Prerequisites and product information
This guide covers the following HSMs:
-
nShield Solo
-
nShield Solo XC
-
nShield 5s
These Hardware Security Modules (HSMs) are for use in servers and appliances.
-
For further information about the HSM and HSMs in general, see nShield v13.6.5 HSM User Guide.
-
For help installing the Security World software, see nShield Security World Software v13.6.5 Installation Guide.
-
For guidance on using your HSM and the Security World software, see nShield Security World v13.6.5 Management Guide.
-
For further information about compatible operating systems and virtual environments, see Compatibility in the release notes for the version of Security World you are using.
See Model numbers for a list of PCIe HSMs and their model numbers.
Power and safety requirements
| Module | Maximum power |
|---|---|
nShield Solo |
9.9W |
nShield Solo XC |
24W |
nShield 5s |
25W |
| Make sure that the power supply in your computer is rated to supply the required electric power. |
The HSMs are intended for installation into a certified personal computer, server, or similar equipment.
If your computer can supply the required electric power and sufficient cooling, you can install multiple modules in your computer.
Handling the HSM
nShield HSMs contain solid-state devices that can withstand normal handling. However, do not drop the module or expose it to excessive vibration.
| Before installing hardware, you must disconnect your computer from the power supply. Ensure that a grounded (earthed) contact remains. Perform the installation with care, and follow all safety instructions in this guide and from your computer manufacturer. |
| Static discharge can damage modules. Do not touch the module connector pins, or the exposed area of the module. |
Leave the module in its anti-static bag until you are ready to install it. Always wear an anti-static wrist strap that is connected to a grounded metal object. You must also ensure that the computer frame is grounded while you are installing or removing an internal module.
Environmental requirements
The nShield HSMs operate within the following environmental conditions.
Temperature and humidity specifications
- nShield 5s
-
nShield 5s environmental conditions
Operating range
Comments
Min.
Max.
Operating temperature*
5°C (41°F)
55°C (131°F)
Subject to sufficient airflow
Storage temperature
-5°C (-23°F)
60°C (140°F)
-
Transportation temperature
-40°C (-40°F)
70°C (158°F)
-
Operating humidity
5%
85%
Relative. Non-condensing at 30°C (86°F)
Storage humidity
5%
93%
Relative. Non-condensing at 30°C (86°F)
Transportation humidity
5%
93%
Relative. Non-condensing at 30°C (86°F)
Altitude
-100m (-328ft)
2000m (6561ft)
Above Mean Sea Level
*Air temperature at PCIe card inlet surface. For more information, see [cooling].
- nShield Solo
-
nShield Solo environmental conditions
Operating range
Comments
Min.
Max.
Operating temperature*
10°C (50°F)
35°C (95°F)
Subject to sufficient airflow
Storage temperature
-20°C (-4°F)
70°C (158°F)
-
Operating humidity
10%
90%
Relative. Non-condensing at 35°C (95°F)
Storage humidity
0
85%
Relative. Non-condensing at 35°C (95°F)
*Air temperature at PCIe card inlet surface. For more information, see [cooling].
- nShield Solo XC
-
nShield Solo XC environmental conditions
Operating range
Comments
Min.
Max.
Operating temperature
5°C (41°F)
55°C (131°F)
Subject to sufficient airflow
Storage temperature
-5°C (-23°F)
60°C (140°F)
-
Transportation temperature
-40°C (-40°F)
70°C (158°F)
-
Operating humidity
5%
85%
Relative. Non-condensing at 30°C (86°F)
Storage humidity
5%
93%
Relative. Non-condensing at 30°C (86°F)
Transportation humidity
5%
93%
Relative. Non-condensing at 30°C (86°F)
Altitude
-100m (-328ft)
2000m (6561ft)
Above Mean Sea Level
| The module is designed to operate in moderate climates only. Never operate the module in dusty, damp, or excessively hot conditions. Never install, store, or operate the module at locations where it may be subject to dripping or splashing liquids. |
Cooling requirements
| An air velocity of 1.9 m/s (373 LFM) is recommended for a module in operation. |
During installation, ensure there is adequate airflow around the module. Airflow from fans must be directed to the inlet surface of the module such that air is flowing through and across the length of the module. To maximize airflow, use a PCIe slot with no neighboring modules if possible. If airflow is limited, consider fitting extra cooling fans.
| The nShield Solo (non-XC variant) and 5s HSMs are passively cooled PCIe cards that require the host to provide sufficient airflow for cooling. Passive cards should not be powered without cooling airflow in place. |
| Ensure the module has adequate cooling. Failure to do so can result in damage to the module or computer. |
To check the actual and maximum temperature of the module during operation, see Maintenance of nShield Hardware. It is advised to do this directly after installing the module in its normal working environment. Monitor the temperature of the module over its first few days of operation.
Cooling recommendations for a desktop installation
For a desktop installation running in operating environmental conditions, dedicated airflow is required across the module. If the system cannot provide the necessary airflow, Entrust recommends you add a sufficiently powerful dedicated fan to directly cool the module. For details regarding the cooling requirements see [cooling].
Cooling recommendations for a server installation
The desktop cooling recommendations further apply to a server installation. In addition, power and airflow control software is sometimes available in a server installation. If this is the case, Entrust recommends you:
-
Configure the target air velocity in the software to ensure it does not fall below the airflow recommendations of the module. For details regarding the cooling requirements, see [cooling].
-
Ensure that the PCIe slot has been configured to fulfil the module power requirements.
Physical location considerations
Entrust nShield HSMs are certified to NIST FIPS 140 Level 2 and 3. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats. Applications running in the environment shall be authenticated to ensure their legitimacy and to thwart possible proliferation of malware that could infiltrate these as they access the HSMs' cryptographic services. The deployed environment must adopt 'defense in depth' measures and carefully consider the physical location to prevent detection of electromagnetic emanations that might otherwise inadvertently disclose cryptographic material.