Entrust nShield User manual
nShield® Connect
Installation Guide
12.80
17 Nov 2021
Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê4
1.1. About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê4
1.2. Additional documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê6
1.3. Handling an nShield Connect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê6
1.4. Environmental requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê7
1.5. Physical location considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê8
2. Recycling and disposal information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê9
3. Before you install the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê10
3.1. Preparatory tasks before installing software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê10
3.2. Firewall settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê12
4. Installing the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê14
4.1. Installing the Security World Software on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . Ê14
4.2. Installing the Security World Software on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê15
5. Before installing an nShield Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê17
5.1. Carefully unpack the nShield Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê17
5.2. Check that all parts on the packing list are present . . . . . . . . . . . . . . . . . . . . . . . . . . Ê17
5.3. Check the physical security of the nShield Connect. . . . . . . . . . . . . . . . . . . . . . . . . . Ê17
6. Installing an nShield Connect in a rack, cabinet, or shelf. . . . . . . . . . . . . . . . . . . . . . . . . . . Ê18
6.1. Connecting Ethernet, console and power cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê18
6.2. Connecting the Serial Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê20
6.3. Connecting the optional USB keyboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê21
6.4. Checking the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê21
7. Front panel controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê22
8. Top-level menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê23
9. Basic nShield Connect, RFS and client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê25
9.1. About nShield Connect and client configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê25
9.2. Basic nShield Connect and RFS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê26
9.3. Basic configuration of the client to use the nShield Connect . . . . . . . . . . . . . . . . . Ê46
9.4. Basic configuration of an nShield Connect to use a client. . . . . . . . . . . . . . . . . . . . Ê50
9.5. Restarting the hardserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê52
9.6. Zero touch configuration of an nShield Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê53
9.7. Checking the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê54
9.8. Using a Security World . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê54
10. Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê55
10.1. Checking operational status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê55
10.2. Module overheating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê60
10.3. Log messages for the module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê60
10.4. Utility error messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê62
nShield® Connect Installation Guide 2 of 73
11. nShield Connect maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê63
11.1. Flash testing the module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê63
12. Approved accessories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê64
Appendix A: Uninstalling existing software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê65
A.1. Uninstalling the Security World Software on Windows. . . . . . . . . . . . . . . . . . . . . . . Ê66
A.2. Uninstalling the Security World Software on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . Ê66
Appendix B: Software packages on the Security World software installation media. . . . Ê68
B.1. Security World installation media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê68
B.2. Components required for particular functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê69
B.3. nCipherKM JCA/JCE cryptographic service provider . . . . . . . . . . . . . . . . . . . . . . . . Ê70
B.4. SNMP monitoring agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê71
Appendix C: Valid IPv6 Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ê72
nShield® Connect Installation Guide 3 of 73
1. Introduction
The Entrust nShield Connect is a Hardware Security Module (HSM) that provides secure
cryptographic processing within a tamper-resistant casing. Each nShield Connect is
configured to communicate with one or more client computers over an Ethernet
network. A client is a computer using the nShield Connect for cryptography. You can also
configure clients to use other nShield Connects on the network, as well as locally
installed HSMs.
1.1. About this guide
This guide includes:
•Installing the Security World Software. See Installing the software.
•Physically installing an nShield Connect. See Installing an nShield Connect in a rack,
cabinet, or shelf.
•Configuring an nShield Connect and client. See Basic nShield Connect, RFS and
client configuration.
•The nShield Connect front panel controls. See Front panel controls.
•The top-level menu of an nShield Connect. See Top-level menu.
•Troubleshooting information. See Troubleshooting.
•nShield Connect maintenance. See nShield Connect maintenance.
•Accessories. See Approved accessories.
•Instructions to uninstall existing software. See Uninstalling existing software.
•Software components and bundles. See Software packages on the Security World
software installation media.
See the nShield Connect User Guide for more about, for example:
•Creating and managing a Security World
•Creating and using keys
•Card sets
•The advanced features of an nShield Connect
For information on integrating Entrust nShield products with third-party enterprise
applications, see https://www.entrust.com/digital-security/hsm.
