Software installation

See the appropriate Installation Guide for your nShield module for more about installing the Security World software.

After you have installed the software, you must complete further Security World creation, configuration and setup tasks before you can use your nShield environment to protect and manage your keys.

After software installation

The Installation Guide provides brief explanations of how to perform all the post-installation tasks listed in this section. If this is the first time you are installing a unit and the Security World Software, or you are unfamiliar with the process, we recommend following the steps outlined in the Installation Guide.

After you have successfully installed the Security World Software, as described in the Installation Guide), complete the following steps to finish preparing your HSM for use:

  1. Ensure that your public firewall is set up correctly. See the Installation Guide for your HSM for more information about firewall settings.

  2. Perform the necessary basic HSM-client configuration tasks, as described in Basic HSM and remote file system (RFS) configuration.

  3. Create and configure a Security World, as described in Creating a Security World.

  4. Create an OCS, as described in Creating Operator Card Sets (OCSs).

  5. Complete additional necessary HSM-client configuration tasks:

    1. To configure the unit so that it works with the client machine, see Configuring the nShield HSM to use the client.

    2. To configure client computers so that they work with the unit, see Configuring client computers to use the nShield HSM.

      For this release, you must generate a new client configuration file to take advantage of new functionality. To generate a new client configuration file, back up your existing configuration file and run the command cfg-mkdefault. This generates a template for the configuration file into which you can copy the settings from your old configuration file.
    3. To enable the TCP sockets for Java applications (including KeySafe), run the command:

      config-serverstartup -sp

      For more information, see Client configuration utilities.

When all additional HSM configuration tasks are completed, you can:

  1. Stop and then restart the hardserver, as described in Stopping and restarting the hardserver.

  2. Test the installation and configuration. See the Installation Guide for your HSM for more information.