Thales Datacryptor Ethernet User Manual
  1. Manuals
  2. Brands
  3. Thales Manuals
  4. Security System
  5. Datacryptor Ethernet
  6. User manual

Thales Datacryptor Ethernet User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

All manuals and user guides at all-guides.com
®
Datacryptor
Ethernet
User Manual
1270A450-005 June 2008

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Datacryptor Ethernet and is the answer not in the manual?

Questions and answers

Related Manuals for Thales Datacryptor Ethernet

Summary of Contents for Thales Datacryptor Ethernet

  • Page 1 All manuals and user guides at all-guides.com ® Datacryptor Ethernet User Manual 1270A450-005 June 2008...
  • Page 2 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Preface Page 2 THALES...

  • Page 3: Table Of Contents

    Power on the Datacryptor ..............22 Software Installation ................. 23 Requirements ..................23 Installation Procedure ................24 6 Connecting to Datacryptor Ethernet Units............25 Users ......................25 IP Parameter Configuration via a Serial Connection ........25 Dial Up Networking................27 Adding a Unit to Element Manager ............28 Direct Invocation of Front Panel Viewer ............
  • Page 4 All manuals and user guides at all-guides.com Preface Datacryptor Ethernet User Manual Configure Dialog ..................43 Key Manager..................... 46 To commission a unit with the Commission button ......... 46 Step 1: Installing a new Certificate Authority (CA)........ 48 Step 2: Installing the authenticating CA:..........49 Step 3: Setting the unit name:..............

  • Page 5: Preface

    Thales e-Security neither shall it be used otherwise than for the purpose for which it is supplied.

  • Page 6: License Agreement And General Information

    (if an “organizational license” is purchased) owned, leased, or otherwise controlled by you, and to use the Firmware solely on the Machine sold to you by THALES or its dealers, if any, but only to operate or engage those features and/or applications for which a charge appears on your order and invoice under the terms stated in this Agreement.
  • Page 7 WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH MAY VARY FROM JURISDICTION TO JURISDICTION. THALES does not warrant that the functions contained in the Software or Firmware will meet your requirements or that their operation will be uninterrupted or error free.
  • Page 8 The period of warranty for this product starts on the date of sale to the original purchaser and ends 365 days thereafter. Thales e-Security will replace any product that fails within 90 days of the date of sale. For failures which occur more than 90 days after the date of sale, Thales e-Security will repair the product if returned, postage prepaid, to our designated repair center.

  • Page 9: Security Advisory

    DISCLAIMS ANY AND ALL LIABILITY FOR DAMAGES, INCLUDING BUT NOT LIMITED TO CONSEQUENTIAL DAMAGES, RESULTING FROM USE OF THE UNIVERSAL CERTIFICATE OR ANY OTHER CERTIFICATE SUPPLIED BY THALES e-SECURITY. Prior to use in an operational environment, please change the certificate authority, following the procedure(s) described in the Key Manager section.

  • Page 10: Contact Information

    All manuals and user guides at all-guides.com Preface Datacryptor Ethernet User Manual Contact Information SALES OFFICES Americas Europe, Middle East, Africa THALES e-Security, INC THALES e-Security LTD 2200 North Commerce Parkway Meadow View House Suite 200 Long Crendon Weston, Florida 33326 Aylesbury U.S.A.

  • Page 11: About This Document

    Introduction to this Manual There are three models in the Datacryptor Ethernet range: 100 Mb Ethernet, 1 Gig Ethernet, and 10 Gig Ethernet. Predominantly, the information in this manual applies equally to all models and as such, the device is referred to simply as the ‘Datacryptor Ethernet’. Where there are differences, the unit being described is referred to either as the 100 Mb Ethernet, 1 Gig Ethernet, or 10 Gig Ethernet, as appropriate.

  • Page 12: This Manual Is Organized Into The Following Sections

    Appendix B: Loading Datacryptor Unit Software describes how to load software into your Thales Datacryptor Ethernet unit. Your Datacryptor will be supplied pre-loaded with software, so you will only require the information in this appendix if a re-load or upgrade is needed.

