1. Manuals
  2. Brands
  3. Entrust Manuals
  4. Network Hardware
  5. nShield Solo
  6. Installation manual

Entrust nShield Solo Installation Manual

Hide thumbs Also See for nShield Solo:
Table of Contents

Advertisement

Quick Links

Download this manual
nShield Security World
nShield Solo and Solo XC
v12.50.4 Installation Guide
4 March 2024

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the nShield Solo and is the answer not in the manual?

Questions and answers

Related Manuals for Entrust nShield Solo

Summary of Contents for Entrust nShield Solo

  • Page 1 Security World nShield Solo and Solo XC v12.50.4 Installation Guide 4 March 2024...

  • Page 2: Table Of Contents

    Contents 1 Introduction 1.1 About this guide 1.1.1 Model Numbers 1.2 Additional documentation 1.2.1 Terminology 1.3 Typographical conventions 2 Hardware security modules 2.1 Power requirements 2.2 Handling modules 2.3 Environmental requirements 2.4 Module operational temperature and humidity specifications 2.5 Cooling requirements 2.6 Physical location considerations Modules de sécurité...
  • Page 3 Módulos de Seguridad de Hardware 2.19 Requerimientos de corriente eléctrica 2.20 Manipulación de módulos 2.21 Requerimientos ambientales 2.22 Recomendaciones de temperatura y humedad 2.23 Requerimientos de ventilación 2.24 Consideraciones para la ubicación física 3 Regulatory notices 3.1 FCC class A notice 3.2 Canadian certification - CAN ICES-3 (A)/NMB- 3(A) 3.3 Battery cautions 3.4 Hazardous substance caution 3.5 Recycling and disposal information...
  • Page 4 6.1.3.1 Install Java with any necessary patches 6.1.3.2 Identify software components to be installed 6.1.4 Planning to use the Remote Administration Service 6.1.4.1 The Remote Administration Service with an nShield Solo or nShield Solo XC 6.2 Firewall settings 7 Installing the software 7.1 Installing the Security World Software...
  • Page 5 7.3.4 Installing on Linux 8 Checking the installation 8.1 Checking operational status 8.1.1 Enquiry utility 8.1.2 nFast server (hardserver) 8.2 Mode switch and jumper switches 8.3 Log message types 8.3.1 Information 8.3.2 Notice 8.3.3 Client 8.3.4 Serious error 8.3.5 Serious internal error 8.3.6 Start-up errors 8.3.7 Fatal errors 8.4 Utility error messages...
  • Page 6 B.2.2 Individual components B.3 CodeSafe installation media B.3.1 Component bundles B.3.2 Individual components B.4 Common component bundles B.4.1 Common component bundles B.4.1.1 Hardware support B.4.1.2 Core tools B.4.1.3 Java Support (including KeySafe) B.4.1.4 Remote Administration Service B.4.1.5 Remote Administration Client B.4.1.6 nShield Connect firmware files B.4.2 Additional component bundles B.4.2.1 CipherTools Developer B.4.2.2 CodeSafe Developer...
  • Page 7 C.4 XenServer environments C.4.1 Configure the XenCenter 6.5 client C.4.2 Create a XenServer guest instance and hardserver configuration C.5 Hyper-V environment (Windows Server 2012) C.5.1 Install Hyper-V on the server C.5.2 Add the Hyper-V role to the server C.5.3 Configure Hyper-V C.5.4 Create the VM guest instance and hardserver configuration C.5.4.1 Install the CipherTools software: C.5.4.2 Configure the hardserver to export the module to guest VM usage...

  • Page 8: Introduction

    See the User Guide for more about, for example: Creating and managing a Security World Creating and using keys Card sets The advanced features of an nShield Solo and nShield Solo XC. For information on integrating nCipher products with third-party enterprise applications, see https://www.ncipher.com. 1.1.1 Model Numbers The table below shows the different versions of the module.

