Menu
nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network.
Entrust nShield HSM appliances are hardened, tamper-resistant platforms that perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.
Optimal Architecture - Entrust's Security World provides scalability, seamless failover, and load balancing.
Accelerated data processing - one of the fastest crypto execution speeds in the industry.
Secure business and application logic - cryptographic protection of software applications and the processed data.
Certified Hardware Solutions
Entrust has earned a broad set of certifications for nShield products. These certifications help our customers to demonstrate compliance while also giving them the assurance that their nShield HSMs meet stringent industry standards.
Security Compliance
Safety and Environmental Standards Compliance
High Transaction Rates
nShield HSMs boast high elliptic curve cryptography (ECC) and RSA transaction rates. ECC, one of the most efficient cryptographic algorithms, is particularly favored where low power consumption is crucial, such as applications running on small sensors or mobile devices.
nShield Connect Models | 500+ | XC Base | 1500+ | 6000+ | XC Mid | XC High |
---|---|---|---|---|---|---|
RSA Signing Performance (tps) for NIST Recommended Key Lengths | ||||||
2048 bit | 150 | 430 | 450 | 3000 | 3500 | 8600 |
4096 bit | 80 | 100 | 190 | 500 | 850 | 2025 |
ECC Prime Curve Signing Performance (tps) for NIST Recommended Key Lengths | ||||||
256 bit | 540 | 680 | 1260 | 2400 | 75121 | 144001 |
Note 1: Performance indicated requires ECDSA fast RNG feature activation available free of charge on request from Entrust Support.
Wide Support for APIs, Cryptographic Algorithms and OSs
Supported APIs
Supported Cryptographic Algorithms
nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.
Supported Platforms
Windows and Linux operating systems including distributions from RedHat, SUSE and major cloud service providers running as virtual machines or in containers.
Reliability
Calculated at 25°C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment” MTBF Standard
Performance Ratings and Options
To meet the performance needs of your application, Entrust provides a variety of nShield Connect models as shown in the Technical Specifications tab. You can select among the performance models shown, and can also purchase in-field upgrades on XC models from lower performance models to higher models.
Client Licenses
nShield Connect HSMs ship with three client licenses, each allowing a connection to an IP address. Additional licenses are available for purchase. The maximum number of client licenses supported varies by nShield Connect model as shown in the table below.
Max # client licenses per nShield Connect Model
XC Base/500+ 10 licenses
XC Mid/1500+ 20 licenses
XC High/6000+ Unlimited*
Note* requires Enterprise Client License activation
Software Options Pack
Entrust offer a range of software option packs which can be used in conjunction with your nShield HSMs.
nShield Monitor
nShield Monitor is a monitoring platform that provides 24×7 visibility into the status of nShield HSMs. With this solution, security teams can efficiently inspect HSMs and find out immediately if any potential security, configuration or utilization issue may compromise their mission-critical infrastructure.
Remote Administration Kits
nShield Remote Administration lets operators manage distributed nShield HSMs—including adding applications, upgrading firmware, checking status, re-booting and more—from their office locations, reducing travel and saving money. Remote Administration Kits contain the hardware and software needed to set up and use the tool. These kits are available for nShield Solo and nShield Connect HSMs.
Cloud Disaster Recovery
Increase redundancy and reliability of on-premises deployments.
CodeSafe
CodeSafe is a powerful, secure environment that lets you execute applications within the secure boundaries of nShield HSMs. Applications include cryptography and high value business logic associated with banking, smart metering, authentication agents, digital signature agents and custom encryption processes. CodeSafe is available with FIPS 140-2 Level 3 certified nShield Solo and nShield Connect HSMs.
CipherTools
The CipherTools is a set of tutorials, reference documentation, sample programs and additional libraries. With this toolkit, developers can take full advantage of the advanced integration capabilities of nShield HSMs. In addition to offering support for standard APIs, the toolkit enables you to run custom applications with nShield HSMs. CipherTools Developer Toolkit is included free of charge in the standard Security World software ISO/DVD.
nToken
Security teams that want to strongly authenticate their nShield Connect HSMs clients can use nTokens PCIe cards to do hardware-based host identification and verification.
Elliptic Curve Cryptography (ECC) Activation
The ECC activation license enables EC-DH, EC-DSA and EC-MQV to be used on an nShield HSMs.
KCDSA Activation
With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED and ARIA algorithms on an nShield HSMs.
Slide Rails
Entrust offers optional slide rails that let users mount nShield Connect in a 19″ rack without a shelf. Entrust recommends that customers use these slide rails exclusively as parts from other manufacturers may not be compatible.
Keyboard
Many functions of nShield Connect HSMs can easily be executed using the touch wheel at the front of the unit. Entrust offers an optional USB keyboard for even greater ease of use.
Field Replaceable Parts
nShield Connectfeatures parts that operators can replace in the field, with minimal downtime. These parts include dual, hot-swap power supplies and field-replaceable fan tray (requires nShield Connect to be put into standby).
PCI-Express card-based HSMs that deliver cryptographic key services to applications hosted on individual servers and appliances.
USB-connected desktop HSMs that provide convenience and economy for environments requiring low-volume cryptographic key services.
Networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.
Do you have any further questions? Go ahead and send us your enquiry! Our team will get back to you as soon as possible.