Setup

Setting up a DD Engine starts with connecting all the hardware components. By connecting a display and a keyboard to one side of the DD Engine, the Local admin interface can be reached. In Local admin, port interfaces, IP addresses and certificates must be included before the device can be managed remotely.

Hardware setup

Connect hardware

Step 1Step 2Step 3Step 4Step 5Step 6

• Connect the data sender to the Upstream host machine IN port.

  danger

  Make sure the source network (sending) is connected to the IN port.

• Connect the Upstream host machine OUT port to the data diode IN port with an ethernet cable.

• Connect the Downstream host machine IN port to the data diode OUT port with an ethernet cable.

• Connect the Downstream host machine OUT port to the data receiver.

  danger

  Make sure the destination network (receiving) is connected to the OUT port.

• Connect the Upstream host machine ADMIN port to a network or standalone computer for remote administration of the Upstream Proxy.

• Connect the Downstream host machine ADMIN port to a network or standalone computer for remote administration of the Downstream Proxy.

  danger

  Each side of the DD Engine should be administered from separate networks.

tip

Using high quality FTP network cables to connect the DD Engine system will exclude potential problems with radiating signals and interference between networking devices.

Firmware installation

The DD Engine firmware must be installed on the two DD Engine host machines. The firmware can be prepared from any Linux device. A USB drive with minimum 12 GB is required to transport the firmware.

Follow the steps below and repeat them for both the Upstream and Downstream host machines.

Firmware installation

Step 1Step 2Step 3Step 4Step 5Step 6Step 7Step 8Step 9

• Download the latest version of the DD Engine installer (.raw.gz), see Downloads.

• Decompress the .raw.gz file with the following command:

  gunzip {PATH_TO_RAW.GZ_FILE}

  This will delete the .raw.gz file and replace it with a .raw file.

• Insert a USB drive and ensure that it is not mounted.

• Run the following command:

  dd if={PATH_TO_DDE_INSTALLER_RAW_FILE} of={PATH_TO_USB_DRIVE} status=progress conv=sync,sparse bs=4M && sync

  warning

  Running this command will destroy all previous data on the USB drive.

• Insert the USB drive into the DD Engine Downstream host machine and reboot the device. It must be booted from the USB drive.

  tip

  The boot order might require editing from the BIOS menu.

• Once the DD Engine Installer menu appears, select Install DD Engine Downstream and Confirm.

• Once prompted to enter a default password, enter a password with at least 8 characters. Repeat the password and Confirm.

• Once the installation is done, remove the USB drive. Then select Reboot in the menu and Confirm. It must be booted from the hard drive.

  tip

  The boot order might require editing from the BIOS menu.

• Repeat step 4-7 on the DD Engine Upstream host machine.

Default configuration

The DD Engine is delivered with the following default IP configuration:

Port	IP Address	Subnet mask
ADMIN (DATA IN section)	192.168.0.100	255.255.255.0
DATA IN	192.168.1.100	255.255.255.0
ADMIN (DATA OUT section)	192.168.0.101	255.255.255.0
DATA OUT	192.168.1.101	255.255.255.0

All IP addresses can be reconfigured in Local admin.

info

Whenever the DD Engine shall be connected to an operational environment, all IP addresses should be changed to suit existing organisational IP plan.

Administration interfaces

The Upstream and Downstream proxies must be configured to be able to send data through the DD Engine. There are two different interfaces for configuring the device and its services:

• Local admin - requires physical access to the DD Engine host machine with a connected display and keyboard. Allows for low level configuration of the device, changing admin password and exporting logs. Initial installation of a DD Engine requires some settings to be set in Local admin.
• DD Manager - allows for remote control of the DD Engine with HTTPS. It can be accessed through a web browser interface. Enables management of Services, Features and firmware. For more information see Configure.

While HTTPS is used to interact with the DD Manager interface on both the DDE Upstream and Downstream proxies, the Local admin interface is used to interact directly with the operating system on both proxies.

Local admin

The Local admin requires physical access to the DD Engine host machine and involves connecting a display and keyboard to the device. It is described in detail in Local admin.

Connect to the DD Engine Local admin

Step 1Step 2Step 3

• Connect a display to the VGA port and a keyboard to one of the USB ports.

• Power on the DD Engine host machine.

• When the login prompt is displayed, log in using:
  Username: admin
  Password: the password set during Firmware installation.

DD Manager

The DD Engine web interface, that is available for administration and configuration of services, respectivly for the Upstream and Downstream proxies (connecting to the ADMIN port). To be able to access the DD Manager securely, a client certificate must be imported to the web browser. For more information about DD Manager actions see Configure.

Connect to the DD Manager

Step 1Step 2

• Step 1

  Import a client certificate to the web browser, see Certificates.

  ---

• Step 2

  Enter https://<admin_ip> in the web browser to connect to the DD Manager. The address is your <admin_ip> configured in Local Admin.

Device startup

When a DD Engine host machine is powered on, it performs a number of tasks before being ready for traffic and other functions:

1. Power on both host machines of the DD Engine and the hardware data diode.
2. Self tests are performed.
3. Available configuration is loaded.
4. The DD Engine is ready to handle traffic.