HighSecLabs SC21H-3, SC42DU-3, SC42PU-3, SC42HU-3 User Manual
Section 1 - Introduction
2/4 Ports Secure KVM Combiner User Manual
2/4 Ports Secure KVM Combiner User Manual
Products covered by this manual:
2/4- Ports Secure KVM Combiner
SC21H-3 – HSL Secure SH KVM Combiner 2-Port HDMI video, PP 3.0
SC42DU-3– HSL Secure SH Combiner KVM 4-Port 2x DVI video, w/fUSB, PP 3.0
SC42PU-3 – HSL Secure SH Combiner KVM 4-Port DP in 2x DP video Out, w/fUSB, PP 3.0
SC42HU-3 – HSL Secure SH Combiner KVM 4-Port 2x HDMI video, w/fUSB, PP 3.0
Rev: E
Doc No.: HDC10355
1
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
Table of Contents
Introduction ....................................................................................... 3
Intended Audience ............................................................................. 3
What is a KVM Combiner? ............................................................. 3
Package Contents .......................................................................... 3
Revision .......................................................................................... 3
Safety Precautions ......................................................................... 4
Safety Precautions (French) ........................................................... 5
User Guidance & Precautions ........................................................ 6
Main Features ................................................................................ 8
Tamper Evident Labels .................................................................. 9
Active Anti-Tampering System .................................................... 10
..................................................................................................... 10
Product Enclosure Warning Label ............................................... 10
Equipment Requirements ............................................................ 10
Front Panel Features: .................................................................. 13
Rear Panel Features – SK42HU-3 ................................................. 14
Operation ......................................................................................... 24
System Setup ............................................................................... 24
Dual display installation ............................................................... 26
Operation ..................................................................................... 27
Troubleshooting Guide .................................................................... 39
COPYRIGHT AND LEGAL NOTICE .................................................. 43
..................................................................................................... 14
Rear Panel Features – SK42PU-3 ................................................. 15
Rear Panel Features – SK21PU-3 ................................................. 16
Rear Panel Features – SK42DU-3 ................................................. 17
Product Specifications ................................................................. 18
Before Installation ....................................................................... 19
Installation ....................................................................................... 21
Typical system installation ........................................................... 23
2
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
Important Security Note:
If you are aware of potential security vulnerability while
installing or operating this product, we encourage you to
contact us immediately in one of the following ways:
Web form: http://www.highseclabs.com/support/case/
Email: security@highseclabs.com
Tel: +972-4-9591191 or +972-4-9591192
Important: This product is equipped with always-on active anti-
tampering system. Any attempt to open the product enclosure
will activate the anti-tamper triggers and render the unit
inoperable and warranty void.
Important Security Note:
If you are aware of potential security vulnerability while
installing or operating this product, we encourage you to
contact us immediately in one of the following ways:
Web form: http://www.highseclabs.com/support/case/
Email: security@highseclabs.com
Tel: +972-4-9591191 or +972-4-9591192
Important: This product is equipped with always-on active antitampering system. Any attempt to open the product enclosure
will activate the anti-tamper triggers and render the unit
inoperable and warranty void.
Introduction
Thank you for purchasing this High Sec Labs (HSL) Secure product
designed for use in secure defense and intelligence installations.
The product provides the highest security safeguards and features
that meet today’s IA (information assurance) computing
requirements as defined in the latest PSS Protection Profile Rev 3.0.
This User Manual provides all the details you’ll need to install and
operate your new product.
and video ports. The product was designed and certified National
Security agencies.
Package Contents
Inside product packaging you will find the following:
HSL Secure KVM Product
DC Power Supply for 2 port models, AC Power Cord for 4 port
models
5-button Mouse
User Guidance Documentation
Intended Audience
This document is intended for the following professionals:
• System Administrators/IT Managers
• End Users
What is a KVM Combiner?
There are many cases where one computer user needs to work
simultaneously with few computers. The Secure KVM Combiner
designed to provide users with native windowing environment across
isolated networks. Connected computers may operate at different
isolated networks having different security levels without exposing
the organization to the risks of information leakage through the KVM.
The HSL Secure KVM Combiner switch uses advanced video
processing technology to draw a high resolution dynamic “mosaic” of
images generated by different computer sources. Built-in video
sources isolation forces unidirectional flow of data through the USB
Revision
A – Initial Release, 24 Feb 2015
B – Corrections, 3 April 2015
C – Rev change, 12 May 2015
D – User Guidance updates, 21 June 2015
E – Correction to Features section, 13 August 2015
3
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
Safety Precautions
Please read the following safety precautions carefully before using
the product:
• Before cleaning, disconnect the product from any electrical power
supply.
