Thales e-Security
nShield Connect SeriesConnect+ and Connect XC
KeyBenefits• Automate risk-prone administrative tasks, guarantee key recovery,
and eliminate costly manually-intensive backup processes• Remote Administration feature reduces the cost of traveling to data centers • Establish strong separation of duties through robust administration policies including
roles-based multi-factor authentication and quorum-based authorization• Enable secure execution of custom security-critical application code within the tamper-
resistant hardware boundary
The Thales nShield Connect series are network attached hardware security modules (HSMs) that increase the digital security of an organization’s critical business applications by isolating sensitive tasks, securely executing cryptographic operations, and protecting and managing the associated keys. These hardened, tamper-resistant platforms perform encryption, digital signing and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing. High assurance alternatives to the software-based cryptography libraries, nShield Connect modules feature certified implementations of all leading algorithms including Suite B, as well as best in class elliptic curve cryptography (ECC) performance.
w w w . t h a l e s - e s e c u r i t y . c o m
NETWORK-ATTACHED HARDWARE SECURITY MODULES
Security2 compliance• FIPS 140-2 Level 2 and Level 3 (XC models FIPS-pending)
Safetyandenviromentalcompliance• UL, CE, FCC, C-TICK, and Canada ICES• RoHS2, WEEE
Highavailability• All solid-state storage• Dual hot-swap power supplies• Field serviceable components (power supplies and fans)
Managementandmonitoring• Remote Administration enables management—including adding
applications, updating firmware, and checking nShield status—from your office location
• Syslog diagnostics support• Windows performance monitoring• Command line interface (CLI)/graphical user interface (GUI)• SNMP monitoring agent
Physicalcharacteristics• Standard 1U 19in. rack mount with integrated Smart Card Reader• Dimensions: 43.4 x 430 x 705mm (1.7 x 16.9 x 27.8in)• Weight: 11.5kg (25.4lb)• Input voltage: 100-240v AC auto switching 50-60Hz (nominal)/ IEC
320 mains socket and rocker switch• Power consumption: up to 1.2A at 110v AC 60Hz or 0.6A at 220v
AC 50Hz• Heat dissipation: 327.6 to 362.0 BTU/hr (full load)
Availablemodelsandperformance
nShield Connect Models
500+ XC Base 1500+ 6000+ XC Mid XC High
RSA Signing Performance (tps) for NIST Recommended Key Lengths
2048 bit 150 340 450 3,000 3,000 8,400
4096 bit 80 80 190 500 700 2,000
ECC Prime Curve Signing Performance (tps) for NIST Recommended Key Lengths3
256 bit 540 570 1,260 2,400 5,000 14,000
Functionalcapabilities• Secure key and application storage and processing• Cryptographic offloading and acceleration• Authenticated multi level access control• Strong separation of administration and operator roles• Hardened client authentication using nToken hardware• Secure key wrapping, backup, replication and recovery• Unlimited protected key storage• Supports clustering and load-balancing• Logical cryptographic separation of application keys • “k of n” multi-factor authentication
Supportedoperatingsystems• Windows, Linux, Solaris4, IBM AIX4, HP – UX4
• Server side: Windows, Linux, Solaris, IBM AIX, HP-UX• Supports numerous VM software vendors including VMware,
Hyper-V and AIX LPARs• Remote Administration client side: Windows, Linux
ApplicationProgramInterfaces(APIs)• PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG• nCore (low-level Thales interface for developers)
Compatibilityandupgradeability• Compatible with Thales nShield Connect, nShield Solo PCI/PCIe/
PCIe+ and nShield Edge• Security World key management architecture enables load
balancing across mixed estates of nShield models• Software upgradeable
Hostconnectivity• Dual Gigabit Ethernet ports (services two network segments)
Cryptography• Asymmetric public key algorithms: RSA, Diffie-Hellman, DSA,
KCDSA, ECDSA3, ECDH3
• Symmetric algorithms: AES, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
• Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit)• Full Suite B implementation with fully licensed ECC including
Brainpool and custom curves
Follow us on:
Americas – Thales e-Security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected] Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected], Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]
© T
hale
s -
Febr
uary
201
6 •
PLB5
5761 Performance may vary depending on operating system, application, network topology and other factors.
2 Security certifications are performed only against select firmware versions. Consult the certifications section of our website for links to official certificates.
