Loading...
Datacryptor® Ethernet
User Manual
1270A450-005 June 2008
Datacryptor Ethernet User Manual |
Preface |
Page 2 |
THALES |
Datacryptor Ethernet User Manual |
Preface |
|
|
Contents |
|
1 |
Preface............................................................................................................................................ |
5 |
|
Trademark Acknowledgements ............................................................. |
5 |
|
Revision Status....................................................................................... |
5 |
|
License Agreement and General Information.............................................. |
6 |
|
Security Advisory ................................................................................... |
9 |
|
Contact Information............................................................................. |
10 |
2 |
About This Document........................................................................................................ |
11 |
|
This manual is organized into the following sections: ......................... |
12 |
3 |
Overview.................................................................................................................................... |
13 |
|
Product Images......................................................................................... |
13 |
|
Product Features....................................................................................... |
15 |
|
Element Manager...................................................................................... |
16 |
4 |
Background Information .................................................................................................. |
17 |
|
Datacryptor Ethernet Unit ......................................................................... |
17 |
|
Gigabit Ethernet Technology Overview ..................................................... |
17 |
|
Ethernet Layer 2 Services ..................................................................... |
17 |
|
Security Terms..................................................................................... |
18 |
|
Other Terms ........................................................................................ |
18 |
5 |
Installation................................................................................................................................ |
19 |
|
Hardware Installation................................................................................ |
19 |
|
Rack-Mounting Instructions ................................................................. |
19 |
|
Cabling Requirements ......................................................................... |
20 |
|
To Cable the Datacryptor..................................................................... |
21 |
|
Power on the Datacryptor .................................................................... |
22 |
|
Software Installation ................................................................................. |
23 |
|
Requirements ...................................................................................... |
23 |
|
Installation Procedure .......................................................................... |
24 |
6 Connecting to Datacryptor Ethernet Units............................................................ |
25 |
|
|
Users ........................................................................................................ |
25 |
|
IP Parameter Configuration via a Serial Connection .................................. |
25 |
|
Dial Up Networking.............................................................................. |
27 |
|
Adding a Unit to Element Manager ........................................................... |
28 |
|
Direct Invocation of Front Panel Viewer .................................................... |
32 |
|
Command Line Parameters....................................................................... |
32 |
7 |
Element Manager Reference .......................................................................................... |
34 |
|
Main Window ............................................................................................ |
34 |
|
Main Window Pull-down Menus................................................................. |
35 |
|
File....................................................................................................... |
35 |
|
Edit ...................................................................................................... |
35 |
|
View..................................................................................................... |
35 |
|
Tools.................................................................................................... |
36 |
|
Help ..................................................................................................... |
36 |
|
Toolbar Icons............................................................................................ |
36 |
|
Datacryptor Icons ..................................................................................... |
36 |
|
Front Panel Viewer .................................................................................... |
38 |
|
User Key Material................................................................................. |
41 |
|
The Front Panel LEDs ........................................................................... |
41 |
|
The Front Panel Viewer buttons ........................................................... |
42 |
1270A450-005 - June 2008 |
Page 3 |
Preface |
Datacryptor Ethernet User Manual |
|
|
Configure Dialog ...................................................................................... |
43 |
|
Key Manager............................................................................................. |
46 |
|
To commission a unit with the Commission button ................................. |
46 |
|
Step 1: Installing a new Certificate Authority (CA)................................ |
48 |
|
Step 2: Installing the authenticating CA:.............................................. |
49 |
|
Step 3: Setting the unit name:.............................................................. |
50 |
|
Step 4: Generating a Certificate: .......................................................... |
51 |
|
Login Dialog ............................................................................................. |
53 |
|
Change Password Dialog .......................................................................... |
53 |
|
Logs Window ............................................................................................ |
54 |
|
Properties Dialog ...................................................................................... |
56 |
|
The General Tab .................................................................................. |
57 |
|
The Diagnostics Tab ............................................................................ |
59 |
|
The IP Management Tab ...................................................................... |
61 |
|
Configuring SNMP................................................................................ |
62 |
|
IP Route Config .................................................................................... |
70 |
|
The Security Tab .................................................................................. |
71 |
|
The RIP Tab.......................................................................................... |
73 |
|
The Ethernet Comm Tab for 1 and 10 Gigabit Datacryptors................ |
75 |
|
The Ethernet Comm Tab for 100 Mb Datacryptor................................ |
77 |
|
The Ethernet Encryption Tab................................................................ |
79 |
|
The Expert Tab .................................................................................... |
80 |
|
The Ethernet Tunneling Tab ................................................................ |
81 |
|
The Environment Tab........................................................................... |
85 |
|
Appendix A: Device Maintenance..................................................................................... |
86 |
|
Appendix B: Loading Datacryptor Unit Software.................................................... |
88 |
|
Appendix C: Product Specifications................................................................................ |
95 |
|
Appendix D: Environmental & Regulatory .................................................................. |
96 |
|
Appendix E: SFP and XFP Interfaces................................................................................ |
98 |
|
Appendix F: Preventing Electrostatic Discharge..................................................... |
99 |
|
Appendix G: Troubleshooting......................................................................................... |
100 |
|
Appendix H: SNMP MIB Support..................................................................................... |
102 |
|
Appendix I: Log and SNMP Trap Numbers............................................................... |
105 |
|
Standard Traps .................................................................................. |
105 |
|
Log Trap Errors Hardware.................................................................. |
106 |
|
Log Trap Errors Software ................................................................... |
108 |
|
Key Errors .......................................................................................... |
110 |
|
Audit Errors ....................................................................................... |
123 |
|
Appendix J: Glossary of Terms....................................................................................... |
132 |
Page 4 |
THALES |
Datacryptor Ethernet User Manual |
Preface |
1 Preface
Trademark Acknowledgements
Datacryptor is a trademark of Thales e-Security.
Microsoft Windows® XP and Windows® 2003 are registered trademarks of Microsoft Corporation.
All other logos and product names are trademarks or registered trademarks of their respective companies.
©2006-2008 Thales e-Security. All rights reserved.
Copyright in this document is the property of Thales e-Security. It is not to be reproduced, modified, adapted, published, translated in any material form (including storage in any medium by electronic means whether or not transiently or incidentally) in whole or in part nor disclosed to any third party without the prior written permission of Thales e-Security neither shall it be used otherwise than for the purpose for which it is supplied.
Thales e-Security reserves the right to modify or revise all or part of this document without notice and shall not be responsible for any loss, cost, or damage, including consequential damage, caused by reliance on these materials.
