HighSecLabs SK21D-3, SK21P-3, SK21H-3 User Manual

1

Section 1 - Introduction

2-PORT SINGLE-HEAD SECURE KVM: SK21D-3 – DVI-I VIDEO, SK21P-3 – DISPLAYPORT VIDEO, SK21H-3 – HDMI VIDEO

Products covered by this manual:

2-Port Single-Head Secure KVMs:

 SK21D-3 – DVI-I Video

 SK21P-3 – DisplayPort Video



SK21H-3 – HDMI Video

Rev: E
Doc No.: HDC10346

2-Port Single-Head Secure KVM Switch User Manual

2

2-PORT SINGLE-HEAD SECURE KVM: SK21D-3 – DVI-I VIDEO, SK21P-3 – DISPLAYPORT VIDEO, SK21H-3 – HDMI VIDEO

Table of Contents

Introduction ....................................................................................... 3

Intended Audience ............................................................................. 3

Package Contents .......................................................................... 3

Revision .......................................................................................... 3

Safety Precautions ......................................................................... 4

Safety Precautions (French) ........................................................... 5

User Guidance & Precautions ........................................................ 6

Main Features ................................................................................ 8

Tamper Evident Labels ................................................................ 10

Active Anti-Tampering System .................................................... 10

Product Enclosure Warning Label ............................................... 10

Equipment Requirements ............................................................ 11

Front Panel Features – SK21D-3 (DVI-I); SK21P-3 (DP); SK21H-3

(HDMI) ......................................................................................... 13

Rear Panel Features – SK21D-3 ................................................... 14

Product Specifications ................................................................. 15

Before Installation ....................................................................... 16

Installation ....................................................................................... 17

Typical system installation ........................................................... 18

Operation ......................................................................................... 19

Operating the Product ................................................................. 19

Troubleshooting Guide .................................................................... 21

COPYRIGHT AND LEGAL NOTICE .................................................. 24

3

Section 1 - Introduction

2-PORT SINGLE-HEAD SECURE KVM: SK21D-3 – DVI-I VIDEO, SK21P-3 – DISPLAYPORT VIDEO, SK21H-3 – HDMI VIDEO

Introduction

Thank you for purchasing this High Sec Labs (HSL) Secure product
designed for use in secure defense and intelligence installations.
The product provides the highest security safeguards and features

that meet today’s IA (information assurance) computing

requirements as defined in the latest PSS Protection Profile Rev 3.0.

This User Manual provides all the details you’ll need to install and

operate your new product.

Intended Audience

This document is intended for the following professionals:

• System Administrators/IT Managers

• End Users

Package Contents

Inside product packaging you will find the following:

 HSL Secure KVM Product
 DC Power Supply
 User Guidance Documentation

Revision

A – Initial Release, 24 Feb 2015

B – Corrections, 28 March 2015

C – Rev change, 12 May 2015

D – User Guidance updates, 21 June 2015

E – Correction to Features section, 13 August 2015

Important Security Note:

If you are aware of potential security vulnerability while
installing or operating this product, we encourage you to
contact us immediately in one of the following ways:

 Web form: http://www.highseclabs.com/support/case/
 Email: security@highseclabs.com
 Tel: +972-4-9591191 or +972-4-9591192

Important: This product is equipped with always-on active anti­tampering system. Any attempt to open the product enclosure
will activate the anti-tamper triggers and render the unit
inoperable and warranty void.

4

2-PORT SINGLE-HEAD SECURE KVM: SK21D-3 – DVI-I VIDEO, SK21P-3 – DISPLAYPORT VIDEO, SK21H-3 – HDMI VIDEO

Section 4 - Operation

Safety Precautions

Please read the following safety precautions carefully before using
the product:

• Before cleaning, disconnect the product from any electrical power

supply.

• Do not expose the product to excessive humidity or moisture.

• Do not store or use for extensive period of time in extreme thermal
conditions – it may shorten product lifetime.

• Install the product only on a clean secure surface.

• If the product is not used for a long period of time, disconnect it

from electrical power.

• If any of the following situations occurs, have the product checked

by an HSL qualified service technician:

o Liquid penetrates the product’s case.
o The product is exposed to excessive moisture, water

or any other liquid.

o The product is not working well even after carefully

following the instructions in this user’s manual.

o The product has been dropped or is physically

damaged.

o The product shows obvious signs of breakage or

loose internal parts.

o In case of external power supply – If power supply

overheats, is broken or damaged, or has a damaged
cable.

