Prerequisites and product information
This guide covers the following HSMs:
-
nShield Edge
This is a portable Hardware Security Module (HSM) for use in root Certification Authorities (CAs) and Registration Authorities (RAs), code signing, and remote HSM operations. The nShield Edge combines a full-featured HSM with a smart card reader, which you can use to securely store and access your organization’s highvalue occasional-use keys, such as certificate signing keys.
The nShield Edge has been designed and tested for deployments where one HSM is used with one computer or Windows Virtual Machine (VM). Multiple-unit deployments, where multiple nShield Edge HSMs are connected to the same computer or VM, are not supported.
Entrust does not recommend using the nShield Edge alongside other Entrust nShield HSMs on the same computer or VM.
-
For further information about the HSM and HSMs in general, see nShield v13.6.5 HSM User Guide.
-
For help installing the Security World software, see nShield Security World Software v13.6.5 Installation Guide.
-
For guidance on using your HSM and the Security World software, see nShield Security World v13.6.5 Management Guide.
-
For further information about compatible operating systems and virtual environments, see Compatibility in the release notes for the version of Security World you are using.
See Model numbers for a list of portable (USB) HSMs and their model numbers.
Safety and security
| Do not connect the HSM to a computer that does not have the Security World software installed on it. |
| There are no user-serviceable parts inside the nShield Edge. Any attempt to dismantle the nShield Edge results in any remaining warranty cover, the maintenance and support agreement, or both being rendered void. |
To help maintain security:
-
Always inspect the USB cable and the nShield Edge before use, specifically the Entrust logo hologram in the tamper window shown below. (The nShield Edge Developer Edition does not have a hologram and tamper window.) If there are any signs of tampering, do not use the cable and the nShield Edge.
-
Where possible, use the lock slot of the nShield Edge to secure it to a desk with a compatible lock (not supplied).
-
Never store or carry smart cards with the nShield Edge.
-
Protect your passphrase in line with your organization’s security policy.
FIPS
There are a number of nShield Edge variants, some certified to different FIPS 140 levels. The FIPS rating is indicated on the label on the nShield Edge.
Dimensions and operating conditions
| Dimensions (with stand closed) | 120 (w) x 118 (h) x 27 (d) mm |
|---|---|
Weight |
340g |
Powered by USB host device |
5V, 700mW |
Operating temperature |
5 - 45 °C |
Storage temperature |
-40 - 70 °C |
Operating and storage relative humidity |
10 - 85% non-condensing |
Physical location considerations
Entrust nShield HSMs are certified to NIST FIPS 140 Level 2 and 3. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats. Applications running in the environment shall be authenticated to ensure their legitimacy and to thwart possible proliferation of malware that could infiltrate these as they access the HSMs' cryptographic services. The deployed environment must adopt 'defense in depth' measures and carefully consider the physical location to prevent detection of electromagnetic emanations that might otherwise inadvertently disclose cryptographic material.