Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Entrust Manuals
  4. Network Hardware
  5. nShield Solo
  6. Install manual

Entrust nShield Solo Install Manual

V12.81
Hide thumbs Also See for nShield Solo:

Advertisement

Quick Links

Download this manual
nShield Security World
nShield Solo v12.81 Install
Guide
12 July 2024

Advertisement

loading
Need help?

Need help?

Do you have a question about the nShield Solo and is the answer not in the manual?

Questions and answers

Related Manuals for Entrust nShield Solo

Summary of Contents for Entrust nShield Solo

  • Page 1 Security World nShield Solo v12.81 Install Guide 12 July 2024...

  • Page 2: Table Of Contents

    Table of Contents 1. Introduction ................ ...
  • Page 3 8.1. Checking operational status ........... .  ...
  • Page 4 12.5.1. Set up .............. ...

  • Page 5: Introduction

    Chapter 1. Introduction 1. Introduction The Entrust nShield Solo, Solo XC, and nShield 5s are Hardware Security Modules (HSM) for servers and appliances. 1.1. About this guide This guide includes: • Installing the nShield Solo, nShield Solo XC, and nShield 5s. See Installing the module.

  • Page 6: Additional Documentation

    1.4. Terminology The nShield Solo, nShield Solo XC, and nShield 5s are referred to as a the nShield Solo, nShield Solo XC, and nShield 5s, the Hardware Security Module, or the HSM in this guide. nShield Solo v12.81 Install Guide...

  • Page 7: Hardware Security Modules

    Leave the module in its anti-static bag until you are ready to install it. Always wear an anti- static wrist strap that is connected to a grounded metal object. You must also ensure that the computer frame is grounded while you are installing or removing an internal module. 2.3. Environmental requirements nShield Solo v12.81 Install Guide 3/47...

  • Page 8: Module Operational Temperature And Humidity Specifications

    Relative. Non-condensing at 30°C Storage humidity Relative. Non-condensing at 30°C Transportation humidity Relative. Non-condensing at 30°C The nShield 5s module operates within the following environmental conditions. nShield 5s environmental conditions Operating range Comments Min. Max. nShield Solo v12.81 Install Guide 4/47...

  • Page 9: Cooling Requirements

    2.6. Physical location considerations Entrust nShield HSMs are certified to NIST FIPS 140-2 Level 2 and 3. In addition to the intrin sic protection provided by an nShield HSM, customers must exercise due diligence to ensure that the environment within which the nShield HSMs are deployed is configured properly and is regularly examined as part of a comprehensive risk mitigation program to assess both logical and physical threats.
  • Page 10 HSMs’ cryptographic services. The deployed environment must adopt 'defense in depth' measures and carefully consider the physical location to prevent detection of electromagnetic emanations that might otherwise inadver­ tently disclose cryptographic material. nShield Solo v12.81 Install Guide 6/47...

  • Page 11: Notices

    3. Regulatory notices 3.1. FCC class A notice The nShield Solo and nShield Solo XC HSMs comply with Part 15 of the FCC rules. Opera­ tion is subject to the following two conditions: 1. The device may not cause harmful interference, and 2.

  • Page 12: Before Installing The Module

    Remote mode override jumper switch, in the Off position. When set to On, remote mode switch­ ing is disabled. See the User Guide for more information. A mini-DIN connector for connecting a smart card reader.  The configuration of connectors varies between modules and might not nShield Solo v12.81 Install Guide 8/47...

  • Page 13: Module Pre-Installation Steps

    The default factory setting of the jumper DIP switch E is Off. This enables remote MOI switching. Factory shipping nShield Solo HSMs loaded with firmware 2.61.2 or greater will support remote MOI switching by default. Customers who expressly do not want to enable the remote MOI switching capability must switch jump switch E to the On position.

  • Page 14: Replace The Fan - Solo Xc Only

    8. Replace the four fan retaining screws. 9. Install the power cable connector into the Solo XC P3 power connector. 10. Install the power cable grommet into the slot in the EMI fence, with the flat side nShield Solo v12.81 Install Guide 10/47...

  • Page 15: Replace The Battery - Solo Xc And Nshield

    2. Place the module on a flat surface. 3. Using the tweezers, gently remove the battery from the BT1 connector. 4. Observing the polarity, install the replacement battery in the BT1 connector. 5. Re-install the module into the PCIe slot. nShield Solo v12.81 Install Guide 11/47...

  • Page 16: Installing The Module

    2. Open the computer case and locate an empty PCIe slot. If necessary, follow the instruc tions that your computer manufacturer supplied. Do not install a nShield Solo or nShield Solo XC module into a PCI  slot. See the instructions that your computer manufacturer sup­...

  • Page 17: After Installing The Module

    Although methods of installation vary from platform to platform, the Security World Soft­ ware should automatically detect the module on your computer and install the drivers. You do not have to restart the system. nShield Solo v12.81 Install Guide 13/47...

