Prerequisites and product information
This guide covers the following HSMs:
-
nShield Connect
-
nShield 5c
These Hardware Security Modules (HSMs) provide secure cryptographic processing within a tamper-resistant casing. Each nShield HSM is configured to communicate with one or more client computers over an Ethernet network. A client is a computer using the nShield HSM for cryptography. You can also configure clients to use other nShield HSMs on the network, as well as locally installed HSMs.
-
For further information about the HSM and HSMs in general, see nShield v13.6.5 HSM User Guide.
-
For help installing the Security World software, see nShield Security World Software v13.6.5 Installation Guide.
-
For guidance on using your HSM and the Security World software, see nShield Security World v13.6.5 Management Guide.
-
For further information about compatible operating systems and virtual environments, see Compatibility in the release notes for the version of Security World you are using.
See Model numbers for a list of network-attached HSMs and their model numbers.
Power and safety requirements
The module draws up to 220 watts:
-
Voltage: 100 VAC -240 VAC
-
Current: 2.0 A - 1.0 A
-
Frequency: 50 Hz - 60 Hz.
The module PSUs are compatible with international mains voltage supplies. |
Weights and dimensions
- Weight
-
11.5kg
- Dimensions
-
43.4mm x 430mm x 690mm
The module is compatible with 1U 19” rack systems. |
Measurements given are height x width x length/depth. If the inner slide rails are attached, the width of the unpackaged module is 448mm.
Handling the HSM
nShield HSMs contain solid-state devices that can withstand normal handling. However, do not drop the module or expose it to excessive vibration.
If you are installing the module in a 19” rack, make sure that you follow the nShield Connect or 5c Slide Rails Instructions provided with the rails. In particular, be careful of sharp edges.
Only experienced personnel should handle or install an nShield HSM. Always consult your company health and safety policy before attempting to lift and carry the module. Two competent persons are required if it is necessary to lift the module to a level above head height (for example, during installation in a rack or when placing the module on a high shelf).
Environmental requirements
To ensure good air flow through and around the module after installation, do not obstruct either the fans and vents at the rear or the vent at the front. Ensure that there is an air gap around the module, and that the rack itself is located in a position with good air flow.
Temperature and humidity recommendations
Entrust recommends that your module operates within the following environmental conditions.
Environmental conditions | Operating range (Min. | Max.) | Comments | |
---|---|---|---|
Operating temperature |
5 °C |
35 °C |
- |
Storage temperature |
-20 °C |
70 °C |
- |
Operating humidity |
10 % |
85 % |
Relative. Non-condensing at 35 °C. |
Storage humidity |
0 % |
95 % |
Relative. Non-condensing at 35 °C. |
Altitude |
-100 m |
2000 m |
Above Mean Sea Level (AMSL) |
Cooling requirements
Adequate cooling of your module is essential for trouble-free operation and a long operational life.
During operation, you can use the supplied stattree
utility to check the actual and maximum temperature of the module.
You are advised to do this directly after installing the unit in its normal working environment.
Monitor the temperature of the unit over its first few days of operation.
In the unlikely event that the internal encryption module overheats, the module shuts down (see Module Overheating). If the whole nShield HSM overheats, the orange warning LED on the front panel illuminates (see Orange warning LED) and a critical error message is shown on the display.
Physical location considerations
Entrust nShield HSMs are certified to NIST FIPS 140 Level 2 and 3. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats. Applications running in the environment shall be authenticated to ensure their legitimacy and to thwart possible proliferation of malware that could infiltrate these as they access the HSMs' cryptographic services. The deployed environment must adopt 'defense in depth' measures and carefully consider the physical location to prevent detection of electromagnetic emanations that might otherwise inadvertently disclose cryptographic material.