Microsoft Windows Server Network Device Enrolment Service (NDES) is a mechanism for enrolling and authenticating network devices, and providing the devices with private keys and certificates issued by a CA. Thales nShield Connect and nShield Solo HSMs can be integrated with NDES to provide hardened security to the key management and certificate issuance process.
The benefits of using an HSM with NDES include:
- Secure storage of private keys
- FIPS 140-2 Level 3 validated hardware
- Full lifecycle management of keys
- Failover support where multiple HSMs are available.
This integration guide provides the prerequisites and instructions for setting up and configuring NDES with a Thales nShield HSM.