拥有密钥,而非 HSM

nShield as a Service 是一种基于订阅解决方案,它通过专用的 FIPS 140-2 3 级认证 nShield Connect HSM,生成、访问和保护加密密钥材料,使其与敏感数据分隔开来。 该解决方案兼具本地 HSM 的功能和云服务部署的优势,无需托管和维护设备。

迁移就绪或混合使用

nShield as a Service 具有和本地 nShield 部署相同的独特 Security World 架构,因此,您可以轻松地将加密操作从本地迁移到云环境,或者混合使用基于云和本地的 nShield HSM。

Simplify your migration

Looking for a pain free migration without the hassle? The Entrust Cloud Concierge service delivers a seamless transition from your on-premises nShield HSM estate to nShield as a Service. Our Professional Services team will work with you to plan and execute the smooth migration of your existing keys, clients, and applications.

不止于安全性

nShield as a Service 的优势

mapmarker icon white

Geo-fencing

Regional datacenters facilitate geo-fencing to meet cloud data security and data sovereignty mandates.

cloud icon

加密安全 + 云战略

通过 FIPS 140-2 3 级认证保护您的业务关键型应用程序和数据,推动以云为中心的战略顺利进展。

原子

Maintain Full Control of Your Keys

Supports multi-cloud/hybrid deployments with the same consistent toolset. Flexibility to migrate workloads on premises or to another CSP.

laptop mobile icon

安全代码执行

CodeSafe 安全执行功能允许您按需访问组织在 HSM 中受保护的安全、敏感代码。

Choose the service and level that’s right for you

Basic, Standard, Premium or Enterprise as Self Managed or Fully Managed to meet your needs.

  • Service Options
  • Service Level

功能

Signatures/sec (2K RSA)
Number of HSM Instances
High-Availability - Multi Geo location
Committed SLA
Number of Application Integrations
Fully Managed Option

BASIC

150
1 x HSM
否
99%
3
否

STANDARD

300
2 x HSM
99.9%
10

PREMIUM

6,000
2 x HSM
99.9%
100

企业

16,000
2 x HSM
99.9%
1,000

Service Features

Access to dedicated nShield Connect hardware hosted in secure datacenter
Use nShield Remote Administration kit to securely connect to and interact with your hosted nShield HSM(s)
维护和支持
服务监控
Pre-tested upgrades/patches applied during annual or emergency maintenance
24/7 Support
Full management of Security World installation by Entrust
由可信的 Entrust 人员履行安全官角色
Policy and process development under ISO 27001 compliant policies & procedures
Security World 创建
HSM 注册
签约仪式
在征得客户同意的情况下完成固件升级

Self Managed

否
否
否
否
否
否

Fully Managed

详情

    技术规格

    连接性

    • 带预共享密钥的 IPsec 安全隧道
    • 处于客户云 IP 空间和专用的托管 nShield HSM 环境之间
    • 对客户端主机保持透明
    • 整条路径不受控制限制

    通过认证的硬件解决方案

    nShield as a Service is built with nShield Connect HSMs, which help our customers to demonstrate compliance while also giving them the assurance that their HSMs meet stringent industry standards.

    nShield 功能

    nShield as a Service delivers the same features as on-premises nShield HSMs, including CodeSafe, Web Services Option Pack, Container Option Pack and Database Option Pack.

    安全合规性:

    • FIPS 140-2 3 级认证
    • 对适用于 Trust Services 的 EN 419 221-5 加密模块进行通用标准认证

    安全和环境标准合规性:

    • UL、CE、FCC、RCM、加拿大 ICES
    • RoHS2、WEEE

    数据中心认证

    云安全联盟 (CSA) 安全信任保障和风险 (STAR) 1 级

    data center certification company logos

    支持各种 API、加密算法和平台

    支持的 API

    • PKCS #11、OpenSSL、Java (JCE)、Microsoft CAPI/CNG 和 Web 服务

    支持的加密算法

    • 非对称公钥算法: RSA、Diffie-Hellman、ECMQV、DSA、KCDSA、ECDSA、ECDH、Edwards(X25519、Ed25519ph)、Secp256k1、
    • 对称算法: AES、AES-GCM、ARIA、Camellia、CAST、RIPEMD160 HMAC、SEED、Triple DES
    • 哈希/消息摘要: SHA-1、SHA-2(224、256、384、512 位)、HAS-160
    • 完全的 Suite B(加密支持)实施以及获得完全许可的 ECC,包括 Brainpool 和自定义曲线

    作为其标准功能集的一部分,nShield HSM 支持其中大多数加密算法。 如果组织要使用 ECC 或韩国算法,则需要其他可选的激活许可证。

    支持的平台

    Microsoft Windows 和 Linux 操作系统,包括 RedHat、SUSE 和其他主要云服务提供商发行的作为虚拟机使用或在容器中运行的发行版本。

    方案部署

    nShield as a Service is available in a range of options to meet the needs of your organization. For price sensitive customers a self-managed single HSM instantiation is available in the customer’s preferred location. Standard, Premium and Enterprise customers can specify preferred HSM locations to meet their operational, DR and data sovereignty needs while choosing the optimum performance and price point.

    自我管理和完全托管功能

    Customer has remote access to dedicated nShield Connect hardware hosted in secure data centers

    nShield 远程管理套件可实现您与基于云的 nShield HSM 之间的安全连接和交互

    维护和支持

    • 服务监控
    • 在年度或紧急维护期间应用经过预先测试的升级/补丁
    • 全天候支持

    完全托管服务的特有功能

    实行安装过程全面管理

    由可信的 Entrust 人员履行安全官角色

    • Security World 创建
    • HSM 注册
    • 签约仪式

    政策和流程制定

    符合 ISO 27001 标准的政策和程序

    All operational staff BS7858 cleared (non-US data centers only)

    在征得客户同意的情况下完成固件升级

    听听我们客户的评价...

    Square logo
    Square
    Verifone logo
    Verifone
    Memjet logo
    Memjet
    Polycom logo
    Polycom

    Square

    We have a long history together and we’re extremely comfortable continuing to rely on Entrust solutions for the core of our business. We have used Entrust HSMs for five years and they have always been exceptionally reliable. We’ve layered a lot of code on top of the HSM; it delivers the performance we need and has proven to be a rock-solid foundation.

    Neal Harris, Square Inc 安全工程经理

    Verifone

    As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected Entrust HSMs to provide robust security, unmatched performance, and superior scalability across our payment security platforms…

    Joe Majka,Verifone 首席安全官

    Memjet

    The Entrust nShield sales team provided excellent local and remote support during this evaluation period and was invaluable to the process. The excellent depth, breadth, and quality of the product documentation gave us confidence that the solution was well though-out and supported.

    Robert Fairlie-Cuninghame,Memjet QAI 技术主管/架构师

    Polycom

    Entrust provided the expertise needed to design and implement a tailored, secure VoIP solution.

    Marek Dutkiewicz,Polycom