The nShield Connect is a FIPS 140-2 certified, hardened, tamper-resistant, security module that performs cryptographic tasks across your networks. The nShield Connect is capable to provide encryption, code signing, key generation, and certificate authority services. In addition to its cryptographic services, the nShield Connect’s CodeSafe option allows you to execute sensitive code in a secure environment.
Highly flexible architecture
nShield Connect HSMs integrate with the unique Security World architecture from Thales. With this proven HSM encryption technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing
Process more data faster
nShield Connect HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise, retail, IoT and other environments where throughput is critical. The nShield Connect XC offers our highest transaction performance rates
Protect your proprietary applications and data
nShield Connect HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process
Certified hardware solutions
Thales e-Security has earned a broad set of certifications for nShield products. These certifications help our customers to demonstrate compliance while also giving them the assurance that their nShield HSMs meet stringent industry standards.
Safety and environmental standards compliance:
High transaction rates
nShield HSMs boast high elliptic curve cryptography (ECC) and RSA transaction rates. ECC, one of the most efficient cryptographic algorithms, is particularly favored where low power consumption is crucial, such as applications running on small sensors or mobile devices
Wide support for APIs, cryptographic algorithms and OSs
Supported Cryptographic Algorithms
nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.
Calculated at 25C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment" MTBF Standard.
nShield Connect HSMs ship with three client licenses, each allowing a connection to an IP address. Additional licenses are available for purchase.
CodeSafe is a powerful, secure environment that lets you execute applications within the secure boundaries of nShield HSMs. Sample applications include digital meters, authentication agents, digital signature agents and custom encryption processes. CodeSafe is available with FIPS 140-2 Level 3 certified nShield Solo and nShield Connect HSMs
nShield Remote Administration lets operators manage distributed nShield HSMs—including adding applications, upgrading firmware, checking status, re-booting and more—from their office locations, reducing travel and saving money. Remote Administration Kits contain the hardware and software needed to set up and use the tool. These kits are available for nShield Solo and nShield Connect HSMs
CipherTools Developer Toolkit
The CipherTools Developer Toolkit is a set of tutorials, reference documentation, sample programs and additional libraries. With this toolkit, developers can take full advantage of the advanced integration capabilities of nShield HSMs. In addition to offering support for standard APIs, the toolkit enables you to run custom applications with nShield HSMs
Database Security Option Pack
Databases often contain an organization's most sensitive data. To help customers protect their data, major database vendors have implemented native encryption in their products. The nShield Database Security Option Pack adds support for Microsoft’s Extensible Key Management (EKM) API, helping organizations to better protect the keys that safeguard sensitive data in Microsoft SQL Server
Security teams that want to strongly authenticate their nShield Connect HSM clients can use nTokens PCIe cards to do hardware-based host identification and verification
Elliptic Curve Cryptography (ECC) activation
The ECC activation license enables EC-DH, EC-DSA and EC-MQV to be used on an nShield HSM
With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED and ARIA algorithms on an nShield HSM
Thales offers optional slide rails that let users mount nShield Connect in a 19" rack without a shelf. Thales recommends that customers use these slide rails exclusively as parts from other manufacturers may not be compatible
Many functions of nShield Connect HSMs can easily be executed using the touch wheel at the front of the unit. Thales offers an optional USB keyboard for even greater ease of use
Field replaceable parts
nShield features parts that operators can replace in the field, without downtime. These parts include the following:
Dual, hot-swap power supplies.
Redundant, field-replaceable fans.