HighSecLabs K202B, K202D User Manual
K202B/D Secure KVM Switch User Manual
User Manual
Models:
K202B – Secure 2-port DVI-I KVM Switch w/audio
K202D – Secure 2-port DVI-D KVM Switch w/audio
Rev: 2.3 Doc No : HDC06143
K202B/D 2-Port Secure KVM Switch
1
K202B/D Secure KVM Switch User Manual
Table of Content
Section 1 – Introduction 2
Package Content 2
Section 2 – Overview 2
Security Features 3
Operational Features 5
Equipment Requirements 6
Safety Precautions 9
Front Panel Features 10
Rear Panel Features 11
Tamper Evident Labels 12
Active Anti-Tampering System 12
Product Specifications 13
Section 3 – Installation 14
Before Installation 14
Installation 15
Section 4 – Operation 18
Operation 18
Section 5 – Troubleshooting 19
Troubleshooting Guide 19
High Sec Labs Warranty Programs 22
High Sec Labs Limited Warranty Terms and Conditions 22
High Sec Labs Security Procedures 24
COPYRIGHT AND LEGAL NOTICE 25
Record of Revisions
Rev Date Description of changes
1.0 Nov 11, 2010 Initial release
1.1 Nov 20, 2011 Internal review for CC evaluation
2.1 Dec 30, 2011 Released for customers
2.2 Feb 4, 2012 Added security procedures text
2.3 April 19, 2012 Added support for composite
device
2
K202B/D Secure KVM Switch User Manual
Introduction
Thank you for purchasing this HSL Small Form-Factor Secure KVM
Switch. This KVM Switch is designed for use in secure defense and
intelligence environments across wide security gaps. This 3rd
Generation Secure KVM Switch offers optical data diode per
channel. Optical data diodes are used to prevent data transfer
between connected computers running at different security levels
even if these computers attempts to attack the KVM. This product
provides the highest security safeguards and features that meet
today’s and will meet future cyber prevention requirements.
This User Manual provides all the details you’ll need to install and
operate your new Switch, in addition to troubleshooting guidance—
in the unlikely event of a problem.
Package Contents
Inside product packaging you will find the following:
• K202B/D Secure KVM Switch unit
• 12V 1A DC Power Supply
• DVI to VGA adapter plug (K204B only)
• This User Manual
Important: This product is equipped with always-on active anti-tampering system. Any attempt to
open the product enclosure will activate the anti-tamper triggers and render the unit inoperable.
If the unit’s enclosure appears disrupted or if the two channel-select LEDs flash continuously, please
remove product from service immediately and contact HSL Technical Support.
Section 1 - Introduction
3
K202B/D Secure KVM Switch User Manual
Security Features
HSL Secure KVM Switch is the most advanced and secure
commercially available KVM Switch available today. This product is a
derivative of high security KVM product used in newest NATO
nuclear submarines. Below is a summary of some of the security
features incorporated into the product.
Unidirectional Data Paths
Optical diodes used to enforce unidirectional data flow from the
peripheral devices to computers preventing potential leakage paths
between computers even in the severe threat of two infected
computers attacking the KVM.
No Shared Resources
This KVM Switch designed to securely operate even when
peripheral devices are vulnerable to signaling attacks. This KVM
Switch does not allow computer access to any shared resource and
does not share controllable power sources.
Dedicated Processors for Emulation
The Switch features a dedicated processor per computer port to
emulate peripheral devices. This keeps each computer running on
different security levels physically separated and secure at all times,
and prevents any unintended data leakage between computers.
Non-Reprogrammable Firmware
The Switch features custom firmware that is not reprogrammable,
preventing the ability to remotely attack the KVM control logic.
EDID Emulation and Firewall
HSL Secure KVM Switch blocks the computer access to the shared
display by using isolated EDID emulators. This arrangement together
with the internal EDID firewall protects from KVM attacks targeting
the external memory effect of the shared display.
USB Ports Protection
Console USB ports are protected from the use of storage and other
unsafe USB devices through strong filtering (independent of
computer protection means). Unqualified devices are rejected when
connected to the Switch. Only mouse and keyboard data are passed
through.
Heavy-duty Steel Enclosure
HSL Secure KVM Switches uses thick steel components to protect
the product from physical tampering and to minimize radiated
electromagnetic emissions that can be snooped or intercepted.
Active Always-On Anti-Tamper
Active chassis anti-tamper system prevents the KVM electronic
circuitry from being accessed and tampered with by permanently
disabling the product once tampering is detected.
Holographic Tamper-Evident Labels
Serially numbered holographic security tamper-evident label is
placed on the switch enclosure to provide a visual indication if the
switch has been opened or compromised.