  • Page 13: Overview

    1 Gig and 10 Gig Ethernet units offer encryption at Gigabit Ethernet Layer 2 transfer rates. The Datacryptor Ethernet units come in different case styles; the 100 Mb Ethernet and the 1 Gig Ethernet models are housed in a single unit height 19-inch rack case for transmission speeds up to 100 Mbps and 1000 Mbps respectively, while the 10 Gig Ethernet model uses a double height unit for 10,000 Mbps transmission speeds.
  • Page 14 All manuals and user guides at all-guides.com Overview Datacryptor Ethernet User Manual Figure 3-3: Thales Datacryptor 1 Gig Ethernet Front Panel Figure 3-4: Datacryptor 1 Gig Ethernet Rear Panel Figure 3-5: Thales Datacryptor 10 Gig Ethernet Front Panel Figure 3-6: Datacryptor 10 Gig Ethernet Rear Panel...

  • Page 15: Product Features

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Overview Product Features Installation Key management Mount in any standard 19” rack Diffie-Hellman key exchange • • or on a tabletop (groups 1, 2, and 5) Interfaces Encryption The 100 Mb Ethernet has two Advanced Encryption Standard •...

  • Page 16: Element Manager

    The PC can connect to a Datacryptor Ethernet unit to manage it using the IP protocol over a standard 10/100 Ethernet connection. The PC can also connect to a Datacryptor Ethernet unit using PPP protocols via a serial connection.

  • Page 17: Background Information

    Figure 4-1. An Example of a Site to Site Ethernet Layer 2 connection A site-to-site VPN application is shown above. The Thales Datacryptor Ethernet is deployed on either side of the connection, securing the data transmitted across the untrusted public network.

  • Page 18: Security Terms

    Jumbo frames - Jumbo frame is the name given to frames larger than the standard Ethernet MTU of 1500 bytes. The Datacryptor Ethernet encryptor does not have an MTU limit and will therefore allow Jumbo frames. Frame size is only limited if fragmentation is enabled.

  • Page 19: Installation

    Remove all product components from the shipping carton and compare the contents to the packing list. Keep all packaging in case it is necessary to return the appliance. The Datacryptor is packaged with the following items: Datacryptor Ethernet, with the Datacryptor firmware and software factory-installed on • the appliance.

  • Page 20: Cabling Requirements

    Requirements section below for more information. Cabling Requirements The following table outlines the cabling requirements for each port on the Datacryptor Ethernet. The connector type listed indicates only what is required to connect to the Datacryptor’s port, and may or may not be the same connector type required for the other end of the cable.

  • Page 21: To Cable The Datacryptor

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Installation Port Cabling Supplied By Network and Host For the 100 Mb Ethernet unit: Category 5 or above Customer Port RJ-45 connector. For the 1 Gig and 10 Gig Ethernet units: Dependant on the SFPs or XFPs ordered with the unit.

  • Page 22: Power On The Datacryptor

    All manuals and user guides at all-guides.com Installation Datacryptor Ethernet User Manual Figure 5-1: Datacryptor Panel Connectors (The 100 Mb Ethernet unit’s management ports are located on the front panel) WARNING: (1 Gig and 10 Gig Ethernet units only) Infra-red radiation is emitted from aperture ports of single mode or multi-mode transceivers when no cable is connected.

  • Page 23: Software Installation

    Appendix G: Troubleshooting. Software Installation There are two software programs, the firmware resident in the Datacryptor Ethernet unit and the Element manager software. The firmware provides the units functionality and is pre-installed. The unit has the ability to upgrade with new firmware, offering new features, without the requirement of returning the unit to Thales.

  • Page 24: Installation Procedure

    All manuals and user guides at all-guides.com Installation Datacryptor Ethernet User Manual The PC must have a pointing device (mouse), a CD ROM drive, a free serial port, and at • least 228 Mb hard disk space (for the software and data files). If you want to install the Adobe Acrobat reader (included on the CD to view the manuals) this will require a further 10 MB of hard disk space.

