Installing the software

This chapter describes how to install the Security World Software on the computer, client, or RFS associated with your nShield HSM.

After you have installed the software, you must complete further Security World creation, configuration and setup tasks before you can use your nShield environment to protect and manage your keys. See the User Guide for more about creating a Security World and the appropriate card sets, and further configuration or setup tasks.

If you are planning to use an nToken with a client, this should be physically installed in the client before installing the Security World software, see nToken Installation Guide.

Installing the Security World Software on Windows

For information about configuring silent installations and uninstallations on Windows, see the User Guide.

For a regular installation:

  1. Log in as Administrator or as a user with local administrator rights.

  2. Place the Security World Software installation media in the optical disc drive. Launch setup.msi manually when prompted.

  3. Follow the onscreen instructions. Accept the license terms. Select Next to continue.

  4. Specify the installation directory. Select Next to continue.

  5. Select all the components required for installation, and then select Install. All components will be selected by default. Unselect via dropdown menu for individual component that you do not wish to install. nShield Hardware Support and Core Tools are necessary to install the Security World Software. See Software packages on the Security World installation media for more about the component bundles and the additional software supplied on your installation media.

    The selected components are installed in the installation directory chosen above. The installer creates links to the following nShield Cryptographic Service Provider (CSP) setup wizards as well as remote management tools under Start > All Programs > nCipher:

    • If nShield CSPs (CAPI, CNG) was selected: 32bit CSP install wizard, which sets up CSPs for 32-bit applications

    • If nShield CSPs (CAPI, CNG) was selected: 64bit CSP install wizard, which sets up CSPs for 64-bit applications

    • If nShield CSPs (CAPI, CNG) was selected: CNG configuration wizard, which sets up the CNG providers

    • If nShield Java was selected: KeySafe, which runs the key management application

    • If nShield Remote Administration Client Tools was selected: Remote Administration Client, which runs the remote administration client

    If selected, the SNMP agent will be installed, but will not be added to the Services area in Control Panel > Administrative Tools of the target Windows machine. If you wish to install the SNMP agent as a service, please consult the SNMP monitoring agent section in the User Guide.

  6. Select Finish to complete the installation.

  7. The following global variables are set upon install:

    • %NFAST_CERTDIR%

    • %NFAST_HOME%

    • %NFAST_KMDATA%

    • %NFAST_LOGDIR%

You may additionally need to do the following after you have installed the software:

  • In the Windows Device Manager > Security Accelerator, select the appropriate module.

  • Under Properties > Power Management, deselect Allow the computer to turn off this device to save power.

Installing the Security World Software on Linux

  1. Log in as a user with root privileges.

  2. Place the installation media in the optical disc drive, and mount the drive.

  3. Open a terminal window, and change to the root directory.

  4. Extract the required .tar files to install all the software bundles by running commands of the form:

    tar xf disc-name/linux/ver/<file>.tar.gz

    In this command, ver is the architecture of the operating system (for example, i386 or amd64), and file.tar is the name of a .tar.gz file for that component.

  5. To use an nShield module with your Linux system, you must build a kernel driver. Entrust supplies the source to the (nfp) and a makefile for building the driver as a loadable module.

    The kernel level driver is installed as part of the hwsp bundle. To build the driver with the supplied makefile, you must have the correct headers installed for the kernel that you are running. They must be headers for the same version of the kernel and must contain the kernel configuration options with which your kernel was built. You must also have appropriate versions of gcc, make, and your C library’s development package.

    The configuration script looks for the kernel headers in the default directory /lib/modules/'<uname -r>'/build/include#. If your kernel headers are located in a different directory, set the KERNEL_HEADERS environment variable so that they are in $KERNEL_HEADERS/include/. Historically, the headers have resided in /usr/src/linux/include/. If the headers for your kernel are not already installed, install them from your Linux distribution disc, or contact your kernel supplier.

    Build the driver as a loadable kernel module. When you have ensured the correct headers are in place, perform the following steps to use the makefile:

    1. Change directory to the nShield PCI driver directory by running the command:

      # cd /opt/nfast/driver/
    2. Configure the source by running the command:

      # ./configure
    3. Make the driver by running the command

      # make

      This produces a driver file that is automatically loaded as part of the normal installation process.

  6. Run the install script by using the following command:

    /opt/nfast/sbin/install
  7. Log in to your normal account.

  8. Add /opt/nfast/bin to your PATH system variable:

    If you use the Bourne shell, add these lines to your system or personal profile:

    PATH=/opt/nfast/bin:$PATH
    export PATH

    If you use the C shell, add this line to your system or personal profile:

    setenv PATH /opt/nfast/bin:$PATH