Entrust nShield Solo User manual
nShield® Solo and nShield®
Solo XC
Installation Guide
12.80
17 Nov 2021
Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê4
1.1. About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê4
1.2. Additional documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê5
2. Hardware security modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê6
2.1. Power requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê6
2.2. Handling modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê6
2.3. Environmental requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê6
2.4. Module operational temperature and humidity specifications. . . . . . . . . . . . . . . . . . Ê7
2.5. Cooling requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê8
2.6. Physical location considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê8
3. Regulatory notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê9
3.1. FCCÊclass AÊnotice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê9
3.2. Canadian certification - CAN ICES-3 (A)/NMB- 3(A) . . . . . . . . . . . . . . . . . . . . . . . . . Ê9
3.3. Battery cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê9
3.4. Hazardous substance caution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê9
3.5. Recycling and disposal information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê9
4. Before installing the module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê10
4.1. Back panel and jumper switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê10
4.2. Module pre-installation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê11
4.3. Fitting a module bracket . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê11
4.4. Replace Solo XC Fan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê12
4.5. Replace Solo XC Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê13
5. Installing the module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê15
5.1. Fitting a smart card reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê15
5.2. After installing the module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê15
6. Before you install the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê16
6.1. Preparatory tasks before installing software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê16
6.2. Firewall settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê19
7. Installing the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê20
7.1. Installing the Security World Software on Windows. . . . . . . . . . . . . . . . . . . . . . . . . . Ê20
7.2. Installing the Security World Software on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê21
8. Checking the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê24
8.1. Checking operational status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê24
8.2. Mode switch and jumper switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê26
8.3. Log message types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê26
8.4. Utility error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê28
9. Status indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê29
Appendix A: Uninstalling existing software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê31
nShield® Solo and nShield® Solo XC Installation Guide 2 of 49
A.1. Uninstalling the Security World Software on Windows . . . . . . . . . . . . . . . . . . . . . . . Ê32
A.2. Uninstalling the Security World Software on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . Ê32
Appendix B: Software packages on the Security World installation media . . . . . . . . . . . . Ê34
B.1. Security World installation media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê34
B.2. Components required for particular functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê35
B.3. nCipherKM JCA/JCE cryptographic service provider . . . . . . . . . . . . . . . . . . . . . . . . Ê36
B.4. SNMP monitoring agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê37
Appendix C: Virtualization Remote Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê38
C.1. Virtualization and Hyper-V. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê38
C.2. Virtualization and XenServer/VMware vSphere hypervisor, ESXi . . . . . . . . . . . . . . Ê39
C.3. ESXi environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê39
C.4. XenServer environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê41
C.5. Hyper-V environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê44
nShield® Solo and nShield® Solo XC Installation Guide 3 of 49
1. Introduction
The Entrust nShield Solo and Solo XC are Hardware Security Modules (HSM) for servers
and appliances.
1.1. About this guide
This guide includes:
•Installing the nShield Solo and nShield Solo XC. See Installing the module.
•Installing the Security World Software. See Installing the software.
•Steps to check the installation. See Checking the installation.
•A description of the module status indicators. See Status indicators.
•Instructions about removing existing software. See Uninstalling existing software.
See the User Guide for more about, for example:
•Creating and managing a Security World
•Creating and using keys
•Card sets
•The advanced features of an nShield Solo and nShield Solo XC.
For information on integrating Entrust nShield products with third-party enterprise
applications, see https://www.entrust.com/digital-security/hsm.
1.1.1. Model Numbers
The table below shows the different versions of the module. The letter xrepresents any
single-digit integer. Model number
Model number Used for
xC3xxxE-xxx
xC4xxxE-xxx
nShield Solo PCIe
xC30x5E-xxx
xC40x5E-xxx
nShield Solo XC PCIe
nShield® Solo and nShield® Solo XC Installation Guide 4 of 49
1.2. Additional documentation
You can find additional documentation in the documentation directory of the installation
media for your product. For information about using the software and enabling
additional features (such as client licenses), see the nShield Solo, nShield Solo XC and
nShield Edge - User Guide. Entrust strongly recommends that you read the release notes
at https://nshieldsupport.entrust.com. These notes contain the latest information about
your product.
1.2.1. Terminology
The nShield Solo and nShield Solo XC are referred to as a the nShield Solo and nShield
Solo XC, the hardware security module, or the HSM in this guide.
nShield® Solo and nShield® Solo XC Installation Guide 5 of 49
2. Hardware security modules
2.1. Power requirements
Module Maximum
power
Solo 9.9W
Solo XC 24W
Make sure that the power supply in your computer is rated to supply
the required electric power.
