Entrust nShield Solo Install Manual
  1. Manuals
  2. Brands
  3. Entrust Manuals
  4. Network Hardware
  5. nShield Solo
  6. Install manual

Entrust nShield Solo Install Manual

Hide thumbs Also See for nShield Solo:
Table of Contents

Advertisement

Quick Links

Download this manual
nShield Security World
nShield Solo and Solo
XC v13.4 Install Guide
12 December 2023

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the nShield Solo and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Entrust nShield Solo

Summary of Contents for Entrust nShield Solo

  • Page 1 Security World nShield Solo and Solo XC v13.4 Install Guide 12 December 2023...

  • Page 2: Table Of Contents

    Table of Contents 1. Introduction .............  ...
  • Page 3 10.2. Uninstalling the Security World Software on Linux ....  11. Software packages on the Security World installation media.... ...

  • Page 4: Introduction

    Chapter 1. Introduction 1. Introduction The Entrust nShield Solo and Solo XC are Hardware Security Modules (HSM) for servers and appliances. 1.1. About this guide This guide includes: • Installing the nShield Solo and nShield Solo XC. See Installing the module.
  • Page 5 Chapter 1. Introduction The nShield Solo and nShield Solo XC are referred to as the nShield Solo and nShield Solo XC, the Hardware Security Module, or the HSM in this guide. nShield Solo and Solo XC v13.4 Install Guide 2/49...

  • Page 6: Hardware Security Modules

     supply the required electric power. The PCIe cards, nShield Solo and nShield Solo XC, are intended for installation into a certified personal computer, server, or similar equipment. If your computer can supply the required electric power and sufficient cooling, you can install multiple modules in your computer.
  • Page 7 Chapter 2. Hardware security modules The nShield Solo module operates within the following environmental conditions. nShield Solo environmental Operating range Comments conditions Min. Max. Operating temperature* 10°C (50°F) 35°C (95°F) Subject to sufficient airflow Storage temperature -20°C (-4°F) 70°C (158°F) Operating humidity Relative.

  • Page 8: Cooling Requirements

    To maximize airflow, use a PCIe slot with no neighboring modules if possible. If airflow is limited, consider fitting extra cooling fans. The nShield Solo module is a passively cooled PCIe card that  requires the host to provide sufficient airflow for cooling. Passive cards should not be powered without cooling airflow in place.

  • Page 9: Physical Location Considerations

    2.5. Physical location considerations For the certification of Entrust nShield HSM, refer to the Security Manual. In addition to the intrinsic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats.

  • Page 10: Regulatory Notices

    Chapter 3. Regulatory notices 3. Regulatory notices 3.1. FCC class A notice The nShield Solo and nShield Solo XC HSMs comply with Part 15 of the FCC rules. Operation is subject to the following two conditions: 1. The device may not cause harmful interference, and 2.
  • Page 11 Chapter 3. Regulatory notices For recycling and disposal guidance, see the nShield product’s Warnings and Cautions documentation. nShield Solo and Solo XC v13.4 Install Guide 8/49...

  • Page 12: Before Installing The Module

    Remote mode override jumper switch, in the Off position. When set to On, remote mode switching is disabled. See the User Guide for your module and operating system for more information. A mini-DIN connector for connecting a smart card reader. nShield Solo and Solo XC v13.4 Install Guide 9/49...

  • Page 13: Module Pre-Installation Steps

    (C) is set to Operational (O). The default factory setting of the jumper DIP switch E is Off. This enables remote MOI switching. Factory shipping nShield Solo HSMs loaded with firmware 2.61.2 or greater will support remote MOI switching by default. Customers who expressly do not want to enable the remote MOI switching capability must switch jump switch E to the On position.

  • Page 14: User Replaceable Items

    If the module has been removed so that a part can be replaced, follow these procedures before installing the module. If no parts need replacing, proceed to Installing the module. 4.4.1. Replace the fan - Solo XC only nShield Solo and Solo XC v13.4 Install Guide 11/49...
  • Page 15 9. Install the power cable connector into the Solo XC P3 power connector. 10. Install the power cable grommet into the slot in the EMI fence, with the flat side towards the top of the fence. nShield Solo and Solo XC v13.4 Install Guide 12/49...
  • Page 16 3. Using the tweezers, gently remove the battery from the BT1 connector. 4. Observing the polarity, install the replacement battery in the BT1 connector. 5. Re-install the module into the PCIe slot. nShield Solo and Solo XC v13.4 Install Guide 13/49...

  • Page 17: Installing The Module

    2. Open the computer case and locate an empty PCIe slot. If necessary, follow the instructions that your computer manufacturer supplied. You must only install your nShield Solo or nShield Solo XC module into a PCIe slot. See the instructions that your ...
  • Page 18 Although methods of installation vary from platform to platform, the Security World Software should automatically detect the module on your computer and install the drivers. You do not have to restart the system. nShield Solo and Solo XC v13.4 Install Guide 15/49...