Section 2 - Overview
4
K202B/D Secure KVM Switch User Manual
High Inter-Channel Analog Isolation
HSL Secure KVM Switches offer exceptionally high isolation between
computer channels to prevent analog leakages across the KVM.
Secure Packaging
“Tear away” packaging ensures secure delivery of the Switch as it is
routed to the end user.
Common Criteria EAL-4 Listing
The Switch is listed by the Common Criteria organization. It is
Common Criteria validated to EAL 4+ (Evaluation Assurance Level 4)
to assure the highest level of protection. Product complies with
standard higher than NIAP Protection Profile 2.1.
Section 2 - Overview
5
K202B/D Secure KVM Switch User Manual
Operational Features
The HSL Secure KVM Switch was designed with the user in mind for
today’s IT environment. Below is a summary of some of the features
incorporated into the Product.
USB Support
HSL Secure KVM Switch product designed and tested to support the
widest variety of USB keyboards and mice.
Keyboard Shortcuts Support
HSL Secure KVM Switch is the only Secure KVM that supports
keyboard shortcuts switching mode while providing highest level of
isolation.
DVI-I and HDMI Support
The K202B model supports both digital (DVI-D and HDMI) and
analog video (VGA) displays and video cards.
Audio Support
Switch support audio out switching. Microphone switching not
supported to prevent analog leakages through audio ports.
Display Diagnostic LED
Special display diagnostic LED near console display connector
provides essential guidance during installation.
KVM Extenders Support
HSL Secure KVM Switch supports most copper and fiber KVM
extenders connected to the console port.
Section 2 - Overview
6
K202B/D Secure KVM Switch User Manual
Equipment Requirements
Cables
HSL highly recommends you use HSL Cable Kits for your Switch to
help ensure superior security and performance. These cables offer
the highest quality possible to ensure optimal data and video
transmission.
One Cable Kit is required per connected computer.
Smart Cables from Belkin enables video conversion from computer
VGA output to DVI-D KVM input to enable legacy video mix with
newer DVI computers and display.
Note (K202B only): If VGA display will be used then all computers
must be connected through VGA interface. If one computer is VGA
only then all other computers must be connected through VGA and
display must support DVI-I or VGA.
How to order?
To connect: Use: Order No.
Computer keyboard,
mouse, DVI-D single-link
display
KVM Cable short (1.8 m),
DVI-D to DVI-D Single-Link,
USB, Black
CPN05485
Computer VGA video
output (K202B only)
KVM Cable short (1.8 m),
DVI-A to VGA, USB, Black
CPN05489
Computer audio output KVM Cable short (1.8 m),
Audio Out, Black-Green
CPN05490
Computer VGA output
(display and other
computers are DVI)
KVM Smart-Cable VGA PC to
DVI KVM converter cable
with USB type A to USB type
B, 6ft (1.8 m), black
CPN06011
KVM DVI-I video output
to VGA only display
(K202B only)
DVI-I to VGA display adapter
CPN05492
Section 2 - Overview
Important: The use of cables other than those provided by HSL is
not recommended. Use of other cables may affect system security,
may permanently damage the product and may void product
warranty.
7
K202B/D Secure KVM Switch User Manual
Computers
The Switch is compatible with computers, thin-clients, servers and
laptops running on, but not limited to, the following OS platforms:
• Windows® 2000
• Windows XP (Home/Professional)
• Windows 2003 Server
• Windows 7
• Windows Vista®
• Red Hat® Linux®
• Ubuntu® Linux®
• Other Linux distributions
• Mac OS® X v10.3 and higher.
Laptop docking stations having DVI, VGA or HDMI display output are
supported.
For latest compatibility list see HSL website or contact HSL support.
USB Keyboard console port
The Switch USB keyboard console port is compatible with the
following types of devices:
• Standard USB keyboard (excluding devices having other
internal functions such as USB hub, or composite device);
and:
• Bar-code readers emulating USB keyboard.
USB Mouse console port
The Switch USB mouse console port is compatible with the following
types of devices:
• Standard USB mouse (excluding USB hubs or other USB
functions in composite device); or
• Standard USB keyboard or Standard KVM Extender
composite device having a keyboard/mouse functions
User Display
The Switch is compatible with the following types of displays:
• VGA; or:
• DVI-D Single-link; or:
• HDMI (adapter to DVI needed); or:
• DVI-I.
Note that all computers connected must support the same video
interface selected for the user display.
User Audio Devices
The Switch is compatible with the following types of user audio
devices:
• Stereo headset; or:
• Amplified stereo speakers.
Remote User Extension
The Switch is compatible with the following types of Remote Fiber
Extender device:
• HSL RFE720 Secure Remote Fiber Extender device
connected to the switch console ports; or:
• HSL RFE740 Secure Remote Fiber Extender device
connected to the switch console ports.
Section 2 - Overview
Loading...