The Solo and Solo XC nToken modules are intended for installation into a certified
personal computer, server or similar equipment.
If your computer can supply the required electric power and sufficient cooling, you can
install multiple modules in your computer.
2.2. Handling modules
The module contains solid-state devices that can withstand normal handling. However,
do not drop the module or expose it to excessive vibration.
Before installing hardware you must disconnect your computer from
the power supply. Ensure that a grounded (earthed) contact remains.
Perform the installation with care, and follow all safety instructions in
this guide and from your computer manufacturer.
Static discharge can damage modules. Do not touch the module
connector pins, or the exposed area of the module.
Leave the module in its anti-static bag until you are ready to install it. Always wear an
anti-static wrist strap that is connected to a grounded metal object. You must also
ensure that the computer frame is grounded while you are installing or removing an
internal module.
2.3. Environmental requirements
When you install the module, ensure that there is good air flow around it. To maximize air
nShield® Solo and nShield® Solo XC Installation Guide 6 of 49
flow, use a PCIe slot with no neighboring modules if possible. If air flow is limited,
consider fitting extra cooling fans to your computer case.
Failure to provide adequate cooling can result in damage to the module
or the computer into which the module is fitted.
Always handle the module correctly. For more information, see Handling modules.
2.4. Module operational temperature and humidity
specifications
The Solo modules operate within the following environmental conditions.
Solo environmental conditions Operating range Comments
Min. Max.
Ambient operating temperature 10°C 35°C Subject to sufficient air flow
Storage temperature -20°C 70°C -
Operating humidity 10% 90% Relative. Non-condensing at
35°C
Storage humidity 0 85% Relative. Non-condensing at
35°C
The Solo XC module operates within the following environmental conditions.
Solo XC environmental
conditions
Operating range Comments
Min. Max.
Ambient operating temperature 5°C 55°C -
Storage temperature -5°C 60°C -
Transportation temperature -40°C 70°C -
Operating humidity 5% 85% Relative. Non-condensing at
30°C
Storage humidity 5% 93% Relative. Non-condensing at
30°C
nShield® Solo and nShield® Solo XC Installation Guide 7 of 49
Transportation humidity 5% 93% Relative. Non-condensing at
30°C
The Solo and Solo XC nToken modules are designed to operate in
moderate climates only. Never operate the modules in dusty, damp, or
excessively hot conditions. Never install, store, or operate the Solo and
Solo XC nToken modules at locations where it may be subject to
dripping or splashing liquids.
2.5. Cooling requirements
Adequate cooling of the module is essential for trouble-free operation and a long
operational life.
During operation you can use the supplied stattree utility to check the actual and
maximum temperature of the module. It is advised to do this directly after installing the
module in its normal working environment. Monitor the temperature of the module over
its first few days of operation. If the module exceeds the safe operating temperature, it
stops operating and displays the SOS-T error message on the Status LED (see Status
indicators).
2.6. Physical location considerations
Entrust nShield HSMs are certified to NIST FIPS 140-2 Level 2 and 3. In addition to the
intrinsic protection provided by an nShield HSM, customers must exercise due diligence
to ensure that the environment within which the nShield HSMs are deployed is
configured properly and is regularly examined as part of a comprehensive risk mitigation
program to assess both logical and physical threats. Applications running in the
environment shall be authenticated to ensure their legitimacy and to thwart possible
proliferation of malware that could infiltrate these as they access the HSMs’
cryptographic services. The deployed environment must adopt 'defense in depth'
measures and carefully consider the physical location to prevent detection of
electromagnetic emanations that might otherwise inadvertently disclose cryptographic
material.
nShield® Solo and nShield® Solo XC Installation Guide 8 of 49
3. Regulatory notices
3.1. FCCÊclass AÊnotice
The nShield Solo and nShield Solo XC HSMs comply with Part 15 of the FCC rules.
Operation is subject to the following two conditions:
1. The device may not cause harmful interference, and
2. The device must accept any interference received, including interference that may
cause undesired operation.
This equipment has been tested and found to comply with the limits for a Class A digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio
frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this
equipment in a residential area is likely to cause harmful interference in which case the
users will be required to correct the interference at their own expense.
3.2. Canadian certification - CAN ICES-3 (A)/NMB- 3(A)
3.3. Battery cautions
Danger of Explosion if the battery is incorrectly replaced. The battery may only be
replaced with the same or equivalent type. Dispose of the used battery in accordance
with your local disposal instructions.