  • Page 19: Before You Install The Software

    6.1.1.3. Add %NFAST_HOME%\bin\ to the PATH environment variable %NFAST_HOME%\bin\ C:\Program Files\nCipher\nfast. The default location for Program Files, nShield commands could fail if Because of the space in NFAST_HOME\bin\ is not in PATH. nShield Solo and Solo XC v13.4 Install Guide 16/49...
  • Page 20 The following versions of Java have been tested to work with, and are supported by, your nShield Security World Software: • Java7 (or Java 1.7x) • Java8 (or Java 1.8x) • Java11. Entrust recommends that you ensure Java is installed before you install the nShield Solo and Solo XC v13.4 Install Guide 17/49...
  • Page 21 Chapter 6. Before you install the software Security World Software. The Java executable must be on your system path. If you can do so, please use the latest Java version currently supported by Entrust that is compatible with your requirements. Java versions before those shown are no longer supported.

  • Page 22: Firewall Settings

    The following table identifies the ports used by the nShield system components. All listed ports are the default setting. Other ports may be defined during system configuration, according to the requirements of your organization. nShield Solo and Solo XC v13.4 Install Guide 19/49...
  • Page 23 See the User Guide for your module and operating system for more about configuration files. Similarly, if you are setting up the Remote Administration Service you need to open port 9005. nShield Solo and Solo XC v13.4 Install Guide 20/49...

  • Page 24: Installing The Software

    Core Tools are necessary to install the Security World Software. Software packages on the Security World installation media for more about the component bundles and the additional software supplied on your installation media. nShield Solo and Solo XC v13.4 Install Guide 21/49...
  • Page 25 The installer creates links to the following nShield Cryptographic Service Provider (CSP) setup wizards as well as remote management tools under Start > Entrust or Entrust nShield Security World (depending on the version of Windows or Windows Server you are running): ◦...

  • Page 26: Installing The Security World Software On Linux

    5. To use an nShield module with your Linux system, you must build a kernel driver. Entrust supplies the source to the NFP and a makefile for building the driver as a loadable module. hwsp The kernel level driver is installed as part of the bundle.
  • Page 27 If you use the Bourne shell, add these lines to your system or personal profile: PATH=/opt/nfast/bin:$PATH export PATH If you use the C shell, add this line to your system or personal profile: setenv PATH /opt/nfast/bin:$PATH nShield Solo and Solo XC v13.4 Install Guide 24/49...

  • Page 28: Checking The Installation

    ############-#### mode operational version #.#.# speed index rec. queue ##..## module type code product name #######/#######/####### rec. LongJobs queue SEE machine type Power PCSXF nShield Solo and Solo XC v13.4 Install Guide 25/49...
  • Page 29  Otherwise, if your system enters Sleep mode, the HSM may not be found when running enquiry. If this happens, you need to reboot your system. 8.1.2. nFast server (hardserver) nShield Solo and Solo XC v13.4 Install Guide 26/49...

  • Page 30: Mode Switch And Jumper Switches

    HSM. You can set the physical mode override jumper switch on the circuit board of the nShield Solo to the On position, to prevent accidental operation of the mode switch. If this override jumper switch is on, the nShield Solo and nShield XC Solo XC will ignore the position of the mode switch...
  • Page 31 These messages indicate a failure of either the module or the server: nFast server: Serious internal error, trying to continue: message If you receive a serious internal error, contact Support. nShield Solo and Solo XC v13.4 Install Guide 28/49...

  • Page 32: Badtokendata Error (Solo Only)

    The Solo XC module is equipped with a battery with a ten year life for maintaining RTC operation when the module is powered down. The RTC will not require resetting after the module has been shut down for extended periods. The battery is not rechargeable. nShield Solo and Solo XC v13.4 Install Guide 29/49...

  • Page 33: Status Indicators

    There is no power supply to the module. Check that the module is correctly inserted in its PCIe slot, then restart the computer. Status: Operational mode occasionally The nShield Solo module is accepting commands. The more frequently the Status blinks off. LED blinks off, the greater the load on the module. Flashes two...

  • Page 34: Uninstalling Existing Software

    Chapter 10. Uninstalling existing software 10. Uninstalling existing software Entrust recommends that you uninstall any existing older versions of Security World Software before you install new software. In Windows environments, if the installer detects an existing Security World Software installation, it asks you if you want to install the new components.

  • Page 35: Uninstalling The Security World Software On Windows

    Chapter 10. Uninstalling existing software Entrust recommends that you do not uninstall the Security  World Software unless you are either certain it is no longer required, or you intend to upgrade it. 10.1. Uninstalling the Security World Software on...
  • Page 36 For example: user using sudo userdel ncsnmp sudo userdel nfast sudo groupdel ncsnmp sudo groupdel nfast If required, you can safely remove the module after shutting down all connected hardware. nShield Solo and Solo XC v13.4 Install Guide 33/49...

