Skip to main content
Version: 4.2

Local admin

The DD1000i has two separated console interfaces called Local admin, one for the DATA IN section and one for the DATA OUT section of the device. They are both accessed and managed in the same manner.

Connect to the Local admin
Step 1Step 2Step 3Step 4

  • Connect a keyboard to one of the USB ports, (1) in the image below.

  • Connect a display to the VGA port, (2) in the image below.

  • Power on the DD1000i with power buttons on the DD1000i front.

  • When the login prompt is displayed, log in using
    Username: admin
    Password: see default password (DDE) on the tamper seal on the device front panel.

info

When making changes in Local admin, settings are only applied to the connected section of the DD1000i.

Once logged in, the following main menu options are displayed:

info

When making changes in Local admin, previously configured services might temporarily pause data transfer but will be resumed as quickly as possible.

Required settings at initial setup

When setting up a DD1000i for the first time it is required to set Certificate configuration.

Before using the DD1000i in an operational environment, it is highly recommended to set:

Device configuration

Device configuration includes settings for IP addresses, DNS, certificates for DD Manager communication and hostname. Applying the configuration takes several minutes and therefore it is encouraged to first make all changes in the submenus before selecting Save.

IP configuration

In IP configuration..., IP addresses for the admin interface, ADMIN and data interface, DATA, can be viewed and changed. The IP set for ADMIN will be used to access the DD Manager. The IP set for DATA will be used when transferring data over the diode. DNS can be configured to resolve hostnames into IP addresses.

Default IP addresses are:

  • Upstream Admin: 192.168.0.100
  • Upstream Data: 192.168.1.100
  • Downstream Admin: 192.168.0.101
  • Downstream Data: 192.168.1.101

DNS configuration

DNS servers are used to resolve hostnames into IP addresses. The data interface DNS setting is used to configure the DNS server used by services. Without a configured DNS server, services will be unable to resolve hostnames. The admin interface DNS setting is used to configure the DNS server used by the non-service functionality of the device, e.g., remote logging. Without a configured DNS server, these functions will be unable to resolve hostnames.

When attempting to resolve a hostname, the primary DNS server will be tried first. If it is unreachable, the secondary DNS server, if configured, will be tried instead.

Change IP addresses, default gateways, and DNS servers
Step 1Step 2Step 3Step 4Step 5Step 6Step 7Step 8

  • Select Device configuration... from the DD1000i Upstream or Downstream Configuration menu.

  • Select IP configuration... from the DD1000i Device Configuration menu.

  • The current IP address settings of the Data and Admin interfaces are displayed. Enter IP address and subnet mask on the format [IP address]/[subnet mask].

  • The current default gateways of the Data and Admin interfaces are displayed, if previously configured. If no default gateways are displayed, selecting Configure Default Gateway: will make the Default Gateway: parameter available, if needed.

  • The current primary DNS servers of the Data and Admin interfaces are displayed, if previously configured. If no primary DNS servers are displayed, selecting Configure Primary DNS Server: will make the Primary DNS Server: parameter available, if needed.

  • The current secondary DNS servers of the Data and Admin interfaces are displayed, if previously configured. If no secondary DNS servers are displayed, selecting Configure Secondary DNS Server: will make the Secondary DNS Server: parameter available, if needed.

  • Select Confirm to accept the IP settings and to return to the DD1000i Device Configuration menu.

  • Continue with Certificate or Hostname configuration, or select Save to apply all changes. Saving changes may take several minutes.

warning

It is recommended that all default IP addresses are changed before connecting the DD1000i in an operational environment.

Certificate configuration

In Certificate configuration..., certificates and keys needed for DD Manager access can be uploaded.

See Certificates for information about certificate generation.

warning

Authentication by certificates and keys is required. Without certificates and keys, the DD1000i cannot be configured.

Upload certificates and keys
Step 1Step 2Step 3Step 4Step 5Step 6Step 7Step 8Step 9

  • Create Certificates and make them available on a USB drive. Insert the USB drive into one of the USB ports on the Upstream or Downstream section of the DD1000i.

  • Select Device configuration... from the DD1000i Upstream or Downstream Configuration menu.

  • Select Certificate configuration... from the DD1000i Device Configuration menu.

  • The Certificate Configuration view is displayed, listing required certificates and keys.

  • Select Select file under Client CA and locate the CA certificate that will be used to verify client certificates on the inserted USB drive. The selected .crt file name will be displayed after Selected:.

  • Select Select file under Certificate and locate the Server certificate that will be presented to clients on the inserted USB drive. The selected .crt file name will be displayed after Selected:.

  • Select Select file under Key and locate the key that corresponds with the selected Server certificate on the inserted USB drive. The selected .key file name will be displayed after Selected:.

  • Select Confirm to accept selected certificates and files and to return to the DD1000i Device Configuration menu.

  • Continue with IP or Hostname configuration, or select Save to apply all changes. Saving changes may take several minutes.

Hostname configuration

In Hostname configuration..., the hostname used for identification of the device can be viewed and changed.