3.4. Hazardous substance caution
This product contains a lithium battery and other electronic components and materials
which may contain hazardous substances. However, this product is not hazardous
providing it is used in the manner in which it is intended to be used.
3.5. Recycling and disposal information
For recycling and disposal guidance, see the nShield product’s Warnings and Cautions
documentation.
nShield® Solo and nShield® Solo XC Installation Guide 9 of 49
4. Before installing the module
4.1. Back panel and jumper switches
Label Description
A Status LED
B Recessed clear button
C Physical mode switch
D Physical mode override jumper switch, in the off position. When set to on, the
mode switch (C) is deactivated. See the User Guide for more information.
E Remote mode override jumper switch, in the off position. When set to on,
remote mode switching is disabled. See the User Guide for more information.
F A mini-DIN connector for connecting a smart card reader.
The configuration of connectors varies between modules and might not
be as in the image.
nShield® Solo and nShield® Solo XC Installation Guide 10 of 49
4.2. Module pre-installation steps
Check the module to ensure that there is no sign of damage or tampering:
•Check the epoxy resin security coating or metal lid of the module for obvious signs
of damage.
•If you intend to install the module with an external smart card reader, check the
cable for signs of tampering. If evidence of tampering is present, do not use and
request a new cable.
•Check that the two jumper switches are in the required positions.
•The physical mode switch must be set to Operational (O) to be able to use the
remote mode switch override to change the mode. To use the Remote
Administration feature to be able to change the mode of the module remotely,
ensure that the jumper switch (E) is in the off position and the physical mode switch
(C) is set to Operational (O).
The default factory setting of the jumper DIP switch Eis Off. This enables remote MOI
switching. Factory shipping nShield Solo HSMs loaded with firmware 2.61.2 or greater will
support remote MOI switching by default. Customers who expressly do not want to
enable the remote MOI switching capability must switch jump switch Eto the On
position.
4.3. Fitting a module bracket
Before installing an nShield Solo in a low height card slot, you must replace the standard
full height bracket with the low profile bracket supplied with the module.
Before installing an nShield Solo XC in a PCI-Express card slot, you may have to replace
the bracket depending on the height of the slot. Both full height and low profile brackets
are supplied with the module.
Do not touch the nShield Solo or nShield Solo XC connector pins, or the exposed area of
the module without taking ESD precautions.
nShield® Solo and nShield® Solo XC Installation Guide 11 of 49
To fit the full height bracket to the module:
1. Remove the two screws from the solder side of the module.
2. Remove the low profile bracket.
3. Fit the full height bracket to the component side of the module.
4. Insert the two screws into the solder side of the module to secure the bracket. Do
not over tighten the screws.
4.4. Replace Solo XC Fan
Required Tools
•Phillips screwdriver #0
•Phillips screwdriver #2
•Small needle nose pliers
Required Part
•Orderable part number SOLOXC-REP-FAN (Replacement fan assembly).
1. Power off the system and while taking ESD precautions, remove the Solo XC
card.
2. Place the Solo XC on a flat surface.
3. Remove the top EMI cover using a #2 screwdriver.
4. Pull the fan power cable and grommet from the slot in the EMI fence.
5. Using the needle nose pliers, gently remove the fan power cable from the P3
connector.
nShield® Solo and nShield® Solo XC Installation Guide 12 of 49
6. Using the #0 Phillips screwdriver, remove the four fan retaining screws.
7. Remove the defective fan from the Solo XC and install the replacement fan with
the power cable positioned towards the P3 power connector. Ensure that the fan
lays flat against the heatsink.
8. Replace the four fan retaining screws.
9. Install the power cable connector into the Solo XC P3 power connector.
10. Install the power cable grommet into the slot in the EMI fence, with the flat side
towards the top of the fence.
11. Replace the top EMI cover.
12. Re-install the Solo XC into the PCIe slot.
4.5. Replace Solo XC Battery
Please follow battery disposal guidelines in the installation manual.
Required Tools
•Phillips screwdriver #2
•Small tweezers
Required Part
•Orderable part number SOLOXC-REP-BATT (Replacement battery)
nShield® Solo and nShield® Solo XC Installation Guide 13 of 49
1. Power off the system and while taking ESD precautions, remove the Solo XC
card.
2. Place the Solo XC on a flat surface.
3. Using the tweezers, gently remove the battery from the BT1 connector.
4. Observing the polarity, install the replacement battery in the BT1 connector.
5. Re-install the Solo XC into the PCIe slot.
nShield® Solo and nShield® Solo XC Installation Guide 14 of 49
5. Installing the module
1. Power off the system and while taking ESD precautions, remove the nShield Solo or
nShield Solo XC card from its packaging.
