Overview

DD Engine @ DD1000i is a Data Diode with integrated proxies. The Data Diode is a hardware device containing an optical fiber with a transmitter on one side and a receiver on the other, thus guaranteeing one-way communication. The hardware device is surrounded by two proxy servers, enabling efficient and reliable information transfer from the source network to the destination network.

The proxy server connected to the source network, provides services translating bidirectional communication into a unidirectional protocol that can be transferred through the Data Diode hardware. The proxy on the destination network, receives and recreates the original data before it is sent to the intended receiver.

The integrated proxy servers facilitate architecture design and cause minimal impact on existing systems while providing the means to take control of the information flow between security domains.

System components & functions

The DD Engine @ DD1000i consists of the following components:

• DD1000i - The physical device that is connected between the two networks that should exchange information.

• DDE Upstream proxy - An integrated server with DD Engine firmware. Managing data transfer, protocol services on the source network and hosting the DD Manager.

• Upstream DD Manager - An administration tool allowing an administrator to manage the Upstream DD Engine.

• DDE Downstream proxy - An integrated server with DD Engine firmware. Managing data transfer, protocol services on the destination network and hosting the DD Manager.

• Downstream DD Manager - An administration tool allowing an administrator to manage the Downstream DD Engine.

• Services - Enables protocol specific communication between networks over the Data Diode. A DD Engine can host several services. See Services for further information about available protocols.

Information flow

When a message is sent from one network to another where both networks are connected to a DD Engine @ DD1000i, the Upstream proxy validates the format of the data. If the format is approved, the data is transferred over the Diode to the Downstream proxy where the message is reconstructed and sent to the intended receiver on the other network.

The following activities are performed:

Step 1Step 2Step 3Step 4Step 5Step 6Step 7Step 8Step 9

• Data is sent to the DATA IN port on the DD1000i.

• The data packages are collected in the DDE Upstream proxy.

• The entire message is restored.

• The message is divided according to the loaded Service.

• The content is structured to fit the internal service.

• The content is transferred uni-directionally, through the Data Diode, to the DDE Downstream proxy.

• The entire message is restored.

• The message is divided into data packages.

• The data packages are sent on the DATA OUT port to the intended receiver.

Recommended workflow

The following information describes a typical procedure when setting up a DD Engine @ DD1000i for the first time.

The following activities are performed:

Step 1Step 2Step 3Step 4Step 5

• Mount and connect the hardware according to the instructions in Setup.

• Generate required certificates and keys (see Certificates).

• Access Local admin to configure device. This includes setting IP addresses for ports and importing certificates.

• On the computer which will communicate with the DD Manager, import generated certificates in a web browser (see Administration interfaces).

• In the web browser, access the DD Manager interface and Configure the device with Service Channels and Features.

warning

The setup procedure must be performed so that both sides of the DD Engine @ DD1000i device are properly configured.