  • Page 9: Additional Documentation

    These notes contain the latest information about your product. 1.2.1 Terminology The nShield Solo and nShield Solo XC are referred to as the nShield Solo and nShield Solo XC , the hardware security module , or the HSM in this guide. 1.3 Typographical conventions The word Note indicates important supplementary information.

  • Page 10: Hardware Security Modules

    2 Hardware security modules 2 Hardware security modules 2.1 Power requirements Maximum Module power Solo 9.9W Solo XC 24W Make sure that the power supply in your computer is rated to supply the required electric power. The Solo and Solo XC modules are intended for installation into a certified personal computer, server or similar equipment.

  • Page 11: Environmental Requirements

    2 Hardware security modules 2.3 Environmental requirements When you install the module, ensure that there is good air flow around it. To maximize air flow, use a PCIe slot with no neighboring modules if possible. If air flow is limited, consider fitting extra cooling fans to your computer case.

  • Page 12: Cooling Requirements

    2.5 Cooling requirements 2.5 Cooling requirements Adequate cooling of the module is essential for trouble-free operation and a long operational life. During operation you can use the supplied utility to check the actual and maximum stattree temperature of the module. It is advised to do this directly after installing the module in its normal working environment.

  • Page 13: Modules De Sécurité Du Matériel Informatique

    Modules de sécurité du matériel informatique Modules de sécurité du matériel informatique 2.7 Besoins en énergie Puissance Module maximale Solo 9.9W Solo XC 24W Remarque: Assurez-vous que l'alimentation électrique de votre ordinateur est suffisamment élevée pour fournir l'énergie électrique requise. Le Solo et les cartes Solo XC sont conçus pour être installés sur un ordinateur ou un serveur personnel certifié, ou un équipement similaire.

  • Page 14: Température Et Taux D'humidité Recommandés

    2.10 Température et taux d'humidité recommandés Une ventilation insuffisante peut endommager le module ou l'ordinateur dans lequel le module est inséré. Manipulation Manipulez toujours le module correctement. Pour plus d'informations, reportez-vous à des modules on page 2.10 Température et taux d'humidité recommandés Nous vous recommandons de faire fonctionner le module Solo dans les conditions environnementales suivantes.

  • Page 15: Besoins De Refroidissements

    Modules de sécurité du matériel informatique 2.11 Besoins de refroidissements Le refroidissement adéquat du module est essentiel pour un fonctionnement sans problèmes et une longue durée de fonctionnement. Lors du fonctionnement vous pouvez utiliser l'outil stattree fourni pour vérifier la température réelle et maximum du module. Il est conseillé de faire cela directement après l’installation du module dans son environnement de fonctionnement normal.

  • Page 16: Hardware-Sicherheitsmodule

    Hardware-Sicherheitsmodule Hardware-Sicherheitsmodule 2.13 Spannungsversorgung Maximale Modul Leistung Solo 9.9W Solo XC 24W Hinweis: Stellen Sie sicher, dass die Spannungsversorgung Ihres Computers so ausgelegt ist, dass sie die erforderliche Leistung bereitstellen kann. Die Solo und Solo XC-Karten dienen der Installation in einem zertifizierten PC, Server oder einem anderen ähnlichen Gerät.

  • Page 17: Empfohlene Temperatur- Und Feuchtigkeitswerte

    Hardware-Sicherheitsmodule Installieren und behandeln Sie das Modul stets vorschriftsgemäß. Weitere Informationen finden Sie Umgang mit Modulen on page 2.16 Empfohlene Temperatur- und Feuchtigkeitswerte Wir empfehlen, das PCIe-Modul innerhalb der folgenden Umgebungsbedingungen zu betreiben. Betriebsbereich Umgebungsbedingungen Anmerkungen Solo Min. Max. Betriebstemperaturumgebung 10°C 35°C Ausreichend gute Belüftung erforderlich -20°C...