2. Open the computer case and locate an empty PCIe slot. If necessary, follow the
instructions that your computer manufacturer supplied.
The nShield Solo must be fitted to a PCIex1 slot and the nShield Solo XC must be
fitted to a PCIEx4 slot .
Do not install a nShield Solo or nShield Solo XC module into a PCI
slot. See the instructions that your computer manufacturer
supplied to correctly identify the slots on your computer.
If there is a blanking plate across the opening to the outside of the computer, remove
it. Check that the opening is large enough to enable you to access the module back
panel.
3. Insert the contact edge of the module into the empty slot. Press the card firmly into
the connector to ensure that:
◦The contacts are fully inserted in the connector
◦The back panel is correctly aligned with the access slot in the chassis
4. Use the bracket screw or fixing clip to secure the module to the computer chassis.
5. Check that the two jumper switches on the module are still in required positions (see
Back panel and jumper switches).
6. Check that the Mode switch is still in the center O(operational) position.
7. Replace the computer case.
5.1. Fitting a smart card reader
Connect the smart card reader to the connector on the back panel of the module. A D-
type to mini-DIN adapter cable is supplied with the nShield Solo and nShield Solo XC.
5.2. After installing the module
After you install the module, check regularly to ensure that it has not been tampered
with during operation. After you install the module, you must install the Security World
Software. Although methods of installation vary from platform to platform, the Security
World Software should automatically detect the module on your computer and install the
drivers. You do not have to restart the system.
nShield® Solo and nShield® Solo XC Installation Guide 15 of 49
6. Before you install the software
Before you install the software, you should:
•Install the nShield Solo or nShield Solo XC. See Installing the module
•Uninstall any older versions of Security World Software. See Uninstalling existing
software.
•Complete any other necessary preparatory tasks, as described in Preparatory tasks
before installing software.
6.1. Preparatory tasks before installing software
Perform any of the necessary preparatory tasks described in this section before installing
the Security World Software.
6.1.1. Windows
6.1.1.1. Power saving options
Adjust your computers power saving setting to prevent sleep mode.
You may also need to set power management properties of the nShield Solo, once the
Security World Software is installed. See Installing the Security World Software on
Windows for more information.
6.1.1.2. Install Microsoft security updates
Make sure that you have installed the latest Microsoft security updates. Information
about Microsoft security updates is available from http://www.microsoft.com/security/.
6.1.2. Linux
6.1.2.1. Install operating environment patches
Make sure that you have installed the latest recommended patches. See the
documentation supplied with your operating environment for information.
6.1.2.2. Users and Groups
The installer automatically creates the following group and users if they do not exist. If
you wish to create them manually, you should do so before running the installer. Create
the following, as required:
nShield® Solo and nShield® Solo XC Installation Guide 16 of 49
•The nfast user in the nfast group, using /opt/nfast as the home directory.
•If you are installing snmp, the ncsnmpd user in the ncsnmpd group, using /opt/nfast as
the home directory.
•If you are installing the Remote Administration Service, the raserv user in the raserv
group, using /opt/nfast as the home directory.
6.1.3. All environments
6.1.3.1. Install Java with any necessary patches
The following versions of Java have been tested to work with, and are supported by, your
nShield Security World Software:
•Java7 (or Java 1.7x)
•Java8 (or Java 1.8x).
•Java11
We recommend that you ensure Java is installed before you install the Security World
Software. The Java executable must be on your system path.
If you can do so, please use the latest Java version currently supported by _brand} that
is compatible with your requirements. Java versions before those shown are no longer
supported. If you are maintaining older Java versions for legacy reasons, and need
compatibility with current nShield software, please contact Entrust nShield Support,
https://nshieldsupport.entrust.com.
To install Java you may need installation packages specific to your operating system,
which may depend on other pre-installed packages to be able to work.
Suggested links from which you may download Java software as appropriate for your
operating system:
•http://www.oracle.com/technetwork/java/index.html
•http://www.oracle.com/technetwork/java/all-142825.html
You must have Java installed to use KeySafe.
6.1.3.2. Identify software components to be installed
Entrust supply standard component bundles that contain many of the necessary
components for your installation and, in addition, individual components for use with
supported applications. To be sure that all component dependencies are satisfied, you
can install either:
nShield® Solo and nShield® Solo XC Installation Guide 17 of 49
•All the software components supplied
•Only the software components you require
During the installation process, you are asked to choose which bundles and components
to install. Your choice depends on a number of considerations, including:
•The types of application that are to use the module
•The amount of disc space available for the installation
•Your company’s policy on installing software. For example, although it may be
simpler to choose all software components, your company may have a policy of not
installing any software that is not required.
