nShield Connect v12.80 Install Guide

Introduction

The Entrust nShield Connect is a Hardware Security Module (HSM) that provides secure cryptographic processing within a tamper-resistant casing. Each nShield Connect is configured to communicate with one or more client computers over an Ethernet network. A client is a computer using the nShield Connect for cryptography. You can also configure clients to use other nShield Connects on the network, as well as locally installed HSMs.

About this guide

This guide includes:

See the nShield Connect User Guide for more about, for example:

  • Creating and managing a Security World

  • Creating and using keys

  • Card sets

  • The advanced features of an nShield Connect.

For information on integrating Entrust nShield products with third-party enterprise applications, see https://www.entrust.com/digital-security/hsm.

Model numbers

Model numbering conventions are used to distinguish different nShield hardware security devices.

Model number Used for

NH2047

Connect 6000

NH2040

Connect 1500

NH2033

Connect 500

NH2068

Connect 6000+

NH2061

Connect 1500+

NH2054

Connect 500+

NH2075-B

Connect XC Base

NH2075-M

Connect XC Medium

NH2075-H

Connect XC High

NH2082

Connect XC SCAP

NH2089-B

Connect XC Base - Serial Console

NH2089-M

Connect XC Mid - Serial Console

NH2089-H

Connect XC High - Serial Console

NH3003-B

Connect CLX Base - Serial Console

NH3003-M

Connect CLX Mid - Serial Console

NH3003-H

Connect CLX High - Serial Console

nC3nnnE-nnn, nC4nnnE-nnn

nShield Solo PCIe

Power and safety requirements

The module draws up to 220 watts:

  • Voltage: 100 VAC -240 VAC

  • Current: 2.0 A - 1.0 A

  • Frequency: 50 Hz - 60 Hz.

The module PSUs are compatible with international mains voltage supplies.

Additional documentation

You can find additional documentation in the documentation directory of the installation media for your product. For information about enabling additional features (such as client licenses), see the User Guide. Entrust strongly recommends that you read the release notes before you use the module. These notes contain the latest information about your product and are available online through Entrust nShield support https://nshieldsupport.entrust.com.

Read this guide in conjunction with the nShield product’s Warnings and Cautions documentation (available in multiple languages).

Terminology

The nShield Connect is referred to as the nShield Connect, the Hardware Security Module, or the HSM.

Handling an nShield Connect

An nShield Connect contains solid-state devices that can withstand normal handling. However, do not drop the module or expose it to excessive vibration.

If you are installing the module in a 19” rack, make sure that you follow the nShield Connect Slide Rails Instructions provided with the rails. In particular, be careful of sharp edges.

Only experienced personnel should handle or install an nShield Connect. Always consult your company health and safety policy before attempting to lift and carry the module. Two competent persons are required if it is necessary to lift the module to a level above head height (for example, during installation in a rack or when placing the module on a high shelf).

Weight and Dimensions

Weight:  11.5kg

Dimensions: 43.4mm x 430mm x 690mm

The module is compatible with 1U 19” rack systems.

Measurements given are height x width x length/depth. If the inner slide rails are attached, the width of the unpackaged module is 448mm.

Environmental requirements

To ensure good air flow through and around the module after installation, do not obstruct either the fans and vents at the rear or the vent at the front. Ensure that there is an air gap around the module, and that the rack itself is located in a position with good air flow.

Temperature and humidity recommendations

Entrust recommends that your module operates within the following environmental conditions.

Environmental conditions Operating range (Min.  |  Max.) Comments

Operating temperature

5 °C

35 °C

-

Storage temperature

-20 °C

70 °C

-

Operating humidity

10 %

85 %

Relative. Non-condensing at 35 °C.

Storage humidity

0 %

95 %

Relative. Non-condensing at 35 °C.

Altitude

-100 m

2000 m

Above Mean Sea Level (AMSL)

Cooling requirements

Adequate cooling of your module is essential for trouble-free operation and a long operational life. During operation, you can use the supplied stattree utility to check the actual and maximum temperature of the module. You are advised to do this directly after installing the unit in its normal working environment. Monitor the temperature of the unit over its first few days of operation.

In the unlikely event that the internal encryption module overheats, the module shuts down (see Module Overheating). If the whole nShield Connect overheats, the orange warning LED on the front panel illuminates (see Orange warning LED) and a critical error message is shown on the display.

Physical location considerations

Entrust nShield HSMs are certified to NIST FIPS 140-2 Level 2 and 3. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats. Applications running in the environment shall be authenticated to ensure their legitimacy and to thwart possible proliferation of malware that could infiltrate these as they access the HSMs’ cryptographic services. The deployed environment must adopt 'defense in depth' measures and carefully consider the physical location to prevent detection of electromagnetic emanations that might otherwise inadvertently disclose cryptographic material.