nCipher nShield Remote Administration
Remote Administration uses the following components to locally manage remote HSMs:
- Remote Administration Cards—Custom smart cards equipped with a nCipher applet
- Trusted Verification Devices (TVDs)—nCipher smart card readers used with Remote Administration Cards to create a secure connection with the target HSM
- Remote Administration Client (RAC) software—Simple GUI run on client laptop or workstation to configure connection to HSM.
nShield Remote Administration creates a secure connection between your remote HSM and your local Remote Administration Cards and TVD, letting you present your quorum of smartcards and administer your HSMs as if physically present with the device. Communicating over your VPN, you control the HSM from a laptop or workstation via remote desktop or secure shell session.
Remote Administration lets you perform the vast majority of typical HSM functions including:
- Configuring new nShield HSMs
- Creating new Security Worlds—nCipher unique key management architecture—and enrolling new HSMs into existing Security Worlds
- Upgrading firmware and image files for maintenance and other updates
- Monitoring and changing HSM status and re-booting as needed.
Nshield Remote Administration Compatibility And Prerequisites
- nShield Solo PCIe and Connect HSMs
- RAC software compatible with Microsoft Windows, Linux and OS X
- nShield v12.00 and above software and 2.61.2 and above firmware
- Customer-supplied LAN or VPN and remote access solution
Remote Administration includes the following to safeguard your transactions:
- Mutual authentication between Remote Administration Cards and HSM based on factory-issued warrants (like digital certificates) using Diffie-Hellman ephemeral key exchange
- AES256-equivalent crypto connection between Remote Administration Cards and HSM
- HSM electronic serial number verification by the card holder
- FIPS 140-2 certified firmware and Remote Administration Cards
- TVDs certified to Secoder protocol—inhibits malware on the client workstation from spoofing the HSM identity being passed to Remote Administration Cards.
Please request the nCipher Remote Administration Security White Paper to learn more.