• Do not expose the product to excessive humidity or moisture.
• Do not store or use for extensive period of time in extreme thermal
conditions – it may shorten product lifetime.
• Install the product only on a clean secure surface.
• If the product is not used for a long period of time, disconnect it
from electrical power.
• If any of the following situations occurs, have the product checked
by an HSL qualified service technician:
o Liquid penetrates the product’s case.
o The product is exposed to excessive moisture, water
or any other liquid.
o The product is not working well even after carefully
following the instructions in this user’s manual.
o The product has been dropped or is physically
damaged.
o The product shows obvious signs of breakage or
loose internal parts.
o In case of external power supply – If power supply
overheats, is broken or damaged, or has a damaged
cable.
• The product should be stored and used only in temperature and
humidity controlled environments as defined in the product’s
environmental specifications.
• Never attempt to open the product enclosure. Any attempt to open
the enclosure will permanently damage the product.
• The product contains a non-replaceable internal battery. Never
attempt to replace the battery or open the enclosure.
• This product is equipped with always-on active anti-tampering
system. Any attempt to open the product enclosure will activate the
anti-tamper triggers and render the unit inoperable and warranty
void.
4
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
Safety Precautions (French)
Veuillez lire attentivement les précautions de sécurité suivantes
avant d’utiliser le produit:
Avant nettoyage, débranchez l’appareil de
l’alimentation DC / AC.
Assurez-vous de ne pas exposer l’appareil à une
humidité excessive.
Assurez-vous d’installer l’appareil sur une surface
sécurisée propre.
Ne placez pas le cordon d’alimentation DC en
travers d’un passage.
Si l’appareil n’est pas utilisé de longtemps, retirez
l’alimentation murale de la prise électrique.
L’appareil devra être rangé uniquement dans des
environnements à humidité et température
contrôlées comme défini dans les caractéristiques
environnementales du produit.
L’alimentation murale utilisée avec cet appareil
devra être du modèle fourni par le fabricant ou un
équivalent certifié fourni par le fabricant ou
fournisseur de service autorisé.
Si une des situations suivantes survenait, faites
vérifier l’appareil par un technicien de
maintenance qualifié:
o En cas d'alimentation externe - L’alimentation
de l’appareil surchauffe, est endommagée,
cassée ou dégage de la fumée
o ou provoque des court circuits de la prise du
secteur.
o Un liquide a pénétré dans le boîtier de
l’appareil.
o L’appareil est exposé à de l’humidité excessive
ou à l’eau.
o L’appareil ne fonctionne pas correctement
même après avoir suivi attentivement les
instructions contenues dans ce guide de
l’utilisateur.
o L’appareil est tombé ou est physiquement
endommagé.
o L’appareil présente des signes évidents de
pièce interne cassée ou desserrée
o L’appareil contient une batterie interne. La
batterie n’est pas remplaçable. N’essayez
jamais de remplacer la batterie car toute
tentative d’ouvrir le boîtier de l’appareil
entraînerait des dommages permanents à
l’appareil.
o Ce produit est équipé d'toujours-sur le système
anti-sabotage active. Toute tentative d'ouvrir
le boîtier du produit va activer le déclencheur
anti-sabotage et de rendre l'unité vide
inutilisable et garantie.
5
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
User Guidance & Precautions
Please read the following User Guidance & Precautions carefully
before using the product:
1. As product powers-up it performs a self-test procedure. In
case of self- test failure for any reason, including jammed
buttons, the product will be Inoperable. Self-test failure will
be indicated by the following abnormal LED behavior:
a. All channel-select LEDs will be turned ON and
then OFF;
b. A specific, predefined LED combination will be
turned ON;
c. The predefined LED combination will indicate the
problem type (jammed buttons, firmware integrity).
Try to power cycle product. If problem persists please
contact your system administrator or technical support.
2. Product power-up and RFD behavior:
a. By default, after product power-up, the active
channel will be computer #1, indicated by the
applicable front panel push button LED lit.
b. Product Restore-to-Factory-Default (RFD) function is
available via a physical control button on rear panel.
Use a sharp object or paper clip to hold RFD button
pressed for several seconds to initiate an RFD action.
c. RFD action will be indicated by front panel LEDs
blinking all together.
d. When product boots after RFD, keyboard and mouse
will be mapped to the active channel #1 and default
settings will be restored, erasing all user-set
definitions.
3. The appropriate usage of peripherals (e.g. keyboard, mouse,
display, authentication device) is described in detail in this
User Manual's appropriate sections. Do not connect any
authentication device with an external power source to
product.