  • Page 18: Hinweise Zum Physischen Standort

    2.18 Hinweise zum physischen Standort 2.18 Hinweise zum physischen Standort Die nShield-Module (HSM) von nCipher sind gemäß NIST FIPS 140-2 Level 2 und 3 zertifiziert. Zusätzlich zum Eigenschutz, der durch ein nShield-HSM bereitgestellt wird, müssen Kunden das Modul vorsichtig verwenden und sicherstellen, dass die Umgebung, in der das nShield-Modul genutzt wird, ordnungsgemäß...

  • Page 19: Módulos De Seguridad De Hardware

    Módulos de Seguridad de Hardware Módulos de Seguridad de Hardware 2.19 Requerimientos de corriente eléctrica Potencia Módulo máxima Solo 9.9W Solo XC 24W Nota: Asegúrese de que la fuente de alimentación de su computadora haya sido clasificada para suministrar la potencia eléctrica requerida. Las tarjetas Solo y Solo XC están diseñadas para ser instaladas en una computadora personal, servidor o equipo similar certificados.

  • Page 20: Recomendaciones De Temperatura Y Humedad

    2.22 Recomendaciones de temperatura y humedad Manipulación de módulos on Siempre manipule el módulo correctamente. Por más información, vea page 2.22 Recomendaciones de temperatura y humedad Recomendamos que el Solo opere dentro de las siguientes condiciones ambientales. Rango de Condiciones ambientales para operación Comentarios Solo...

  • Page 21: Consideraciones Para La Ubicación Física

    Módulos de Seguridad de Hardware días de operación. Si el módulo excede la temperatura segura de operación, dejará de funcionar y Status indicators on page mostrará el mensaje de error en el LED de estado (ver 53). SOS-T 2.24 Consideraciones para la ubicación física Los módulos de seguridad de hardware (HSM) nShield de nCipher están certificados para NIST FIPS 140-2 niveles 2 y 3.

  • Page 22: Regulatory Notices

    3 Regulatory notices 3 Regulatory notices 3.1 FCC class A notice The nShield Solo and nShield Solo XC HSMs comply with Part 15 of the FCC rules. Operation is subject to the following two conditions: 1. The device may not cause harmful interference, and 2.

  • Page 23: Avis Juridiques

    Avis juridiques Avis juridiques 3.6 Classe A de la FCC Ce HSM Solo nShield répond aux exigences de la partie 15 du règlement de la FCC. Le fonctionnement est soumis aux deux conditions suivantes: 1. Cet appareil ne peut pas causer d'interférence nuisible, et 2.

  • Page 24: Rechtliche Informationen

    Rechtliche Informationen Rechtliche Informationen 3.11 Hinweis FCC-Klasse A Das nShield Solo-HSM erfüllt die Anforderungen von Teil 15 der FCC-Bestimmungen. Der Betrieb des Geräts unterliegt den folgenden zwei Bedingungen: 1. Das Gerät darf keine störenden Interferenzen verursachen, und 2. Dieses Gerät muss störenden Interferenzen, die auf das Gerät auftreffen, widerstehen (einschließlich Interferenzen, die einen ungewollten Betrieb verursachen).

  • Page 25: Notificaciones Reglamentarias

    Notificaciones reglamentarias 3.16 Notificación clase A de la FCC Este HSM nShield Solo cumple con la parte 1 5 de la reglamentación de la Comisión Federal de Comunicaciones (Federal Communications Commission, FCC) La operación está sujeta a las dos siguientes condiciones: 1.

  • Page 26: Before Installing The Module

    4 Before installing the module 4 Before installing the module Figure 1. nShield Solo and nShield Solo XC back panel and jumper switches Label Description Status LED Recessed clear button Physical mode switch nShield® Solo and nShield® Solo XC - Installation Guide...

  • Page 27: Module Pre-Installation Steps

    MOI switching capability must switch jump switch E to the On position. 4.2 Fitting a module bracket Before installing an nShield Solo in a low height card slot, you must replace the standard full height bracket with the low profile bracket supplied with the module.
  • Page 28 4.2 Fitting a module bracket Do not touch the nShield Solo or nShield Solo XC connector pins, or the exposed area of the module without taking ESD precautions. Figure 2. Removing the low profile bracket (left) and fitting the full height bracket (right) To fit the full height bracket to the module: 1.

