nShield Connect v12.81 Install Guide
Introduction
The Entrust nShield Connect is a Hardware Security Module (HSM) that provides secure cryptographic processing within a tamper-resistant casing. Each nShield Connect is configured to communicate with one or more client computers over an Ethernet network. A client is a computer using the nShield Connect for cryptography. You can also configure clients to use other nShield Connects on the network, as well as locally installed HSMs.
About this guide
This guide includes:
-
Installing the Security World Software. See Installing the software.
-
Physically installing an nShield Connect. See Installing an nShield Connect.
-
Configuring an nShield Connect and client. See Basic nShield Connect, RFS and client configuration.
-
The nShield Connect front panel controls. See Front panel controls.
-
The top-level menu of an nShield Connect. See Top-level menu.
-
Troubleshooting information. See Troubleshooting.
-
nShield Connect maintenance. See nShield Connect maintenance.
-
Accessories. See Approved accessories.
-
Instructions to uninstall existing software. See Uninstalling existing software.
-
Software components and bundles. See Software packages on the Security World software installation media.
See the nShield Connect User Guide for more about, for example:
-
Creating and managing a Security World
-
Creating and using keys
-
Card sets
-
The advanced features of an nShield Connect.
For information on integrating Entrust nShield products with third-party enterprise applications, see https://www.entrust.com/digital-security/hsm.
Model numbers
Model numbering conventions are used to distinguish different nShield hardware security devices.
Model number | Used for |
---|---|
NH2047 |
Connect 6000 |
NH2040 |
Connect 1500 |
NH2033 |
Connect 500 |
NH2068 |
Connect 6000+ |
NH2061 |
Connect 1500+ |
NH2054 |
Connect 500+ |
NH2075-B |
Connect XC Base |
NH2075-M |
Connect XC Medium |
NH2075-H |
Connect XC High |
NH2082 |
Connect XC SCAP |
NH2089-B |
Connect XC Base - Serial Console |
NH2089-M |
Connect XC Mid - Serial Console |
NH2089-H |
Connect XC High - Serial Console |
NH3003-B |
Connect CLX Base - Serial Console |
NH3003-M |
Connect CLX Mid - Serial Console |
NH3003-H |
Connect CLX High - Serial Console |
nC3nnnE-nnn, nC4nnnE-nnn |
nShield Solo PCIe |
Power and safety requirements
The module draws up to 220 watts:
-
Voltage: 100 VAC -240 VAC
-
Current: 2.0 A - 1.0 A
-
Frequency: 50 Hz - 60 Hz.
The module PSUs are compatible with international mains voltage supplies. |
Additional documentation
You can find additional documentation in the documentation
directory of the installation media for your product.
For information about enabling additional features (such as client licenses), see the User Guide.
Entrust strongly recommends that you read the release notes before you use the module.
These notes contain the latest information about your product and are available online through Entrust nShield support https://nshieldsupport.entrust.com.
Read this guide in conjunction with the nShield product’s Warnings and Cautions documentation (available in multiple languages).
Terminology
The nShield Connect is referred to as the nShield Connect, the Hardware Security Module, or the HSM.
Handling an nShield Connect
An nShield Connect contains solid-state devices that can withstand normal handling. However, do not drop the module or expose it to excessive vibration.
If you are installing the module in a 19” rack, make sure that you follow the nShield Connect Slide Rails Instructions provided with the rails. In particular, be careful of sharp edges.
Only experienced personnel should handle or install an nShield Connect. Always consult your company health and safety policy before attempting to lift and carry the module. Two competent persons are required if it is necessary to lift the module to a level above head height (for example, during installation in a rack or when placing the module on a high shelf).
Weight and Dimensions
Weight: 11.5kg
Dimensions: 43.4mm x 430mm x 690mm
The module is compatible with 1U 19” rack systems. |
Measurements given are height x width x length/depth. If the inner slide rails are attached, the width of the unpackaged module is 448mm.
Environmental requirements
To ensure good air flow through and around the module after installation, do not obstruct either the fans and vents at the rear or the vent at the front. Ensure that there is an air gap around the module, and that the rack itself is located in a position with good air flow.
Temperature and humidity recommendations
Entrust recommends that your module operates within the following environmental conditions.
Environmental conditions | Operating range (Min. | Max.) | Comments | |
---|---|---|---|
Operating temperature |
5 °C |
35 °C |
- |
Storage temperature |
-20 °C |
70 °C |
- |
Operating humidity |
10 % |
85 % |
Relative. Non-condensing at 35 °C. |
Storage humidity |
0 % |
95 % |
Relative. Non-condensing at 35 °C. |
Altitude |
-100 m |
2000 m |
Above Mean Sea Level (AMSL) |
Cooling requirements
Adequate cooling of your module is essential for trouble-free operation and a long operational life.
During operation, you can use the supplied stattree
utility to check the actual and maximum temperature of the module.
You are advised to do this directly after installing the unit in its normal working environment.
Monitor the temperature of the unit over its first few days of operation.
In the unlikely event that the internal encryption module overheats, the module shuts down (see Module Overheating). If the whole nShield Connect overheats, the orange warning LED on the front panel illuminates (see Orange warning LED) and a critical error message is shown on the display.
Physical location considerations
Entrust nShield HSMs are certified to NIST FIPS 140-2 Level 2 and 3. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats. Applications running in the environment shall be authenticated to ensure their legitimacy and to thwart possible proliferation of malware that could infiltrate these as they access the HSMs’ cryptographic services. The deployed environment must adopt 'defense in depth' measures and carefully consider the physical location to prevent detection of electromagnetic emanations that might otherwise inadvertently disclose cryptographic material.