nShield Edge Windows compatibility issues and considerations

This guide covers the following HSMs:

  • nShield Edge

nShield Edge very slow in VMware virtual machine

In Windows installations, the nShield Edge can be very slow when used with a virtual machine under VMware (Workstation or Player). This can leading to the COM port timing out and errors in the Event log.

The problem does not happen in all installations and is not consistent on specific hardware platforms.

The work-around for the problem involves using the USB Serial driver on the Host rather than on the Guest, and mapping a serial port on the Guest to it (details below).

To apply the work-around to use the USB to serial driver on the Host rather than on the Guest, do the following:

  1. With the Guest running, use the VMware Workstation/Player menu to disconnect the nShield Edge from the Guest and reconnect it to the Host. Now shut down the Guest.

  2. Verify that the USB Serial Port now shows under Ports (COM & LPT) in Device Manager on the Host. On recent versions of Windows, the driver will be installed automatically or can be found via Window Update. If you are unable to find the drivers, you may need to install the Security World Software on the Host. If you do so, make sure to stop and disable the nFast Server and nFast Edge services on the Host, so they do not prevent the Guest from using of the unit. Make a note of the COM port number of the port.

  3. Edit the settings of the Virtual machine in Workstation/Player. Disable the setting to automatically connect to new USB devices to make sure the Guest will not connect to the nShield Edge directly again. Add a serial port to the VM, specifying to use a physical serial port, on the host, and selecting the USB serial port from the previous step. Save the settings.

  4. Start the Guest. Open the config file in a text editor. It is a plain text file named config (no extension), located in %NFAST_KMDATA%\config. In the section [server_startup] add a line: serial_dtpp_devices=COM2, specifying the COM port number of the new serial port in the VM. Make sure this is the only line with serial_dtpp_devices in the section. Save the file, and restart the nFast Server service to make the new configuration active.

You can now use the nShield Edge in the Guest without excessive time out errors.