Maintenance of nShield Hardware

This chapter describes maintenance steps for your nShield hardware installation.

This guidance is not applicable to nShield Solo+ products.

After installing your nShield HSM, Entrust recommend that you use some of the provided software utilities to monitor your installation. Specifically, the stattree command allows reporting of voltages and temperatures from your module.

For more information regarding stattree, see stattree.

Voltage Monitoring for Battery Replacement (nShield Solo XC and nShield 5s)

All of the voltage rails in the nShield HSM are monitored to protect against potential over- or under-voltage attacks. You can view the most recent measurement of the voltages using the stattree command.

These modules also contain a user-replaceable battery. The battery powers security functions on the module when the main module power is removed, for example when the host is turned off, so it is expected that the battery voltage will drop over time as the battery drains. To avoid module downtime due to battery replacement we recommend that the battery voltage is monitored regularly, especially if a module has had its main power removed for considerable time.

CPUVoltage10 reported by stattree under the ModuleEnvStats node tag displays the current battery voltage:

+PerModule:
   +#1:
      +ModuleEnvStats:
         ...
         -CPUVoltage10         3.16
         ...

The battery supplied with the nShield HSM has a nominal voltage of 3.0V. In the above example the battery is fully charged and has been measured at 3.16V, which is within the acceptable range of 2.46V - 3.55V. If the battery voltage is measured to be lower than 2.46V, the module will report an SOS-B1 error. See HSM status indicators and error codes (nShield 5s) (5s) and HSM status indicators and error codes (nShield 5s) (XC) for more information regarding error reporting.

Contact Support to request information regarding a replacement battery if stattree reports the battery voltage to be below 2.70V.

See Battery replacement for instructions on replacing the battery in your module.

Temperature Monitoring for Airflow Validation

Temperatures within a module are monitored to protect against potential attacks, and to prevent overheating:

Network-attached HSMs: The temperature of the internal ambient air of an nShield HSM is reported under the HostEnvStats node tag of `stattree`as:
- CurrentTempC
- CurrentTemp2C
PCIe HSMs: The temperatures of the processors within a PCIe HSM are reported under the ModuleEnvStats node tag of stattree as:
- CurrentCPUTemp1
- CurrentCPUTemp2

As an nShield 5s has a passively-cooled heatsink, care must be taken to install it in an environment with forced airflow. See Prerequisites and product information for airflow guidance.

The table below documents the expected normal operating ranges for the temperatures of your module. Module temperatures would be expected to be within these values when installed with sufficient cooling in an approximately 20-30°C ambient air temperature environment. Calculated stattree statistics such as minima and maxima are reset on module reboot.

The temperatures in this table do not cover operation of the product across the full temperature range specified in the Warnings & Cautions documentation and the nShield v13.6.5 Hardware Install and Setup Guides prerequisites pages. This is because these values are recommendations to ensure a long product lifetime, thus are specified for 20-30°C ambient air operation.

stattree Statistic Description Minimum expected in optimum environment Maximum expected in optimum environment

`stattree` Statistic	Description	Minimum expected in optimum environment	Maximum expected in optimum environment
`CurrentCPUTemp1` (PCIe HSMs)	First processor temperature	10°C	75°C
`CurrentCPUTemp2` (PCIe HSMs)	Second processor temperature	10°C	78°C
`MaxTempC` (PCIe HSMs)	Maximum temperature measured on either processor	-	78°C
`MinTempC` (PCIe HSMs)	Minimum temperature measured on either processor	10°C	-
`CurrentTempC` (network-attached HSMs)	Internal temperature 1	10°C	45°C
`CurrentTemp2C` (network-attached HSMs)	Internal temperature 2	10°C	45°C
`MaxTempC` (network-attached HSMs)	Maximum of internal temperature 1	-	45°C
`MaxTemp2C` (network-attached HSMs)	Maximum of internal temperature 2	-	45°C

CurrentCPUTemp1 (PCIe HSMs)

First processor temperature

10°C

75°C

CurrentCPUTemp2 (PCIe HSMs)

Second processor temperature

10°C

78°C

MaxTempC (PCIe HSMs)

Maximum temperature measured on either processor

78°C

MinTempC (PCIe HSMs)

Minimum temperature measured on either processor

10°C

CurrentTempC (network-attached HSMs)

Internal temperature 1

10°C

45°C

CurrentTemp2C (network-attached HSMs)

Internal temperature 2

10°C

45°C

MaxTempC (network-attached HSMs)

Maximum of internal temperature 1

45°C

MaxTemp2C (network-attached HSMs)

Maximum of internal temperature 2

45°C

If any of the above temperatures are reporting higher than their specified maximum it is likely your nShield hardware does not have sufficient cooling.