Local admin

The DD Engine has two console interfaces: Local admin, one for the DD Engine Upstream and one for the DD Engine Downstream.

Connect to Local admin

Step 1Step 2Step 3

• Connect a keyboard and display to the DD Engine host machine.

• Power on the host machine.

• When the login prompt is displayed, log in using:

  Username: admin
  Password: the chosen password. Either the default password set during Firmware installation or if it has been changed under Admin password.

info

When making changes from the Local admin, settings are only applied to the connected side of the DD Engine.

Once logged in, the following main menu options are displayed:

• Device configuration...
• Admin password...
• Date and time...
• Export device logs...
• View third-party licenses...
• Factory reset...

info

When making changes via Local admin, the services might temporarily pause their data transfer but it will be resumed as quickly as possible.

Required settings at initial setup

When setting up a DD Engine for the first time it is required to set Certificate configuration and IP configuration.

Before using the DD Engine in an operational environment, it is highly recommended to set:

• Diode transfer configuration
• Date and time

Device configuration

Device configuration includes settings for interfaces (data, admin and diode), DNS, diode transfer configuration, certificates for DD Manager communication and device hostname. Applying the configuration takes several minutes and therefore it is encouraged to first make all changes in the submenus before selecting Save.

IP configuration

In IP configuration..., the interfaces and IP addresses for Admin, Data and the Data Diode can be viewed and changed. It is required to configure the interface parameters and highly recommended to set customized IP addresses. The interfaces defines which information will be sent through which port, this must map to how the system was set up during the Hardware setup. The IP set for Admin will be used by a client to access the DD Manager. The IP set for Data will be used when transferring data over the diode. DNS can be configured to resolve hostnames into IP addresses.

The default IP addresses are:

• Upstream Admin: 192.168.0.100
• Upstream Data: 192.168.1.100
• Downstream Admin: 192.168.0.101
• Downstream Data: 192.168.1.101

IP configuration of IP addresses, default gateways and DNS servers

Step 1Step 2Step 3Step 4Step 5Step 6Step 7Step 8Step 9

• Select Device configuration... from the main menu.

• Select IP configuration....

• The current interfaces for data, admin and data diode are displayed. Click Select interface... and choose the desired interface.

• The current IP address of the data and admin interfaces are displayed. Enter the IP address and subnet mask to be used.

  The format is [IP address]/[subnet mask].

• If Default gateway is enabled, the configured values for the data and admin interfaces are displayed. Enter the gateways to be used.

• If Primary DNS server is enabled, the configured values are displayed. Enter the IP addresses of the DNS servers to be used.

• To enable advanced options, follow the instructions under Configure Advanced Interface.

• Select Confirm to confirm the new IP address, gateways and DNS server.

• Once all settings are confirmed for Device configuration..., select Save to apply changes. This will take several minutes.

warning

It is recommended that all default IP addresses are changed before connecting the DD Engine in an operational environment.

DNS configuration

DNS servers are used to resolve hostnames into IP addresses. The data interface DNS setting is used to configure the DNS server used by services. Without a configured DNS server, services will be unable to resolve hostnames. The admin interface DNS setting is used to configure the DNS server used by the non-service functionality of the device, e.g., remote logging. Without a configured DNS server, these functions will be unable to resolve hostnames.

When attempting to resolve a hostname, the primary DNS server will be tried first. If it's unreachable, the secondary DNS server, if configured, will be tried instead.

Configure Advanced Interface

When enabling Configure Advanced Interface it allows control of some parameters which are otherwise given default values. If a field is left empty, the default value will be applied. The parameters are the following:

Upstream

• IP Address: Sets the IP address and subnet on the Upstream OUT interface. Defaults to 203.0.113.2/25.
• Destination IP Address: The IP address on the Downstream IN interface. Must match the assigned value on Downstream. Defaults to 203.0.113.1.
• Destination MAC Address: The MAC address on the Downstream IN interface. Must match the assigned value on Downstream. Defaults to 03:c4:7a:00:00:01.
• MTU: Sets the minimum MTU, must match the assigned value on Downstream and is dependent of the host machine hardware. Defaults to 9000.

Downstream

• IP Address: Sets the IP address and subnet on the Downstream IN interface. Defaults to 203.0.113.1/25.
• MAC Address: Sets the MAC address on the Downstream IN interface. Defaults to 03:c4:7a:00:00:01.
• MTU: Sets the minimum MTU, must match the assigned value on Upstream and is dependent of the host machine hardware. Defaults to 9000.

warning

If the host machine hardware does not allow changes of the MAC address, the configuration must match the hardware default values. What MAC address is currently configured is visible in the interface settings.