  • Page 18: Before You Install The Software

    6.1.1.1. Power saving options Adjust your computers power saving setting to prevent sleep mode. You may also need to set power management properties of the nShield Solo, once the Secu rity World Software is installed. See Installing the Security World Software on Windows more information.

  • Page 19: All Environments

    Software. The Java executable must be on your system path. If you can do so, please use the latest Java version currently supported by Entrust that is compatible with your requirements. Java versions before those shown are no longer sup­...
  • Page 20 Chapter 6. Before you install the software 6.1.3.2. Identify software components to be installed Entrust supply standard component bundles that contain many of the necessary compo­ nents for your installation and, in addition, individual components for use with supported applications. To be sure that all component dependencies are satisfied, you can install either: •...

  • Page 21: Settings

    See the User Guide for your module and operating system for more about configu­ ration files. Similarly, if you are setting up the Remote Administration Service you need to open port 9005. nShield Solo v12.81 Install Guide 17/47...

  • Page 22: Installing The Software

    The selected components are installed in the installation directory chosen above. The installer creates links to the following nShield Cryptographic Service Provider (CSP) setup wizards as well as remote management tools under Start > All Programs > nCi­ pher: nShield Solo v12.81 Install Guide 18/47...

  • Page 23: Installing The Security World Software On Linux

    7.2. Installing the Security World Software on Linux In the following instructions, disc-name is the name of the mount point  of the installation media. 1. Log in as a user with root privileges. nShield Solo v12.81 Install Guide 19/47...
  • Page 24 5. To use an nShield module with your Linux system, you must build a kernel driver. Entrust supplies the source to the (nfp) and a makefile for building the driver as a load­ able module.
  • Page 25 If you use the Bourne shell, add these lines to your system or personal profile: PATH=/opt/nfast/bin:$PATH export PATH If you use the C shell, add this line to your system or personal profile: setenv PATH /opt/nfast/bin:$PATH nShield Solo v12.81 Install Guide 21/47...

  • Page 26: Checking The Installation

    ############-#### mode operational version #.#.# speed index rec. queue ##..## module type code product name #######/#######/####### rec. LongJobs queue SEE machine type Power PCSXF supported KML types DSAp1024s160 DSAp3072s256 nShield Solo v12.81 Install Guide 22/47...
  • Page 27 Module ##: enquiry reply flags none enquiry reply level Six serial number ############-#### mode operational version #.#.# speed index rec. queue ##..## module type code product name #######/####### nShield Solo v12.81 Install Guide 23/47...

  • Page 28: Nfast Server (Hardserver)

    HSM. You can set the physical mode override jumper switch on the circuit board of the nShield Solo to the On position, to pre­ vent accidental operation of the mode switch. If this override jumper switch is on, the nShield Solo and nShield XC Solo XC will ignore the position of the mode switch (see...

  • Page 29: Log Message Types

    This type of message indicates that the server has detected an error in the data sent by the client (but other clients are unaffected): nFast server: Detected error in client behaviour: message 8.3.4. Serious error nShield Solo v12.81 Install Guide 25/47...

  • Page 30: Serious Internal Error

    This type of message indicates a fatal error for which no further reporting is available: nFast server: Fatal internal error nFast server: Fatal runtime error If you receive either of these errors, contact Support. 8.4. Utility error messages nShield Solo v12.81 Install Guide 26/47...

  • Page 31: Badtokendata Error

    Reboot the system that is hosting the Solo XC. On all platforms: Wait for the Solo XC to reboot. The module has completed rebooting when running enquiry no longer shows the module as Offline. nShield Solo v12.81 Install Guide 27/47...

  • Page 32: Status Indicators

    PCIe slot, then restart the computer. On, occasionally Status: Operational mode blinks off. The nShield Solo module is accepting commands. The more frequently the Status LED blinks off, the greater the load on the module. Flashes two Status: Initialization mode short pulses, fol­...

  • Page 33: Uninstalling Existing Software

    Chapter 10. Uninstalling existing software 10. Uninstalling existing software Entrust recommends that you uninstall any existing older versions of Security World Soft­ ware before you install new software. In Windows environments, if the installer detects an existing Security World Software installation, it asks you if you want to install the new com­...

  • Page 34: Uninstalling The Security World Software On Windows

    Chapter 10. Uninstalling existing software Entrust recommends that you do not uninstall the Security World Soft­  ware unless you are either certain it is no longer required, or you intend to upgrade it. 10.1. Uninstalling the Security World Software on Windows...
  • Page 35 In this line, n is an integer. c. Open the file with a text editor. /etc/passwd d. Remove the line that begins with the form: nfast:x:... e. If it exists, remove the line that begins with the form: ncsnmpd:x:... nShield Solo v12.81 Install Guide 31/47...
  • Page 36 Chapter 10. Uninstalling existing software If required, you can safely remove the module after shutting down all connected hardware. nShield Solo v12.81 Install Guide 32/47...

