Platform services (nShield 5 HSMs)
The nShield HSM firmware provides multiple services which manage different parts of the system. Each service has its own SSH keys that allow communication with the service, see separation of services.
This allows you to partition the users of the system into different groups and restrict certain user groups to the use of certain services by restricting who has access to the relevant keys.
There are two major groups of services:
-
Platform services
-
End-user services
Platform services are used to perform the tasks associated with the installation, commissioning, and maintenance of the HSM firmware and hardware.
In a multi-tenant system this would be the responsibility of the Service Provider.
There will only ever be one instance of each platform service running at any one time.
End-user services are used to provide cryptographic services to the end-user. If your firmware supports multi-tenancy then there could be multiple instances of end-user services running concurrently.
In a multi-tenant system the end-user would be the tenant. The tenant will also have access to other services that are needed to manage their tenancy.
End-user services
ncoreapi service
The ncoreapi service provides cryptographic services to the end user.
This can either be via custom applications created by the end user accessing services using the ncoreapi
service, as described in nCore API Documentation and Cryptographic API, or by using the utilities
provided on the installation media.
Platform services
setup service
This service provides functions to view information about the HSM, to configure the HSM and to return the HSM to factory settings.
sshadmin service
This service provides functions to manage the SSH keys used by the platform services. If your system has
not been configured for multi-tenancy the sshadmin service also manages the keys for the ncoreapi service.
Administration of platform services
The administration of platform services is described in Administration of platform services (nShield 5 HSMs)
Service interlock
An interlock mechanism prevents most platform services from being accessed whilst the ncoreapi service is in operational mode:
-
Non-invasive services that only access information, such as log retrieval or a firmware version check, can be used while
ncoreapiis running. -
Invasive services that would change the platform’s state, such as log clearing or firmware updates, cannot be used while
ncoreapiis running.
To access invasive platform services the ncoreapi service must be put into maintenance mode using nopclearfail -M -m <MODULEID> -w.
For example:
>nopclearfail -M -m 1 Module 1, command ClearUnitEx: OK
In a multi-tenant system a similar interlock mechanism exists preventing some platform operations whilst
an ncoreapi service is running in a VCM.
If you receive such an error message you should ask the tenant to put the VCM
into maintenance mode using nopclearfail -M -m <MODULEID> -w.
Separation of services
Each service has its own communication channel with the host PC that is protected by use of SSH encryption. The procedure for installing the necessary SSH keys for platform services is described in Set up communication between host and module (nShield 5s HSMs). If your system has not been configured for multi-tenancy this procedure will also install the SSH keys for the end-user services.
In a multi-tenant system the procedure for installing the necessary SSH keys for end-user services is described in hsmadmin vcm enroll.