  • Page 29: Replace Solo Xc Fan

    4 Before installing the module 4.3 Replace Solo XC Fan How to replace the Solo XC fan assembly. Required Tools Phillips screwdriver #0 Phillips screwdriver #2 Small needle nose pliers Required Part Orderable part number SOLOXC-REP-FAN (Replacement fan assembly). To remove and replace the Solo XC fan assembly: 1.

  • Page 30: Replace Solo Xc Battery

    4.4 Replace Solo XC Battery Figure 4. Removal of fan power cable from P3 connector Figure 5. Power cable grommet identified in the EMI slot 4.4 Replace Solo XC Battery How to replace the Solo XC battery. Please follow battery disposal guidelines in the installation manual. Required Tools Phillips screwdriver #2 Small tweezers...
  • Page 31 4 Before installing the module 1. Power off the system and while taking ESD precautions, remove the Solo XC card.. 2. Place the Solo XC on a flat surface. Figure 6. Tweezers 3. Using the tweezers, gently remove the battery from the BT1 connector (See removing the battery from the BT1 connector on page 32).

  • Page 32: Installing The Module

    2. Open the computer case and locate an empty PCIe slot. If necessary, follow the instructions that your computer manufacturer supplied. The nShield Solo must be fitted to a PCIex1 slot and the nShield Solo XC must be fitted to a PCIEx4 slot.

  • Page 33: Before You Install The Software

    6.1.1.1 Power saving options Adjust your computers power saving setting to prevent sleep mode. You may also need to set power management properties of the nShield Solo, once the Security World Software is installed. See Installing Security World Software in a Windows environment on page 39 for more information.

  • Page 34: All Environments

    6 Before you install the software user in the group, using as the home directory. nfast nfast /opt/nfast If you are installing snmp, the user in the group, using as the home ncsnmpd ncsnmpd /opt/nfast directory. If you are installing the Remote Administration Service, the user in the group, using raserv...

  • Page 35: Planning To Use The Remote Administration Service

    6.1.4 Planning to use the Remote Administration Service All the software components supplied Only the software components you require During the installation process, you are asked to choose which bundles and components to install. Your choice depends on a number of considerations, including: The types of application that are to use the module The amount of disc space available for the installation Your company’s policy on installing software.

  • Page 36: The Remote Administration Service With An Nshield Solo Or Nshield Solo Xc

    Remote Administration Client and the Remote Administration Service if they are on separate computers. To be able to use an nShield Solo or nShield Solo XC with Remote Administration, you need to make sure that the appropriate firmware (2.61.2 or later) and a KLF2 warrant are installed.
  • Page 37 UDP port If you are using an nShield Solo or nShield Solo XC as a Remote Operator slot for an HSM located elsewhere, you need to open port 9004. You may restrict the IP addresses to those you expect to use this port.

  • Page 38: Installing The Software

    7 Installing the software 7 Installing the software This chapter describes how to install the Security World Software on the host computer . After you have installed the software, you must complete further Security World creation, configuration and setup tasks before you can use your nShield environment to protect and manage your keys.
  • Page 39 7 Installing the software Components on 4. Select all the components required for installation, and then click Next. See Security World Software installation media (Windows and Unix) on page 59 for more about the component bundles and the additional software supplied on your installation media. The selected components are installed in the default directory.

  • Page 40: Installing Security World Software In A Unix Linux Environment

    7.3 Installing Security World Software in a Unix Linux environment 7.3 Installing Security World Software in a Unix Linux environment 7.3.1 Installing on Solaris To install the Security World Software for Solaris: 1. Log in as a user with root privileges. 2.

  • Page 41: Installing On Hp-Ux

    7 Installing the software 3. Start the software management tool by running the command: smit install_latest 4. Select List to display the input device or directory for the software, and select the location that contains the installation image. 5. For SOFTWARE to install, select List, and then select all required file sets See Components on Security World Software installation media (Windows and Unix) on page 59 for more about the...