  • Page 37: Security World Installation Media

    Installing the software. Entrust supply the hardserver and associated software as bundles of common components that provide much of the required software for your installation. In addition to the compo­ nent bundles, provide individual components for use with specific applications and features supported by certain Entrust modules.

  • Page 38: Component Bundles

    You must install the component if you are using an nShield PCI card. hwsp 11.2.1. KeySafe To use KeySafe, install the nShield Core Tools (ctls on Linux) and the nShield Java (javasp on Linux) components. nShield Solo v12.81 Install Guide 34/47...

  • Page 39: Microsoft Capi Csp And Microsoft Cryptography Api: Next Generation (Cng)

    During the first installation process of the SNMP agent, the agent displays the following message: If this is a first time install, the {product_family} SNMP Agent will not run by default. Please see the manual for further instructions. nShield Solo v12.81 Install Guide 35/47...
  • Page 40 Chapter 11. Software packages on the Security World installation media See the User Guide for your module and operating system for more about how to activate the SNMP agent after installation. nShield Solo v12.81 Install Guide 36/47...

  • Page 41: Virtualization Remote Server

    PCI passthrough is configured using the XenCenter software with command line tools and utilities. PCI passthrough allows a VM client direct access to the nShield Solo XC. The operating system that runs within a virtual machine is referred to as ...

  • Page 42: Virtualization And Xenserver/Vmware Vsphere Hypervisor, Esxi

    After installing VMware ESXI, the VM guest can be remotely managed and the PCI passthrough of the Solo module configured using vSphere. PCI passthrough allows a VM guest direct access to the nShield Solo XC. 12.3.1. Set up a basic single-node vCenter server instance Follow the steps below to use the vCenter Simple Install to set up a basic single-node vCen ter Server instance.

  • Page 43: Create The Vm Guest Instance

    9. Configure the virtual disk size for the guest VM as follows: It is important to select the same network configuration for both  the guest primary VM and the guest secondary VM, as it is a require ment for IP communication between the two. nShield Solo v12.81 Install Guide 39/47...

  • Page 44: Environments

    Install the XenServer, follow the instructions in the Citrix XenServer Quick Start Guide, see https://docs.citrix.com/en-us/xenserver. 12.4.1. Configure the XenCenter client To remotely manage VM guests and configure PCI passthrough of the nShield Solo XC: 1. Enter the XenServer web client IP address. 2. Select XenCenter installer. The XenCenter software will auto install.
  • Page 45 A detailed list of all the PCI buses and devices in the system is displayed, for example: 02:00.0 Power PC: Freescale Semiconductor Inc Device 082c (rev11)02:00:0 represents the nShield Solo XC card endpoint. 6. Open the file and scroll to the dom0 linux kernel append section.

  • Page 46: Create A Xenserver Guest Instance And Hardserver Configuration

    Resources pane. You can change the name at any time. 7. Select Installation Media. 8. Select Install from ISO library or DVD drive and then select the appropriate media from the drop down menu. 9. Select Next. nShield Solo v12.81 Install Guide 42/47...

  • Page 47: Environment

    Verify that the Solo XC card is located on the same slot that was selected for the passthrough to the guest VM. 12.5. Hyper-V environment The instructions assume there is a single nShield Solo XC module in the  system.
  • Page 48 1. Display the device address. Run the command: PS C:\> (Get-PnpDevice -PresentOnly).Where{ $_.InstanceId -like '*VEN_1957*' } | Format-Table -autosize 2. Disable the device. Run the command: PS C:\> Disable-PnpDevice -Verbose -InstanceId $instanceId -Confrm:$false  To find the run the command: $instanceId nShield Solo v12.81 Install Guide 44/47...
  • Page 49 7. Select the OS generation to be installed on the new guest VM instance. For example, Generation 2 is selected. Generation 2 is valid for  products such as Windows 8 and beyond and with Windows Server nShield Solo v12.81 Install Guide 45/47...
  • Page 50 -MemoryStartupBytes 4096MB 4. Assign a device to the VM guest instance. Run the commands: PS C:\> Add-VMAssignableDevice -VM $vmName -LocationPath $locationPath -Verbose PS C:\> Start-VM -VMName $vmName To find the $locationPath run the command:  nShield Solo v12.81 Install Guide 46/47...
  • Page 51 DEVPKEY_Device_LocationPaths -InstanceId $instanceId).Data[0] 2. Enable a single device in device manager. Run the command: Enable-PnpDevice -Confirm:$false -Verbose -InstanceId $instanceId To find the run the command: $locationPath  PS C:\> $locationPath = (Get-PnpDeviceProperty -KeyName DEVPKEY_Device_LocationPaths -InstanceId $instanceId).Data[0] nShield Solo v12.81 Install Guide 47/47...

This manual is also suitable for:

Nshield solo xcNshield 5s f3