4. For security reasons products do not support wireless
keyboards and mice. In any case do not connect wireless
keyboard/mouse to product.
5. For security reasons products do not support
microphone/line-in audio input. In any case do not connect a
microphone to product audio output port, including
headsets.
6. Product is equipped with always-on active anti-tampering
system. Any attempt to open product enclosure will activate
the anti-tamper system indicated by all channel-select LEDs
flashing continuously. In this case, product will be inoperable
and warranty void. If product enclosure appears disrupted or
if all channel-select LEDs flash continuously, please remove
product from service immediately and contact technical
support.
7. In case a connected device is rejected in the console port
group the user will have the following visual indications:
a. When connecting a non-qualified keyboard, the
keyboard will be non-functional with no visible
keyboard strokes on screen when using the
keyboard.
6
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
b. When connecting a non-qualified mouse, the mouse
will be non-functional with mouse cursor frozen on
screen.
c. When connecting a non-qualified display, the video
diagnostic LED will flash green and video will not
work.
d. When connecting a non-qualified USB device, fUSB
LED will flash green and USB device will be
inoperable.
8. Do not connect product to computing devices:
a. That are TEMPEST computers;
b. That include telecommunication equipment;
c. That include frame grabber video cards;
d. That include special audio processing cards.
9. Product has a remote control port in the back panel labeled
RCU. Do not use this port - it is inoperable and for future use.
10. Important! Before re-allocating computers to channels, it is
mandatory to power cycle product, keeping it powered OFF
for more than 1 minute.
11. Product log access and administrator configuration options
are described in product Administrator Guide.
12. Authentication session will be terminated once product
power is down or user intentionally terminates session.
13. If you are aware of any potential security vulnerability while
installing or operating product, please remove product from
service immediately and contact us in one of the ways listed
in this manual.
7
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
Main Features
Product is designed, manufactured and delivered in securitycontrolled environments. Below is a summary of the main advanced
features incorporated in product:
Advanced isolation between computers and shared peripherals
The emulations of keyboard, mouse and display EDID, prevent direct
contact between computers and shared peripherals. Product design
achieves maximal security by keeping the video path separate with
keyboard and mouse switched together, purging keyboard buffer
when switching channels. All these features contribute to strong
isolation between computer interfaces, maintained even when
product is powered off.
Unidirectional data flow: USB, audio and video
Unique hardware architecture components prevent unauthorized
data flow, including:
Optical unidirectional data flow diodes in the USB data path
that filtrate and reject unqualified USB devices;
Secure analog audio diodes that prevent audio
eavesdropping with no support for microphone or any other
audio-input device;
Video path is kept separate from all other traffic, enforcing
unidirectional native video flow. EDID emulation is done at
power up and blocks all EDID/MCCS writes. For DisplayPort
video, filtration of AUX channel exists to reject unauthorized
transactions.
Isolation of power domains
Complete isolation of power domains prevents signaling attacks.
Secure administrator access & log functions
Product incorporates secure administrator access and log functions
to provide auditable trail for all product security events, including
battery backup life for anti-tampering and log functions. Nonreprogrammable firmware prevents the ability to tamper with
product logic.
Always-on, active anti-tamper system
Active anti-tampering system prevents malicious insertion of
hardware implant such as wireless key-logger inside product
enclosure. Any anti-tampering attempt causes isolation of all
computers and peripheral devices rendering product inoperable and
showing clear indications of tampering event to user.
Holographic security tamper-evident labels are placed on the
enclosure to provide a clear visual indication if product has been
opened or compromised.
Metal enclosure is designed to resist mechanical tampering with all
microcontrollers protected against firmware-read, modification and
rewrite.
Main Features (Cont.)
Video Support
DVI models support DVI-I displays as well as VGA and HDMI
via compatible cables.
DP models support DisplayPort1.1 & 1.2 displays.
HDMI models support HDMI displays.
Dual Display and Resolutions Supported
Products supports dual display and video resolutions of up to 4K-2K
Ultra HD (3840 X 2160 pixels).
8
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
Real-time and real quality video
Pixel-by-pixel video image. No quality loss, latency, reduced colors,
dropped frames or artifacts. Fastest digital video processing
technology available in any KVM today. Less than 30 millisecond
latency.
Easy customization
System mode enables easy customization of channels, colors,
cursors, task-bar, background etc. User programmable buttons
enable quick setting of user defined screen arrangements.
Audio Support
The HSL Secure KVM Combiner supports audio out switching.
Microphone switching is not supported to prevent analog leakages
through audio ports.
