Hardware and software requirements

2.1 Hardware and software requirements

Hardware requirements, supported platforms, and software requirements are specified in the Additional hardware and software requirements section of the Installation and Configuration Guide.

Refer to your nShield HSM documentation for recommendations of the hardware and software needed for the nShield HSM.

This release of MyID has been tested with the following Entrust nShield configuration:

Model	Security World Client	Connect Image	Security World Version	FIPS Certified	FIPS Firmware
nShield Connect XC	13.4.4	13.4.3	v3 - DLf3072s256mAEScSP800131Ar1	Yes	12.72.1 Historical: 9/21/2026
nShield 5c	13.4.4	13.2.2	v3 - DLf3072s256mAEScSP800131Ar1	140-3 Provisional	13.2.2

Model

Security World Client

Connect Image

Security World Version

FIPS Certified

FIPS Firmware

nShield Connect XC

13.4.4

13.4.3

v3 - DLf3072s256mAEScSP800131Ar1

Yes

12.72.1

Historical: 9/21/2026

nShield 5c

13.4.4

13.2.2

v3 - DLf3072s256mAEScSP800131Ar1

140-3 Provisional

13.2.2

If you are using a different configuration of the nShield HSM, you are recommended to use the HSM Test Utility to validate integration; see section 2.2, HSM Test Utility.

MyID supports HSMs running in FIPS 140-2 L3 mode and 140-3 Provisional mode. When using these modes, the HSM does not allow 3DES and RSA 1024.

2.1.1 Supported nShield HSM models

nShield HSMs have two main types:

Acceleration-only modules – (nFast series) these modules provide cryptographic acceleration only, and do not allow sensitive key data to be managed within the HSM. This type of module is typically used as an SSL accelerator, and may therefore improve IIS performance, but will not provide benefits to MyID itself.
Key-management modules – (nShield series) these modules in addition to providing cryptographic acceleration, are able to store sensitive key data internally, providing assurance that these keys are more secure than if they were stored within the computer. It is this type of HSM that this document is relating to.

nShield HSMs are available as internal PCI card, an external SCSI device, or a network connected device that can support multiple clients (netHSM). All of these form factors are supported by MyID, but the details of installing and configuring the HSM may differ depending on the type of HSM used.

MyID supports the following nShield HSM models:

nShield Connect
nShield Solo

Each model is available in different performance variants. All variants are supported; however, for production use, you are recommended to use the variants with the highest performance rating.

Note: The nShield Edge USB version of the HSM is compatible with MyID, but is not supported due to the low performance rating; it is not suitable for production environments.

2.1.2 Multiple HSMs

MyID manages a connection to a single HSM. If you have more than one HSM set up for failover purposes, your HSM administrator must ensure that the data is synchronized between each HSM.