Revision Status
Revision |
Changes |
Release Date |
|
|
|
1270A450-001 |
First Issue |
March 2006 |
|
|
|
1270A450-002 |
Release 1.1 |
August 2006 |
|
|
|
1270A450-003 |
10 Gig Ethernet unit added and Updates |
November 2007 |
|
for product release 4.00 |
|
|
|
|
1270A450-004 |
100 Mb Ethernet unit added |
March 2008 |
|
|
|
1270A450-005 |
Unsupported features in the 10Gig |
June 2008 |
|
Ethernet unit: Auto-negotiation; Disabling |
|
|
CTS mode; Fragmentation |
|
|
|
|
1270A450-005 - June 2008 |
Page 5 |
Preface |
Datacryptor Ethernet User Manual |
License Agreement and General Information
THALES e-SECURITY LTD. ("THALES") COMPUTER PROGRAM LICENSE AGREEMENT
YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT (the "AGREEMENT"). FOR PURPOSES OF THIS AGREEMENT, “SOFTWARE” IS DEFINED TO INCLUDE COMPUTER PROGRAMS INTENDED TO BE RUN ON A WORK STATION, PC, OR SIMILAR MACHINE, AND INCLUDES THE CD-ROM OR OTHER MEDIA ON WHICH THE SOFTWARE IS CONTAINED. “FIRMWARE” IS DEFINED TO INCLUDE COMPUTER PROGRAMS WHICH ARE INTENDED TO BE RUN SOLELY ON OR WITHIN A HARDWARE MACHINE (“MACHINE”) PROVIDED BY THALES, INCLUDING, WITHOUT LIMITATION, FPGA BITSTREAMS. THE SOFTWARE AND FIRMWARE AND THE ACCOMPANYING USER DOCUMENTATION (THE “DOCUMENTATION”) ARE LICENSED (NOT SOLD) TO YOU BY THALES DIRECTLY OR THROUGH AUTHORIZED RESELLERS OF THALES. OPENING OR INSTALLING ANY OF THE CONTENTS OF THIS CD-ROM OR OTHER PROVIDED MEDIA PACKAGE INDICATES YOUR ACCEPTANCE OF THE TERMS AND CONDITIONS OF THIS LICENSE. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS, PROMPTLY RETURN THE PACKAGE, THE MACHINE WHICH CONTAINS A COPY OF THE LICENSED FIRMWARE, AND ALL OTHER ENCLOSED ITEMS, IF ANY, TO THE PLACE WHERE YOU OBTAINED THEM, AND YOU WILL RECEIVE A REFUND.
LICENSE GRANT
A.In consideration of the license fee paid to THALES or to an authorized THALES reseller, THALES hereby grants you, and you accept a nonexclusive license to use the Software on a single machine (if a “single license” is purchased) or multiple machines (if an “organizational license” is purchased) owned, leased, or otherwise controlled by you, and to use the Firmware solely on the Machine sold to you by THALES or its dealers, if any, but only to operate or engage those features and/or applications for which a charge appears on your order and invoice under the terms stated in this Agreement. If a software or Firmware enabling key or other similar access device (the “Key”) is provided, you agree to use same solely for accessing the Software on a single PC or Firmware on a single Machine. Title and ownership of the Software, Firmware, Documentation and/or Key remain in THALES or its suppliers. If an organizational license is purchased, then you may use the Software or Firmware on multiple Machines in your organization regardless of quantity, provided all Machines are located within a single country. A separate single or organizational license will be required in each country.
B.You may not decompile, reverse engineer, modify, or copy the Software, Firmware, or Documentation for any purpose, except you may copy the Software into machine-readable or printed form for backup purposes in the event the CDROM or other provided media is damaged or destroyed. You may combine the Software with other programs. Any portion of the Software merged into or used in conjunction with another program will continue to be the property of THALES and is subject to the terms and conditions of this Agreement.
C.The Software, Firmware, and the Documentation are copyrighted by THALES and/or its suppliers. You agree to respect and not to remove or conceal from view any copyright or trademark notice appearing on the Software, Firmware, or Documentation, and to reproduce any such copyright or trademark notice on all copies of the Software, Firmware, and Documentation or any portion thereof made by you as permitted hereunder and on all portions contained in or merged into other programs and documentation.
D.You may transfer the Software, Firmware, and this license to another party if the other party agrees to accept the terms and conditions of this Agreement. If you transfer the Software and/or Firmware, you must at the same time either transfer all copies whether in printed or machine-readable form, and the Machine, if any, on which the Firmware is licensed for use, to the same party or destroy any copies not transferred; this includes all modifications and portions of the Software and/or contained or merged into other programs.
YOU MAY NOT USE, COPY, MODIFY, OR TRANSFER THE SOFTWARE, FIRMWARE, DOCUMENTATION OR KEY, OR ANY COPY, MODIFICATION OR MERGED PORTION, IN WHOLE OR IN PART, EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS LICENSE.
IF YOU TRANSFER POSSESSION OF ANY COPY, MODIFICATION OR MERGED PORTION OF THE SOFTWARE, FIRMWARE, OR DOCUMENTATION OR KEY TO ANOTHER PARTY, EXCEPT AS PROVIDED IN THIS SECTION D, YOUR LICENSE IS AUTOMATICALLY TERMINATED.
TERM
This Agreement is effective upon your acceptance (as set forth above) and shall continue until terminated. You may terminate this license at any time by destroying the Software, Key, and Documentation along with all copies, modifications and merged portions in any form, and return the Machine (including Firmware) to THALES or its authorized resellers. It will also terminate upon conditions set forth elsewhere in this Agreement if you fail to comply with any term or condition of this Agreement. You agree upon such termination to destroy the Software, Documentation, and Key together with all copies, modifications and merged portions in any form, and to return the Machine (including Firmware) to THALES or its authorized resellers.
Page 6 |
THALES |
Datacryptor Ethernet User Manual |
Preface |
LIMITED WARRANTY
The following limited warranty applies only to the Software and/or Firmware licensed hereunder. The hardware Machine is warranted pursuant to a separate Warranty set forth in the Machine documentation. The Machine documentation is contained on the CD-ROM, if any.
During the first 90 days after receipt of the Software and/or Firmware by you, as evidenced by a copy of your receipt, invoice or other proof of purchase (the "Warranty Period"), THALES warrants, for your benefit alone, that the Software and Firmware when properly installed, will perform substantially in conformance with the Documentation provided by THALES at the time you obtained the Software and/or Firmware from THALES or its authorized resellers, and that the media on which the Software and/or Firmware is furnished will be free from defects in materials and workmanship under normal use.
EXCEPT AS SPECIFICALLY PROVIDED ABOVE, THE WARRANTIES PROVIDED HEREIN ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. WHEREVER SUCH EXCLUSION IS NOT PERMITTED BY LAW, ALL IMPLIED WARRANTIES, INCLUDING THOSE OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE, SHALL BE LIMITED TO THE WARRANTY PERIOD. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH MAY VARY FROM JURISDICTION TO JURISDICTION.
THALES does not warrant that the functions contained in the Software or Firmware will meet your requirements or that their operation will be uninterrupted or error free.
