Prerequisites and product information

This guide covers the following HSMs:

  • nShield Solo

  • nShield Solo XC

  • nShield 5s

These Hardware Security Modules (HSMs) are for use in servers and appliances.

See Model numbers for a list of PCIe HSMs and their model numbers.

Power and safety requirements

Module Maximum power

nShield Solo

9.9W

nShield Solo XC

24W

nShield 5s

25W

Make sure that the power supply in your computer is rated to supply the required electric power.

The HSMs are intended for installation into a certified personal computer, server, or similar equipment.

If your computer can supply the required electric power and sufficient cooling, you can install multiple modules in your computer.

Handling the HSM

nShield HSMs contain solid-state devices that can withstand normal handling. However, do not drop the module or expose it to excessive vibration.

Before installing hardware, you must disconnect your computer from the power supply. Ensure that a grounded (earthed) contact remains. Perform the installation with care, and follow all safety instructions in this guide and from your computer manufacturer.
Static discharge can damage modules. Do not touch the module connector pins, or the exposed area of the module.

Leave the module in its anti-static bag until you are ready to install it. Always wear an anti-static wrist strap that is connected to a grounded metal object. You must also ensure that the computer frame is grounded while you are installing or removing an internal module.

Environmental requirements

The nShield HSMs operate within the following environmental conditions.

Temperature and humidity specifications

nShield 5s

nShield 5s environmental conditions

Operating range

Comments

Min.

Max.

Operating temperature*

5°C (41°F)

55°C (131°F)

Subject to sufficient airflow

Storage temperature

-5°C (-23°F)

60°C (140°F)

-

Transportation temperature

-40°C (-40°F)

70°C (158°F)

-

Operating humidity

5%

85%

Relative. Non-condensing at 30°C (86°F)

Storage humidity

5%

93%

Relative. Non-condensing at 30°C (86°F)

Transportation humidity

5%

93%

Relative. Non-condensing at 30°C (86°F)

Altitude

-100m (-328ft)

2000m (6561ft)

Above Mean Sea Level

*Air temperature at PCIe card inlet surface. For more information, see [cooling].

nShield Solo

nShield Solo environmental conditions

Operating range

Comments

Min.

Max.

Operating temperature*

10°C (50°F)

35°C (95°F)

Subject to sufficient airflow

Storage temperature

-20°C (-4°F)

70°C (158°F)

-

Operating humidity

10%

90%

Relative. Non-condensing at 35°C (95°F)

Storage humidity

0

85%

Relative. Non-condensing at 35°C (95°F)

*Air temperature at PCIe card inlet surface. For more information, see [cooling].

nShield Solo XC

nShield Solo XC environmental conditions

Operating range

Comments

Min.

Max.

Operating temperature

5°C (41°F)

55°C (131°F)

Subject to sufficient airflow

Storage temperature

-5°C (-23°F)

60°C (140°F)

-

Transportation temperature

-40°C (-40°F)

70°C (158°F)

-

Operating humidity

5%

85%

Relative. Non-condensing at 30°C (86°F)

Storage humidity

5%

93%

Relative. Non-condensing at 30°C (86°F)

Transportation humidity

5%

93%

Relative. Non-condensing at 30°C (86°F)

Altitude

-100m (-328ft)

2000m (6561ft)

Above Mean Sea Level

The module is designed to operate in moderate climates only. Never operate the module in dusty, damp, or excessively hot conditions. Never install, store, or operate the module at locations where it may be subject to dripping or splashing liquids.

Cooling requirements

An air velocity of 1.9 m/s (373 LFM) is recommended for a module in operation.

During installation, ensure there is adequate airflow around the module. Airflow from fans must be directed to the inlet surface of the module such that air is flowing through and across the length of the module. To maximize airflow, use a PCIe slot with no neighboring modules if possible. If airflow is limited, consider fitting extra cooling fans.

The nShield Solo (non-XC variant) and 5s HSMs are passively cooled PCIe cards that require the host to provide sufficient airflow for cooling. Passive cards should not be powered without cooling airflow in place.
Ensure the module has adequate cooling. Failure to do so can result in damage to the module or computer.

To check the actual and maximum temperature of the module during operation, see Maintenance of nShield Hardware. It is advised to do this directly after installing the module in its normal working environment. Monitor the temperature of the module over its first few days of operation.

Cooling recommendations for a desktop installation

For a desktop installation running in operating environmental conditions, dedicated airflow is required across the module. If the system cannot provide the necessary airflow, Entrust recommends you add a sufficiently powerful dedicated fan to directly cool the module. For details regarding the cooling requirements see [cooling].

Cooling recommendations for a server installation

The desktop cooling recommendations further apply to a server installation. In addition, power and airflow control software is sometimes available in a server installation. If this is the case, Entrust recommends you:

  • Configure the target air velocity in the software to ensure it does not fall below the airflow recommendations of the module. For details regarding the cooling requirements, see [cooling].

  • Ensure that the PCIe slot has been configured to fulfil the module power requirements.

Physical location considerations

Entrust nShield HSMs are certified to NIST FIPS 140 Level 2 and 3. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats. Applications running in the environment shall be authenticated to ensure their legitimacy and to thwart possible proliferation of malware that could infiltrate these as they access the HSMs' cryptographic services. The deployed environment must adopt 'defense in depth' measures and carefully consider the physical location to prevent detection of electromagnetic emanations that might otherwise inadvertently disclose cryptographic material.