nDSOP v2.1.0 User Guide

Introduction

This guide applies to the nShield Database Security Option Pack, which provides data-at-rest encryption for sensitive information held by Microsoft SQL Server.

The product works in combination with Entrust nShield Hardware Security Modules (nShield HSMs), nShield Security World Software, and Enterprise Editions of Microsoft® SQL Server®, to provide a high quality SQL Extensible Key Management (SQLEKM) provider. It is designed to be integrated into a Microsoft SQL Server database infrastructure with minimal disruption.

The nShield SQLEKM provider supports Transparent Data Encryption (TDE) and Cell-Level Encryption (CLE), and the concurrent use of both TDE and CLE.

Product configurations

For details of supported and tested versions, see the Release Notes available at https://nshieldsupport.entrust.com/hc/en-us/sections/360001115837-Release-Notes.

Supported nShield functionality

You can access the following functionality when you integrate an nShield HSM with Microsoft SQL Server:

Functionality	Support
Key Generation	Yes
1 of N Card Set	Yes
K of N Card Set	No
Softcards	Yes
Module Only Key	No
Key Management	Yes
Key Recovery	Yes
Key Import	Partial (see note 1)
Load Balancing	Yes
Fail Over	Yes
FIPS 140-2 Level 3 Security Worlds	Yes
Common Criteria (CC) CMTS Security Worlds	Yes

Functionality

Support

Key Generation

Yes

1 of N Card Set

Yes

K of N Card Set

Softcards

Yes

Module Only Key

Key Management

Yes

Key Recovery

Yes

Key Import

Partial (see note 1)

Load Balancing

Yes

Fail Over

Yes

FIPS 140-2 Level 3 Security Worlds

Yes

Common Criteria (CC) CMTS Security Worlds

Yes

¹ Please see Importing keys.

Contacting Support

To obtain support for your product, visit https://nshieldsupport.entrust.com.