The default hostnames are:

  • Upstream: dd1000i-upstream
  • Downstream: dd1000i-downstream
Change hostname
Step 1Step 2Step 3Step 4Step 5

  • Select Device configuration... from the DD1000i Upstream or Downstream Configuration menu.

  • Select Hostname configuration... from the DD1000i Device Configuration menu.

  • The current hostname is displayed. Enter a new hostname to be used, if needed.

  • Select Confirm to accept the hostname.

  • Continue with IP or Certificate configuration, or select Save to apply all changes. Saving changes may take several minutes.

Location configuration

In Location configuration, a user-defined text identifying the physical location of the device can be viewed and changed. By default, the location text is empty. If SNMP is enabled (see Features), the location is available at the sysLocation object (OID .1.3.6.1.2.1.1.6.0). If the location text is empty, the sysLocation object will contain "Unknown".

Change location
Step 1Step 2Step 3Step 4Step 5

  • Select Device configuration... from the main menu.

  • Select Location configuration....

  • The current location is displayed. Enter a new location to be used.

  • Select Confirm to confirm the new location.

  • Once all settings are confirmed for Device configuration..., select Save to apply changes. This will take several minutes.

Access Control configuration

Access Control in DD Manager enables the administrator to enforce authentication and authorization. Users can be given roles which possess different capabilities, controlled by an administrator.

Enter the parameters:

VariableRequiredDescription
Enable Access ControlfalseMust be checked to enable the feature.
ServertrueThe user directory address and port.
Bind Distinguished NametrueThe login DN (distinguished name) to bind to the server.
Bind CredentialstrueThe login password, used for authentication together with Bind Distinguished Name.
Search BasetrueLocation in the directory for where to search for a user.
Search FilterfalseCriteria for filtering the search for a user, defaults to sAMAccountName={{username}}.
CA CertificatetrueThe CA used in the user directory.
Admin GrouptrueName for the user directory group which the initial admin user must be a member of.

Once all parameters have been provided, click Confirm and wait for the configuration to be saved. In the Device Configuration menu, click Save and wait for the configuration to be applied.

warning
  1. It is recommended that the Bind Distinguished Name user only has read rights.
  2. The LDAP server must be hosted on the Admin network.

Read more about Access Control.

Admin password

In Admin password... the administrator can change the password used for administrator access to the Local admin.

The default password can be found on the tamper seal on the DD1000i front panel.

warning

It is recommended that the default password is changed before the DD1000i is placed in an operational environment.

Change administrator password
Step 1Step 2Step 3Step 4Step 5

  • Select Admin password... from the DD1000i Upstream or Downstream Configuration menu.

  • The Change Admin Password view is displayed. Enter the Current password.

  • Enter the New password.

  • Repeat the new password in Reenter new password.

  • Select Confirm to save the new password and return to the DD1000i Upstream or Downstream Configuration menu.

Date and time

In Date and time... the system time can be changed for the system, logs and certificate validation.

Change date and time
Step 1Step 2Step 3Step 4Step 5

  • Select Date and time... from the DD1000i Upstream or Downstream Configuration menu.

  • The Change Date and time view is displayed.

  • The current date is displayed. Enter new date on format yyyy-mm-dd.

  • The current time is displayed. Enter the time on format hh-mm-ss.

  • Select Confirm to save the new date and time and return to the DD1000i Upstream or Downstream Configuration menu.

Export device logs

Export device logs... is used to export log events from the device to a USB drive. The logs are exported ton a .journal file.

Export device logs
Step 1Step 2Step 3Step 4Step 5Step 6

  • Insert a USB drive into one of the USB ports on the Upstream or Downstream section of the DD1000i.

  • Select Export device logs... from the DD1000i Upstream or Downstream Configuration menu.

  • Select the USB drive from the displayed list.

  • Select Confirm to export log events to the USB drive. Exporting log events may take several minutes.

  • When the log events have been copied successfully, a confirmation message is displayed, presenting the filename on format [hostname]_[date]_[time].journal containing the log events.

  • Select Close to return to the DD1000i Upstream or Downstream Configuration menu. Remove the USB drive.

View third party licenses

View third party licenses... displays all licenses.

To view third party licenses, perform the following step:

View third party licenses
Step 1Step 2Step 3

  • Select View third party licenses... from the DD1000i Upstream or Downstream Configuration menu.

  • The third party licenses text is displayed. Scroll the text using the Arrow UP and DOWN keys.

  • Select Close to return to the DD1000i Upstream or Downstream Configuration menu.

Factory reset

Factory reset... allows for a full reset of the DD1000i. All settings will fall back to default values but the firmware will stay on the current version. The action will reset all configuration of the device, including uploaded certificates, services and passwords.

Factory reset
Step 1Step 2
  • Step 1

    Select Factory reset... from the from the DD1000i Upstream or Downstream Configuration menu.

  • Step 2

    A Factory Reset confirmation message is displayed. Select Confirm to trigger the factory reset process. The process may take several minutes.

Loading...