• The product should be stored and used only in temperature and

humidity controlled environments as defined in the product’s
environmental specifications.

• Never attempt to open the product enclosure. Any attempt to open
the enclosure will permanently damage the product.

• The product contains a non-replaceable internal battery. Never
attempt to replace the battery or open the enclosure.

• This product is equipped with always-on active anti-tampering
system. Any attempt to open the product enclosure will activate the
anti-tamper triggers and render the unit inoperable and warranty
void.

5

2-PORT SINGLE-HEAD SECURE KVM: SK21D-3 – DVI-I VIDEO, SK21P-3 – DISPLAYPORT VIDEO, SK21H-3 – HDMI VIDEO

Section 4 - Operation

Safety Precautions (French)

Veuillez lire attentivement les précautions de sécurité suivantes
avant d’utiliser le produit:

 Avant nettoyage, débranchez l’appareil de

l’alimentation DC / AC.

 Assurez-vous de ne pas exposer l’appareil à une

humidité excessive.

 Assurez-vous d’installer l’appareil sur une surface

sécurisée propre.

 Ne placez pas le cordon d’alimentation DC en

travers d’un passage.

 Si l’appareil n’est pas utilisé de longtemps, retirez

l’alimentation murale de la prise électrique.

 L’appareil devra être rangé uniquement dans des

environnements à humidité et température
contrôlées comme défini dans les caractéristiques
environnementales du produit.

 L’alimentation murale utilisée avec cet appareil

devra être du modèle fourni par le fabricant ou un
équivalent certifié fourni par le fabricant ou
fournisseur de service autorisé.

 Si une des situations suivantes survenait, faites

vérifier l’appareil par un technicien de

maintenance qualifié:

o En cas d'alimentation externe - L’alimentation

de l’appareil surchauffe, est endommagée,

cassée ou dégage de la fumée

o ou provoque des court circuits de la prise du

secteur.

o Un liquide a pénétré dans le boîtier de

l’appareil.

o L’appareil est exposé à de l’humidité excessive

ou à l’eau.

o L’appareil ne fonctionne pas correctement

même après avoir suivi attentivement les
instructions contenues dans ce guide de
l’utilisateur.

o L’appareil est tombé ou est physiquement

endommagé.

o L’appareil présente des signes évidents de

pièce interne cassée ou desserrée

o L’appareil contient une batterie interne. La

batterie n’est pas remplaçable. N’essayez

jamais de remplacer la batterie car toute

tentative d’ouvrir le boîtier de l’appareil

entraînerait des dommages permanents à
l’appareil.

o Ce produit est équipé d'toujours-sur le système

anti-sabotage active. Toute tentative d'ouvrir
le boîtier du produit va activer le déclencheur
anti-sabotage et de rendre l'unité vide
inutilisable et garantie.

6

2-PORT SINGLE-HEAD SECURE KVM: SK21D-3 – DVI-I VIDEO, SK21P-3 – DISPLAYPORT VIDEO, SK21H-3 – HDMI VIDEO

Section 4 - Operation

User Guidance & Precautions

Please read the following User Guidance & Precautions carefully
before using the product:

1. As product powers-up it performs a self-test procedure. In

case of self- test failure for any reason, including jammed
buttons, the product will be Inoperable. Self-test failure will
be indicated by the following abnormal LED behavior:

a. All channel-select LEDs will be turned ON and

then OFF;

b. A specific, predefined LED combination will be

turned ON;

c. The predefined LED combination will indicate the

problem type (jammed buttons, firmware integrity).
Try to power cycle product. If problem persists please
contact your system administrator or technical support.

2. Product power-up and RFD behavior:

a. By default, after product power-up, the active

channel will be computer #1, indicated by the

applicable front panel push button LED lit.

b. Product Restore-to-Factory-Default (RFD) function is

available via a physical control button on rear panel.

Use a sharp object or paper clip to hold RFD button

pressed for several seconds to initiate an RFD action.

c. RFD action will be indicated by front panel LEDs

blinking all together.

d. When product boots after RFD, keyboard and mouse

will be mapped to the active channel #1 and default

settings will be restored, erasing all user-set

definitions.

3. The appropriate usage of peripherals (e.g. keyboard, mouse,

display, authentication device) is described in detail in this
User Manual's appropriate sections. Do not connect any
authentication device with an external power source to
product.

4. For security reasons products do not support wireless

keyboards and mice. In any case do not connect wireless
keyboard/mouse to product.

5. For security reasons products do not support

microphone/line-in audio input. In any case do not connect a
microphone to product audio output port, including
headsets.