  • Page 42: Installing On Linux

    7.3.4 Installing on Linux 3. Open a terminal window, and start the software management tool by running a command of the form: swinstall -s disc-name/hpux/ver/nfast/nfast.dep In this example, is the mount point of the installation media and is the version of disc-name HP-UX (for example, use 11_31 for HP-UX version 11.31).
  • Page 43 7 Installing the software 4. Extract the required files to install all the software bundles by running commands of the form: .tar tar xf disc-name/linux/ver/nfast/bundle/file.tar In this command, ver is the version of the operating system (for example, ), bundle is the libc6_11 directory name of a given bundle (for example, ), and file...
  • Page 44 7.3.4 Installing on Linux 5. To use an nShield module with your Linux system, you must build a kernel driver. nCipher supplies the source to the nCipher PCI kernel driver ( ) and a makefile for building the driver as a loadable module.
  • Page 45 7 Installing the software 8. Add to your system variable: /opt/nfast/bin PATH If you use the Bourne shell, add these lines to your system or personal profile: PATH=/opt/nfast/bin:$PATH export PATH If you use the C shell, add this line to your system or personal profile: setenv PATH /opt/nfast/bin:$PATH Page 46 nShield®...

  • Page 46: Checking The Installation

    8 Checking the installation 8 Checking the installation This section describes what to do if you have an issue with the module or the software. The facilities described below are only available if the software has been installed successfully. 8.1 Checking operational status 8.1.1 Enquiry utility Run the utility to check that the module is working correctly.
  • Page 47 8 Checking the installation nShield Solo server: enquiry reply flags none enquiry reply level serial number ####-####-####-#### mode operational version #.#.# speed index rec. queue ##..## version serial remote server port #### module type code product name nFast server Module ##:...

  • Page 48: Nfast Server (Hardserver)

    Installing the module on page 33 saving features are disabled. See for more information. Otherwise, if your system enters Sleep mode, the nShield Solo module may not be found when running . If this happens, you need to reboot your system.

  • Page 49: Mode Switch And Jumper Switches

    HSM. You can set the physical mode override jumper switch on the circuit board of the nShield Solo to the On position, to prevent accidental operation of the Mode switch. If this override jumper switch is on, nShield Solo the nShield Solo and nShield XC Solo XC will ignore the position of the Mode switch (see...

  • Page 50: Client

    8.3.3 Client 8.3.3 Client This type of message indicates that the server has detected an error in the data sent by the client (but other clients are unaffected): nFast server: Detected error in client behaviour: message 8.3.4 Serious error This type of message indicates a serious error, such as a communications or memory failure: nFast server: Serious error, trying to continue: message If you receive a serious error, even if you are able to recover, contact Support.

  • Page 51: Utility Error Messages

    The RTC will not require resetting after the module has been shut down for extended periods. The battery is not rechargeable. After upgrading the firmware to an nShield Solo XC board, reboot the host. Page 52...

  • Page 52: Status Indicators

    Error mode, the module does not respond to commands and does not write code (three short data to the bus. pulses, three long pulses, three short For nShield Solos and nShield Solo XCs running firmware 2.61.2 and pulses). above, the error code is also reported by the utility in the enquiry...

  • Page 53: Appendix A Uninstalling Existing Software

    Appendix A Uninstalling existing software Appendix A Uninstalling existing software nCipher recommends that you uninstall any existing older versions of Security World Software before you install new software. In Windows environments, if the installer detects an existing Security World Software installation, it asks you if you want to install the new components. These components replace your existing installation.

  • Page 54: Uninstalling Unix Software

    Appendix A Uninstalling existing software A.2 Uninstalling Unix software A.2.1 Uninstalling on Solaris To uninstall the Security World Software from Solaris: 1. Assume the nFast Administrator privileges or root privileges by running the command: $ su - 2. Type your password, then press Enter. 3.