LIMITATIONS OF REMEDIES
THALES, its authorized resellers’, and/or its suppliers' entire liability and your exclusive remedies under this Agreement are as follows:
(1)THALES shall use commercially reasonable efforts to correct any defect in the Software or Firmware which is reported by you during the Warranty Period in writing to THALES, provided such defect can be recreated by THALES in an unmodified version of the Software or Firmware. However, if THALES is unable to correct such defect within a reasonable amount of time, you may terminate this Agreement by returning the Software, Machine including Firmware, Documentation, and Key to the place where you obtained them either for replacement or, if so elected by THALES, a refund of the amount paid by you for the subject item.
(2)THALES shall replace any media not meeting THALES’ "Limited Warranty" and which is returned to THALES with a copy of your receipt, invoice or other proof of purchase or, if THALES is unable to deliver replacement media which is free from defects in materials or workmanship, you may terminate this Agreement by returning the Software, Firmware, Documentation, and Key to the place where you obtained them for a refund of the amount paid by you for the subject item.
IN NO EVENT WILL THALES, ITS AUTHORIZED RESELLERS, OR ITS SUPPLIERS BE LIABLE FOR INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES OF ANY KIND OR TYPE, INCLUDING, BUT NOT LIMITED TO LOSS OF PROFITS OR REVENUE, LOSS OF USE OF THE PRODUCT(S) OR ANY ASSOCIATED PRODUCT(S), OR COST OF SUBSTITUTED FACILITIES, PRODUCTS OR SERVICES WHICH ARISE OUT OF THALES’ PERFORMANCE OR FAILURE TO PERFORM ANY OBLIGATION CONTAINED WITHIN THIS AGREEMENT OR WITH USE, OR INABILITY TO USE, SOFTWARE AND/OR FIRMWARE, WHETHER THE CLAIM FOR DAMAGES IS BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE. EXCEPT FOR CLAIMS FOR PERSONAL INJURY OR FOR DAMAGE TO REAL OR TANGIBLE PROPERTY TO THE EXTENT CAUSED BY THALES’ FAULT OR NEGLIGENCE, THALES’ MAXIMUM LIABILITY FOR ANY CLAIM FOR DAMAGES RELATING TO THALES’ PERFORMANCE OR NONPERFORMANCE UNDER THIS AGREEMENT SHALL BE LIMITED TO THE LESSER OF (a) YOUR ACTUAL DAMAGES OR (b) THE COST OF THE PRODUCT GIVING RISE TO THE LIABILITY.
SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
PURCHASES BY OR FOR THE FEDERAL GOVERNMENT
The government hereby agrees that this software qualifies as "commercial computer software" as that term is used in the acquisition regulation applicable to a purchase order or contract. This software may not be acquired by the government in a contract incorporating clauses prescribed by DFARS Subpart 227.4 (OCT 1988), in which case the government hereby agrees to return the software unused, in exchange for refund of the full purchase price.
1270A450-005 - June 2008 |
Page 7 |
Preface |
Datacryptor Ethernet User Manual |
The government agrees that it shall be bound by the terms and conditions of this license agreement, to the maximum extent possible under federal law. This license agreement, and the governments assent hereto, supersedes any contrary terms or conditions in other contract documents (such as any statement of work).
EXPORT AUTHORIZATIONS
You shall assume all responsibility for obtaining any required export authorizations necessary to export any Software and/or Firmware and Documentation purchased hereunder. You shall not re-export Software and/or Documentation directly or through others, or the product of such data, to the prescribed countries for which such prohibition exists pursuant to the U.S. or U.K. export regulations unless properly authorized by the appropriate government.
GENERAL
You may not sublicense, assign or transfer this license, Software, Firmware, Documentation or Key, except as expressly provided in this Agreement. Any attempt otherwise to sublicense, assign or transfer any of the rights, duties or obligations hereunder is void.
This Agreement will be governed by the laws of England or the event that the Product was delivered in the United States, Latin America or Canada, the laws of the State of Virginia.
YOU ACKNOWLEDGE THAT YOU HAVE READ THIS LICENSE AGREEMENT, UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. YOU FURTHER AGREE THAT IT IS THE COMPLETE AND EXCLUSIVE STATEMENT OF THE AGREEMENT BETWEEN YOU AND THALES WHICH SUPERSEDES ANY PRIOR PROPOSAL, REPRESENTATION, OR UNDERSTANDING (ORAL OR WRITTEN) BETWEEN US RELATING TO THE SOFTWARE OR FIRMWARE.
NOTWITHSTANDING THE ABOVE, IF YOU PREVIOUSLY SIGNED A SEPARATE AGREEMENT HAVING A SOFTWARE LICENSE PROVISION APPLICABLE TO THIS PROGRAM, WHICH HAS NOT EXPIRED OR BEEN TERMINATED, THE TERMS AND CONDITIONS OF SUCH SEPARATE AGREEMENT AND THE SOFTWARE LICENSE CONTAINED THEREIN SHALL TAKE PRECEDENCE OVER ALL CONFLICTING TERMS AND CONDITIONS, IF ANY, CONTAINED IN THIS LICENSE AGREEMENT. OTHERWISE, ANY ADDITIONAL TERMS AND CONDITIONS SET FORTH IN THIS LICENSE AGREEMENT SHALL SUPPLEMENT AND BE READ IN CONJUNCTION WITH THE SOFTWARE LICENSE CONTAINED IN ANY SUCH SEPARATE AGREEMENT.
Hardware Warranty
The period of warranty for this product starts on the date of sale to the original purchaser and ends 365 days thereafter. Thales e-Security will replace any product that fails within 90 days of the date of sale. For failures which occur more than 90 days after the date of sale, Thales e-Security will repair the product if returned, postage prepaid, to our designated repair center.
Thales e-Security requires a Return Authorization Number (RAN) prior to the return of any equipment under the provisions of this warranty. Please contact your authorized reseller or the nearest Thales e-Security product support center for details.
General Requirements
This equipment should be installed by a qualified Service engineer. Incorrect connection will invalidate warranty and may cause a hazard.
Should any malfunction be suspected in the unit, return the apparatus to your supplier for service and/or repair to ensure continued compliance. The Datacryptor Ethernet unit contains no user serviceable parts.
The unit should be installed in an environment compatible with the maximum operating temperature of the unit.
Installation of the unit in a rack should not reduce airflow so as to compromise safe operation of the unit. Particular attention should be made to make sure that the side ventilation holes on the Datacryptor Ethernet are not obstructed which could reduce the airflow through the unit. Please refer to the Installation chapter, in the section titled "Airflow" for further information on providing appropriate air flow.
When installed in a rack make sure that the unit is securely installed using all the appropriate mechanical fixings so that it will not cause a hazardous condition.