  • Page 25: Connecting To Datacryptor Ethernet Units

    Users The Datacryptor Ethernet will encrypt everything passed to it from the host network and place it onto the public network. Because of this there is no need to create secure users for the Datacryptor Ethernet, as anyone sending information will automatically use the Datacryptor Ethernet unit.
  • Page 26 All manuals and user guides at all-guides.com Connecting to Datacryptor Ethernet Units Datacryptor Ethernet User Manual 2. Open a terminal session through a VT-100 terminal emulation program such as HyperTerminal. Enter the connection name, the appropriate serial port (usually COM1 or...

  • Page 27: Dial Up Networking

    It is also possible to connect and run the Element Manager program via the serial Control port using Dial up Networking. 1. Ensure a serial cable is connected between your PC and the Datacryptor Ethernet unit. 2. Use the Networking wizard for your operating system to generate a Dial up connection;...

  • Page 28: Adding A Unit To Element Manager

    9. On the Network tab, select TCP/IP and click Properties - enter the address 2.2.2.1. 10. Close down the Properties and click Connect. 11. A connection with the Datacryptor Ethernet will be made. Ensure the connection is made then disconnect.
  • Page 29 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Connecting to Datacryptor Ethernet Units 4. Select the unit type as Datacryptor and enter the IP address of the Datacryptor Ethernet unit. Press Enter or select Next to continue. 1270A450-005 - June 2008...
  • Page 30 Connecting to Datacryptor Ethernet Units Datacryptor Ethernet User Manual 5. Select the connection type for the Datacryptor Ethernet unit; press Enter or click on Next to continue. 6. The application will attempt to connect to the specified IP address and - if successful - display the unit's Unit Name by way of confirmation, as above.
  • Page 31 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Connecting to Datacryptor Ethernet Units 8. Now, double-click on the new Datacryptor icon to connect to it. A splash screen will be displayed whilst connecting to the unit and within a minute this should display the Front Panel Viewer for the unit - an example for the 100 Mb Ethernet Datacryptor is given below.

  • Page 32: Direct Invocation Of Front Panel Viewer

    3. The Element Manager Supply IP Address will be displayed. Enter the IP address of the Datacryptor Ethernet unit and press Enter or OK to continue. After a few seconds this should display the Front Panel Viewer as shown in Step 8 of the previous section.
  • Page 33 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Connecting to Datacryptor Ethernet Units This provides a mechanism for another application (e.g. an SNMP network manager) to invoke the Front Panel Viewer for a specified Datacryptor unit. If Dc2k.exe is invoked without any parameters, it will prompt the user to enter the IP address of the unit to connect to.

  • Page 34: Element Manager Reference

    All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual 7 Element Manager Reference The Element Manager consists of the following components: The Main Window • The Front Panel Viewer • The Configure dialog • Key Manager •...

  • Page 35: Main Window Pull-Down Menus

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference Main Window Pull-down Menus The pull-down menus are: File, Edit, View, Tools and Help. File The following options are available from the File pull-down menu: Menu Option...

  • Page 36: Tools

    Ping (test) a specified IP address on a network. Allows the Time To Live (TTL), packet size and Timeout to be selected. This does not apply to Datacryptor Ethernet units and is grayed out. Options Displays the Datacryptor Options dialog, to control operation of the management application.
  • Page 37 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference To connect to a Datacryptor unit: 1. Double-click its icon. 2. Once the connection has been made, the Front Panel Viewer will be displayed showing information read from the unit. This dialog provides access to all the Datacryptor unit management facilities described throughout this guide.

  • Page 38: Front Panel Viewer

    Datacryptor Ethernet User Manual Front Panel Viewer A splash screen is displayed when you attempt to connect to a Datacryptor Ethernet unit. This process should normally complete within a few seconds but might take up to one minute. You can abort the connection attempt from the splash screen by pressing its Cancel button. Note that the text on the splash screen may change from "Identifying unit"...
  • Page 39 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference 100 Mb Ethernet Front Panel Viewer 1 Gig Ethernet Front Panel Viewer 1270A450-005 - June 2008 Page 39...
  • Page 40 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual 10 Gig Ethernet Front Panel Viewer The management facilities are provided by the View Logs and Properties buttons. If View Logs or the Properties buttons are grayed out, they are inaccessible because you haven't logged in yet - use the Login button to do so.

