nDSOP v2.1.0 User Guide

Introduction

This guide applies to the nShield Database Security Option Pack, which provides data-at-rest encryption for sensitive information held by Microsoft SQL Server.

The product works in combination with Entrust nShield Hardware Security Modules (nShield HSMs), nShield Security World Software, and Enterprise Editions of Microsoft® SQL Server®, to provide a high quality SQL Extensible Key Management (SQLEKM) provider. It is designed to be integrated into a Microsoft SQL Server database infrastructure with minimal disruption.

The nShield SQLEKM provider supports Transparent Data Encryption (TDE) and Cell-Level Encryption (CLE), and the concurrent use of both TDE and CLE.

Product configurations

For details of supported and tested versions, see the Release Notes available at https://nshieldsupport.entrust.com/hc/en-us/sections/360001115837-Release-Notes.

Supported nShield functionality

You can access the following functionality when you integrate an nShield HSM with Microsoft SQL Server:

Functionality Support

Key Generation

Yes

1 of N Card Set

Yes

K of N Card Set

No

Softcards

Yes

Module Only Key

No

Key Management

Yes

Key Recovery

Yes

Key Import

Partial (see note 1)

Load Balancing

Yes

Fail Over

Yes

FIPS 140-2 Level 3 Security Worlds

Yes

Common Criteria (CC) CMTS Security Worlds

Yes

1 Please see Importing keys.

Contacting Support

To obtain support for your product, visit https://nshieldsupport.entrust.com.