nDSOP v2.1.0 User Guide
Introduction
This guide applies to the nShield Database Security Option Pack, which provides data-at-rest encryption for sensitive information held by Microsoft SQL Server.
The product works in combination with Entrust nShield Hardware Security Modules (nShield HSMs), nShield Security World Software, and Enterprise Editions of Microsoft® SQL Server®, to provide a high quality SQL Extensible Key Management (SQLEKM) provider. It is designed to be integrated into a Microsoft SQL Server database infrastructure with minimal disruption.
The nShield SQLEKM provider supports Transparent Data Encryption (TDE) and Cell-Level Encryption (CLE), and the concurrent use of both TDE and CLE.
Product configurations
For details of supported and tested versions, see the Release Notes available at https://nshieldsupport.entrust.com/hc/en-us/sections/360001115837-Release-Notes.
Supported nShield functionality
You can access the following functionality when you integrate an nShield HSM with Microsoft SQL Server:
Functionality | Support |
---|---|
Key Generation |
Yes |
1 of N Card Set |
Yes |
K of N Card Set |
No |
Softcards |
Yes |
Module Only Key |
No |
Key Management |
Yes |
Key Recovery |
Yes |
Key Import |
Partial (see note 1) |
Load Balancing |
Yes |
Fail Over |
Yes |
FIPS 140-2 Level 3 Security Worlds |
Yes |
Common Criteria (CC) CMTS Security Worlds |
Yes |
1 Please see Importing keys.
Contacting Support
To obtain support for your product, visit https://nshieldsupport.entrust.com.