The nCipher nFast Ultra is a PCI card that handles all the SSL processing at the protocol, encryption and decryption levels. This card is neither tamper-proof nor tamper-evident, so it might not be suitable for some situations.
It cannot be inducted into nCipher's "Security World" system, which has security implications. The device has a single 1000 Base-T Ethernet port, but appears to have two such ports when installed. One of these is the management interface, while the other is the server port itself. Both ports need to have IP addresses assigned to them before the device will operate.
The device includes an internal clock used to provide a time-stamp facility. This can be configured to synchronize with the host system's clock at specified intervals.
The associated software, provided in versions for Windows, Solaris and Linux systems, is used to configure the card and handle keys and certificates. The minimum software requirement is for Windows 2000 Server Service Pack 4.
The card's software is password-protected and it is not possible to reconfigure the card without one. If the password is lost, the card can be physically reset by powering down the server and removing it.
The card can be configured from a command line interface, but nCipher has provided a menu-based system that can be invoked from the command line and is less intimidating.It can be used for most configuration purposes and it should only be necessary to resort to the command line utilities to configure the more esoteric options, or if the device is to be configured and monitored using scripts developed in-house.
The key and certificate management functions are comprehensive, allowing the user to import existing keys and certificates and generate new ones. Key and certificate data is stored on the server's hard drive, so the server's back-up regime should include the right directory.
It is possible to replicate keys and certificates across servers equipped with Ultra cards to provide processing redundancy. The card has logging facilities and can be configured to create alert messages in the Windows Application Event Log or to a specified log file on a Solaris or Linux system.