Overview
DD Engine @ DD1000i is a Data Diode with integrated proxies. The Data Diode is a hardware device containing an optical fiber with a transmitter on one side and a receiver on the other, thus guaranteeing one-way communication. The hardware device is surrounded by two proxy servers, enabling efficient and reliable information transfer from the source network to the destination network.
The proxy server connected to the source network, provides services translating bidirectional communication into a unidirectional protocol that can be transferred through the Data Diode hardware. The proxy on the destination network, receives and recreates the original data before it is sent to the intended receiver.
The integrated proxy servers facilitate architecture design and cause minimal impact on existing systems while providing the means to take control of the information flow between security domains.
System components & functions
The DD Engine @ DD1000i consists of the following components:
-
DD1000i - The physical device that is connected between the two networks that should exchange information.
-
DDE Upstream proxy - An integrated server with DD Engine firmware. Managing data transfer, protocol services on the source network and hosting the DD Manager.
-
Upstream DD Manager - An administration tool allowing an administrator to manage the Upstream DD Engine.
-
DDE Downstream proxy - An integrated server with DD Engine firmware. Managing data transfer, protocol services on the destination network and hosting the DD Manager.
-
Downstream DD Manager - An administration tool allowing an administrator to manage the Downstream DD Engine.
-
Services - Enables protocol specific communication between networks over the Data Diode. A DD Engine can host several services. See Services for further information about available protocols.
DD1000i internal component overview.
Information flow
When a message is sent from one network to another where both networks are connected to a DD Engine @ DD1000i, the Upstream proxy validates the format of the data. If the format is approved, the data is transferred over the Diode to the Downstream proxy where the message is reconstructed and sent to the intended receiver on the other network.
Data is sent to the DATA IN port on the DD1000i.
Recommended workflow
The following information describes a typical procedure when setting up a DD Engine @ DD1000i for the first time.
Mount and connect the hardware according to the instructions in Setup.
The setup procedure must be performed so that both sides of the DD Engine @ DD1000i device are properly configured.