nShield Connect HSMs

nShield Connect hardware security modules (HSMs) are certified, networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines

nShield Connect HSMs

nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network. nShield HSM appliances are hardened, tamper-resistant platforms that perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.

The nShield Connect HSM appliance series include nShield Connect+ and the new, high-performance nShield Connect XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.

Remote Configuration

The latest nShield Connect XC models offer an optional serial port that allows enterprises to eliminate costly repeat trips to the data center. Remote Configuration capabilities afforded by this feature include:

  • Initiating and changing an HSM’s network settings, e.g. IP address
  • Supporting provider/tenant deployment models where the nShield HSM appliance can be easily configured by the provider before passing control of the HSM to a tenant. Separation of roles ensures the cryptographic key material is not exposed to the provider.
  • Purging key material and decommissioning the nShield HSM appliance at the end of a usage cycle in preparation for its next deployment

Technicians simply need to rack and cable the nShield HSM appliance and connect a serial concentrator in the data center to prepare the nShield Connect XC for full remote configuration and administration. This reduces the need for trained resources in the data center and provides customers more efficiency and control over their HSMs.

Highly flexible architecture

nShield Connect HSMs integrate with the unique Security World architecture from nCipher. With this proven HSMs encryption technology, you can combine different nShield HSM appliance models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.

Process more data faster

nShield Connect HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise, retail, IoT and other environments where throughput is critical. The nShield Connect XC offers our highest transaction performance rates.

Protect your proprietary applications and data

nShield Connect HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.

Certified hardware solutions

nCipher eSecurity has earned a broad set of certifications for nShield products. These certifications help our customers to demonstrate compliance while also giving them the assurance that their nShield HSMs meet stringent industry standards.

Security compliance:

  • FIPS 140-2 Level 2 and Level 3
  • USGv6 accreditation
  • eIDAS and Common Criteria EAL4 + AVA_VAN.5 and ALC_FLR.2 certification against EN 419 221-5 Protection Profile, under the Dutch NSCIB scheme
    • Can form the basis of an EN 419 241-2 certified remote signing system for eIDAS.
    • Compliant with BSI AIS 31 for true and deterministic random number generation
  • Common Criteria EAL4+ (AVA_VAN.5) for nShield Connect+ models
  • Recognition of nShield Connect+ as a Qualified Signature Creation Device (QSCD)

Safety and environmental standards compliance:

  • UL, CE, FCC, C-TICK, Canada ICES
  • RoHS2, WEEE
High transaction rates

nShield HSMs boast high elliptic curve cryptography (ECC) and RSA transaction rates. ECC, one of the most efficient cryptographic algorithms, is particularly favored where low power consumption is crucial, such as applications running on small sensors or mobile devices.

nShield Connect Models 500+ XC Base 1500+ 6000+ XC Mid XC High
RSA Signing Performance (tps) for NIST Recommended Key Lengths
2048 bit 150 430 450 3000 3500 8600
4096 bit 80 100 190 500 850 2025
ECC Prime Curve Signing Performance (tps) for NIST Recommended Key Lengths
256 bit 540 680 1260 2400 5500 14,400
Wide support for APIs, cryptographic algorithms and OSs

Supported APIs

  • PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG

Supported Cryptographic Algorithms

  • Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH, Edwards (X25519, Ed25519ph)
  • Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
  • Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
  • Full Suite B implementation with fully licensed ECC including Brainpool and custom curves

nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.

Operating Systems

  • Microsoft Windows 7 x64, 10 x64; Windows Server 2008 R2 x64, 2012 R2 x64, 2016 x64
  • Red Hat Enterprise Linux AS/ES 6 x64, 6 x86, 7 x64, 5 x64 (libc6.5) (partial support); SUSE Enterprise Linux 11 x64 SP2, 12 x64,
  • Oracle Solaris 11 (SPARC), Oracle Solaris 11 x64
  • IBM AIX 7.1 (POWER6, POWER8), HP-UX 11i v3
  • Oracle Enterprise Linux 6.8 x64 and 7.1 x64

Virtual environment support: Microsoft Windows Hyper-V Server 2012 R2, 2016, VMware ESXi 6.5, Citrix XenServer 6.5, AIX LPARs

Model MTBF (hours)
Connect XC 107,384
Connect+ 99,284

Calculated at 25C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment" MTBF Standard.

Performance ratings and options

To meet the performance needs of your application, nCipher provides a variety of nShield Connect models as shown in the Specifications tab. You can select among the performance models shown, and can also purchase in-field upgrades from lower performance models to higher models.

Client licenses

nShield Connect HSMs ship with three client licenses, each allowing a connection to an IP address. Additional licenses are available for purchase. The maximum number of client licenses supported varies by nShield Connect model as shown in the table below.

