Entrust nShield Edge Installation Manual
  1. Manuals
  2. Brands
  3. Entrust Manuals
  4. Control Unit
  5. nShield Edge
  6. Installation manual

Entrust nShield Edge Installation Manual

Hide thumbs Also See for nShield Edge:
Table of Contents

Advertisement

Quick Links

Download this manual
nShield® Edge
Installation Guide
12.80
17 Nov 2021

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the nShield Edge and is the answer not in the manual?

Questions and answers

Related Manuals for Entrust nShield Edge

Summary of Contents for Entrust nShield Edge

  • Page 1 nShield® Edge Installation Guide 12.80 17 Nov 2021...

  • Page 2: Table Of Contents

    8.2. The Mode LED is amber or red   8.3. The Status LED is flashing irregularly and the nShield Edge is unresponsive for more than a few minutes ..........
  • Page 3 A.1. Uninstalling the Security World Software on Windows ..... . .   ......A.2.

  • Page 4: Introduction

    1. Introduction The Entrust nShield Edge is a portable Hardware Security Module (HSM) for use in root Certification Authorities (CAs) and Registration Authorities (RAs), code signing, and remote HSM operations. The nShield Edge combines a full-featured HSM with a smart card reader, which you can use to securely store and access your organization’s...
  • Page 5 1.2.1. Terminology The nShield Edge is referred to as the nShield Edge, the hardware security module, or the HSM. nShield® Edge Installation Guide 5 of 29...

  • Page 6: Safety And Security

    Developer Edition does not have a hologram and tamper window.) If there are any signs of tampering, do not use the cable and the nShield Edge. • Where possible, use the lock slot of the nShield Edge to secure it to a desk with a compatible lock (not supplied).

  • Page 7: Regulatory Notices

    3. Regulatory notices 3.1. FCC class A notice The nShield Solo and nShield Solo XC HSMs comply with Part 15 of the FCC rules. Operation is subject to the following two conditions: 1. The device may not cause harmful interference, and 2. The device must accept any interference received, including interference that may cause undesired operation.

  • Page 8: Before You Install The Software

    4. Before you install the software Do not connect the nShield Edge to your computer before installing the Security World Software. Uninstall any older versions of Security World Software. See Uninstalling existing software. 4.1. Preparatory tasks before installing software Perform any of the necessary preparatory tasks described in this section before installing the Security World Software.
  • Page 9 You must have Java installed to use KeySafe. 4.1.3.2. Identify software components to be installed Entrust supply standard component bundles that contain many of the necessary components for your installation and, in addition, individual components for use with supported applications. To be sure that all component dependencies are satisfied, you can install either: •...

  • Page 10: Firewall Settings

    Remote Operator If you are using an nShield Edge as a Remote Operator slot for an HSM located elsewhere, you need to open port 9004. You may restrict the IP addresses to those you expect to use this port.

  • Page 11: Installing The Software

    This chapter describes how to install the Security World Software on the computer to which your nShield Edge will be connected. After you have installed the software and connected an nShield Edge to your computer, you must complete further Security World creation, configuration and setup tasks before you can use your nShield environment to protect and manage your keys.

  • Page 12: Installing The Security World Software On Linux

    ◦ If the nShield Java package was selected: KeySafe, which runs the key management application ◦ If nShield Remote Administration Client Tools was selected: Remote Administration Client, which runs the remote administration client If selected, the SNMP agent will be installed, but will not be added to the Services area in Control Panel →...
  • Page 13 ◦ If you use the C shell, add this line to your system or personal profile: setenv PATH /opt/nfast/bin:$PATH nShield® Edge Installation Guide 13 of 29...

  • Page 14: Setting Up The Nshield Edge

    6.2.1. Windows Connect the nShield Edge to your computer, using the supplied USB cable. If your operating system detects the nShield Edge automatically, allow it to finish. A message appears, reporting that Windows is stopping and restarting the hardserver. This takes approximately 30 seconds. Do not click Close.

