> Hardware Security Module

Thales nShield Solo

The nShield Solo is the server-embedded hardware security

K E Y B E N E F I TS module (HSM) in the Thales family of high security data protection
solutions. The independently certified Solo cards are compatible
OPERATIONAL
> Provides cost-effective cryptographic acceleration and with platforms offering peripheral component interconnect (PCI
unmatched operational flexibility in traditional data and PCI Express) interfaces. Performing key management and
center and cloud environments leveraging unique cryptographic operations such as encryption and digital signing on
Security World architecture behalf of a wide range of commercial and custom-built business
> Reduces overall cost for regulatory compliance (e.g. applications, nShield Solo protects critical security systems
PCI DSS) as well as for day-to-day key management
tasks including backup and remote management including public key infrastructures (PKIs), identity management
> Enables high assurance business continuity with systems, databases, web fabric, domain name system security
simplified HSM enrollment and efficient key provisioning extension (DNSSEC) deployments and code signing.
> Enhances security and provides cryptographic The nShield Solo provides cost-effective and dedicated physical
acceleration for OEM appliances
and logical controls for server-based systems where software-
Security based security features are considered to be inadequate. In the
> Delivers certified protection for cryptographic keys
and operations within tamper-resistant hardware to face of evolving compliance requirements and general standards
significantly enhance security for critical applications of due care, the use of nShield HSMs provides a tangible measure
> Establishes strong separation of duties and dual of security within the traditional data center and cloud-based
controls through robust administration policies services. All Thales nShield HSMs feature the market-leading
including role-based multi-factor authentication and Security World key management architecture that enables the
flexible quorum-based authorization
automation of burdensome and
> Enables secure execution of custom security-critical risk-prone administrative tasks,
application code within the hardware security boundary
guarantees key recovery and
eliminates single points of failure
and expensive, manually-intensive
backup processes.

www.thales-esecurity.com
> Thales nShield Solo
Technical Specifications*
Functional Capabilities Management and Monitoring
> Embedded one-to-one client server application support > Remote unattended operator/multi-user access control
> Onboard secure key and application storage/processing > Syslog diagnostics support
> Cryptographic offloading/acceleration > Windows performance monitoring
> Authenticated multi level access control > Command line interface (CLI)/graphical user interface (GUI)
> Strong separation of duties (administrator and operator) > SNMPv3 compatible monitoring
> Secure key wrapping, backup, replication and recovery
Physical Characteristics
> Unlimited protected key storage
> Standard PCI and low profile PCIe form factor with
> Clustering, load-balancing and “k of n” multifactor external smart card reader
authentication
> Temperature: operating 10 to 35°C (50 to 95°F),
> Unlimited logical/cryptographic separation of storage -20 to 70°C (-4 to 158°F)
application keys
> Humidity: operating 10 to 90% (relative, non-condensing at
Supported Operating Systems 35%), storage 0 to 85% (relative, non-condensing at 35%)
> Physical: Windows, Linux, Solaris, IBM AIX, HP-UX > Dimensions, weight, max. power consumption, and MTBF:

Application Program Interfaces (APIs) Dimensions Weight Power MTBF

Model No.
> PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG (mm/in) (g/lbs) (W) (hrs)
> nCore (low-level Thales interface for developers) PCI 500
107 x 129 x 15mm 330g
14 193,000
4.2 x 5.1 x 0.6in 0.7lb
Compatibility and Upgradeability PCIe 500, 56.2 x 167.1 x 15.4mm 230g
10 216,600
> Compatible with Thales nShield Connect, nShield Edge PCIe 6000 2.2 x 6.6 x 0.6in 0.5lb
and netHSM 500 and 2000 PCI 2000, 107 x 175 x 16.5mm 340g
14 125,700
> Software upgradeable PCI 4000 4.2 x 6.9 x 0.6in 0.8lb

Host Connectivity Cost-effective for Standalone Servers

The Thales policy is one of continuous development and consequently the equipment may vary in detail from the description and specification in this publication.
> PCI 2.3 compliant; 2.1, 2.2, PCI-X compatible When protecting cryptographic keys on standalone servers,
> PCIe single lane compliant; 1.1, 2.0 compatible nShield Solo is the most cost-effective solution. nShield Solo
can be deployed within a cluster of servers to enable load
Cryptography balancing and high availability. For customers deploying
> Asymmetric public key algorithms: RSA (1024, 2048, multiple nShield Solo modules in a data center environment,
4096, 8192), Diffie-Hellman, DSA, El-Gamal, KCDSA, an optional SmartCard Reader rackmount is available.
ECDSA, ECDH
> Symmetric algorithms: AES, ARIA, Camellia, CAST,
DES, RIPEMD160 HMAC, SEED, Triple DES
> Hash/message digest: SHA-1, SHA-2 (224, 256, Optional nShield SmartCard Reader rackmount.
384, 512bit)
Available Models and Performance
> Full Suite B implementation with fully licensed Elliptic
Curve Cryptography (ECC) including Brainpool and nShield Solo is available in a variety of speeds and form factors:
custom curves PCI PCIe PCI PCI PCIe
Model
500 500 2000 4000 6000
Safety, Security and Environmental Signing Performancce (tps)
Compliance 1024bit RSA 500 500 2000 4000 6000
> UL, CE, FCC 2048bit RSA 80 150 300 580 3000
> RoHS, WEEE 4096bit RSA 15 65 20 40 500
> FIPS 140-2 Level 2 and Level 3, NIST SP 800-131A Key Generation (tps)
1024bit RSA 7 12.2 12 12 26.5
> Common Criteria EAL4+
2048bit RSA 1 2.4 3.3 3.4 8.7
High Availability 4096bit RSA 0.07 0.192 0.11 0.2 1.8
> All solid-state storage
> MTBF – Mil-Std 217F notice 2 parts count method
(see table)
For more information please see
www.thales-esecurity.com or scan
© Thales - July 2011 • MGD1402

the quick response (QR) code on

your smart phone.

* Performance may vary depending on operating system, application, network topology

and other factors.

Thales e-Security

Americas: 2200 North Commerce Parkway, Suite 200, Weston, Florida 33326 • Tel: +1 888 744 4976 or +1 954 888 6200 • Fax: +1 954 888 6211 • E-mail: [email protected]
Asia Pacific: Unit 4101, 41/F, 248 Queen’s Road East, Wanchai, Hong Kong • Tel: +852 2815 8633 • Fax: +852 2815 8141 • E-mail: [email protected]
Europe, Middle East, Africa: Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel: +44 (0)1844 201800 • Fax: +44 (0)1844 208550 • E-mail: [email protected]