Installing the software
This chapter describes how to install the Security World Software on the host computer.
After you have installed the software, you must complete further Security World creation, configuration and setup tasks before you can use your nShield environment to protect and manage your keys. See the User Guide for your module and operating system for more about creating a Security World and the appropriate card sets, and further configuration or setup tasks.
Installing the Security World Software on Windows
For information about configuring silent installations and uninstallations on Windows, see the User Guide.
For a regular installation:
-
Sign in as an Administrator or as a user with local administrator rights.
If the Found New Hardware Wizard appears and prompts you to install drivers, cancel this notification, and continue to install the Security World Software as normal. Drivers are installed during the installation of the Security World Software. -
Place the Security World Software installation media in the optical disc drive.
-
Launch
setup.msi
manually when prompted. -
Follow the onscreen instructions.
-
Accept the license terms and select Next to continue.
-
Specify the installation directory and select Next to continue.
-
Select all the components required for installation.
By default, all components are selected. Use the drop-down menu to deselect the components that you do not want to install. nShield Hardware Support and Core Tools are necessary to install the Security World Software.
See Software packages on the Security World installation media for more about the component bundles and the additional software supplied on your installation media.
-
Select Install.
The selected components are installed in the installation directory chosen above. The installer creates links to the following nShield Cryptographic Service Provider (CSP) setup wizards as well as remote management tools under Start > Entrust or Entrust nShield Security World (depending on the version of Windows or Windows Server you are running):
-
If nShield CSPs (CAPI, CNG) was selected: 32bit CSP install wizard, which sets up CSPs for 32-bit applications
-
If nShield CSPs (CAPI, CNG) was selected: 64bit CSP install wizard, which sets up CSPs for 64-bit applications
-
If nShield CSPs (CAPI, CNG) was selected: CNG configuration wizard, which sets up the CNG providers
-
If nShield Java was selected: KeySafe, which runs the key management application
-
If nShield Remote Administration Client Tools was selected: Remote Administration Client, which runs the remote administration client
If selected, the SNMP agent will be installed, but will not be added to the Services area in Control Panel > Administrative Tools of the target Windows machine. If you wish to install the SNMP agent as a service, please consult the SNMP monitoring agent section in the User Guide for your module and operating system.
Do not run any CSP installation wizard before installing the module hardware. -
-
Select Finish to complete the installation.
The following global variables are set upon install:
-
%NFAST_CERTDIR%
-
%NFAST_HOME%
-
%NFAST_KMDATA%
-
%NFAST_LOGDIR%
-
You may additionally need to do the following after you have installed the software:
-
In Windows Device Manager > Security Accelerator, select the appropriate module.
-
Under Properties > Power Management, deselect Allow the computer to turn off this device to save power.
Installing the Security World Software on Linux
In the following instructions, disc-name is the name of the mount point of the installation media. |
-
Sign in as a user with root privileges.
-
Mount the DVD/ISO image.
-
Open a terminal window, and change to the root directory.
-
Extract the required
.tar.gz
files to install all the software bundles by running commands of the form:sudo mkdir /opt/nfast sudo tar zxf /<iso-mountpoint>/linux/amd64/<file>.tar.gz -C /opt/nfast/
In this command,
<file>
is the name of a.tar.gz
file for that component, for examplehwsp.tar.gz
.See Software packages on the Security World installation media for more about the component bundles and the additional software supplied on your installation media.
-
To use an nShield module with your Linux system, you must build a kernel driver. Entrust supplies the source to the NFP and a makefile for building the driver as a loadable module.
The kernel level driver is installed as part of the
hwsp
bundle. To build the driver with the supplied makefile, you must have the correct headers installed for the kernel that you are running. They must be headers for the same version of the kernel and must contain the kernel configuration options with which your kernel was built. You must also have appropriate versions ofgcc
,make
, and your C library’s development package.The configuration script looks for the kernel headers in the default directory
/lib/modules/'<uname -r>'/build/include/
. If your kernel headers are located in a different directory, set theKERNEL_HEADERS
environment variable so that they are in$KERNEL_HEADERS/include/
. Historically, the headers have resided in/usr/src/linux/include/
. If the headers for your kernel are not already installed, install them from your Linux distribution disc, or contact your kernel supplier.Build the driver as a loadable kernel module. When you have ensured the correct headers are in place, perform the following steps to use the makefile:
-
Change directory to the nShield PCI driver directory by running the command:
# cd /opt/nfast/driver/
-
Configure the source by running the command:
./configure
-
Make the driver by running the command:
# make
This produces a driver file that is automatically loaded as part of the normal installation process.
-
-
Run the install script by using the following command:
/opt/nfast/sbin/install
-
Sign in to your normal account.
-
Add
/opt/nfast/bin
to yourPATH
system variable:If you use the Bourne shell, add these lines to your system or personal profile:
PATH=/opt/nfast/bin:$PATH export PATH
If you use the C shell, add this line to your system or personal profile:
setenv PATH /opt/nfast/bin:$PATH