1.1.1. Model numbers
Model numbering conventions are used to distinguish different nShield hardware security
devices.
nShield® Connect Installation Guide 4 of 73
Model number Used for
NH2047 Connect 6000
NH2040 Connect 1500
NH2033 Connect 500
NH2068 Connect 6000+
NH2061 Connect 1500+
NH2054 Connect 500+
NH2075-B Connect XC Base
NH2075-M Connect XC Medium
NH2075-H Connect XC High
NH2082 Connect XC SCAP
NH2089-B Connect XC Base - Serial Console
NH2089-M Connect XC Mid - Serial Console
NH2089-H Connect XC High - Serial Console
NH3003-B Connect CLX Base - Serial Console
NH3003-M Connect CLX Mid - Serial Console
NH3003-H Connect CLX High - Serial Console
nC3nnnE-nnn, nC4nnnE-nnn nShield Solo PCIe
1.1.2. Power and safety requirements
The module draws up to 220 watts:
•Voltage: 100 VAC -240 VAC
•Current: 2.0 A - 1.0 A
•Frequency: 50 Hz - 60 Hz.
The module PSUs are compatible with international mains voltage
supplies.
nShield® Connect Installation Guide 5 of 73
1.2. Additional documentation
You can find additional documentation in the documentation directory of the installation
media for your product. For information about enabling additional features (such as
client licenses), see the User Guide. We strongly recommend that you read the release
notes before you use the module. These notes contain the latest information about your
product and are available online through Entrust nShield support
https://nshieldsupport.entrust.com.
Read this guide in conjunction with the nShield product’s Warnings and Cautions
documentation (available in multiple languages).
1.2.1. Terminology
The nShield Connect is referred to as the nShield Connect, the hardware security module,
or the HSM.
1.3. Handling an nShield Connect
An nShield Connect contains solid-state devices that can withstand normal handling.
However, do not drop the module or expose it to excessive vibration.
If you are installing the module in a 19” rack, make sure that you follow the nShield
Connect Slide Rails Instructions provided with the rails. In particular, be careful of sharp
edges.
Only experienced personnel should handle or install an nShield Connect. Always consult
your company health and safety policy before attempting to lift and carry the module.
Two competent persons are required if it is necessary to lift the module to a level above
head height (for example, during installation in a rack or when placing the module on a
high shelf).
1.3.1. Weight and Dimensions
Weight:ÊÊ11.5kg
Dimensions:Ê43.4mm x 430mm x 690mm
The module is compatible with 1U 19” rack systems.
Measurements given are height x width x length/depth. If the inner slide rails are
attached, the width of the unpackaged module is 448mm.
nShield® Connect Installation Guide 6 of 73
1.4. Environmental requirements
To ensure good air flow through and around the module after installation, do not
obstruct either the fans and vents at the rear or the vent at the front. Ensure that there is
an air gap around the module, and that the rack itself is located in a position with good
air flow.
1.4.1. Temperature and humidity recommendations
We recommend that your module operates within the following environmental
conditions.
Environmental conditions Operating range
(Min.ÊÊ|ÊÊMax.)
Comments
Operating temperature 5 °C 35 °C -
Storage temperature -20 °C 70 °C -
Operating humidity 10 % 85 % Relative. Non-condensing at
35 °C.
Storage humidity 0 % 95 % Relative. Non-condensing at
35 °C.
Altitude -100 m 2000 m Above Mean Sea Level
(AMSL)
1.4.2. Cooling requirements
Adequate cooling of your module is essential for trouble-free operation and a long
operational life. During operation, you can use the supplied stattree utility to check the
actual and maximum temperature of the module. You are advised to do this directly after
installing the unit in its normal working environment. Monitor the temperature of the unit
over its first few days of operation.
In the unlikely event that the internal encryption module overheats, the module shuts
down (see Module Overheating). If the whole nShield Connect overheats, the orange
warning LED on the front panel illuminates (see Orange warning LED) and a critical error
message is shown on the display.
nShield® Connect Installation Guide 7 of 73
1.5. Physical location considerations
Entrust nShield HSMs are certified to NIST FIPS 140-2 Level 2 and 3. In addition to the
intrinsic protection provided by an nShield HSM, customers must exercise due diligence
to ensure that the environment within which the nShield HSMs are deployed is
configured properly and is regularly examined as part of a comprehensive risk mitigation
program to assess both logical and physical threats. Applications running in the
environment shall be authenticated to ensure their legitimacy and to thwart possible
proliferation of malware that could infiltrate these as they access the HSMs’
cryptographic services. The deployed environment must adopt 'defense in depth'
measures and carefully consider the physical location to prevent detection of
electromagnetic emanations that might otherwise inadvertently disclose cryptographic
material.
nShield® Connect Installation Guide 8 of 73
2. Recycling and disposal information
For recycling and disposal guidance, see the nShield product’s Warnings and Cautions
documentation.
nShield® Connect Installation Guide 9 of 73
3. Before you install the software
Before you install the software, you should:
•If required, install an optional nToken in the client computer, see nToken Installation
Guide for more information about the installation steps.