Page 8 |
THALES |
Datacryptor Ethernet User Manual |
Preface |
Security Advisory
This unit is being shipped with a Universal Certificate Authority that is to be used for demonstration purposes only. USE OF THE DEVICE, AS INITIALLY CONFIGURED, IN AN OPERATIONAL ENVIRONMENT IS NOT RECOMMENDED. THALES e-SECURITY EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY FOR DAMAGES, INCLUDING BUT NOT LIMITED TO CONSEQUENTIAL DAMAGES, RESULTING FROM USE OF THE UNIVERSAL CERTIFICATE OR ANY OTHER CERTIFICATE SUPPLIED BY THALES e-SECURITY. Prior to use in an operational environment, please change the certificate authority, following the procedure(s) described in the Key Manager section.
1270A450-005 - June 2008 |
Page 9 |
Preface |
Datacryptor Ethernet User Manual |
Contact Information
|
SALES OFFICES |
Americas |
Europe, Middle East, Africa |
THALES e-Security, INC |
THALES e-Security LTD |
2200 North Commerce Parkway |
Meadow View House |
Suite 200 |
Long Crendon |
Weston, Florida 33326 |
Aylesbury |
U.S.A. |
Buckinghamshire HP18 9EQ |
Tel: +1 954 888 6200 |
England |
Fax: +1 954 888 6211 |
Tel: +44 (0)1844 201800 |
Toll free within USA: |
Fax: +44 (0)1844 208550 |
+1 888 744 4976 |
e-mail: |
e-mail: |
emea.sales@thales-esecurity.com |
sales@thalesesec.com |
|
Asia Pacific
THALES e-Security (ASIA) LTD
Units 2205-06, 22/F
Vicwood Plaza
199 Des Voeux Road, Central
Hong Kong
Tel: +852 2815 8633
Fax: +852 2815 8141 e-mail: asia.sales@thales-esecurity.com
PRODUCT SUPPORT CENTERS
Americas |
Europe, Middle East, Africa |
Tel: +1 954 888 6277 |
Tel: +44 (0) 1844 202566 |
Toll free within USA: |
Fax: +44 (0) 1844 208356 |
+1 800 521 6261 |
e-mail: |
Fax: +1 954 888 6233 |
emea.support@thales-esecurity.com |
e-mail: |
|
support@thalesesec.com |
|
Asia Pacific
Tel: +852 2815 8633
Fax: +852 2815 8141 e-mail: aisa.support@thales-esecurity.com
Page 10 |
THALES |
Datacryptor Ethernet User Manual |
About This Document |
2 About This Document
Viewing this document in Adobe Acrobat PDF Viewer
It is recommended that this PDF document is viewed at 100% size with text smoothing adjusted to suit your monitor. The viewing size is easily adjusted by the use of the Zoom toolbar; you may set 100% size, or simply click the Actual Size icon:
Viewing at 100% will provide the best appearance of the images in this document.
To change the appearance of the text, select: Edit > Preferences > Page Display. Change the Smooth Text option and click OK. Use this option to compare the appearance of the text with and without text smoothing, and then select the setting that provides the most comfortable reading experience.
Introduction to this Manual
There are three models in the Datacryptor Ethernet range: 100 Mb Ethernet, 1 Gig Ethernet, and 10 Gig Ethernet. Predominantly, the information in this manual applies equally to all models and as such, the device is referred to simply as the ‘Datacryptor Ethernet’. Where there are differences, the unit being described is referred to either as the 100 Mb Ethernet, 1 Gig Ethernet, or 10 Gig Ethernet, as appropriate. The differences between the two models are mainly in the speed of operation and the physical size of the casing.
This manual describes how to install the Thales Datacryptor Ethernet unit and the Element Manager software. It also describes how to use the Element Manager software to configure and manage the Thales Datacryptor Ethernet device.
This document is intended for use by network technicians, managers and security administrators who are familiar with setting up and maintaining network equipment. Some knowledge of network security issues and encryption technologies is assumed.
This document assumes that its readers have an understanding of the following:
•Basic principles of network security issues
•Basic principles of encryption technologies and terminology
•Basic principles of Ethernet technology
•Basic principles of TCP/IP networking, including IP addressing, switching and routing
•Personal computer (PC) operation, common PC terminology, and use of terminal emulation software.
The following conventions are used in the body text of this document:
Bold font: Indicates a command to be issued or selected by the user.
•Courier font: Indicates information input or output to/from the Control PC.
•Italic font: Indicates the name of dialog, parameter, object, etc.
1270A450-005 - June 2008 |
Page 11 |
About This Document |
Datacryptor Ethernet User Manual |
This manual is organized into the following sections:
Overview provides general information on the hardware and software.
Background Information provides a brief introduction to the device and Ethernet Layer 2 technology and terminology.
Installation describes how to install the Datacryptor Ethernet hardware and Element Manager Software.
Connecting to Datacryptor Ethernet Units describes the main methods that can be used to connect the PC to the Datacryptor Ethernet unit.
Element Manager Reference provides an overview of the functions provided by the Element Manager, followed by a detailed description of each in turn.
Appendix A: Device Maintenance describes the periodic maintenance required on your Thales Datacryptor Ethernet unit.
Appendix B: Loading Datacryptor Unit Software describes how to load software into your Thales Datacryptor Ethernet unit. Your Datacryptor will be supplied pre-loaded with software, so you will only require the information in this appendix if a re-load or upgrade is needed.
Appendix C: Product Specifications gives the system specifications.
Appendix D: Environment and Regulatory Information describes the operating conditions and regulatory certifications.
Appendix E: SFP and XFP Interfaces describes the possible transceiver options.
Appendix F: Preventing Electrostatic Discharge describes how to minimize the risk of ESD.
Appendix G: Troubleshooting describes how to diagnose and repair common problems.
Appendix H: SNMP MIB Support describes the SNMP MIBs supported by the device and the location of them.
Appendix I: Log and SNMP Trap Numbers provides a list of all the log and trap numbers together with descriptions of their purpose.
Appendix J: Glossary defines terms used in this document.
Page 12 |
THALES |
Datacryptor Ethernet User Manual |
Overview |
3 Overview
The Thales Datacryptor Ethernet is a high speed, high bandwidth, integrated security appliance. The three models provide different transfer speeds; the 100 Mb Ethernet provides 100 Mbps, while the 1 Gig and 10 Gig Ethernet units offer encryption at Gigabit Ethernet Layer 2 transfer rates.
The Datacryptor Ethernet units come in different case styles; the 100 Mb Ethernet and the 1 Gig Ethernet models are housed in a single unit height 19-inch rack case for transmission speeds up to 100 Mbps and 1000 Mbps respectively, while the 10 Gig Ethernet model uses a double height unit for 10,000 Mbps transmission speeds. The 100 Mb Ethernet unit may have its rack mounting brackets removed so that it can be used as a desktop unit.
