Prerequisites and product information

This guide covers the following HSMs:

  • nShield Connect

  • nShield 5c

These Hardware Security Modules (HSMs) provide secure cryptographic processing within a tamper-resistant casing. Each nShield HSM is configured to communicate with one or more client computers over an Ethernet network. A client is a computer using the nShield HSM for cryptography. You can also configure clients to use other nShield HSMs on the network, as well as locally installed HSMs.

  • For further information about the HSM, refer to the HSM User Guide section for your HSM.

  • For help installing the Security World software, refer to the Security World Software v13.6.3 Installation Guide.

  • For guidance on using your HSM and the Security World software, refer to the User Guide for your HSM.

Model numbers

Model number Used for

NH2047

nShield Connect 6000

NH2040

nShield Connect 1500

NH2033

nShield Connect 500

NH2068

nShield Connect 6000+

NH2061

nShield Connect 1500+

NH2054

nShield Connect 500+

NH2075-B

nShield Connect XC Base

NH2075-M

nShield Connect XC Medium

NH2075-H

nShield Connect XC High

NH2082

nShield Connect XC SCAP

NH2089-B

nShield Connect XC Base - Serial Console

NH2089-M

nShield Connect XC Mid - Serial Console

NH2089-H

nShield Connect XC High - Serial Console

NH3003-B

nShield Connect CLX Base - Serial Console

NH3003-M

nShield Connect CLX Mid - Serial Console

NH3003-H

nShield Connect CLX High - Serial Console

NH2096-B

nShield 5c Base

NH2096-M

nShield 5c Medium

NH2096-H

nShield 5c High

Power and safety requirements

The module draws up to 220 watts:

  • Voltage: 100 VAC -240 VAC

  • Current: 2.0 A - 1.0 A

  • Frequency: 50 Hz - 60 Hz.

The module PSUs are compatible with international mains voltage supplies.

Weights and dimensions

Weight

11.5kg

Dimensions

43.4mm x 430mm x 690mm

The module is compatible with 1U 19” rack systems.

Measurements given are height x width x length/depth. If the inner slide rails are attached, the width of the unpackaged module is 448mm.

Handling the HSM

nShield HSMs contain solid-state devices that can withstand normal handling. However, do not drop the module or expose it to excessive vibration.

If you are installing the module in a 19” rack, make sure that you follow the nShield Connect or 5c Slide Rails Instructions provided with the rails. In particular, be careful of sharp edges.

Only experienced personnel should handle or install an nShield HSM. Always consult your company health and safety policy before attempting to lift and carry the module. Two competent persons are required if it is necessary to lift the module to a level above head height (for example, during installation in a rack or when placing the module on a high shelf).

Environmental requirements

To ensure good air flow through and around the module after installation, do not obstruct either the fans and vents at the rear or the vent at the front. Ensure that there is an air gap around the module, and that the rack itself is located in a position with good air flow.

Temperature and humidity recommendations

Entrust recommends that your module operates within the following environmental conditions.

Environmental conditions Operating range (Min.  |  Max.) Comments

Operating temperature

5 °C

35 °C

-

Storage temperature

-20 °C

70 °C

-

Operating humidity

10 %

85 %

Relative. Non-condensing at 35 °C.

Storage humidity

0 %

95 %

Relative. Non-condensing at 35 °C.

Altitude

-100 m

2000 m

Above Mean Sea Level (AMSL)

Cooling requirements

Adequate cooling of your module is essential for trouble-free operation and a long operational life. During operation, you can use the supplied stattree utility to check the actual and maximum temperature of the module. You are advised to do this directly after installing the unit in its normal working environment. Monitor the temperature of the unit over its first few days of operation.

In the unlikely event that the internal encryption module overheats, the module shuts down (see Module Overheating). If the whole nShield HSM overheats, the orange warning LED on the front panel illuminates (see Orange warning LED) and a critical error message is shown on the display.

Physical location considerations

Entrust nShield HSMs are certified to NIST FIPS 140 Level 2 and 3. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats. Applications running in the environment shall be authenticated to ensure their legitimacy and to thwart possible proliferation of malware that could infiltrate these as they access the HSMs' cryptographic services. The deployed environment must adopt 'defense in depth' measures and carefully consider the physical location to prevent detection of electromagnetic emanations that might otherwise inadvertently disclose cryptographic material.