6. Product is equipped with always-on active anti-tampering

system. Any attempt to open product enclosure will activate
the anti-tamper system indicated by all channel-select LEDs
flashing continuously. In this case, product will be inoperable
and warranty void. If product enclosure appears disrupted or
if all channel-select LEDs flash continuously, please remove
product from service immediately and contact technical
support.

7. In case a connected device is rejected in the console port

group the user will have the following visual indications:

a. When connecting a non-qualified keyboard, the

keyboard will be non-functional with no visible
keyboard strokes on screen when using the
keyboard.

b. When connecting a non-qualified mouse, the mouse

will be non-functional with mouse cursor frozen on
screen.

7

2-PORT SINGLE-HEAD SECURE KVM: SK21D-3 – DVI-I VIDEO, SK21P-3 – DISPLAYPORT VIDEO, SK21H-3 – HDMI VIDEO

Section 4 - Operation

c. When connecting a non-qualified display, the video

diagnostic LED will flash green and video will not

work.

d. When connecting a non-qualified USB device, fUSB

LED will flash green and USB device will be

inoperable.

8. Do not connect product to computing devices:
a. That are TEMPEST computers;
b. That include telecommunication equipment;
c. That include frame grabber video cards;
d. That include special audio processing cards.

9. Product has a remote control port in the back panel labeled

RCU. Do not use this port - it is inoperable and for future use.

10. Important! Before re-allocating computers to channels, it is

mandatory to power cycle product, keeping it powered OFF
for more than 1 minute.

11. Product log access and administrator configuration options

are described in product Administrator Guide.

12. Authentication session will be terminated once product

power is down or user intentionally terminates session.

13. If you are aware of any potential security vulnerability while

installing or operating product, please remove product from
service immediately and contact us in one of the ways listed
in this manual.

8

2-PORT SINGLE-HEAD SECURE KVM: SK21D-3 – DVI-I VIDEO, SK21P-3 – DISPLAYPORT VIDEO, SK21H-3 – HDMI VIDEO

Section 4 - Operation

Main Features

Product is designed, manufactured and delivered in security­controlled environments. Below is a summaty of the main advanced
features incorporated in product:

NIAP PPS Ver. 3.0 compliant

HSL product is designed from scratch to comply with latest NIAP PPS
ver. 3.0 standard. Thoroughly tested, product meets international
NIAP security requirements and covers latest technologies:

 Optimized for USB (USB 1.1, 2.0, 3.0 and Type C) to support

newest peripherals;

 Optimized for HDMI and DisplayPort video;
 Enables newer protocols such as MHL to support mobile

devices and not only computers;

 Supports modern user interaction modes, such as cursor

control, touch-screen, multi-touch, and more.

Advanced isolation between computers and shared peripherals

The emulations of keyboard, mouse and display EDID, prevent direct
contact between computers and shared peripherals. Product design
achieves maximal security by keeping the video path separate with
keyboard and mouse switched together, purging keyboard buffer
when switching channels. All these features contribute to strong
isolation between computer interfaces, maintained even when
product is powered off.

Unidirectional data flow: USB, audio and video

Unique hardware architecture components prevent unauthorized
data flow, including:

 Optical unidirectional data flow diodes in the USB data path

that filtrate and reject unqualified USB devices;

 Secure analog audio diodes that prevent audio

eavesdropping at TEMPEST level with no support for
microphone or any other audio-input device;

 Video path is kept separate from all other traffic, enforcing

unidirectional native video flow. EDID emulation is done at
power up and blocks all EDID/MCCS writes. For DisplayPort
video, filtration of AUX channel exists to reject unauthorized
transactions.

Isolation of power domains

Complete isolation of power domains prevents signaling attacks.

Secure administrator access & log functions

Product incorporates secure administrator access and log functions
to provide auditable trail for all product security events, including
battery backup life for anti-tampering and log functions. Non­reprogrammable firmware prevents the ability to tamper with
product logic.

Always-on, active anti-tamper system

Active anti-tampering system prevents malicious insertion of
hardware implant such as wireless key-logger inside product
enclosure. Any anti-tampering attempt causes isolation of all
computers and peripheral devices rendering product inoperable and
showing clear indications of tampering event to user.

Holographic security tamper-evident labels are placed on the
enclosure to provide a clear visual indication if product has been
opened or compromised.

Metal enclosure is designed to resist mechanical tampering with all
microcontrollers protected against firmware-read, modification and
rewrite.