The 100 Mb Ethernet units have standard RJ45 sockets on the front panel for Host and Network connections, while the 1 Gig and 10 Gig Ethernet units have two Small Form Factor sockets on the front panel; these accept a range of transmit/receive interfaces. The 1 Gig Ethernet unit uses SFP type sockets, and the 10 Gig Ethernet unit uses the XFP type sockets.
The host port is connected to the private network and receives the data for encryption. Encrypted data is then passed through the network port for secure transmission over the public network.
The Datacryptor Ethernet is designed to operate as a Layer 2 (Data Link) encryptor. The advantage of this is it makes the unit fully transparent to higher protocols.
The units are housed in a tamper evident chassis with interlock switches that will cause the key material to be erased if the lid is removed.
Product Images
Figure 3-1: Thales Datacryptor 100 Mb Ethernet Front Panel
Figure 3-2: Datacryptor 100 Mb Ethernet Rear Panel
1270A450-005 - June 2008 |
Page 13 |
Overview |
Datacryptor Ethernet User Manual |
Figure 3-3: Thales Datacryptor 1 Gig Ethernet Front Panel
Figure 3-4: Datacryptor 1 Gig Ethernet Rear Panel
Figure 3-5: Thales Datacryptor 10 Gig Ethernet Front Panel
Figure 3-6: Datacryptor 10 Gig Ethernet Rear Panel
Note: See The Front Panel LEDs in the Element Manager Reference section for full information on the LED indicators.
Page 14 |
THALES |
Datacryptor Ethernet User Manual |
Overview |
Product Features
Installation
•Mount in any standard 19” rack or on a tabletop
Interfaces
•The 100 Mb Ethernet has two RJ45 sockets for connecting to the Host and Network circuits
•The 1 Gig Ethernet and 10 Gig Ethernet units have two SFP or XFP sockets which accept a range of transceiver modules for the encrypting and decrypting of network traffic
•Device management access through a 10/100 Ethernet port or an RS-232 craft port
Security features
• Designed to FIPS 140-2 Level 3
Hardware-based encryption processing
• Very low latency
Maximum Data Transfer Rate
•200 Mbps full duplex (100 Mb Ethernet unit), 2 Gbps full duplex (1 Gig Ethernet unit), or 20 Gbps full duplex (10 Gig Ethernet unit)
Network Interfaces
•10/100BaseT: User selectable between 10 Mbps and 100 Mbps
•1 Gig Ethernet: 1000 Mbps full duplex
•10 Gig Ethernet: 10,000 Mbps full duplex
•Auto negotiation (does not apply to the 10 Gig Ethernet)
Key management
•Diffie-Hellman key exchange (groups 1, 2, and 5)
Encryption
•Advanced Encryption Standard (AES):
FIPS 197 (256 bit keys)
Management integrity
•HMAC-SHA-1-96 (FIPS PUB 180-1): RFC 2104, 2404
•HMAC-MD5-96 : RFC 2104, 2403, 1321
Device management
•Element Manager
•Secure download of software updates
•X.509v1 and X509 v3 digital certificate support
Power
•100 Mb Ethernet Unit: Single fixed AC (universal) or DC (-48 V) power supply: 15W (51 BTU/hr)
•1 Gig Ethernet and 10 Gig Ethernet: Redundant hot swappable AC (universal) or DC (-48 V) power supplies:
1 Gig: 120 W (410 BTU/hr)
10 Gig: 140 (480 BTU/hr)
1270A450-005 - June 2008 |
Page 15 |
Overview |
Datacryptor Ethernet User Manual |
Element Manager
The Element Manager application provides a secure way to configure, manage, and upgrade the Datacryptor Ethernet. The program runs under various versions of Microsoft Windows operating systems. Please see the Software Requirements for a more detailed description of the environment required.
The PC can connect to a Datacryptor Ethernet unit to manage it using the IP protocol over a standard 10/100 Ethernet connection. The PC can also connect to a Datacryptor Ethernet unit using PPP protocols via a serial connection. Once the PC is connected to the Datacryptor Ethernet unit, a communications session can be established; and all the functions provided by the Element Manager are available.
Page 16 |
THALES |
Datacryptor Ethernet User Manual |
Background Information |
4 Background Information
Datacryptor Ethernet Unit
The Thales Datacryptor Ethernet units are high performance, integrated security appliances that provide encryption at high line speeds. The 1 Gig and 10 Gig Ethernet units operate at optical line speeds and have the added advantage that they can, over limited distances, use copper media. The device’s high-speed processing capabilities eliminate bottlenecks while providing data encryption and integrity.
It is ideal for bandwidth intensive, latency sensitive applications that demand security and speed, such as site-to-site VPNs, and the transfer of imaging over the network. It provides secure transport over private or public networks.
Figure 4-1. An Example of a Site to Site Ethernet Layer 2 connection
A site-to-site VPN application is shown above. The Thales Datacryptor Ethernet is deployed on either side of the connection, securing the data transmitted across the untrusted public network. Data is sent from a web server through to the host network. It is then encrypted by the Datacryptor Ethernet for secure transfer over the public network, where a second Datacryptor Ethernet decrypts the data at its destination.
Gigabit Ethernet Technology Overview
The Gigabit Ethernet technology used by the 1 Gig and 10 Gig Ethernet units is the latest specification in the IEEE 802.3 Ethernet standard series. This standard allows the transmission of data at one or ten Gigabit per second transmission speeds (1 Gbps or 10 Gbps). However the speed is usually designated as 1,000 Mbps or 10,000 Mbps, as appropriate, to comply with the standard method of showing Ethernet network speeds.
Ethernet Layer 2 Services
Ethernet Layer 2 security services include:
Encryption - The Advanced Encryption Standard (AES) algorithm is a symmetric block cipher capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. The Datacryptor uses 256 bit keys.
1270A450-005 - June 2008 |
Page 17 |
Background Information |
Datacryptor Ethernet User Manual |
Authenticate Management Data - The Datacryptor Ethernet uses the HMAC keyed hash variant of the SHA-1(Secure Hash Algorithm) to authenticate management data using SNMP v3.
Security Terms
Diffie-Hellman – Diffie-Hellman is a method for key exchange that allows two autonomous systems to exchange a secret key over an untrusted network without prior secrets. DiffieHellman groups define the strength supplied to the Diffie-Hellman calculation for the later creation of keys by the peers. Three of the five available groups are generated from modulo function (MODP) calculations and the leveraging of very large prime numbers.
Peer – A peer is a Datacryptor that acts as a tunnel endpoint. A peer encrypts or decrypts data, adding or stripping away headers, respectively.
Other Terms
Layer2 -The Datacryptor Ethernet is designed to work as a Layer two encryptor.
The addressing scheme is physical i.e. the addresses are MAC (Media Access Control) addresses hard coded into a device at the time of manufacture. It is generally a 48-bit address which is usually displayed in hexadecimal format as six two digit parts 01-0B-3B-18-00-CA.
It should be noted that when the unit is operating in the Tunneling mode the peer unit MAC address must be obtained and entered in the box provided on the relevant property tab.
