软件选项包
Entrust nShield Option Pack 设置简单、部署方便,可以帮助您将高度安全的 nShield HSM 集成到您的首选环境,并为集成提供所有相关支持。
Web 服务
Cloud-friendly, REST-like interface for high assurance nShield HSMs.
Containerized Applications
Containerized applications integrated with high assurance FIPS certified nShield HSMs.
电子时间戳
Secure, accurate time stamping ensures the integrity and traceability of digital records, code signing, transactions, logs, and more.
云整合
利用 nShield HSM 生成、存储和管理您信赖的密钥,保护敏感的云托管应用程序,实现云安全。
数据库安全
通过 Microsoft 可扩展密钥管理 (EKM) API 与 Microsoft SQL Server 相集成。
后量子
Enable post-quantum cryptographic applications for nShield HSMs.
Web Services Option Pack (WSOP)
The nShield WSOP provides a REST-like API between applications requiring cryptographic key and data protection services and FIPS-certified nShield HSMs. nShield HSMs perform a variety of cryptographic functions, including encryption, signing, random number generation, and key generation.
Benefits include:
技术规格
nShield 兼容性
- Compatible with all current nShield models
- Must be installed onto a host running a supported version of the Linux OS, Windows Server, or Windows OS, and have the nShield Security World software installed
- 支持操作员卡套装和受软卡保护的密钥
- Compatible with the nShield Container Option Pack, allowing WSOP instantiations to be containerized
API Compatibility
- nShield HSMs can support applications using the Web Services API alongside applications using other supported APIs (e.g., PKCS#11, Java, CNG, etc.)
nShield Container Option Pack (nCOP)
Containerized applications can be hard to integrate with high assurance hardware security modules. When the time from staging to production is critical, you need a proven deployment model and scripts that reduce the overall development cycle. nCOP simplifies the process of building HSM support into containerized solutions and provides a template deployment model without the worry of HSM integration.
Benefits include:
技术规格
支持的操作系统
- 仅支持 Linux 发行版
支持的 HSM
- Compatible with nShield Connect XC and nShield 5c HSMs
- Compatible with nShield as a Service for cloud-hosted HSM deployments
可扩展性和许可
- nCOP has no enforced limitation on the number of hardserver or application containers, and can work with any number of container hosts (physical or virtualized server instances)
- When used alongside nShield Connect XC or nShield 5c, client licenses will be required depending on the scale of deployment. 该 Option Pack 包含一个乘法器,它可以根据要部署的运行应用程序容器的最大数量计算出所需的客户端许可证数量。 Refer to the guidelines below for the number of client licenses required for different sized deployments
兼容性
- 具备与 Red Hat OpenShift 容器平台的认证集成
许可选项
每个 HSM 的客户端许可证数量 | 最大 容器主机数 |
最大 应用程序容器数 |
---|---|---|
5 | 5 | 50 |
10 | 10 | 100 |
15 | 15 | 150 |
20 | 20 | 200 |
> 25 | > 25 | > 2501 |
注 1: 建议购买企业版客户端许可证
nShield 时间戳 OPTION PACK
Digital time stamping is integral to an organization’s ability to verify data and code integrity, generate audit trails, and enforce non-repudiation for electronic signatures. Entrust delivers a secure, high assurance time-stamping solution protected by nShield Solo XC HSMs. This time stamping solution automates records processing and supports a diverse array of applications.
Benefits include:
技术规格
时间戳 API
- We offer a software API that enables developers to build applications requesting time stamps from a server equipped with nShield Solo XC HSM and the Time Stamping Option Pack
兼容性
- Compatible with Microsoft Windows servers
集中式时间源
- Depending on customer requirements, the Time Stamping Option Pack can generate time stamps based on a centralized time source or the UTC (Coordinated Universal Time) standard
nShield Cloud Integration Option Pack (CIOP)
The nShield CIOP allows cloud service user to generate keys in their own environment and export them for use in the cloud. Users can be confident that their keys have been generated securely using a strong entropy source, and that long-term storage of their keys is protected by a FIPS-certified HSM. Supported cloud services include Amazon Web Services (AWS), Google Compute Engine, Microsoft Azure, and Salesforce.
Benefits include:
技术规格
Compatibility and Requirements
- Supported on all current nShield HSM models
- Azure BYOK: Requires nShield Security World Software v12.60 and firmware v12.60 or later
- AWS and Google Compute Engine: Requires nShield Security World software v12.40 or later
- Salesforce: Requires nShield Security World software v12.70 and firmware v12.70 or later
支持的平台
This release has been tested for compatibility on a range of platforms, including:
- Microsoft Windows 11 x64
- Microsoft Windows Server 2022 x64
- Microsoft Windows Server 2022 Core x64
- Red Hat Enterprise Linux 8 x64
- Red Hat Enterprise Linux 9 x64
- Oracle Enterprise Linux 8 x64
nShield 数据库安全选项包
The nShield Database Security Option Pack enables seamless integration of nShield HSMs with Microsoft SQL Server. Encrypting data in your database protects it, but the encryption keys used to unlock the data must also be protected. Using an HSM safeguards encryption keys by storing them separately from the data on a secure, trusted platform.
Benefits include:
技术规格
SQL EKM Provider Capability
- The SQL EKM provider has been tested to support the Enterprise Editions of Microsoft SQL Server 2019, Microsoft SQL Server 2017, and Microsoft SQL Server 2016
支持的平台
- Microsoft Windows Server: 2019 R2 Standard (64-bit configuration) and 2016 (64-bit configuration)
支持的 Security World 软件和 nShield HSM
- The Database Security Option Pack for SQL Server is fully compatible with v12.40.2 or higher of the Security World Software and all current PCIe and network-attached HSMs
支持的数据库加密类型
From a security perspective, Microsoft SQL Server supports the use of cryptographic keys to protect its databases. These encryption keys can be used to perform two levels of encryption:
- Transparent Data Encryption (TDE): Encrypts entire databases without changing existing queries or applications. When SQL Server loads a TDE-encrypted database into memory from disk storage, it automatically decrypts it. This enables clients to query the database within the server environment without manual decryption. The database is re-encrypted when saved to disk storage. When using TDE, data is unprotected by encryption while in memory, and TDE supports one encryption key per database at a time.
- Cell-Level Encryption (CLE): Requires specifying data and encryption key(s) for encryption. CLE uses one or more keys to encrypt individual cells or columns, enabling fine-grained access policies for sensitive database data. Only specified data is encrypted: other data remains unencrypted. This minimizes exposure in database servers and client applications. CLE can also be applied to tables encrypted with TDE. 注意:CLE data is decrypted in memory as needed, and different encryption keys can encrypt separate data within the same table.
Supported Deployment Configurations
- 独立服务
- 使用 nShield Solo 或 nShield Connect 的数据库故障转移群集
nShield 后量子选项包
The nShield Post-Quantum Option Pack leverages the Entrust CodeSafe SDK and the liboqs open source library to provide quantum-resistant cryptographic algorithms to customers.
Benefits include:
立即开始
要求
- FIPS Level 3 nShield HSM
- Codesafe 开发人员工具包
- CodeSafe activation license
Learn more about Codesafe.