Thales ISS | Products | Thales netHSM

Thales netHSM

Network security module

Get certified

Thales training courses provide customers, partners, and developers with an overview of key management and acceleration server based hardware.
Learn More »

Benefits

Provides scalable and flexible encryption management
Controls access to critical information
Integrates with existing applications

Introduced in 2003, netHSM 500 and 2000 have greatly helped to improve our customers’ data security. To enable us to provide our customers with best-of-breed technology in the future, Thales has recently launched a number of next-generation products, namely nShield Connect 500, 1500 and 6000, which are fully backward compatible with netHSM 500 and 2000. In line with the Thales Lifetime Support Policy, we have therefore announced the retirement of netHSM 500 and 2000 so our customers can make informed purchasing decisions and plan their long term support and upgrade strategy. Thales is providing continued support for this product for several years. Customers who still wish to purchase netHSM modules can still do so subject to availability during the final sale period. Please contact us for more information.

nShield Connect is the standard migration path from netHSM. Please check the features tab of this page to view a comparison between netHSM nShield Connect.

More information about nShield Connect can be found here.

If you have any questions about nShield Connect, please contact us.

The netHSM product line is being retired. Thales recommends customers upgrade to nShield Connect for future purchases. Customers who still wish to purchase netHSM modules can still do so subject to availability during the final sale period. Please contact us for more information.

nShield Connect, part of the nCipher product line, is a network-attached, general-purpose hardware security module (HSM) that protects up to 100 clients by safeguarding their encryption and digital signing keys and processing sensitive data on the trusted appliance.

Its unique dual, hot-swap power supplies and redundant, field-replaceable fans make nShield Connect fault tolerant. Providing business continuity, scalability and remote management, it enables organizations to deploy reliable, future-proof and extensible cryptographic services. The security boundary of nShield Connect is validated for FIPS 140-2 Level 3 and Common Criteria EAL4+. nShield Connect is backward compatible with netHSM and nShield Solo (PCI/PCIe) deployments. All of these products can be deployed together in a mixed environment and nShield Connect can be used with existing host applications and software. Customers can also choose to re-use existing nToken hardware that was originally deployed with netHSM.

The following table compares netHSM with nShield Connect models:

	netHSM 500 / 2000	nShield Connect 500 / 1500 / 6000
Security World	Fully compatible between netHSM and nShield Connect (requires v11)
Mixed deployments	Organizations can run nShield Connect and netHSM in same deployment, even load-balancing between them (requires v11)
Application integrations	Fully compatible if tested with version 11.x host software
CodeSafe applications	Fully compatible if tested with version 11.x host software
nTokens	Existing nTokens can be used with netHSM or nShield Connect
Power supplies	1 power supply; fixed	2 x hot-swap power supplies
Unit depth	Requires communications or server rack	Requires server rack
Speed	Up to 500 / 2,000 TPS	Up to 500 / 1,500 / 6,000 TPS
Fans	Non-redundant; fixed	Redundant; field-replaceable
Ethernet	2x 100 Mbit	2x 1 Gbit
Max # clients	20	10 / 20 / 100
Physical security	Tamper-resistant	Tamper-resistant and tamper-responsive
Keyboard	Included	Optional
Rack mounting	Requires shelf	Slide rails (optional)

More information about nShield Connect can be found here.

If you have further questions about nShield Connect, please contact us.

Note: All netHSM models are being retired and have been superceded by nShield Connect, which is fully backward compatible.

Available speed variants

Thales netHSM 500
Thales netHSM 2000

Ports

2 x 10/100 Ethernet (RJ45)
PS/2 keyboard

User interface

Matrix LCD
1 x menu dial
2 x soft keys

Operating systems
Systems running the following operating systems can leverage netHSM, both with and without nToken cards.

AIX
HP-UX
Linux
Solaris
Windows

Please contact the Thales sales team for information on compatibility with specific OS versions and patch levels.

Third-party applications
For more information on vendors providing applications compatible with Thales hardware, please visit our Partners section.

Developer solutions
Thales offers a range of developer solutions to integrate HSMs into custom applications.

Cryptographic algorithms
Algorithms supported by HSMs include, but are not limited to, the following:

Symmetric ciphers
- AES
- ARC4 (compatible with RC4)
- DES
- TripleDES
Public key ciphers
- DSA
- ElGamal
- RSA
- ECC (optional)
Key exchange mechanisms
- Diffie-Hellman
- DES/TripleDES XOR
Hash and HMAC functions
- MD2
- MD5
- RIPEMD 160
- SHA-2
- SHA-1

Note: Not all algorithms are available in FIPS 140-2 Level 3 mode.

Optional features overview

nCipher Remote Operator
Secure Execution Engine (SEE)
ISO Smart Card support
payShield Option Pack
KCDSA (available only in South Korea)
Elliptic Curve (ECC) Activation

Physical specifications

Weight: 14.1 lbs (6.4 kg)
Dimensions: Standard 1U rack mount, depth 17 1/4" (438mm)
Input voltage: 100-240V AC auto switching 50-60 Hz (nominal)
Maximum power consumption: 460 watts (4 amps at 115V AC)

Operating environment

Operational temperature: 10-35 degrees Celsius
Relative humidity: 10%-85%, non-condensing

Certifications

FIPS 140-2 Level 3
Common Criteria EAL4+
Certified for Microsoft Windows 2008
Information on RoHS compliance

Products

Thales netHSM

Get certified

Benefits

Related Resources

Related Products

Related Data Sheets