Note* requires Enterprise Client License activation

Max # client licenses per nShield Connect Model XC Base/500+ XC Mid/1500+ XC High/6000+
Maximum Client Licenses 10 20 Unlimited*
nShield Web Services Option Pack

The Web Services Option Pack enables the nShield Web Services Crypto API, which provides a simple interface between applications and nShield crypto services. The API gives cloud, data center or on-premises applications access to nShield data protection solutions without the need for client-side integration.

nShield Monitor

nShield Monitor is a monitoring platform that provides 24x7 visibility into the status of payShield and nShield HSMs. With this solution, security teams can efficiently inspect HSMs and find out immediately if any potential security, configuration or utilization issue may compromise their mission-critical infrastructure.

Remote Administration Kits

Remote Administration Kits

nShield Remote Administration lets operators manage distributed nShield HSMs—including adding applications, upgrading firmware, checking status, re-booting and more—from their office locations, reducing travel and saving money. Remote Administration Kits contain the hardware and software needed to set up and use the tool. These kits are available for nShield Solo and nShield Connect HSMs.


CodeSafe is a powerful, secure environment that lets you execute applications within the secure boundaries of nShield HSMs. Sample applications include digital meters, authentication agents, digital signature agents and custom encryption processes. CodeSafe is available with FIPS 140-2 Level 3 certified nShield Solo and nShield Connect HSMs.

CipherTools Developer Toolkit

The CipherTools Developer Toolkit is a set of tutorials, reference documentation, sample programs and additional libraries. With this toolkit, developers can take full advantage of the advanced integration capabilities of nShield HSMs. In addition to offering support for standard APIs, the toolkit enables you to run custom applications with nShield HSMs. CipherTools Developer Toolkit is included free of charge in the standard Security World software ISO/DVD.

Database Security Option Pack

Databases often contain an organization's most sensitive data. To help customers protect their data, major database vendors have implemented native encryption in their products. The nShield Database Security Option Pack adds support for Microsoft’s Extensible Key Management (EKM) API, helping organizations to better protect the keys that safeguard sensitive data in Microsoft SQL Server.



Security teams that want to strongly authenticate their nShield Connect HSMs clients can use nTokens PCIe cards to do hardware-based host identification and verification.

Elliptic Curve Cryptography (ECC) activation

The ECC activation license enables EC-DH, EC-DSA and EC-MQV to be used on an nShield HSMs.

KCDSA activation

With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED and ARIA algorithms on an nShield HSMs.

Slide rails

nCipher offers optional slide rails that let users mount nShield Connect in a 19" rack without a shelf. nCipher recommends that customers use these slide rails exclusively as parts from other manufacturers may not be compatible.


Many functions of nShield Connect HSMs can easily be executed using the touch wheel at the front of the unit. nCipher offers an optional USB keyboard for even greater ease of use.

Field replaceable parts

nShield features parts that operators can replace in the field, without downtime. These parts include the following:

  • Power supply unit (PSU)
  • Dual, hot-swap power supplies.

  • Replacement fan tray
  • Redundant, field-replaceable fans.

White Paper : The nCipher Security World Architecture

The nCipher Security World architecture supports a specialized key management framework that spans the entire nShield family of general purpose hardware security modules (HSMs). Whether deploying high performance, shareable, network-attached HSMs appliances, host-embedded HSMs cards or USB-attached portable HSMs, the Security World architecture provides a unified administrator and user experience and guaranteed interoperability whether the customer deploys one or hundreds of devices.


White Paper : Key Isolation for Enterprises and Managed Service Providers

It is vital for any business that relies on cryptographic keys to have assurances and enforceable policies around key usage. The nShield family of Hardware Security Modules (HSMs) provides that assurance. The Security World key management framework, supported by the nShield HSMs family, enables organizations to create a structured key infrastructure that meets today’s dynamic and fluid requirements.

This paper demonstrates how it is possible to easily configure Security World to define a framework which permits both partitioning and multi-tenancy cryptographic key isolation strategies.


Data Sheet : CodeSafe

CodeSafe is a set of software tools that enables you to run applications in a secure execution environment inside nShield HSMs.


Data Sheet : nShield Remote Administration

nShield Remote Administration is a central management tool that lets you manage your geographically distributed nShield HSMs from your local office.


Data Sheet : nShield Monitor

nShield Monitor is a tool that lets you monitor, 24x7 and in one centralized location, all your nCipher HSMs.


Data Sheet : Web Services Option Pack

Reduce integration and gain simplicity using this API, providing a simple interface between cloud, data center or on-premises applications and nShield crypto services.

Want to be part of our team? Explore
Get in contact with a specialist Contact Us