•Uninstall any older versions of Security World Software. See Uninstalling existing
software.
•Complete any other necessary preparatory tasks, as described in Preparatory tasks
before installing software.
3.1. Preparatory tasks before installing software
Perform any of the necessary preparatory tasks described in this section before installing
the Security World Software on the client computer.
3.1.1. Windows
Adjust your computers power saving setting to prevent sleep mode.
3.1.1.1. Install Microsoft security updates
Make sure that you have installed the latest Microsoft security updates. Information
about Microsoft security updates is available from http://www.microsoft.com/security/.
3.1.2. Linux
3.1.2.1. Install operating environment patches
Make sure that you have installed the latest recommended patches. See the
documentation supplied with your operating environment for information.
3.1.2.2. Users and Groups
The installer automatically creates the following group and users if they do not exist. If
you wish to create them manually, you should do so before running the installer.
Create the following, as required:
•The nfast user in the nfast group, using /opt/nfast as the home directory.
•If you are installing snmp, the ncsnmpd user in the ncsnmpd group, using /opt/nfast as
the home directory.
nShield® Connect Installation Guide 10 of 73
•If you are installing the Remote Administration Service, the raserv user in the raserv
group, using /opt/nfast as the home directory.
3.1.3. All environments
3.1.3.1. Install Java with any necessary patches
The following versions of Java have been tested to work with, and are supported by, your
nShield Security World Software:
•Java7 (or Java 1.7x)
•Java8 (or Java 1.8x).
•Java11
We recommend that you ensure Java is installed before you install the Security World
Software. The Java executable must be on your system path.
If you can do so, please use the latest Java version currently supported by _brand} that
is compatible with your requirements. Java versions before those shown are no longer
supported. If you are maintaining older Java versions for legacy reasons, and need
compatibility with current nShield software, please contact Entrust nShield Support,
https://nshieldsupport.entrust.com.
To install Java you may need installation packages specific to your operating system,
which may depend on other pre-installed packages to be able to work.
Suggested links from which you may download Java software as appropriate for your
operating system:
•http://www.oracle.com/technetwork/java/index.html
•http://www.oracle.com/technetwork/java/all-142825.html
You must have Java installed to use KeySafe.
3.1.3.2. Identify software components to be installed
Entrust supply standard component bundles that contain many of the necessary
components for your installation and, in addition, individual components for use with
supported applications. To be sure that all component dependencies are satisfied, you
can install either:
•All the software components supplied
•Only the software components you require
nShield® Connect Installation Guide 11 of 73
During the installation process, you are asked to choose which bundles and components
to install. Your choice depends on a number of considerations, including:
•The types of application that are to use the module
•The amount of disc space available for the installation
•Your company’s policy on installing software. For example, although it may be
simpler to choose all software components, your company may have a policy of not
installing any software that is not required.
On Windows, the nShield Hardware Support bundle and the nShield
CoreÊTools bundle are mandatory, and are always installed.
The Core Tools bundle contains all the Security World Software command-line utilities,
including:
•generatekey
•Low level utilities
•Test programs
The Core Tools bundle includes the Tcl run time component that installs a run-time Tcl
installation within the nCipher directories. This is used by the tools for creating the
Security World and by KeySafe. This does not affect any other installation of Tcl on your
computer.
You need to install the Remote Administration Service component if you require remote
administration functionality. See Preparatory tasks before installing software and the
User Guide for more about the Remote Administration Service.
Always install all the nShield components you need in a single
installation process to avoid subsequent issues should you wish to
uninstall. You should not, for example, install the Remote
Administration Service from the Security World installation media, then
later install the Remote Administration Client from the client installation
media.
Ensure that you have identified any optional components that you require before you
install the Security World Software. See Software packages on the Security World
software installation media for more about optional components.
3.2. Firewall settings
When setting up your firewall, you should ensure that the port settings are compatible
with the HSMs and allow access to the system components you are using.
nShield® Connect Installation Guide 12 of 73
The following table identifies the ports used by the nShield system components. All listed
ports are the default setting. Other ports may be defined during system configuration,
according to the requirements of your organization.