3 With ECC Activation4 Connect+ models only
Thales nShield Connect SeriesTECHNICAL SPECIFICATIONS1
w w w . t h a l e s - e s e c u r i t y . c o m
Thales e-Security
nShield Solo Series Solo+ and Solo XC
The Thales nShield Solo series are embedded hardware security modules (HSMs) that increase the digital security of an organization’s critical business applications by isolating sensitive tasks, securely executing cryptographic operations, and protecting and managing the associated keys. These hardened, tamper-resistant PCIe cards perform encryption, digital signing, and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing. High assurance alternatives to software-based cryptography libraries, nShield Solo modules feature certified implementations of all leading algorithms including Suite B, as well as best in class elliptic curve cryptography (ECC) performance.
SERVER-EMBEDDED HARDWARE SECURITY MODULES
KeyBenefits• Automate risk-prone administrative tasks, guarantee key recovery,
and eliminate costly manually-intensive backup processes• Reduce travel to data centers by using Remote Administration feature • Establish strong separation of duties through robust administration policies including
roles-based multi-factor authentication and quorum-based authorization• Enable secure execution of custom security-critical application code within the tamper-
resistant hardware boundary
Cost-effectiveforstandaloneserversWhen protecting cryptographic keys on standalone servers,nShield Solo is the most cost-effective solution. nShield Solocan be deployed within a cluster of servers to enable loadbalancing and high availability. For customers deploying multiplenShield Solo modules in a data center environment,an optional Smart Card Reader rackmount is available.
Availablemodelsandperformance
nShield Solo Models
500+ XC Base 6000+ XC Mid XC High
RSA Signing Performance (tps) for NIST Recommended Key Lengths
2048 bit 150 340 3,000 3,000 8,400
4096 bit 80 80 500 700 2,000
ECC Prime Curve Signing Performance (tps) for NIST Recommended Key Lengths3
256 bit 540 570 2,400 5,000 14,000
DimensionsWeight Power
Solo+ SoloXC Solo+ SoloXC
56.2 x 167.1 x 15.4mm 230g 280g10W 24W
2.2 x 6.6 x 0.6in 0.5lb 0.62lb
Security2compliance• FIPS 140-2 Level 2 and Level 3 (XC models FIPS-pending)• Common Criteria EAL4+ (AVA_VAN.5)• Secure Signature Creation Device (SSCD) recognition, compliant
to eIDAS Article 51
Safetyandenvironmentalcompliance• UL, UL/CA5, CE, FCC, Canada ICES, KC, FCC, VCCI, C-TICK4, RCM5
• RoHS2, WEEE, REACH
Managementandmonitoring• Remote Administration enables management – including adding
applications, updating firmware, and checking nShield status – from your office location
• Syslog diagnostics support• Windows performance monitoring• Command line interface (CLI)/graphical user interface (GUI)• SNMP monitoring agent
Physicalcharacteristics• Standard low profile PCIe form factor
Functionalcapabilities• Embedded one-to-one client server application support• Secure key and application storage and processing• Cryptographic offloading and acceleration• Authenticated multi level access control• Strong separation of administration and operator roles• Secure key wrapping, backup, replication and recovery• Unlimited protected key storage• Supports clustering and load-balancing• Logical cryptographic separation of application keys• “k of n” multi-factor authentication
Supportedoperatingsystems• Windows, Linux, Solaris4, IBM AIX4, HP – UX4
• Remote Administration client side: Windows, Linux
ApplicationProgramInterfaces(APIs)• PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG• nCore (low-level Thales interface for developers)
Compatibilityandupgradeability• Compatible with Thales nShield Connect/Connect+, nShield Solo
PCI/PCIe and nShield Edge• Security World key management architecture enables load
balancing across mixed estates of nShield models• Software upgradeable
Hostconnectivity• PCI Express Version 2.0; Solo + connector: 1 lane, Solo XC
connector: 4 lane
Cryptography• Asymmetric public key algorithms: RSA, Diffie-Hellman, DSA,
KCDSA, ECDSA3, ECDH3
• Symmetric algorithms: AES, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
• Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit)• Full Suite B implementation with fully licensed ECC including
Brainpool and custom curves
1 Performance may vary depending on operating system, application, network topology and other factors.
2 Security certifications are performed only against select firmware versions. Consult the certifications section of our website for links to official certificates.