Diode transfer configuration

In Diode transfer configuration it is possible to configure throughput, forward error correction and encryption. The default parameters are the following:

• Max throughput: 950
• Forward error correction: 0
• Encryption: false

Change configuration

Step 1Step 2Step 3Step 4Step 5Step 6Step 7Step 8

• Select Device configuration... from the main menu.

• Select Diode transfer configuration....

• The Diode Transfer Configuration view is displayed, showing the active configuration.

• Set the Max throughput to a value between 0-10000 Mb/s. This will set the maximum speed trough the diode. A value of 0 results in no speed limit.

  tip

  The Max throughput should be set to a value slightly lower than link speed for the setup.

• Set the Forward error correction to the desired percentage. A greater value results in a higher probability of a successful data transfer. The configured value must match on Upstream and Downstream.

• Enable the Encryption to protect the data in transfer. When prompted, enter an encryption password. The encryption password must match between Upstream and Downstream.

  note

  The enabled/disabled setting for encryption must match on both Upstream and Downstream. If enabled, then the encryption password must match on both sides.

• Select Confirm.

• Once all settings are confirmed for Device configuration..., select Save to apply changes. This will take several minutes.

Certificate configuration

In Certificate configuration, certificates and keys needed for DD Manager access can be uploaded.

See Certificates for information about certificate generation.

warning

Authentication by certificates and keys is required. Without certificates and keys, the DD Engine cannot be configured.

Upload certifications and keys

Step 1Step 2Step 3Step 4Step 5Step 6Step 7Step 8Step 9

• Create Certificates and make them available on a USB drive connected to the correct DD Engine side.

• Select Device configuration... from the main menu.

• Select Certificate configuration....

• The Certificate Configuration view is displayed, listing required certificates and keys.

• Select Select file under Client CA and locate the CA certificate that will be used to verify client certificates. The selected .crt file name will be displayed after Selected:.

• Select Select file under Certificate and locate the Server certificate that will be presented to clients. The selected .crt file name will be displayed after Selected:.

• Select Select file under Key and locate the key that corresponds with the selected Server certificate. The selected .key file name will be displayed after Selected:.

• Select Confirm to save selected certificates and files.

• Once all settings are confirmed for Device configuration..., select Save to apply changes. This will take several minutes.

Hostname configuration

In Hostname configuration, the hostname used for identification of the device can be viewed and changed.

The default hostnames are:

• Upstream: ddengine-upstream
• Downstream: ddengine-downstream

Change hostname

Step 1Step 2Step 3Step 4Step 5

• Select Device configuration... from the main menu.

• Select Hostname configuration....

• The current hostname is displayed. Enter a new hostname to be used.

• Select Confirm to confirm the new hostname.

• Once all settings are confirmed for Device configuration..., select Save to apply changes. This will take several minutes.

Admin password

In Admin password... the administrator can change the password used for administrator access to the Local admin.

The default password was set during Firmware installation.

Change administrator password

Step 1Step 2Step 3Step 4Step 5

• Select Admin password... from the main menu.

• The Change Admin Password view is displayed. Enter the Current password.

• Enter the New password.

• Repeat the new password in Reenter new password.

• Select Confirm to save the new password.

Date and time

Date and time is used to change the system time used throughout the system for logs and certificate validation.

Change data and time

Step 1Step 2Step 3Step 4Step 5

• Select Date and time... from the main menu.

• The Change Date and time view is displayed.

• The current date is displayed. Enter new date in format yyyy-mm-dd.

• The current time is displayed. Enter the time in format hh-mm-ss.

• Select Confirm to save the new date and time.

Export device logs

Export device logs is used to copy generated log events stored on the device for further analysis on a separate Linux platform. Log events can be system or service generated. The logs are exported in a .journal file.

Export logs

Step 1Step 2Step 3Step 4Step 5

• Insert a USB drive in one of the USB ports on the DD Engine host machine.

• Select Export device logs... from the main menu.

• Select the USB drive from the displayed list.

• Select Confirm to copy log events to the USB drive. This can take several minutes.

• When the log events have been copied successfully, a confirmation message is displayed, presenting the filename of format [hostname]_[date]_[time].journal containing the log events.

View third party licenses

View third party licenses makes all included licenses available in a list.

To view third party licenses, perform the following step:

1. Select View third party licenses... from the main menu.

Factory reset

Factory reset allows for a full reset of the DD Engine. All settings will fall back to default values but the firmware will stay on the latest installed version. The action will reset all configuration of the device, including uploaded certificates, services and passwords.

Factory reset

Step 1Step 2

• Step 1

  Select Factory reset... from the main menu.

  ---

• Step 2

  Select Confirm to trigger the factory reset process. This will take several minutes, process is done once the login view is displayed.