  • Page 55: Uninstalling On Aix

    A.2.2 Uninstalling on AIX A.2.2 Uninstalling on AIX To uninstall the Security World Software from AIX: 1. Log in as a user with root privileges. 2. To remove drivers, install fragments, and scripts and to stop services, run the command: /opt/nfast/sbin/install -u 3.

  • Page 56: Uninstalling On Hp-Ux

    Appendix A Uninstalling existing software A.2.3 Uninstalling on HP-UX To uninstall the Security World Software from HP-UX: 1. Assume the nFast Administrator privileges or root privileges by running the command: su - 2. Type your password, then press Enter. 3. To remove drivers, install fragments, and scripts and to stop services, run the command: /opt/nfast/sbin/install -u 4.
  • Page 57 A.2.4 Uninstalling on Linux 3. To remove drivers, install fragments, and scripts and to stop services, run the command: /opt/nfast/sbin/install -u 4. Delete all the files (including those in subdirectories) in by running /opt/nfast /dev/nfast/ the following commands: rm -rf /opt/nfast Deleting all the files and subdirectories in also deletes the /opt/nfast...

  • Page 58: Appendix B Components On Security World Software Installation Media (Windows And Unix)

    Appendix B Components on Security World Software installation media (Windows and Unix) Appendix B Components on Security World Software installation media (Windows and Unix This appendix lists the contents of the component bundles and the additional software supplied on your Security World Software installation media.

  • Page 59: Individual Components

    Appendix B Components on Security World Software installation media (Windows and Unix) B.1.2 Individual components Unix Description (Windows and Unix) Package - Windows only nCipher CAPI-NG providers and tools hwcrhk Crypto Hardware Interface (CHIL) plugin jcecsp nCipherKM JCA/JCE provider classes - Windows only CSP Console utilities - Windows only...

  • Page 60: Individual Components

    B.2.2 Individual components B.2.2 Individual components Unix Description (Windows and Unix) Package - Windows only nCipher CAPI-NG providers and tools devref nCore API Documentation hwcrhk Crypto Hardware Interface (CHIL) plugin jcecsp nCipherKM JCA/JCE provider classes - Windows only CSP Console utilities - Windows only CryptoAPI CSP GUI and console installers ncsnmp...

  • Page 61: Individual Components

    Appendix B Components on Security World Software installation media (Windows and Unix) B.3.2 Individual components Unix Description (Windows and Unix) Package - Windows only nCipher CAPI-NG providers and tools csdref nCore CodeSafe API Documentation devref nCore API Documentation gccsrc Prebuilt arm-gcc for Codesafe/C gccsrc Prebuilt powerpcm-gcc for Codesafe/C hwcrhk...

  • Page 62: Common Component Bundles

    B.4 Common component bundles B.4 Common component bundles nCipher supply component bundles containing many of the necessary components for your installation. Certain standard component bundles are offered for installation on all standard Security World Software installation media, while additional component bundles are found on CipherTools and CodeSafe installation media.

  • Page 63: Core Tools

    Appendix B Components on Security World Software installation media (Windows and Unix) B.4.1.2 Core tools The Core Tools (recommended) bundle contains all the Security World Software command-line utilities, including , low level utilities, and test programs: generatekey Unix Description (WIndows and Unix) Package convrt Command line key conversions...

  • Page 64: Remote Administration Service

    B.4.1.4 Remote Administration Service B.4.1.4 Remote Administration Service The Remote Administration Service bundle contains the Remote Administration Service installation and configuration. When installed, the Remote Administration Service starts automatically. B.4.1.5 Remote Administration Client Graphical User Interface and command line versions of the Remote Administration Client. B.4.1.6 nShield Connect firmware files Firmware image files for the nShield Connect.