  • Page 15: Enabling Optional Features

    2020-01-09 10:34:09 INFO: The hardserver has finished restarting When the hardserver has restarted, you are ready to use the nShield Edge with the Security World Software. See the nShield Edge and nShield Solo User Guide for more about creating a Security World and using the Security World Software.

  • Page 16: Checking The Installation

    Do not disconnect the nShield Edge or remove the smart card when data is being written to the inserted smart card. 6.5. Checking the installation To check that the software and nShield Edge have been installed correctly: 1. Log in as a user and open a command window.

  • Page 17: Using The Nshield Edge

    7. Using the nShield Edge The nShield Edge controls, card slot, and LEDs Key: Mode button Selects a mode—the mode changes only when you press the Clear button. Mode LEDs Shows the current mode or selected mode. B type USB port For connecting the nShield Edge to the computer.

  • Page 18: Changing The Mode

    In Operational mode Green flashing Operational mode selected You generally use the nShield Edge in Operational (O) mode, but you must put it into Initialization (I) mode when creating the Security World. 7.2. Changing the mode To change the mode: 1.

  • Page 19: Troubleshooting

    8.2. The Mode LED is amber or red The nShield Edge is not in the Operational (O) mode. Press the Mode button to select the Operational mode, and then press and hold the Clear button for a couple of seconds.

  • Page 20: Nshield Edge Windows Compatibility Issues And Considerations

    USB devices to make sure the Guest will not connect to the nShield Edge directly again. Add a serial port to the VM, specifying to use a physical serial port, on the host, and selecting the USB serial port from the previous step.

  • Page 21: Dimensions And Operating Conditions

    10 – 85% non-condensing 10.1. Physical location considerations Entrust nShield HSMs are certified to NIST FIPS 140-2 Level 2 and 3. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats.

  • Page 22: Appendix A: Uninstalling Existing Software

    Appendix A: Uninstalling existing software Entrust recommends that you uninstall any existing older versions of Security World Software before you install new software. If the installer detects an existing Security World Software installation, it asks you if you want to install the new components. These components replace your existing installation.

  • Page 23: Uninstalling The Security World Software On Windows

    Entrust recommends that you do not uninstall the Security World  Software unless you are either certain it is no longer required, or you intend to upgrade it. A.1. Uninstalling the Security World Software on Windows %NFAST_HOME% Before uninstalling the Security World software, you should back up your directory.
  • Page 24 5. If you are not planning to re-install the product, delete the configuration file /etc/nfast.conf if it exists. Do not delete the configuration file if you are planning to re-install  the product 6. Unless needed for a subsequent installation, remove the user nfast and, if it exists, the user ncsnmpd:...

  • Page 25: Appendix B: Software Packages

    Installing the software. Entrust supply the hardserver and associated software as bundles of common components that provide much of the required software for your installation. In addition to the component bundles, provide individual components for use with specific applications and features supported by certain nShield modules.

  • Page 26: Components Required For Particular Functionality

    Some functionality requires particular component bundles or individual components to be installed. Support for nShield Edge is shipped by default as part of the nShield Hardware Support component. Ensure that you have installed the Hardware Support (mandatory) and Core Tools (mandatory) components.

  • Page 27: Ncipherkm Jca/Jce Cryptographic Service Provider

    We have produced Integration Guides for many supported applications. The Integration Guides describe how to install and configure an application so that it works with with Entrust hardware security modules and Security Worlds. For more information about the Entrust range of Integration Guides: •...
  • Page 28 During the first installation process of the SNMP agent, the agent displays the following message: If this is a first time install, the {product_family} SNMP Agent will not run by default. Please see the manual for further instructions. See the User Guide for your module and operating system for more about how to activate the SNMP agent after installation.
  • Page 29 nShield® Edge Installation Guide 29 of 29...

Table of Contents