3 With ECC Activation4 Solo+ models only5 Solo XC models only
Americas – Thales e-Security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected] Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected], Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]
Follow us on:
© T
hale
s -
May
201
6 •
PLB5
690
Thales nShield Solo SeriesTECHNICAL SPECIFICATIONS 1
Thales e-Security
nShield Solo 10+ F3
KeyBenefits• Automate risk-prone administrative tasks, guarantee key recovery, and eliminate
costly manually-intensive backup processes• Reduce travel to data centers by using Remote Administration feature • Establish strong separation of duties through robust administration policies
including roles-based multi-factor authentication and quorum-based authorization• Enable secure execution of custom security-critical application code within the
tamper- resistant hardware boundary
The Thales nShield Solo 10+ F3 is an embedded hardware security module (HSM) designed for low volume applications where FIPS assurance is required. nShield Solo HSMs increase the digital security of an organization’s critical business applications by isolating sensitive tasks, securely executing cryptographic operations, and protecting and managing the associated keys. These hardened, tamper-resistant PCIe cards perform encryption, digital signing, and key management on behalf of an extensive range of commercial and custom-built applications. The Solo 10+ is ideally suited for low volume applications such as generating keys for offline certificate authorities (CAs) and code signing. A high assurance alternative to software-based cryptography libraries, the Shield Solo 10 + F3 features certified implementations of all leading algorithms.
SERVER-EMBEDDED HARDWARE SECURITY MODULE
w w w . t h a l e s - e s e c u r i t y . c o m
Security2compliance• FIPS 140-2 Level 3 • Common Criteria EAL4+ (AVA_VAN.5)• Secure Signature Creation Device (SSCD) recognition, compliant
to eIDAS Article 51
Safetyandenvironmentalcompliance• UL, UL/CA5, CE, FCC, Canada ICES, KC, FCC, VCCI,
C-TICK4, RCM5
• RoHS2, WEEE, REACH
Managementandmonitoring• Remote Administration enables management – including adding
applications, updating firmware, and checking nShield status – from your office location
• Syslog diagnostics support• Windows performance monitoring• Command line interface (CLI)/graphical user interface (GUI)• SNMP monitoring agent• Physical characteristics• Standard low profile PCIe form factor
Functionalcapabilities• Embedded one-to-one client server application support• Secure key and application storage and processing• Authenticated multi-level access control• Strong separation of administration and operator roles• Secure key wrapping, backup, replication and recovery• Unlimited protected key storage• Logical cryptographic separation of application keys• “k of n” multi-factor authentication
Supportedoperatingsystems• Windows, Linux, Solaris4, IBM AIX4, HP – UX4
• Remote Administration client side: Windows, Linux
ApplicationProgramInterfaces(APIs)• PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG• nCore (low-level Thales interface for developers)
Compatibilityandupgradeability• Compatible with Thales nShield Connect/Connect+, nShield
Solo PCI/PCIe and nShield Edge• Security World key management architecture enables load
balancing across mixed estates of nShield models• Software upgradeable
Hostconnectivity• PCI Express Version 2.0; single-lane connector
Cryptography• Asymmetric public key algorithms: RSA, Diffie-Hellman, DSA,
KCDSA, ECDSA3, ECDH3
• Symmetric algorithms: AES, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
• Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit)• Full Suite B implementation with fully licensed ECC including
Brainpool and custom curves
© T
hale
s -
May
201
6 •
PLB5
745
Americas – Thales e-Security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected] Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected], Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]
THALES NSHIELD SOLO 10+ F3 TECHNICAL SPECIFICATIONS
Followuson:
Dimensions Weight Power
56.2 × 167.1 × 15.4 mm 230 g10W
2.2 × 6.6 × 0.6 in 0.5 lb
Cost-effectiveforstandaloneserversWhen protecting cryptographic keys on standalone servers, nShield Solo is the most cost-effective solution.
PerformanceSigning performance for NIST recommended key lengths:
• 1024 bit RSA: 27 tps• 2048 bit RSA: 4 tps
1 Performance may vary depending on operating system, application, network topology and other factors.
2 Security certifications are performed only against select firmware versions. Consult the certifications section of our website for links to official certificates.