  • Page 41: User Key Material

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference Beneath the front panel diagram are five large buttons that provide direct access to • management facilities (see the Front Panel Viewer buttons section below). Pressing F5 while using the Front Panel Viewer will cause a refresh of all Note: displayed settings from the unit.

  • Page 42: The Front Panel Viewer Buttons

    Configure: This button displays a dialog, which allows you to set properties that control • how the Front Panel Viewer manages passwords and session timeout. License Management: This button is not used in the Datacryptor Ethernet. • Page 42 THALES...

  • Page 43: Configure Dialog

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference Help: The Help button launches the help application displaying the help file for the • dialog. Close: The Close button closes the Front Panel Viewer. •...
  • Page 44 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual Extended files, including those that have been automatically upgraded, should not be used in previous versions of the Front Panel Viewer as that could make them unusable in this current version.
  • Page 45 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference The user will be blocked from further attempts for this time. Once the block time has expired the user will again be allowed to attempt to log in.

  • Page 46: Key Manager

    As previously stated when the Datacryptor Ethernet unit is supplied from the Manufacturer, Thales e-Security provides the CA that is loaded. When first commissioned the unit may require testing and the Universal CA provided on the Datacryptor Element Manager CD-ROM can be used.
  • Page 47 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference 2. Click the Commission button at the top of the dialog. This will start the Commissioning Wizard, which begins by displaying an overview of the process as shown below: The first item in the list will be Installing a Certificate Authority (CA) as shown above.

  • Page 48: Step 1: Installing A New Certificate Authority (Ca)

    All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual Step 1: Installing a new Certificate Authority (CA) Units are normally delivered under the control of the manufacturer CA (DC2K Manufacturer), with the Universal CA available on disk; this dialog allows you to transfer control to a different custom CA: 1.

  • Page 49: Step 2: Installing The Authenticating Ca

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference Step 2: Installing the authenticating CA: Insert the diskette containing the authenticating CA's .CA file and enter the path to the .CA file (or use the Browse button to find it). Click the Next button to proceed to step 3.

  • Page 50: Step 3: Setting The Unit Name

    Datacryptor Ethernet User Manual Step 3: Setting the unit name: Each Datacryptor Ethernet unit within a User Group must have a different name. You can either leave the unit name as delivered (since units are manufactured with unique names – the same as the serial number) or change it now, according to your security procedures.

  • Page 51: Step 4: Generating A Certificate

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference Step 4: Generating a Certificate: 1. Enter the path to the .DHP File (Diffie-Hellman Parameters), or use the Browse button to select it. 2. Specify the dates between which the Certificate is valid in the Effective Date (start) and Expiration Date (finish) fields.
  • Page 52 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual 1. Click Finish to begin the commissioning process, which will take a few seconds. 2. When commissioning has completed, confirm that the Datacryptor unit's LEDs are flashing (which indicates that the unit has been commissioned successfully).

  • Page 53: Login Dialog

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference Login Dialog This dialog is displayed when you select the Login button from the Front Panel Viewer, to login to gain access to the unit management facilities.

  • Page 54: Logs Window

    Logs Window The Datacryptor Ethernet monitors network operations and records information in an audit log about network events or operations specific to a device. The audit log reconstructs an exact sequence of network events or device operations. The audit log configuration determines the types of events that it records.
  • Page 55 They appear on the display as ‘Internal Error’ but, when saved to disk as a text file, the text is expanded. When seen, these should be reported to the Support department at Thales e-Security for investigation. New errors will cause the Error LED to flash. Once they have been read, the...

  • Page 56: Properties Dialog

    All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual Properties Dialog The Properties dialog is displayed when you select the Properties button in the Front Panel Viewer. The image shown on the dialog will reflect the model of Ethernet Datacryptor that you are using.

  • Page 57: The General Tab

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference Each of the tabs will now be described in turn. The General Tab The properties on the General tab control the general behavior of the unit. The image shown on the General tab will reflect the model of Ethernet Datacryptor that you are using.
  • Page 58 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual Cable detected: the types of cable connected to the unit. Save: stores the current properties in a named file, which can then be loaded using the Load button (for example, to restore the settings after a unit has been reset to factory defaults).