Frame Checksum (FCS) - FCS is an error detection system based on the numerical value of the number of set bits in the Frame (packet). This value is transmitted alongside the message, and the receiving device then applies the same criteria and compares the two values.
Auto-negotiation - Auto-negotiation was devised to address the need for multi-speed devices on a network to operate at the optimum settings. It achieves this by taking control of the connection medium and detecting the various mode options available in the device on the other end, while also advertising its own capabilities. Thus it enables the connection to configure the highest performance mode of interoperation.
Note: The Datacryptor 1 Gig Ethernet only supports I000 Mbps full duplex, and the 10 Gig Ethernet unit only supports I0,000 Mbps full duplex. The 100 Mb Ethernet unit can be set to run at speeds of I0 Mbps and I00 Mbps.
The 10 Gig Ethernet unit does not support Auto-negotiation.
Jumbo frames - Jumbo frame is the name given to frames larger than the standard Ethernet MTU of 1500 bytes. The Datacryptor Ethernet encryptor does not have an MTU limit and will therefore allow Jumbo frames. Frame size is only limited if fragmentation is enabled.
Multiprotocol Label Switching – MPLS is a solution to the question of many of the earlier network problems such as speed, scalability and quality of service. This is achieved by the defining of paths across the network by the addition of label information to a packet to aid routing etc. It is referred to as multi-protocol because it supports a number of communication methods such as IP, Frame Relay and ATM. The Datacryptor Ethernet unit is transparent to this operation as long as the equipment is being deployed in a point-to-point environment.
Page 18 |
THALES |
Datacryptor Ethernet User Manual |
Installation |
5 Installation
This section will detail the installation of the hardware and software. Hardware installation is discussed first.
Hardware Installation
There are four steps in installing the unit:
•Unpack the Shipping Carton
•Mount the Unit
•Connect the Cables
•Power on the Datacryptor
Unpack the Shipping Carton
Remove all product components from the shipping carton and compare the contents to the packing list. Keep all packaging in case it is necessary to return the appliance. The Datacryptor is packaged with the following items:
•Datacryptor Ethernet, with the Datacryptor firmware and software factory-installed on the appliance.
•115v, 240v or DC Power Supply cables (as appropriate).
•RS-232 cable.
•Element Manager CD-ROM (includes User Manual).
•Release Notes.
•Quick Start Guide.
Note: Interface transceivers (if ordered) will be shipped separately from the Datacryptor unit (1 Gig and 10 Gig Ethernet units only).
Rack-Mounting Instructions
The Datacryptor can be mounted in a standard 19-inch rack using the front mounting brackets, or simply placed on a rack shelf or solid surface.
Preparation
Before installing the Datacryptor in a 19-inch rack, consider the following rack-mounting guidelines:
Ambient temperature
Install the Datacryptor in an environment compatible with the 105ºF (40ºC) maximum recommended ambient temperature. Extra clearance above or below the unit on the rack is not required; however, be aware that equipment placed in the rack beneath the Datacryptor can add to the heat load. Therefore, avoid installing in an overly congested rack. Air flowing to or from other equipment in the rack might interfere with the normal flow of cooling air through the Datacryptor, increasing the potential for overheating.
1270A450-005 - June 2008 |
Page 19 |
Installation |
Datacryptor Ethernet User Manual |
Airflow
Make sure that there is sufficient flow of air around the Datacryptor so that safe operation is not compromised. Maintain a clearance of at least 3 inches (7.62 cm) at the sides of the Datacryptor to ensure adequate air intake and exhaust. If installing in an enclosed rack, make sure the rack has adequate ventilation or an exhaust fan. An enclosed rack with a ventilation system that is too powerful can prevent proper cooling by creating negative air pressure around the Datacryptor.
Mechanical Loading
Keep the center of gravity in the rack as low as possible. This ensures that the weight of the Datacryptor will not make the rack unstable. Make sure that the rack is secured and use the proper mounting hardware to secure the Datacryptor to the rack.
Circuit Loading
Consider the connection of the Datacryptor to the supply circuit and the effect that overloading of circuits might have on over current protection and supply wiring. Consult the voltage and amperage ratings on the UL label affixed to the unit’s rear panel when addressing this concern. As the 1 Gig and 10 Gig Ethernet units are fitted with two hot swappable power supply units, consideration could be given to these types of Datacryptors using a different supply phase for each of the power supply units.
Disconnection
Power disconnection is achieved by removal of the plugs from the mains outlet sockets. Ensure that the socket-outlets are close to the unit, and can be easily identified and accessed.
Grounding
Maintain reliable grounding of a rack-mounted Datacryptor. Pay particular attention to supply connections other than direct connections to the branch circuit, such as the use of power strips.
Maintenance
Allow at least 19 inches (48.3 cm) of clearance at the front of the rack for maintenance. Use a cable-management system to help keep cables organized, out of the way, and free from kinks or bends that degrade cable performance.
Connect the Cables
Before beginning, make sure the necessary cables are available. See the Cabling Requirements section below for more information.
Cabling Requirements
The following table outlines the cabling requirements for each port on the Datacryptor Ethernet. The connector type listed indicates only what is required to connect to the Datacryptor’s port, and may or may not be the same connector type required for the other end of the cable.
Page 20 |
THALES |
Datacryptor Ethernet User Manual |
Installation |
|||
|
|
|
|
|
|
Port |
Cabling |
Supplied By |
|
|
Network and Host |
For the 100 Mb Ethernet unit: Category 5 or above |
Customer |
|
|
Port |
RJ-45 connector. |
|
|
|
|
For the 1 Gig and 10 Gig Ethernet units: Dependant on |
|
|
|
|
the SFPs or XFPs ordered with the unit. The options are |
|
|
|
|
Category 5 or above RJ 45 connector. 850nm Multi-mode |
|
|
|
|
fiber. 1310nm or 1550nm Single mode fiber. |
|
|
|
|
|
|
|
|
10/100 Ethernet |
Shielded Category 5 straight through cable (STP), RJ-45 |
Customer |
|
|
Management Port |
connector. |
|
|
|
|
Used when connecting through a LAN. |
|
|
|
|
|
|
|
|
|
Category 5 crossover cable with RJ-45 connector. |
Customer |
|
|
|
Required for a direct connection between the management |
|
|
|
|
station and the Datacryptor. |
|
|
|
|
|
|
|
|
RS-232 Craft Port |
Shielded copper serial cable, RS-232 DB9 connector |
Thales |
|
|
|
(female to male) |
|
|
|
|
|
|
|
|
Power receptacles |
Power supply cables |
Thales |
|
|
|
|
|
|
To meet the requirements of FCC Part 15 and the Directive 89/336/EEEU EMC C, use only shielded cables (DB-9 null modem cables and Category 5 STP cables).