Component Default
Port
Use
Hardserver 9000 Internal non-privileged connections from Java
applications including KeySafe
Hardserver 9001 Internal privileged connections from Java applications
including KeySafe
Hardserver 9004 Incoming impath connections from other hardservers,
e.g.:
•From a nShield Connect to the Remote File System
(RFS)
•From a non-attended nShield Connect to an
attended host machine when using Remote
Operator
Hardserver in
nShield Connect
9004 Incoming impath connections from client machines
Remote
Administration
Service
9005 Incoming connections from Remote Administration
Clients
Audit Logging
syslog
514 If you plan to use the Audit Logging facility with remote
syslog or SIEM applications, you need to allow outgoing
connections to the configured UDP port
If you are setting up an RFS or exporting a slot for Remote Operator functionality, you
need to open port 9004. You may restrict the IP addresses to those you expect to use
this port. You can also restrict the IP addresses accepted by the hardserver in the
configuration file. See the User Guide for your module and operating system for more
about configuration files. Similarly if you are setting up the Remote Administration
Service you need to open port 9005.
nShield® Connect Installation Guide 13 of 73
4. Installing the software
This chapter describes how to install the Security World Software on the computer,
client, or RFS associated with your nShield HSM.
After you have installed the software, you must complete further Security World creation,
configuration and setup tasks before you can use your nShield environment to protect
and manage your keys. See the User Guide for more about creating a Security World and
the appropriate card sets, and further configuration or setup tasks.
If you are planning to use an nToken with a client, this should be
physically installed in the client before installing the Security World
software, see nToken Installation Guide.
4.1. Installing the Security World Software on Windows
For information about configuring silent installations and uninstallations on Windows, see
the User Guide
For a regular installation:
1. Log in as Administrator or as a user with local administrator rights.
If the Found New Hardware Wizard appears and prompts you to install drivers,
cancel this notification, and continue to install the Security World Software as
normal. Drivers are installed during the installation of the Security World Software.
2. Place the Security World Software installation media in the optical disc drive. Launch
setup.msi manually when prompted.
3. Follow the onscreen instructions. Accept the license terms. Click Next to continue.
4. Specify the installation directory. Click Next to continue.
5. Select all the components required for installation, and then click Install. All
components will be selected by default. Unselect via dropdown menu for individual
component that you do not wish to install. nShield Hardware Support and Core
Tools are necessary to install the Security World Software. See Software packages on
the Security World software installation media for more about the component
bundles and the additional software supplied on your installation media.
The selected components are installed in the installation directory chosen above. The
installer creates links to the following nShield Cryptographic Service Provider (CSP)
setup wizards as well as remote management tools under Start > All Programs >
nCipher:
nShield® Connect Installation Guide 14 of 73
◦If nShield CSPs (CAPI, CNG) was selected: 32bit CSP install wizard, which sets
up CSPs for 32-bit applications
◦If nShield CSPs (CAPI, CNG) was selected: 64bit CSP install wizard, which sets
up CSPs for 64-bit applications
◦If nShield CSPs (CAPI, CNG) was selected: CNG configuration wizard, which
sets up the CNG providers
◦If the nShield Java package was selected: KeySafe, which runs the key
management application
◦If nShield Remote Administration Client Tools was selected: Remote
Administration Client, which runs the remote administration client
If selected, the SNMP agent will be installed, but will not be added to the Services
area in Control Panel →Administrative Tools of the target Windows machine. If you
wish to install the SNMP agent as a service, please consult the SNMP monitoring
agent section in the User Guide.
6. Click Finish to complete the installation.
7. The following global variables are set upon install NFAST_CERTDIR, NFAST_HOME,
NFAST_KMDATA, NFAST_LOGDIR.
4.2. Installing the Security World Software on Linux
In the following instructions, disc-name is the name of the mount point
of the installation media.
1. Log in as a user with root privileges.
2. Place the installation media in the optical disc drive, and mount the drive.
3. Open a terminal window, and change to the root directory.
4. Extract the required .tar files to install all the software bundles by running
commands of the form:
tar xf disc-name/linux/ver/<file>.tar.gz
In this command, ver is the architecture of the operating system (for example, i386
or amd64), and file.tar is the name of a .tar.gz file for that component.
See Software packages on the Security World software installation media for more
about the component bundles and the additional software supplied on your
installation media.
5. Run the install script by using the following command:
nShield® Connect Installation Guide 15 of 73
/opt/nfast/sbin/install
6. Log in to your normal account.
7. Add /opt/nfast/bin to your PATH system variable:
◦If you use the Bourne shell, add these lines to your system or personal profile:
PATH=/opt/nfast/bin:$PATH
export PATH
◦If you use the C shell, add this line to your system or personal profile:
setenv PATH /opt/nfast/bin:$PATH
nShield® Connect Installation Guide 16 of 73
5. Before installing an nShield Connect
5.1. Carefully unpack the nShield Connect
Retain all parts of the nShield Connect packaging, including the outer (brown) shipping
carton, in case you have to return the HSM. Your warranty or maintenance agreement
does not cover returned modules that are Êdamaged due to shipping in non-approved
packaging.