  • Page 59: The Diagnostics Tab

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference The Diagnostics Tab The Diagnostics tab will provide a range of diagnostic aids. Currently, it provides two diagnostic facilities: Reboot: click this button to reboot the unit as if it had been turned off and on again. (This...
  • Page 60 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual CAUTION: Rebooting the device interrupts the data traffic on the Host and Network ports. Erase: click this button to erase the unit’s Key material. Basic unit Configuration will not be lost, i.e.

  • Page 61: The Ip Management Tab

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference Note: The loopback mode is regarded as a transient feature intended purely as an aid to troubleshooting. Therefore when the unit is rebooted the loopback options are set to Disabled.

  • Page 62: Configuring Snmp

    All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual Configuring SNMP Datacryptor units record all significant management and error events in their logs for later examination, but can also be configured to report them immediately to a central location, by using the SNMP protocol - to help centralize and simplify management.
  • Page 63 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference − Enter the Location and Contact information for this unit. Both edit boxes accept spaces and alphanumeric characters. There is a limit of 255 characters for each field.
  • Page 64 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual 5. Click OK to add the community. To edit an SNMP community: Select the entry to edit by clicking on it, and then click the Edit button.
  • Page 65 To enable or disable SNMP traps for this unit, use the appropriate Enable checkboxes for the each version of SNMP. When defining an SNMP Trap that is not on a local network connection, the Datacryptor Ethernet must have a route defined for the address in order for the Traps to be delivered to the SNMP Manager.
  • Page 66 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual − Trap Address: Type the IP address of the SNMP trap manager. − Community: This field is unused because the unit only issues SNMP Version 3 traps.
  • Page 67 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference Adding SNMPv3 Trap Managers: When using SNMPv3 you are able to specify whether the reports will use authentication alone, or authentication and privacy combined, or no security at all.
  • Page 68 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual Page 68 THALES...
  • Page 69 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference To edit an SNMP trap manager: 1. Select the entry to edit by clicking on it, and then click the Edit button. 2. Edit the entries in the Edit Trap Manager dialog as required, and then click OK.

  • Page 70: Ip Route Config

    All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual IP Route Config Selecting this button on the Properties - IP Management tab will display the IP routes dialog detailing the IP routes that have been defined for this unit and providing facilities to maintain the IP routes list: Use the Add, Edit and Delete buttons to manage the required list of IP routes.

  • Page 71: The Security Tab

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference The Security Tab The properties on the Security tab control crucial aspects of the security of the Datacryptor unit. They are as follows: KEK: the longest time that the unit will use a KEK for, in days, hours, minutes.
  • Page 72 (This disables the previous 4 controls until you uncheck it.) Retry every minute - with this box checked the Datacryptor Ethernet will try to poll for • lost peers every minute, this is the default behavior. If the "retry every minute" box is unchecked the Datacryptor Ethernet will gradually increase the time intervals between attempted key exchanges.

  • Page 73: The Rip Tab

    The Datacryptor Ethernet supports versions RIP-1 and RIP-2. RIP Compatibility This set of radio buttons is used to select which version of RIP that the Datacryptor Ethernet is using: Off - this switches off compatibility with any version of RIP. No RIP messages •...
  • Page 74 If a router matches its own RIP password with that of the RIP response authentication entry it will accept the routing information in the RIP response. Tick this check box to enable the inclusion of authentication entries in RIP 2 messages sent from the Datacryptor Ethernet. Password This field contains the password to be associated with the authentication entry.

  • Page 75: The Ethernet Comm Tab For 1 And 10 Gigabit Datacryptors

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference The Ethernet Comm Tab for 1 and 10 Gigabit Datacryptors The properties on the Ethernet Comm tab control the communications settings of the Datacryptor unit. The Comm tab illustrated in this section applies to the 1 Gig Ethernet unit.
  • Page 76 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual The unit can be rebooted using the option available on the Diagnostic tab Interface Mode - Allows the Host and network interfaces to be switched Up/Down.