To Cable the Datacryptor
The Host and Network interface transceivers that are used with the 1 Gig and 10 Gig Ethernet units are shipped separately from the Datacryptor unit, and therefore must be inserted before proceeding with the cabling operation.
The connections are the same when using any of the three types of Ethernet unit. The illustration below shows a 1 Gig Ethernet unit – please note that the management ports of the 100 Mb Ethernet unit are on its front panel.
•Either connect the RS-232 craft port directly to a PC or workstation using the supplied DB-9 null modem cable, or
•Connect the 10/100 Ethernet management port for management access:
−If connecting to a LAN, use a Category 5 STP straight-through cable with an RJ-45 connector.
−If connecting directly to a PC, use a shielded Category 5 crossover cable and make sure that the PC and management port IP addresses are on the same subnet.
1270A450-005 - June 2008 |
Page 21 |
Installation |
Datacryptor Ethernet User Manual |
Figure 5-1: Datacryptor Panel Connectors
(The 100 Mb Ethernet unit’s management ports are located on the front panel)
WARNING: (1 Gig and 10 Gig Ethernet units only) Infra-red radiation is emitted from aperture ports of single mode or multi-mode transceivers when no cable is connected. Avoid exposure and do not stare into the open apertures. Apertures should be covered when not in use.
Power on the Datacryptor
The Datacryptor software is factory-installed on the appliance. The bootable image is stored on compact flash. Applying power to the Datacryptor initializes the system, which includes:
•Initializing the components
•Performing hardware diagnostics
•Loading the software
•Diagnostic Boot sequence
To power on the Datacryptor
1.The 1 Gig and 10 Gig Ethernet Datacryptor appliances are supplied with two separate hot swappable power supply units. The 100 Mb Ethernet units have a single fixed power supply unit. The power supply units for all models of Datacryptor can be either AC or DC (-48 V).
2.The AC power supplies are auto-sensing 100 to 240 Volts 50 to 60 Hz.
3.Before applying power to the Datacryptor verify that the voltage shown on the UL label affixed to the unit’s back panel is appropriate for your site.
CAUTION: If the voltage of the Datacryptor is inappropriate for your site, do not apply power to the appliance. Contact Customer Support immediately.
Page 22 |
THALES |
Datacryptor Ethernet User Manual |
Installation |
4.On the Datacryptor’s rear panel, plug the power cords into the power receptacles. Attach the opposite ends to a power source.
The power LED illuminates when the unit is powered up. The Diagnostic Boot sequence allows the LEDs to be checked and the unit type to be verified. The sequence follows this pattern:
−All LEDs on for one second.
−A pattern which indicates the unit type for one second.
−All LEDs on for one second.
Unit Type |
Network |
|
Error |
Loopback |
Alarm |
Encrypt |
Plain |
Host |
|
|
|
|
|
|
|
|
|
100 Mb Ethernet |
_ |
|
X |
_ |
_ |
X |
X |
_ |
|
|
|
|
|
|
|
|
|
1 Gig Ethernet |
_ |
|
X |
_ |
_ |
X |
_ |
_ |
|
|
|
|
|
|
|
|
|
10 Gig Ethernet |
_ |
|
X |
_ |
_ |
X |
_ |
X |
|
|
|
|
|
|
|
|
|
Where, X is LED on, and |
_ is LED off. |
|
|
|
|
|
||
During the boot process the Datacryptor discards all traffic on its data ports.
If the boot process fails the Error LED illuminates and the Datacryptor generates a critical Error trap. If you experience a problem during the system initialization, see the troubleshooting information in Appendix G: Troubleshooting.
Software Installation
There are two software programs, the firmware resident in the Datacryptor Ethernet unit and the Element manager software.
The firmware provides the units functionality and is pre-installed. The unit has the ability to upgrade with new firmware, offering new features, without the requirement of returning the unit to Thales. Instructions on the Firmware Upgrade ability will be provided with any upgrade.
The Element Manager software is provided on the supplied CD-ROM and must be installed as directed below.
Requirements
The PC to be used for running the Element Manager must meet these minimum requirements:
•The PC must be an IBM PC or compatible that meets the minimum requirements for running the following version of Microsoft Windows:
−Microsoft Windows XP, Service Pack 2 or higher (32 and 64 bit versions).
−Note: The software may install and run on older Windows platforms, but due to Microsoft’s Support Lifecycle policy, we may be unable to support installation and runtime issues on these older platforms. Please refer to the Microsoft Support Lifecycle support web page at: http://support.microsoft.com/gp/lifecycle.
1270A450-005 - June 2008 |
Page 23 |
Installation |
Datacryptor Ethernet User Manual |
•The PC must have a pointing device (mouse), a CD ROM drive, a free serial port, and at least 228 Mb hard disk space (for the software and data files). If you want to install the Adobe Acrobat reader (included on the CD to view the manuals) this will require a further 10 MB of hard disk space.
•The user should ensure that there is at least 5Mb of memory for each copy of the Front Panel Viewer being run concurrently.
•The PC must be able to reach the Datacryptor on the Ethernet network, or alternatively be connected to the unit via a serial cable to the unit’s control port.
Installation Procedure
To install the Element Manager on the PC:
•Insert the CD-ROM containing the Element Manager software into your PC.
•This will auto-start the installation page. Select the "Install the Datacryptor Element Manager Software" link OR run the program ‘setup.exe’ from the root directory on the CD.
•Follow the instructions displayed by the installation manager.
Page 24 |
THALES |
Datacryptor Ethernet User Manual |
Connecting to Datacryptor Ethernet Units |
6 Connecting to Datacryptor Ethernet Units
There are three methods of connecting to the Datacryptor Ethernet units: Element Manager, serial connection to CLI, and SNMP.
The Element Manager GUI application is used to manage and configure the Datacryptor Ethernet device(s). It connects to the Datacryptor via the 10/100 Ethernet Management port.
A serial connection can be made to the Datacryptor Ethernet to interface to a text-based Command Line Interface (CLI). This serial interface can also be used to access the element manager software.
A third-party SNMP Version 1, Version 2c, or Version 3 compliant network management application can collect and display performance monitoring data, but may not alter any system level parameters. The only supported configuration tasks are those associated with SNMPv3 user and view based access control. SNMP traps are issued as Version 3 and authentication and encryption are supported.
Users
The Datacryptor Ethernet will encrypt everything passed to it from the host network and place it onto the public network. Because of this there is no need to create secure users for the Datacryptor Ethernet, as anyone sending information will automatically use the Datacryptor Ethernet unit.
The people who administrate and configure the Datacryptor Ethernet do need to be secure and need to be authenticated using secure methods. Certificates are loaded into the Datacryptor Ethernet units that have keys used to sign messages between the PC used for configuration and the units themselves. The AES keys used to encrypt and decrypt the data being passed between Datacryptor units are automatically generated using Diffie Hellman and the supplied Diffie Hellman parameters.