  • Page 37: Software Packages On The Security World Installation Media

    Installing the software. Entrust supply the hardserver and associated software as bundles of common components that provide much of the required software for your installation. In addition to the component bundles, provide individual components for use with specific applications and features supported by certain Entrust modules.

  • Page 38: Components Required For Particular Functionality

    If you are developing in Java, install the Java Developer and Java Support (including KeySafe) bundles; after installation, ensure that you have added the .jar files to your CLASSPATH. hwsp You must install the component if you are using an nShield PCI card. nShield Solo and Solo XC v13.4 Install Guide 35/49...

  • Page 39: Ncipherkm Jca/Jce Cryptographic Service Provider

    See the User Guide for your module and operating system for more about configuring the nCipherKMJCA/JCE cryptographic service provider. 11.4. SNMP monitoring agent nShield Solo and Solo XC v13.4 Install Guide 36/49...
  • Page 40 If this is a first time install, the nShield SNMP Agent will not run by default. Please see the manual for further instructions. See the User Guide for your module and operating system for more about how to activate the SNMP agent after installation. nShield Solo and Solo XC v13.4 Install Guide 37/49...

  • Page 41: Virtualization Remote Server

    Each virtual machine is an isolated, virtualized computer system that can run its own operating system. The nShield Solo XC is compatible with the leading server virtualization and hypervisor management platforms, including: •...

  • Page 42: Virtualization And Xenserver/Vmware Vsphere Hypervisor, Esxi

    After installing VMware ESXI, the VM guest can be remotely managed and the PCI passthrough of the Solo module configured using vSphere. PCI passthrough allows a VM guest direct access to the nShield Solo XC. 12.3.1. Set up a basic single-node vCenter server instance Follow the steps below to use the vCenter Simple Install to set up a basic single- node vCenter Server instance.
  • Page 43 7. Configure the network connections as follows: a. How many NICs do you want to connect? 1. b. Network: VM Network. c. Adapter: VMXNET 3. d. Connect at Power On: ✓. nShield Solo and Solo XC v13.4 Install Guide 40/49...

  • Page 44: Xenserver Environments

    Install the XenServer, follow the instructions in the Citrix XenServer Quick Start Guide, see https://docs.citrix.com/en-us/xenserver. 12.4.1. Configure the XenCenter client To remotely manage VM guests and configure PCI passthrough of the nShield Solo 1. Enter the XenServer web client IP address. 2. Select XenCenter installer. The XenCenter software will auto install.
  • Page 45 This command enters the PCI slot, for example: pciback.hide=(02:00.0) --- /boot/initrd-fallback.img 9. Save and close the file. 10. Run the command: extlinux -I /boot 11. Run the command: nShield Solo and Solo XC v13.4 Install Guide 42/49...
  • Page 46 PCI passthrough connection. To create the first DomU guest VM: 1. Select the server from the Resources pane, right-click and select New VM from the dropdown menu. 2. Select a Template. nShield Solo and Solo XC v13.4 Install Guide 43/49...

  • Page 47: Hyper-V Environment

    VM instance will fail to power on. Verify that the Solo XC card is located on the same slot that was selected for the passthrough to the guest VM. 12.5. Hyper-V environment The instructions assume there is a single nShield Solo XC module  in the system. ...
  • Page 48 1. Enable the Input Output Memory Management Unit (IOMMU) policy on the server. This policy controls whether the Hyper-V server uses an IOMMU. To enable it, run the command: bcdedit /set hypervisoriommupolicy enable nShield Solo and Solo XC v13.4 Install Guide 45/49...
  • Page 49 VMs. 1. Insert the DVD-ROM containing the Security World software. The Security World software will auto install. 2. Run the enquiry utility to check that the module is working correctly. See nShield Solo and Solo XC v13.4 Install Guide 46/49...
  • Page 50 ISO path. 16. Select Next. 17. Select Finish. 12.5.1.7. Configure the VM guest instance on the server 1. Stop and select the VM guest instance. Run the commands: PS C:\> $vmName = 'ws2016' nShield Solo and Solo XC v13.4 Install Guide 47/49...
  • Page 51 1. Remove a device from the VM. Run the commands: PS C:\> $vmName = “ws2016” PS C:\> Remove-VMAssignableDevice -Verbose -VMName $vmName} 12.5.3. Undo passthrough 1. Mount a single device. Run the command: nShield Solo and Solo XC v13.4 Install Guide 48/49...
  • Page 52 2. Enable a single device in device manager. Run the command: Enable-PnpDevice -Confirm:$false -Verbose -InstanceId $instanceId $locationPath To find the run the command:  PS C:\> $locationPath = (Get-PnpDeviceProperty -KeyName DEVPKEY_Device_LocationPaths -InstanceId $instanceId).Data[0] nShield Solo and Solo XC v13.4 Install Guide 49/49...

This manual is also suitable for:

Nshield solo xc

Table of Contents