  • Page 77: The Ethernet Comm Tab For 100 Mb Datacryptor

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference The Ethernet Comm Tab for 100 Mb Datacryptor The properties on the Ethernet Comm tab control the communications settings of the Datacryptor unit. They are as follows: Mode- Selects one of two options for the transmission mode.
  • Page 78 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual The unit can be rebooted using the option available on the Diagnostic tab Interface Mode - Allows the Host and network interfaces to be switched Up/Down.

  • Page 79: The Ethernet Encryption Tab

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference The Ethernet Encryption Tab The Ethernet Encryption tab shows the Current Encryption mode in use by the unit. Target Encryption mode: This allows you to select the target or required encryption mode using the drop down menu.

  • Page 80: The Expert Tab

    All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual The Expert Tab The Ethernet Expert tab allows to Enable CTS Mode. The Ethernet Expert tab is not shown when using the 10Gig Ethernet unit since CTS mode is always enabled for the 10Gig Ethernet unit.

  • Page 81: The Ethernet Tunneling Tab

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference The Ethernet Tunneling Tab The Ethernet Tunneling tab will only be present when Tunneling mode is selected on the Ethernet Comm tab. Note: The Tunneling Settings section, which includes the Fragmentation Size item, is not displayed for the 10Gig Ethernet unit.
  • Page 82 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual This is entered by selecting the Change button, the following dialog is shown. Enter the required address in the boxes shown. Movement between the boxes can be achieved by using the mouse or the tab and shift tab key combinations.
  • Page 83 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference This gives the option of setting a maximum of four rules on both the Host to Network and Network to Host ports. Selecting the New Rule button will open the Filter Rule dialog.
  • Page 84 All manuals and user guides at all-guides.com Element Manager Reference Datacryptor Ethernet User Manual MAC Address The destination and source addresses are standard MAC addresses with the added option of using the *wildcard character (see below) to enable a range of addresses to be identified.

  • Page 85: The Environment Tab

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Element Manager Reference The permissible range for Fragmentation Size is: • Gigabit Ethernet: 0 = no fragmentation, 256 ≤ Fragmentation Size ≤ 16300 • 10/100 Mb Ethernet: 0 = no fragmentation, 256 ≤ Fragmentation Size ≤ 2000.

  • Page 86: Appendix A: Device Maintenance

    All manuals and user guides at all-guides.com Appendix A: Device Maintenance Datacryptor Ethernet User Manual Appendices Appendix A: Device Maintenance Periodically perform maintenance on your Datacryptor. • Keep components free of dust and other particulate matter. • Check fans for reduced airflow caused by dust build-up and clean as necessary.
  • Page 87 The Datacryptor contains a lithium battery, which has a typical life expectancy of 10 years, dependant on usage. The Datacryptor must be returned to Thales for battery replacement. WARNING: Risk of explosion if battery is replaced by an incorrect type. Dispose of used batteries according to the instructions.

  • Page 88: Appendix B: Loading Datacryptor Unit Software

    All manuals and user guides at all-guides.com Appendix B: Loading Datacryptor Unit Software Datacryptor Ethernet User Manual Appendix B: Loading Datacryptor Unit Software Datacryptors are factory pre-loaded with the required ‘application’ software and protocol data. However, if a new version of software needs to be loaded into a Datacryptor, the following procedure describes how to carry out the operation using the Image Loader utility, which will be provided with the new version of software.
  • Page 89 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix B: Loading Datacryptor Unit Software 3. Select the COM port that the Datacryptor is connected to, using the pull down menu. This is COM1 by default. 4. If the Datacryptor application is already running, you may choose the Ethernet radio button.
  • Page 90 All manuals and user guides at all-guides.com Appendix B: Loading Datacryptor Unit Software Datacryptor Ethernet User Manual 4. The Image Loader may also perform other "housekeeping" tasks such as generation of correct Ethernet address and IP addresses used by later software, if these are missing. If housekeeping tasks are performed, you will be notified in the Status Messages.
  • Page 91 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix B: Loading Datacryptor Unit Software Operations during Ethernet Code Loading The following operations are only applicable if you are using an Ethernet connection for loading. 1. The Image Loader will try to initialize communications with the Datacryptor.
  • Page 92 All manuals and user guides at all-guides.com Appendix B: Loading Datacryptor Unit Software Datacryptor Ethernet User Manual 2. Once the hardware has been validated, select the Image Loader file (.ilf file) containing the Datacryptor application image (e.g. dc2k.ilf). Select the file and click OK.
  • Page 93 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix B: Loading Datacryptor Unit Software 3. Image Loader will begin uploading the code contained in the Image Loader file. 1270A450-005 - June 2008 Page 93...
  • Page 94 All manuals and user guides at all-guides.com Appendix B: Loading Datacryptor Unit Software Datacryptor Ethernet User Manual Completing the Upload 1. Progress of the load is shown via the Upload Progress bar and you will be notified when this is finished. If ‘Save Log Events’ was selected, a dialog will now prompt you for the file name and location for saving the log file.