When first installing the Datacryptor, use the default password. Thales strongly recommends that the Administrator changes the password before the unit is put in service and changes from the Universal CA to their own custom CA to ensure maximum security (see the Change Password dialog section). Passwords are case-sensitive.
IP Parameter Configuration via a Serial Connection
When shipped, a Datacryptor Ethernet device has the following port settings:
|
Port |
|
IP address |
|
Net Mask |
|
|
|
|
|
|
|
Control |
|
2.2.2.2 |
|
255.0.0.0 |
|
|
|
|||
|
|
|
|
|
|
|
Ethernet management |
|
255.0.0.0 |
|
255.255.255.255 |
|
|
|
|
|
|
|
Network |
|
1.n.n.n |
|
255.0.0.0 |
|
|
|
|
|
|
To change the parameters follow the steps below:
1.Connect the Datacryptor’s RS-232 craft port directly to the terminal’s serial port using the supplied DB-9 serial cable.
1270A450-005 - June 2008 |
Page 25 |
Connecting to Datacryptor Ethernet Units |
Datacryptor Ethernet User Manual |
2.Open a terminal session through a VT-100 terminal emulation program such as HyperTerminal. Enter the connection name, the appropriate serial port (usually COM1 or COM2), and the following serial port parameters:
|
Serial Port Parameter |
|
Value |
|
|
|
|
|
|
|
Baud Speed |
|
115,200 |
|
|
|
|
||
|
|
|
|
|
|
Parity |
|
None |
|
|
|
|
|
|
|
Data Bits |
|
8 |
|
|
|
|
|
|
|
Stop Bits |
|
1 |
|
|
|
|
|
|
|
Flow Control |
|
None |
|
|
|
|
|
|
3.Switch on the Datacryptor unit.
4.As the unit boots the message CONFIG STARTUP Y/N will be shown and all the units LEDs will be lit.
5.Press Y the unit will respond by displaying a short banner and the prompt IPCONFIG>.
6.At the command prompt, type Help for a list of commands available.
Command |
Description |
HELP |
Display help for a command |
|
|
HELPKEYS |
List of keyboard usage in this command interface |
|
|
DEFAULT |
Return all IP address and net mask settings to defaults. |
|
|
DISPLAY |
Display current IP address and net mask settings |
|
|
IPFORWARD |
Enable or disable IP forwarding |
|
|
ROUTE |
Add, delete, or display IP routing data |
|
|
SET |
Set an IP address and net mask settings |
|
|
SETTIME |
Display or set the unit time (Un-commissioned Datacryptor |
|
Ethernet unit) |
|
|
SHOWLOG |
Basic display of log contents |
|
|
VERSIONS |
Display version numbers of application and bootstrap |
|
|
EXIT |
Exit the process and reboot the unit if a parameter has been |
|
changed, or just exit if no changes have been made. |
|
|
Note: Before setting the Management port’s parameters, you may want to read the IP Management tab section for some background knowledge on their values.
Page 26 |
THALES |
Datacryptor Ethernet User Manual |
Connecting to Datacryptor Ethernet Units |
7. At the IPCONFIG> prompt, type:
SET <port> <ip address> <subnet mask>
where: <port> identifies the port to be set and is one of the following:
−NETWORK (public network port),
−CONTROL (serial control port),
−ETHERNET (Ethernet management port).
<ipaddr> is IP address of a subnet to be added or deleted. <netmask value> is netmask of the subnet.
Examples
Set Control 2.2.2.2 255.255.0.0
Set network 3.4.5.6 255.255.0.0
Sets the Control (serial port) IP Address to 2.2.2.2
Sets the network port IP Address to 3.4.5.6 255.255.0.0
Note: - No two IP addresses should be the same
-IP addresses of 127.x.x.x are not allowed.
-Net masks of 0.0.0.0 and 255.255.255.255 are not allowed.
-Public and Private port addresses must be valid Class A, B or C addresses. For this reason subnet masks must comprise of consecutive 1s from the left hand side when represented in binary, for example 255.255.1.0 is invalid.
To make the unit request an Ethernet Management Port IP address from a DHCP/BOOTP server on the LAN, set its Ethernet Management Port IP address to 255.0.0.0 and net mask to 255.255.255.255 (this is an exception to the rule mentioned in the note above).
To reset the addresses to factory defaults, use the DEFAULT command.
The above section details the steps necessary to connect via the Ethernet management port.
Dial Up Networking
It is also possible to connect and run the Element Manager program via the serial Control port using Dial up Networking.
1.Ensure a serial cable is connected between your PC and the Datacryptor Ethernet unit.
2.Use the Networking wizard for your operating system to generate a Dial up connection; the following parameters should be used for the settings:
−Set up an advanced connection
−Connect directly to another computer
−Guest
−Connection Name
−Select the Com port to which you have connected the serial cable
−All users
−User Name and Password
3.Select the option for Desktop shortcut.
4.Select Finish.
1270A450-005 - June 2008 |
Page 27 |
Connecting to Datacryptor Ethernet Units |
Datacryptor Ethernet User Manual |
5.Click on the shortcut to launch the connection.
6.Select the Properties button.
7.On the General tab confirm correct connection.
8.Click Configure button and use the menu to set the maximum connection speed of 115200 bps. Set the flow control to none; the Ethernet and SONET do not support flow control.
9.On the Network tab, select TCP/IP and click Properties - enter the address 2.2.2.1.
10.Close down the Properties and click Connect.
11.A connection with the Datacryptor Ethernet will be made. Ensure the connection is made then disconnect.
Adding a Unit to Element Manager
Once the Management or Dial up connection is set up, you can connect to each Datacryptor Ethernet unit by adding an icon in the Element Manager. The Dial Up connection created earlier must be running if a serial connection is to be used.
1.Start the Element Manager, e.g. by double-clicking its icon:
2.The Element Manager Main Window will be displayed:
3.Add a new Datacryptor Ethernet unit by clicking on the New Unit icon 
or selecting the New Unit option from the File menu. This will launch the Add a New Unit Wizard:
Page 28 |
THALES |
Datacryptor Ethernet User Manual |
Connecting to Datacryptor Ethernet Units |
4.Select the unit type as Datacryptor and enter the IP address of the Datacryptor Ethernet unit. Press Enter or select Next to continue.
1270A450-005 - June 2008 |
Page 29 |
Connecting to Datacryptor Ethernet Units |
Datacryptor Ethernet User Manual |
5.Select the connection type for the Datacryptor Ethernet unit; press Enter or click on Next to continue.
6.The application will attempt to connect to the specified IP address and - if successful - display the unit's Unit Name by way of confirmation, as above. Type a descriptive name for the connection in the edit box (this will be shown in the main window below its icon).
7.Click Finish or press Enter to finish adding the new connection and Datacryptor icon, which will be displayed as a new icon in the main window like this:
Page 30 |
THALES |
Loading...