5.2. Check that all parts on the packing list are present
The packing list contains a full list of items shipped with the HSM. If any item is missing,
contact Support.
Any optional parts ordered, for example slide rail components, might
not appear on the packing list. If any optional components are missing,
contact Support.
5.3. Check the physical security of the nShield Connect
See the nShield Connect Physical Security Checklist, provided in the box with an nShield
Connect and available in the document folder on the installation media.
Breaking the security seal or dismantling the nShield Connect voids your warranty cover,
and any existing maintenance and support agreements.
nShield® Connect Installation Guide 17 of 73
6. Installing an nShield Connect in a rack,
cabinet, or shelf
This chapter describes how to install the nShield Connect. For more information about
connecting the nShield Connect to the network, and configuring it for connection to one
or more clients on the network, see the nShield Connect User Guide.
Always handle modules correctly. For more information, see Handling
an nShield Connect.
Take due account of the weight and dimensions of the nShield Connect when selecting a
location for storage or installation (see Handling an nShield Connect).
You cannot install or configure the nShield Connect remotely.
To install the nShield Connect in a 19” rack, follow the instructions supplied with your
rack mounting kit.
To install the nShield Connect in a cabinet or a shelf, fit the four self-adhesive rubber feet
(supplied with the HSM) to the bottom of the HSM. An Xis scored into the chassis at
each of the four corners on the bottom of the HSM as a guide to placing the feet.
6.1. Connecting Ethernet, console and power cables
The nShield Connect is an Ethernet network device capable of supporting up to 100m of
Ethernet cable. You must use a CAT5e UTP cable or better when connecting the HSM to
a 100Mbit or 1Gbit Ethernet device. You must use a CAT3 cable or better for 10Mbit
connections.
The connectors for Ethernet cables and mains power cables are at the rear of the nShield
Connect.
Ensure that:
•All power cables are routed to avoid sharp bends, hot surfaces, pinches, and
abrasion.
•You connect mains power cables to both the PSUs.
•The rocker switch for each PSU is in the on position.
The following image shows the Ethernet, console and mains power connections:
nShield® Connect Installation Guide 18 of 73
Key Description
A Green LED if on, confirms power is on and unit is not in standby mode
B Mains power connection
C Rocker switch to turn PSU on and off
D Ethernet port. Two Ethernet ports are available. Port 1 is the left-hand
connector when the nShield Connect is viewed from the back
E RJ45 port for a serial console cable
If you connect only one Ethernet cable to the nShield Connect, we
recommend that you connect it to Ethernet port 1. This is the left-hand
Ethernet connector on the rear of the nShield Connect (shaded in the
image).
If the green LED is on, the PSU is operational and receiving power, and is not in standby
mode. If a power cable is not fitted correctly, or a rocker switch is not turned on, an
audible warning is given and the orange warning LED on the front panel is turned on.
For more information:
•Audible warnings, see Audible warning.
•The orange warning LED, see Orange warning LED.
nShield® Connect Installation Guide 19 of 73
•Identifying and replacing a faulty PSU, see the nShield Connect Power Supply Unit
Installation Sheet.
6.2. Connecting the Serial Console
On supported nShield Connect hardware variants (see Model numbers) there is a serial
console port that provides access to a serial console command line interface that enables
remote configuration of the nShield Connect (See the nShield Connect User Guide).
The RJ45 connector for the serial cable is at the rear of the nShield Connect and is
labelled Console (Connecting Ethernet, console and power cables. The connector can be
directly connected to your client machine or connected to a serial port aggregator for
remote access. For a specification of the serial cable required, see Serial Console cable
pinout information. The serial port will operate at 9600 baud, 8 data bits, no parity, and 1
stop bit (9600/8-N-1).
It is recommended to use a shielded cable for the serial connection as
the EMI noise from other devices in vicinity may affect the
communication over the serial connection.
6.2.1. Serial Console cable pinout information
The pinout information for the RJ-45 to DB-9 cable to be used to access the nShield
Connect Serial Console is provided in the table below:
Signal Console Port (DTE)
RJ-45 Pin
Adapter DB-9 Pin Signal
CTS 1 7 RTS
DTR 2 4 DSR
TxD 3 3 RxD
GND 4 5 GND
GND 5 5 GND
RxD 6 2 TxD
DSR 7 6 DTR
RTS 8 8 CTS
nShield® Connect Installation Guide 20 of 73
Other manuals for nShield
2
Table of contents
Other Entrust Control Unit manuals
