Support and Maintenance

If Entrust becomes aware of a security issue affecting nShield HSMs, Entrust will publish a security advisory to customers. The security advisory will describe the issue and provide recommended actions. In some circumstances the advisory may recommend you upgrade the nShield firmware and or image file. In this situation you will need to re-present a quorum of administrator smart cards to the HSM to reload a Security World. As such, deployment and maintenance of your HSMs should consider the procedures and actions required to upgrade devices in the field.

Entrust recommends that you monitor the Announcements & Security Notices section on Entrust nShield, https://nshieldsupport.entrust.com, where any announcement of nShield Security Advisories will be made.

To maintain protection against threats that occur in the system environment operating systems and applications should be updated in accordance with a patching policy as described in Patching Policy.

The nShield Connect contains only two user-replaceable parts:

Replacing a PSU or fan tray module does not affect FIPS 140 validations for the nShield Connect, or result in a tamper event. However, in the very rare event that a PSU or fan tray module requires replacement, contact Support before carrying out the replacement procedure.

For more information about replacing either a PSU or the fan tray module, see the Installation Sheet that accompanies the replacement part or Physical security of the HSM.

If the product has to be moved for maintenance then all movement should occur in accordance with the HSM and Card Reader Location. Similarly, if the nShield Connect is stored before or after maintenance, then, it should be stored in accordance with the guidance outlined in Environment.

The fan and battery can be replaced should either malfunction or the battery has reached the end of its useful life. Replacing the battery and/or fan whilst the card is powered down will not cause a tamper of any sort. See Physical Security for guidance on tamper events. The replacement procedure is described in Battery replacement and Replace the fan (Solo XC).

If the product has to be moved for maintenance then all movement should occur in accordance with the HSM and Card Reader Location. Similarly, if the Solo XC is stored before or after maintenance, then, it should be stored in accordance with the guidance outlined in Environment.

Firmware upgrades of the module are only allowed when the module is in maintenance mode. Refer to the nShield HSM and Security World product documentation for more information on setting the module into maintenance mode.

In the event of problems with the nShield HSM, refer to the following pages:

If the problem cannot be resolved contact support.