  • Page 65: Ciphertools Developer

    Appendix B Components on Security World Software installation media (Windows and Unix) nCipher supply the following additional component bundles on CodeSafe installation media: Code safe Java developer. B.4.2.1 CipherTools Developer The CipherTools Developer bundle contains components supplied with the CipherTools Developer Kit: Unix Description (Windows and Unix)

  • Page 66: Codesafe Developer

    B.4.2.2 CodeSafe Developer B.4.2.2 CodeSafe Developer The CodeSafe Developer bundle contains components supplied with the CodeSafe Developer Kit: Unix Description (Windows and Unix) Package csee Codesafe-C moduleside example code csee Codesafe-C hostside example code module Firmware test scripts Generic stub libraries and headers, and example C source for utility nflibs functions nfuser...

  • Page 67: Java Developer

    Appendix B Components on Security World Software installation media (Windows and Unix) B.4.2.3 Java Developer The Java Developer bundle contains components to support development of Java applications: Unix Description (Windows and Unix) Package jcecsp Java Key Management developer jutils Java utilities source and javadocs kmjava Java Key Management developer nfjava...

  • Page 68: Keysafe

    B.5.1 KeySafe B.5.1 KeySafe To use KeySafe, install the Core Tools and the Java Support (including KeySafe) bundles. B.5.2 Microsoft CAPI CSP If you require the Microsoft CAPI CSP, you must install the CSP components: CSP console utilities CryptoAPI CSP GUI and console installers B.5.3 Microsoft Cryptography API: Next Generation (CNG) If you require the Microsoft CNG, you must install the CNG component: nCipher CAPI-NG providers and tools...

  • Page 69: Ncipherkm Jca/Jce Cryptographic Service Provider

    Appendix B Components on Security World Software installation media (Windows and Unix) B.7 nCipherKM JCA/JCE cryptographic service provider If you want to use the nCipherKM JCA/JCE cryptographic service provider, you must install both: The Java Support (including KeySafe) bundle The nCipherKM JCA/JCE provider classes component An additional JCE provider is supplied that is required for RSA encryption nCipherRSAPrivateEncrypt...

  • Page 70: Appendix C Virtualization Remote Server

    Appendix C Virtualization Remote Server Appendix C Virtualization Remote Server The nShield Solo XC is compatible with the leading server virtualization and hypervisor management platforms, including: Microsoft Hyper-V, a role in Windows Server 2012 and Windows Server 2016 used to create...

  • Page 71: Virtualization And Xenserver/Vmware Vsphere Hypervisor, Esxi

    ESXi ESXi and XenServer do not use the concept of a Parent/Dom0 VM. Instead, an additional VM is defined in the system as the host with passthrough permissions to enable access to the nShield Solo C.3 ESXi environment After installing VMware ESXI 5.5, the VM guest can be remotely managed and the PCI passthrough of the Solo module configured using vSphere client 5.5.

  • Page 72: Create The Vm Guest Instance

    C.3.3 Create the VM guest instance The ESXi 5.5 will now be successfully installed and the Solo PCIe module has been configured for passthrough. C.3.3 Create the VM guest instance VMware ESXi provides the capability of PCI passthrough and it is a bare metal Hypervisor. This requires the creation of two guests which communicate via Vswitch.

  • Page 73: Xenserver Environments

    Install the XenServer, follow the instructions in the Citrix XenServer Quick Start Guide. see https://www.citrix.com. C.4.1 Configure the XenCenter 6.5 client To remotely manage VM guests and configure PCI passthrough of the nShield Solo XC: 1. Enter the XenServer web client IP address. 2. Select XenCenter installer. The XenCenter software will auto install.
  • Page 74 C.4.1 Configure the XenCenter 6.5 client 8. Run the command: pciback.hide=<NG solo card endpoint> This command enters the PCI slot, for example: pciback.hide=(02:00.0) --- /boot/initrd-fallback.img 9. Save and close the file. 10. Run the command: extlinux -I /boot 11. Run the command: reboot 12.

