nShield HSM 遠端管理

nShield HSM Remote Administration

HSM遠湍管理

Why Remote Administration

nShield HSMs often run in physically secure, lights-out data centers in locations distant from the people who manage them. Many organizations find it impractical to gain access to their remote HSMs for routine management tasks. Remote Administration lets you manage your HSMs—including adding applications, upgrading firmware, checking status, and more—from your location, and whenever you choose. This means far less travel to data centers, helping you cut costs and optimize your resources.

Benefits

Eliminates travel to data centers, cutting costs and saving time
Reduces downtime
Eliminates the risk of carrying cards to remote locations
Provides 24 x 7 access to nShield HSMs

Remote Administration is versatile and works with nShield Connect and Solo HSMs. Remote Administration Client software, running in your local office, supports both Windows and Linux.

Security Features

Remote Administration was designed with security paramount among its attributes, and incorporates the following functions to safeguard your transactions:

Authentication between Remote Administration Cards (smart cards) & HSM
‧Remote Administration Cards (in the local office) and the target HSM mutually authenticate by recognizing each other’s factory-issued warrants (like digital certificates)
HSM verification
‧Card-holder confirms the electronic serial number of the HSM
User authentication
‧Quorum of card-holders must present passphrases in the presence of a Security Officer, the same as if physically present with the HSM
VPN channel
‧Communication between the local workstation and remote HSM secured via VPN and runs over a remote desktop (RDP) or secure shell session
FIPS 140-2 certification
‧Remote Administration Cards are designed for FIPS 140-2 Level 3 certification
Firewall protection
‧Trusted Verification Devices (secure card readers) equipped with a firewall to help deter malware from the laptop

Operational Features

Remote Administration allows the vast majority of functions that are otherwise performed in the physical presence of your HSM to be carried out remotely, letting you do the following from the location of your choice:

Configure new HSMs once installed in data center—less time in the data center, and security officers needn’t be present—lower overhead
Add new HSM applications
Upgrade firmware and software for maintenance and other updates
Monitor HSM status and re-boot
Perform both Operator and Administrator management tasks
Easily navigate functions using a simple GUI on the Remote Administration Client (RAC) software

Starter Kits

Remote Administration Cards

Trusted Verification Devices (TVD)

Specifications

nShield HSMs: Remote Administration works with Solo and Connect nShield HSMs. Remote Administration does not support legacy nShield Solo PCIs.

Remote Administration Client OS compatibility: The Remote Administration Client software, the user interface running locally, is compatible with Windows or Linux operating systems.

nShield software compatibility: Remote Administration must be used with v12.00 software and accompanying firmware*. V12.00 can be upgraded from the software versions listed below. (Earlier versions of software will need to be upgraded to these versions before upgrading to v12.00.)

Note: nShield Edge is designed as a local HSM and is not compatible with Remote Administration.

相關資料

下載 -- nShield Remote Administration