Release Notes

Introduction

nShield® Monitor is an Entrust nShield® HSM monitoring solution. It is delivered as a virtual appliance (OVA format) to operate in a VMware virtualization environment, and as a Hyper-V image to operate in the Microsoft Hypervisor environment.

These release notes apply to version 2.9.5 of nShield Monitor. They contain information specific to this release such as new features, defect fixes, and known issues.

The Release Notes may occasionally be updated with issues that have come to light after this release has been made available. Please check Entrust nShield Support at https://nshieldsupport.entrust.com for the most up to date version of this document and the nShield Monitor user documentation.

Access to support is available to customers under maintenance. Please contact Entrust nShield Support at nshield.support@entrust.com to request an account.

Purpose of this release

nShield Monitor version 2.9.5 addresses a number of known issues and introduces a number of enhancements over the previous 2.9.0 release, including:

  • Reset links in forgot password emails.

  • The ability to disable auto-logout for users with a group manager role.

Changes in this release

The nShield Monitor 2.9.5 release introduces a number of enhancements. These are discussed in the following sections.

On selecting Forgot your Password, and entering a username, an email containing a reset link will now be sent to the email address associated with the username. The link will prompt the user to change the password before accessing their account.

The reset link expires after 15 minutes.

Ability to disable auto-logout for users with a group manager role

Users with a Group Manager role are now able to disable auto-logout by selecting Never for their auto-logout duration. This option is only available for Auditor and Group Manager roles. If the Group Manager is also an Administrator then this option is not available.

Defect fixes

The following table lists the defects fixed with this release.

Reference Description

NM-900

Users with the Group Manager role should be able to disable auto-logout

NM-875

nShield Monitor clients show "Client Host does not belong to a security world. Associated nShields may be orphaned" after enrolling

NM-850

Generated OTPs do not adhere to updated password length

NM-811

Upgrading nShield Monitor resets "From" address to default

NM-806

Forgot password emails should employ reset links

NM-804

SNMP connection reports "unreachable" due to latent responses from some client hosts

Known issues

The following table lists the known issues with this release.

Reference Description

NM-880

Generated OTPs do not adhere to password complexity settings, for example, special characters

Upgrading from previous releases

To use nShield Monitor v2.9.5 either:

  • Load a new instance of nShield Monitor

  • Use the upgrade .cmf file to upgrade an existing nShield Monitor installation

If upgrading from any version before v2.5.5, you must first upgrade to v2.5.5 before upgrading to version v2.9.5.
Upgrading to this version of nShield Monitor will disable further upgrades using CipherTrust update files.
nShield Monitor eliminates monitoring of payShield devices and only monitors nShield HSMs. Upgrading to nShield Monitor will remove all payShield information.

Contact Entrust nShield Support for further information.

Compatibility

nShield Monitor is provided as a CMF to upgrade images in Open Virtual Appliance (OVA) format and the Microsoft Hyper-V format. The OVA / Hyper-V image includes a 64-bit Linux based OS and OVT.

For the latest information on compatibility and system requirements, see the nShield Monitor Installation and User Guide.

Hypervisor compatibility

The OVA can be installed on the following virtual platforms:

  • vSphere ESXi 6.0

  • vSphere ESXi 6.5

  • VMware Workstation 12

  • VMware Workstation 14

  • VMware Fusion 10

  • Oracle VirtualBox 6.0

The Hyper-V image can be installed on the following virtual platforms:

  • Microsoft Hyper-V

  • Microsoft Azure

Host server requirements

The host server should meet the following requirements:

  • 64-bit host OS

  • CPU: 2 core 2.0GHz multicore CPU (can be increased as needed)

  • Memory: 8GB dedicated memory for nShield Monitor (can be increased)

  • Network: Single network attached interface to bridged or physical network

  • Disc size to sufficiently accommodate a minimum OVA download size of 1.1 GB or Hyper-V image size of 3.3 GB. Size on disc:

    • 2.3 GB (OVA) / 3.3 GB (Hyper-V) (thin provisioned)

    • 326.0 GB (OVA) (thick provisioned)

nShield compatibility

nShield Monitor is compatible with the following nShield HSM models and software versions:

  • nShield Edge, Solo+, Solo XC, Connect+ and Connect XC with Security World software v12.40 and higher.