Advanced Scaling Function
The HSL Secure KVM Combiner has an advanced scaling function
allowing the user to scale the video source 2x and 4x smaller to assure
good view and superb work experience. User can now fit 4 full HD
sources on a single HD screen by scaling each source and all in real
time with no data loss.
Scale and Tile Modes
Allowing users to focus on a main source while viewing the other
sources or tile all of the sources equally
Filtered USB (fUSB) feature (applicable models)
fUSB feature enables to connect authorized USB devices to product.
Product is designed with complete isolation between fUSB data,
such as user authentication smart card reader data, and all other
product traffic.
The fUSB feature can be managed via Configurable Device Filtering
(CDF) mechanism with configuration permissions limited to
authenticated administrators. For more details please refer to the
"fUSB Configuration Manual".
"Freeze fUSB" feature
Dedicated "Freeze fUSB" push button on front panel enables to lock
this function to a specific channel. When locked, switching channels
will not affect processes performed by the USB device connected to
the locked channel.
"Freeze Audio" feature
Dedicated "Freeze Audio" push button on front panel enables to lock
this function to a specific channel in a way that switching between
channels leaves the audio function locked to current channel.
Tamper Evident Labels
Product uses holographic tamper evident labels to provide visual
indications in case of an enclosure intrusion attempt. When opening
product packaging inspect the tampering evident labels.
If for any reason one or more tamper-evident label is missing,
appears disrupted, or looks different than the example shown here,
please call Technical Support and avoid using that product.
9
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
HSL Tamper Evident Label
Active Anti-Tampering System
Product is equipped with always-on active anti-tampering system. If
mechanical intrusion is detected by this system, the Product will be
permanently disabled and all LEDs will blink continuously.
If product indicates "tampered state" (all LEDs blinking) - please call
Technical Support and avoid using that product.
Product Enclosure Warning Label
Product has the following warning sticker placed in a prominent
location on product enclosure:
Equipment Requirements
Cables
10
It is highly recommended to use HSL Cable Kits for product to ensure
optimal security and performance.
One Cable Kit is required per connected computer.
Operating Systems
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
Product is compatible with devices running on the following
operating systems:
• Microsoft® Windows®
• Red Hat®, Ubuntu® and other Linux® platforms
• Mac OS® X v10.3 and higher.
USB Keyboard console port
The product console USB keyboard port is compatible with
Standard USB keyboards.
Notes:
a. Console USB keyboard and mouse ports are switchable,
i.e. you can connect keyboard to mouse port and vice
versa. However, for optimal operation it is
recommended to connect USB keyboard to console USB
keyboard port and USB mouse to console USB mouse
port.
b. For security reasons products do not support wireless
keyboards. In any case do not connect wireless
keyboard to product.
c. Non-standard keyboards, such as keyboards with
integrated USB hubs and other USB-integrated devices,
may not be fully supported due to security policy. If they
are supported, only classical keyboard (HID) operation
will be functional. It is recommended to use standard
USB keyboards.
USB Mouse console port
The product console USB mouse port is compatible with
standard USB mice.
Notes:
a. Console USB keyboard and mouse ports are switchable,
i.e. you can connect keyboard to mouse port and vice
versa. However, for optimal operation it is
recommended to connect USB keyboard to console USB
keyboard port and USB mouse to console USB mouse
port.
b. Console USB mouse port supports Standard KVM
Extender composite device having a keyboard/mouse
functions.
c. For security reasons products do not support wireless
mice. In any case do not connect wireless mouse to
product.
PS/2 Mouse and Keyboard console ports
The product console PS/2 keyboard and mouse ports are
compatible with standard PS/2 keyboards and mice.
Video Support
DVI models support DVI-I displays as well as VGA and HDMI
via compatible cables.
DP models support DisplayPort1.1 & 1.2 displays.
HDMI models support HDMI displays.
Resolutions Supported
11
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
Products support video resolutions of up to 4K-2K Ultra HD (3840 X
2160 pixels).
User Audio Devices
Product is compatible with the following types of user audio
devices:
Stereo headphones;
Amplified stereo speakers.
Note: In any case do not connect a microphone to product audio
output port including headsets.
fUSB Port (applicable models)
The product operates with authorized USB devices plugged into the
console fUSB Port, such as USB smart-card reader or Common Access
Card (CAC) reader.
By default, authentication devices such as smart card readers and
CACs are authorized for use.
For authorizing additional USB devices to work with product,
Configurable Device Filtering (CDF) mechanism is used with
configuration permissions limited to authenticated administrators.
For more details please refer to the "fUSB Configuration Manual".
12
2/4 Ports Secure KVM Combiner User Manual
Section 4 - Operation
Front Panel Features:
13
Loading...