HighSecLabs K304, K308, K304e User Manual

K304x-K308 Secure KM Switch User Manual

User Manual

Models covered in this user manual:
K304 - Secure 4-port KM Switch w/audio

K304E - Secure 4-port KM Switch w/audio and DPP

K308 – Secure 8-port KM Switch w/audio

Rev: 2.9 Doc No: HDC06147

4 & 8 port Secure KM Switch User Manual

Rev

Date

Description of changes

2.4

June 19, 2012

Added K308 device

2.5

July 9, 2012

Web based configuration, function keys

2.6

Sept 19, 2012

Web based configuration process and
default settings updated

2.7

Oct 14, 2012

Changed pre-config. shortcuts (added
F11)

2.8

April 4, 2013

Removed PS/2 from K308

2.9

July 31, 2015

Images and text updated

Table of Content

Introduction ....................................................................................... 2

What is KM? ....................................................................................... 2

Package Contents ............................................................................... 2

Security Features ............................................................................... 3

Operational Features ......................................................................... 4

What is Virtual Display Technology (VDT)? ........................................ 5

Equipment Requirements .................................................................. 6

Safety Precautions ............................................................................. 7

Front Panel Features .......................................................................... 8

Rear Panel Features – K304E ............................................................. 9

Tamper Evident Labels ..................................................................... 10

Before Installation ............................................................................ 13

Installation ....................................................................................... 14

Typical System Sketch – K304E ........................................................ 16

Driver Installation............................................................................. 20

Record of Revisions

Operation ......................................................................................... 21

DPP Operation.................................................................................. 22

Troubleshooting Guide .................................................................... 24

Copyright and Legal Notice .............................................................. 27

1

4 & 8 port Secure KM Switch User Manual

Important: This product is equipped with always-on active
anti-tampering system. Any attempt to open the product
enclosure will activate the anti-tamper triggers and render the
unit inoperable.

If the unit’s enclosure appears disrupted or if all the channel­select LEDs flash continuously, please remove product from
service immediately and contact HSL Technical Support.

Introduction

Thank you for purchasing this HSL Secure KM Switch. This KM Switch
is designed for use in secure defense and intelligence environments
across wide security gaps. This 3rd Generation Secure KM Switch
offers optical data diode per channel. Optical data diodes are used to
prevent data transfer between connected computers running at
different security levels even if these computers attempts to attack
the KM. This product provides the highest security safeguards and

features that meet today’s and will meet future cyber prevention

requirements.

This User Manual provides all the details you’ll need to install and
operate your new product, in addition to troubleshooting guidance—
in the unlikely event of a problem.

What is KM?

There are many cases where one computer user needs to work
simultaneously with few computers. In some cases users are having
multiple displays attached to these multiple computers. The
challenge is how a single user can interact with multiple computers
having multiple displays. KMs would not do a good job for these users
as they were designed to switch displays as well.

Package Contents

Inside product packaging you will find the following:

 HSL Secure KM Switch unit
 12V 1.5 A wall-mounted power Supply (K304x models) or

AC power cable (K308 model)

KM switch is a device that switches a single set of keyboard and
mouse between multiple computers. KM switch is essentially a KM
switch without the video switching - all displays are continuously
connected to their respective computers.

2

4 & 8 port Secure KM Switch User Manual

Security Features

HSL Secure KM Switch is the most advanced and secure commercially
available KM Switch available today. Below is a summary of some of
the security features incorporated into the product.

Unidirectional Data Paths

Optical diodes used to enforce unidirectional data flow from the
peripheral devices to computers preventing potential leakage paths
between computers even in the severe threat of two infected
computers attacking the KM.

No Shared Resources

This KM Switch designed to securely operate even when peripheral
devices are vulnerable to signaling attacks. This KM Switch does not
allow computer access to any shared resource and does not share
controllable power sources.

Dedicated Processors for Emulation

The Switch features a dedicated processor per computer port to
emulate peripheral devices. This keeps each computer running on
different security levels physically separated and secure at all times,
and prevents any unintended data leakage between computers.

USB Ports Protection

Console USB ports are protected from the use of storage and other
unsafe USB devices through strong filtering (independent of
computer protection means). Unqualified devices are rejected when
connected to the Switch. Only mouse and keyboard data are passed
through.

Heavy-duty Steel Enclosure

HSL Secure KM Switches uses thick steel components to protect the
product from physical tampering and to minimize radiated
electromagnetic emissions that can be snooped or intercepted.

Active Always-On Anti-Tamper

Active chassis anti-tamper system prevents the KM electronic
circuitry from being accessed and tampered with by permanently
disabling the product once tampering is detected.

Holographic Tamper-Evident Labels

Four serially numbered holographic security tamper-evident labels
are placed on the enclosure surface to provide a visual indication if
the Switch has been opened or compromised.

Dedicated Peripheral Port (K304E)

Non-Reprogrammable Firmware

The Switch features custom firmware that is not reprogrammable,
preventing the ability to remotely attack the KM control logic.

3

HSL patented Dedicated Peripheral Ports enables secure use of CAC
or smart-card readers leveraging security.

Common Criteria Listing

The Switch is listed by the Common Criteria organization.

4 & 8 port Secure KM Switch User Manual

Operational Features

The HSL Secure KM Switch was designed with the user in mind for
today’s IT environment. Below is a summary of some of the features
incorporated into the Product.

Virtual Display Technology (VDT)

VDT allows the KM to switch automatically between computers once
mouse cursor crosses display borders. Seamless switching between
multiple computers with cusrsor movement.