  • Page 75: Create A Xenserver Guest Instance And Hardserver Configuration

    Appendix C Virtualization Remote Server When the installation of XenCenter has completed you can access [https://( XENSERVER- I P)] to acquire the corresponding XenCenter Client Remote management interface. C.4.2 Create a XenServer guest instance and hardserver configuration The XenServer is a bare metal Hypervisor that provides the PCI passthrough capability. As part of this process, you must create two Dom U guests that communicate through the Vswitch.

  • Page 76: Hyper-V Environment (Windows Server 2012)

    C.5 Hyper-V environment (Windows Server 2012) C.5 Hyper-V environment (Windows Server 2012) C.5.1 Install Hyper-V on the server To install the Hyper-V, see https://technet.microsoft.com/en-us/library/hh846766.aspx. C.5.2 Add the Hyper-V role to the server To add the Hyper-V role in Windows server: 1.

  • Page 77: Create The Vm Guest Instance And Hardserver Configuration

    See Checking the installation in the nShield Solo Installation Guide . C.5.4.2 Configure the hardserver to export the module to guest VM usage To configure the hardserver to export the module to guest VM usage: These commands can be repeated for any number of guests.

  • Page 78: Configure The Second Guest Vm Instance

    C.5.4.3 Configure the second guest VM instance 1. Run the command: Root@<userid>-HVM-domU: /opt/nfast/bin# ./rserverperm –add -a <IPv4 of the 1st Guest VM created in which a guest hardserver is running> --exportslot System response: OK permission ID is 2 2. Run the command: Root@<userid>-HVM-domU: /opt/nfast/bin# ./rserverperm –add -a <IPv4 of the 1st Guest VM created in which a guest hardserver is running >...

  • Page 79: Confirm The Connection To The Second Guest Vm

    You can find the enquiry enquiry utility in the bin subdirectory of the nCipher directory. See Checking the installation in the nShield Solo Installation Guide . C.5.4.6 Create secondary WM guests To create secondary VM guests: 1.

  • Page 80: Hyper-V Environment (Windows Server 2016)

    VM in order to provide the hardserver instance within each guest VM the ability to send requests to the nShield Solo XC module that is physically connected to the NFAST service installed in the Windows 2012 R2 host hardserver.

  • Page 81: Prepare The Server

    Appendix C Virtualization Remote Server 10. Select Next. 11. Select Hyper-V. 12. Select Next. 13. Reboot the system. Once rebooted, Hyper-V will be supported by the Server 2016 instance. C.6.1.3 Prepare the server 1. Enable the Input Output Memory Management Unit (IOMMU) policy on the server. This policy controls whether the Hyper-V server uses an IOMMU.

  • Page 82: Install The Ciphertools Software

    See Checking the installation in the nShield Solo Intallation Guide . C.6.1.6 Create the VM guest instance on the server 1. Open the Hyper-V Manager within your Windows 2016 server.

  • Page 83: Configure The Vm Guest Instance On The Server

    Appendix C Virtualization Remote Server 10. Select Next. 11. Select Next. 12. Select the button for Create a virtual hard disk. 13. Enter Name, location and size. 14. Select Next. 15. Select one of the following options: Install an operating system later, if you have a disk Install an operating system from a bootable image file, if you have the ISO path 16.

  • Page 84: Remove A Device From The Vm Guest Instance

    C.6.2 Remove a device from the VM guest instance 4. Assign a device to the VM guest instance. Run the commands: PS C:\> Add-VMAssignableDevice -VM $vmName -LocationPath $locationPath -Verbose PS C:\> Start-VM -VMName $vmName To find the $locationPath run the command: PS C:\>...
  • Page 85 Appendix C Virtualization Remote Server 2. Enable a single device in device manager. Run the command: Enable-PnpDevice -Confirm:$false -Verbose -InstanceId $instanceId To find the $locationPath run the command: PS C:\> $locationPath = (Get-PnpDeviceProperty -KeyName DEVPKEY_Device_LocationPaths - InstanceId $instanceId).Data[0] Page 86 nShield®...

This manual is also suitable for:

Nshield solo xc

Table of Contents