process Automation (RPA) platform with the nShield Hardware Security Module (HSM) provides strong client authentication. When HSM-integrated Robots log in to domain systems, they are using certificate-based login.
Product configurations
Entrust has successfully tested nShield HSM integration in the following configurations:
Product | Version |
---|---|
UiPath Orchestrator (Local and Cloud) |
2022.4 |
UiPath Studio (Robot) |
2022.4 |
Operating system for the Robot machine |
Windows Server 2022 |
nShield 5c |
13.3.2 |
PowerShell |
5.1 or later |
.NET Framework |
4.7.2 or later |
IIS |
8 or later |
Supported nShield hardware and software versions
Supported nShield HSM functionality
Feature | Support |
---|---|
Module-Only key |
No |
OCS cards |
No |
Softcards |
Yes |
nSaaS |
Yes |
FIPS 140 Level 3 |
Yes 1 |
1 When using FIPS 140 Level 3, ECDSA credential is required for the Robot to force Windows PKINIT to use something other than SHA-1.
Requirements
An nShield Security World Software installation is required prior to using UiPath RPA. Instructions on how to set up an nShield Connect, a Remote File System (RFS) for the nShield Connect, a client computer, and installation instructions for the nShield Security World are included in the nShield Installation Guide and nShield User Guide.
To access and use cryptographic keys from within a Security World, you must:
-
Load or create a Security World on the nShield Connect.
-
Map the key management data folder (
kmdata
) from your container host machine into the running application containers.
Before installing these products, read the associated documentation:
-
For the nShield HSM: Installation Guide and User Guide.
-
If nShield Remote Administration is to be used: nShield Remote Administration User Guide.
-
UiPath documentation (https://docs.uipath.com/).
In addition:
-
The integration between nShield HSMs and UiPath RPA requires:
-
A correct quorum for the Administrator Card Set (ACS).
-
On the Firewall, configure 9004 for the HSM (hardserver).
-
-
The following design decisions have an impact on how the HSM is installed and configured:
-
Whether your Security World must comply with FIPS 140 Level 3 standards.
If using FIPS 140 Level 3, it is advisable to create an OCS for FIPS authorization. For information about limitations on FIPS authorization, see the Installation Guide of the nShield HSM.
Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks. -
Whether to instantiate the Security World as recoverable or not.
-
More information
For more information about OS support, contact your UiPath sales representative or Entrust nShield Support, https://nshieldsupport.entrust.com.
Access to the Entrust nShield Support Portal is available to customers under maintenance. To request an account, contact nshield.support@entrust.com. |