Remote Services - Entrust nShield Security Manual
Hide thumbs
Also See for nShield:
- Installation manual (73 pages) ,
- Hardware and setup manual (26 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
situation, before you begin to create a Security World.
4.9.2. Application interfaces
A Security World can protect keys for any applications correctly integrated with the
Security World software. A wide range of application interfaces are supported. The
application interfaces have many configuration settings. These should be reviewed to
identify that only the required settings are activated and that all others are set to off.
4.9.3. Nonvolatile memory (NVRAM) options
Key Management
Application keys can be stored in the module's NVRAM instead of in the
Data
directory of the host computer. However, the space in NVRAM is limited and does
Key Management Data
not provide greater security than storing keys in the
directory of the
Key
host. Therefore, it is recommended that encrypted key blobs are stored in the
Management Data
directory where space is limited only by the capacity of the host
computer.
4.10. Remote services
4.10.1. Remote Administration Service (RAS)
To use Remote Administration with nShield Connects, the RAS must be installed on a
client, which may also be the RFS. The client must allow privileged connections.
To use Remote Administration with nShield Solo(s), the RAS must be installed on the
host where the hardserver and nShield Solo(s) reside. If you have multiple nShield Solo
hosts in a Security World, the RAS must be installed on each one.
The remote access solution that your organization normally uses, such as Secure Shell
(SSH) or a remote desktop application, is also required.
A secure private communications channel, such as Virtual Private Network (VPN), must
always be used for the connection between the Remote Administration Client (RAC) and
the RAS if they are on separate computers.
You must use nShield Remote Administration Cards with Remote Administration. These
are smart cards that are capable of negotiating cryptographically secure connections
with an HSM, using warrants as the root of trust.
Dynamic slot timeouts are available to define timeout values for expected smartcard
responsiveness for all HSMs associated with the relevant host or client, when using the
Remote Administration. Expected network delays need to be taken into account when
setting this. The timeouts provide control over the period of time a smart card will
nShield® Security Manual
26 of 90
Advertisement
Table of Contents
Need help?
Do you have a question about the nShield and is the answer not in the manual?
Questions and answers