nShield Remote Administration Feature Overview

HIGHLIGHTS Remote Administration uses the following • Lets you administer distantly-located components to locally manage remote HSMs: nShield Solo and Connect hardware • Remote Administration cards—Custom security modules (HSMs) from any smart cards equipped with an location, whenever you choose Entrust applet

• Cuts travel time and cost while adding • Trusted verification devices (TVDs)— 24 × 7 access to your HSMs Entrust smart card readers used with Remote Administration cards to create a • Enables a wide variety of functions via secure connection with the target HSM the remote presentation of nShield smart (includes Type A USB connector) cards including upgrading firmware, checking HSM status, and running utilities • Remote Administration Client (RAC) software—Simple GUI run on client • Eliminates the risk of carrying high value laptop or workstation to configure smart cards to remote locations connection to HSM

Trusted verification nShield Solo device

Remote Administration smart cards

nShield Connect

LEARN MORE AT ENTRUST.COM/HSM nShield Remote Administration

nShield Remote Administration creates a • HSM electronic serial number verification secure connection between your remote by the card holder HSM and your local Remote Administration cards and TVD, letting you present your • FIPS 140-2 certified firmware and Remote quorum of smartcards and administer your Administration cards HSMs as if physically present with the device. • TVDs certified to Secoder protocol— Communicating over your VPN, you control inhibits malware on the client workstation the HSM from a laptop or workstation via from spoofing the HSM identity being remote desktop or secure shell session. passed to Remote Administration Cards

Operational features Please request the Entrust Remote Remote Administration lets you Administration Security White Paper perform the vast majority of typical HSM to learn more. functions including:

• Configuring new nShield HSMs Manage HSMs remotely from workstation via Local Office remote desktop or secure shell session • Creating new nShield Security Worlds— Authenticated Entrust’s unique key management passphrases architecture—and enrolling new HSMs

into existing Security Worlds Manage HSM Remote • Upgrading firmware and image files for Administration client maintenance and feature updates Corporate VPN • Monitoring and changing HSM status and re-booting as required nShield HSMs

Security features Security World tools Remote Administration includes the nShield Solo nShield Connect Remote Administration following to safeguard your transactions: service Remote • Mutual authentication between Remote data center Security World Administration cards and HSM utilising factory-issued warrants (analogous to Figure 1. High level illustration of the components used in a digital certificates) using Diffie-Hellman typical remote administration deployment ephemeral key exchangeAES256- equivalent crypto connection between Remote Administration cards and HSM

LEARN MORE AT ENTRUST.COM/HSM nShield Remote Administration

nShield Remote Administration compatibility and prerequisites Getting Started with nShield • nShield Solo PCIe and Connect HSMs Remote Administration kits Remote Administration Kits are available • RAC software compatible with Microsoft in a variety of tiers depending on Windows, Linux and OS X HSM estate size. Additionally, Remote • nShield Security World v12.00 and above Administration can be expanded to software and 2.61.2 and above firmware support larger estates post-installation by purchasing upgrade kits. The table below • Customer-supplied LAN or VPN and shows the kit tiers available for purchase. remote access solution

Remote HSMs Remote Admin Client Tier TVDs Served Cards DVDs Learn more

1 1 to 10 20 2 2 To find out more about Entrust nShield

2 11 to 20 50 5 5 HSMs visit entrust.com/HSM. To learn more

3 21 to 40 100 10 10 about Entrust’s digital security solutions for identities, access, communications and data 4 40 or more 200 20 20 visit entrust.com To find out more about Entrust nShield HSMs [email protected] entrust.com/HSM

ABOUT ENTRUST CORPORATION Entrust keeps the world moving safely by enabling trusted identities, payments and data protection. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing e-government services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us.

Contact us: Entrust is a trademark, registered trademark, and/or service mark of Entrust Corporation in the United [email protected] States and/or other countries. ©2020 Entrust Corporation. All rights reserved. September 2020 • PLB9407_Entrust nShield Remote Administration_DS_USL_AW