On Windows, the nShield Hardware Support bundle and the nShield CoreÊTools bundle
are mandatory, and are always installed.
On Windows, the Windows device drivers component is installed as part of the
Hardware Support bundle. On Linux, the Kernel device drivers component is installed.
On Linux, you must install the hwsp component.
The Core Tools bundle contains all the Security World Software command-line utilities,
including:
•generatekey
•Low level utilities
•Test programs
The Core Tools bundle includes the Tcl run time component that installs a run-time Tcl
installation within the nCipher directories. This is used by the tools for creating the
Security World and by KeySafe. This does not affect any other installation of Tcl on your
computer.
You need to install the Remote Administration Service component if you require remote
administration functionality. See Preparatory tasks before installing software and the
User Guide for more about the Remote Administration Service.
Always install all the nShield components you need in a single installation process to
avoid subsequent issues should you wish to uninstall. You should not, for example, install
the Remote Administration Service from the Security World installation media, then later
install the Remote Administration Client from the client installation media.
Ensure that you have identified any optional components that you require before you
install the Security World Software. See Software packages on the Security World
installation media for more about optional components.
nShield® Solo and nShield® Solo XC Installation Guide 18 of 49
6.2. Firewall settings
When setting up your firewall, you should ensure that the port settings are compatible
with the HSMs and allow access to the system components you are using. The following
table identifies the ports used by the nShield system components. All listed ports are the
default setting. Other ports may be defined during system configuration, according to
the requirements of your organization.
Component Default
Port
Use
Hardserver 9000 Internal non-privileged connections from Java
applications including KeySafe
Hardserver 9001 Internal privileged connections from Java applications
including KeySafe
Hardserver 9004 Incoming impath connections from other hardservers,
e.g.:
•From a cooperating client to the remote file system
it is configured to access
•From a non-attended host machine to an attended
host machine when using Remote Operator
Remote
Administration
Service
9005 Incoming connections from Remote Administration
Clients
Audit Logging
syslog
514 If you plan to use the Audit Logging facility with remote
syslog or SIEM applications, you need to allow outgoing
connections to the configured UDP port
If you are using an nShield Edge as a Remote Operator slot for an HSM located
elsewhere, you need to open port 9004. You may restrict the IP addresses to those you
expect to use this port. You can also restrict the IP addresses accepted by the hardserver
in the configuration file. See the User Guide for your module and operating system for
more about configuration files. Similarly if you are setting up the Remote Administration
Service you need to open port 9005.
nShield® Solo and nShield® Solo XC Installation Guide 19 of 49
7. Installing the software
This chapter describes how to install the Security World Software on the host computer.
After you have installed the software, you must complete further Security World creation,
configuration and setup tasks before you can use your nShield environment to protect
and manage your keys. See the User Guide for more about creating a Security World and
the appropriate card sets, and further configuration or setup tasks.
If you are planning to use an nToken with a client, this should be physically installed in
the client before installing the Security World software, see nToken Installation Guide.
7.1. Installing the Security World Software on Windows
For information about configuring silent installations and uninstallations on Windows, see
the User Guide
For a regular installation:
1. Log in as Administrator or as a user with local administrator rights.
If the Found New Hardware Wizard appears and prompts you to
install drivers, cancel this notification, and continue to install the
Security World Software as normal. Drivers are installed during the
installation of the Security World Software.
2. Place the Security World Software installation media in the optical disc drive. Launch
setup.msi manually when prompted.
3. Follow the onscreen instructions. Accept the license terms. Click Next to continue.
4. Specify the installation directory. Click Next to continue.
5. Select all the components required for installation, and then click Install. All
components will be selected by default. Unselect via dropdown menu for individual
component that you do not wish to install. nShield Hardware Support and Core
Tools are necessary to install the Security World Software. See Software packages on
the Security World installation media for more about the component bundles and the
additional software supplied on your installation media.
The selected components are installed in the installation directory chosen above. The
installer creates links to the following nShield Cryptographic Service Provider (CSP)
setup wizards as well as remote management tools under Start > All Programs >
nCipher:
◦If nShield CSPs (CAPI, CNG) was selected: 32bit CSP install wizard, which sets
up CSPs for 32-bit applications
nShield® Solo and nShield® Solo XC Installation Guide 20 of 49
Other manuals for nShield Solo
1
This manual suits for next models
1
Table of contents
Other Entrust Control Unit manuals