Support for multiple head

Product can be easily configured to support dual, triple and up to 16
head computers through signed software driver. Note that single
head installation does not need any software installation.

Extensive administrator setup options

Administrator mode provides many customized settings from display
arrangement, size to cursor speed and acceleration.

Dedicate Peripheral Port (K304E only)

HSL K304E Secure KM Switch products supports parallel switching of
wide set of user authentication devices including CAC, smart-card
and biometric readers.

Audio Support

The KM Switch support audio out switching. Microphone switching
not supported to prevent analog leakages through audio ports.

KM Extenders Support

HSL Secure KM Switch supports most copper and fiber KM extenders
connected to the console port.

4

4 & 8 port Secure KM Switch User Manual

What is Virtual Display Technology (VDT)?

Virtual Display Technology (VDT) is implemented in HSL Secure KM
switches series to enable seamless cursor and keyboard switching
between multiple displays. VDT allows administrators to configure
any desired displays configuration with same or different size and
resolution. User simply moves mouse cursor across neighboring
displays to switch between connected computers.

Refer to the example in the figure at the right side. Assume that
computer #1 is connected to the left display, computer #2 is
connected to the top display, computer #3 is connected to the center
bottom display and computer #4 is connected to the display at the
right side. In this example all four displays are identical. VDT allows
the user to move the mouse cursor across the four displays while
automatically switch the shared peripherals based on the current
cusrsor location. For example when the user moves the cursor from
the left display to the center bottom display, the KM identifies the
display boarder crossing between these two displays and switches
the KM to computer #3.

HSL VDT is now further enhanced with the inclusion of pointing
device drivers to support dual, triple and up to 16 head computers.
With this technology user workstation may be integrated with any
combination of single, dual, triple and quad head computers.

VDT Configurator software enables the user administrator to easily
configure any set of display sizes, resolutions, geometry and physical
arrangements.

5

4 & 8 port Secure KM Switch User Manual

Equipment Requirements

Cables

It is highly recommended to use HSL Cable Kits for product to ensure
optimal security and performance.

One Cable Kit is required per connected computer.

Operating Systems

Product is compatible with devices running on the following
operating systems:

• Microsoft® Windows®

• Red Hat®, Ubuntu® and other Linux® platforms

• Mac OS® X v10.3 and higher.

USB Keyboard console port

The product console USB keyboard port is compatible with Standard
USB keyboards.

Notes:

a. For security reasons products do not support wireless

keyboards. In any case do not connect wireless keyboard to
product.

b. Non-standard keyboards, such as keyboards with integrated

USB hubs and other USB-integrated devices, may not be fully
supported due to security policy. If they are supported, only
classical keyboard (HID) operation will be functional. It is
recommended to use standard USB keyboards.

USB Mouse console port

The product console USB mouse port is compatible with standard
USB mice.

Notes:

a. Console USB keyboard and mouse ports are switchable, i.e.

you can connect keyboard to mouse port and vice versa.
However, for optimal operation it is recommended to
connect USB keyboard to console USB keyboard port and
USB mouse to console USB mouse port.

b. Console USB mouse port supports Standard KVM Extender

composite device having a keyboard/mouse functions.

c. For security reasons products do not support wireless mice.

In any case do not connect wireless mouse to product.

PS/2 Mouse and Keyboard console ports

The product console PS/2 keyboard and mouse ports are compatible
with standard PS/2 keyboards and mice.

User Audio Devices

Product is compatible with the following types of user audio
devices:

 Stereo headphones;
 Amplified stereo speakers.

Note: In any case do not connect a microphone to product audio
output port including headsets.

DPP Port (K304E)

The product operates with authorized USB devices plugged into the
console DPP Port, such as USB smart-card reader or Common Access
Card (CAC) reader.

Programming Cable

In order to use HSL’s external configuration tool it is required to
purchase and use HSL USB Type-A to USB Type-A Programming
cable (1.8 m).

6

4 & 8 port Secure KM Switch User Manual

Safety Precautions

Please read the following safety precautions carefully before using
the product:

Before cleaning, disconnect the product from DC or

AC power.

Be sure not to expose the product to excessive

humidity.

Be sure to install the product on a clean secure

surface.

Do not place the DC/AC power cord in a path of foot

traffic.

If the product is not used for a long period of time,

remove the product’s wall-mount power supply from
the mains jack.

If one of the following situations occurs, get the

product checked by a qualified service technician:

The product’s power supply is overheated,

damaged, broken, causes smoke or shortens
the mains power socket.

The product has obvious signs of breakage or

loose internal parts.

The product should be stored and used only in

temperature and humidity controlled environments

as defined in the product’s environmental

specifications.

The wall-mount power supply used with this product

should be the model supplied by the manufacturer
or an approved equivalent provided by HSL or an
authorized service provider. The use of improper
power source will void product warranty.

Liquid penetrates the product’s case.
The product is exposed to excessive moisture

or water.

The product is not working well even after

carefully following the instructions in this
user’s manual.

The product has been dropped or is physically

damaged.

7

4 & 8 port Secure KM Switch User Manual

1

2 3 5b 4 5a

1 – Steel enclosure

2 – DPP (Dedicated Peripheral Port) Freeze push-button and Status LED

3 – DPP channel select LEDs

4 – Channel Select push-buttons and LEDs

5a-5b – Holographic Tamper Evident Labels

Note:

- K304 is identical except for not having DPP freeze LEDs & button

- K308 is identical except for having 8 channel select push buttons and not

having DPP freeze LEDs & button

Front Panel Features

8