3 With ECC Activation4 Solo+ models only5 Solo XC models only
Thales e-Security
nShield Edge
KeyBenefits • Automates risk-prone administrative tasks, guarantees key recovery, and eliminates
costly manually-intensive backup processes • Establishes strong separation of duties through robust administration policies
including roles-based multi-factor authentication and quorum-based authorization • Enables secure execution of custom security-critical application code within the
tamper-resistant hardware boundary
The Thales nShield Edge is a full-featured portable hardware security module (HSM) that increases the digital security of an organization’s critical business applications by isolating sensitive tasks, securely executing cryptographic operations, and protecting and managing the associated keys. Designed for low transaction volume environments, this USB-connected device performs encryption, digital signing and key management on behalf of an extensive range of commercial and custom-built applications including offline certificate authorities (CAs) and code signing. A high assurance alternative to software-based cryptography libraries, nShield Edge features certified implementations of all leading algorithms including Suite B.
PORTABLE HARDWARE SECURITY MODULE
w w w . t h a l e s - e s e c u r i t y . c o m
Security**compliance• FIPS 140-2 Level 2 and Level 3, and NIST SP 800-131A
Safetyandenviromentalcompliance• UL, CE, FCC, C-TICK, and Canada ICES• RoHS2, WEEE
Managementandmonitoring• Remote unattended operator/multi-user access control• Syslog diagnostics support• Windows performance monitoring• Command line interface (CLI)/graphical user interface (GUI)• SNMPv3 compatible monitoring agent
Physicalcharacteristics• Portable desktop device with integrated smart card reader• Dimensions with stand open 120 x 118 x 27mm (4.7 x 4.6 x 1in)• Weight: 340g (0.8lb)• Input voltage: 5v DC powered by USB host device• Power consumption: 700mW• Temperature: operating 5 to 45°C (41 to 113°F), storage -40 to
70°C (-40 to 158°F)• Humidity: operating 10 to 90% (relative, non-condensing), storage
0 to 95% (relative, non-condensing)
Availablemodelsandperformance• nShield Edge is available in FIPS Level 2 and Level 3 variants• A non-FIPS Developer Edition is also available• Signing performance for NIST recommended key lengths - 2048 bit RSA: 2 tps - 4096 bit RSA: 0.2 tps
Functionalcapabilities• Protects cryptographic keys in secure hardware• Supports laptops and virtual machines• Strong separation of administration and operator roles• Protects keys for registration authorities• Facilitates remote nShield HSM operation• Simplifies HSM application development• Provides secure key wrapping, backup, replication and recovery• Supports unlimited protected key storage and logical/
cryptographic separation of application keys• “k of n” multifactor authentication
Supportedoperatingsystems• Windows Server 2008, Windows Server 2008 R2, Windows Server
2012 R2, Windows 7• VMware Server, VMware Workstation, Hyper-V for Windows Server
2008 R2, MS Virtual PC for Windows 7
ApplicationProgramInterfaces(APIs)• PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG• nCore (low-level Thales interface for developers)
Compatibilityandupgradeability• Compatible with Thales nShield Connect/Connect+ and nShield
Solo PCI/PCIe/PCIe+• Security World key management architecture enables load
balancing across mixed estates of nShield models
Hostconnectivity• USB port (1.x, 2.x compliant)• Includes 1 meter connector cable (USB type A to B)
Cryptography• Asymmetric public key algorithms: RSA, Diffie-Hellman, DSA,
KCDSA, ECDSA, ECDH• Symmetric algorithms: AES, ARIA, Camellia, CAST, RIPEMD160
HMAC, SEED, Triple DES• Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit)• Full Suite B implementation with fully licensed Elliptic Curve
Cryptography (ECC) including Brainpool and custom curves
* Performance may vary depending on operating system, application, network topology and other factors.** Security certifications are performed only against select firmware versions. Consult the certifications
section of our website for links to official certificates.
Americas – Thales e-Security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected] Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected], Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]
Thales nShield EdgeTECHNICAL SPECIFICATIONS*
© T
hale
s -
Oct
ober
201
5 •
PLB5
122