  • Page 95: Appendix C: Product Specifications

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix C: Product Specifications Appendix C: Product Specifications System Specifications Interfaces - Host and network ports (see Appendix E for transceiver details used with the 1 Gig and 10 Gig Ethernet Datacryptors)

  • Page 96: Appendix D: Environmental & Regulatory

    All manuals and user guides at all-guides.com Appendix D: Environmental & Regulatory Datacryptor Ethernet User Manual Appendix D: Environmental & Regulatory Environmental Specifications Description Value Temperature 5-40 degrees C (40 to 104 degrees F) Humidity 10% to 90% at 25°C (77°F) non-condensing, failing to 50% maximum at 40°C (100°F)
  • Page 97 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix D: Environmental & Regulatory Interference-Causing Equipment Standard Compliance Notice (Canada) "This Class B digital apparatus meets all requirements of the Canadian-interference causing Regulations." Cet appareil numérique de la classe B est respecte toutes les exigences du Règlement sur le matériel du Canada.

  • Page 98: Appendix E: Sfp And Xfp Interfaces

    All manuals and user guides at all-guides.com Appendix E: SFP and XFP Interfaces Datacryptor Ethernet User Manual Appendix E: SFP and XFP Interfaces The Datacryptor 1 Gig Ethernet unit is supplied with Small Form Factor Pluggable (SFP) interfaces (see above), using single-mode fiber or multi-mode fiber (MM SPF), as specified at the time of ordering.

  • Page 99: Appendix F: Preventing Electrostatic Discharge

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix F: Preventing Electrostatic Discharge Appendix F: Preventing Electrostatic Discharge Electrostatic discharge (ESD) can damage electronic components and equipment. ESD occurs when electronic components are improperly handled and can result in complete or intermittent failures. Always follow ESD-prevention procedures when removing and replacing components.

  • Page 100: Appendix G: Troubleshooting

    Appendix G: Troubleshooting Datacryptor Ethernet User Manual Appendix G: Troubleshooting This appendix is provided to aid you in determining basic problems with your Thales Datacryptor Ethernet unit. If you cannot resolve the problem using this troubleshooting guide, please contact Thales customer support.
  • Page 101 If the condition persists then it could indicate that the temperature is above the level required for reliable operation and the unit should be returned to Thales for investigation/Repair. 1270A450-005 - June 2008 Page 101...

  • Page 102: Appendix H: Snmp Mib Support

    Because the Datacryptor Ethernet is a security device, the SNMPv3 implementation in the Datacryptor Ethernet is more restrictive than specified in the standard RFCs listed above. In general, we have disabled most of the SET operations in order to protect critical security parameters, configuration items, and device attributes.
  • Page 103 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix H: SNMP MIB Support MIB Name Description DC2K-MIB-RFC1213 RFC 1213 defines the Management Information Base (MIB-II) for use with network management protocols in TCP/IP-based internets. The Datacryptor supports the majority of read-write attributes in this MIB as read-only in order to preserve the security of sensitive attributes.
  • Page 104 All manuals and user guides at all-guides.com Appendix H: SNMP MIB Support Datacryptor Ethernet User Manual MIB Name Description DC2K-MIB-RFC2863 RFC 2863 defines a portion of the Management Information Base (MIB-II). Specifically, it defines objects for the management of network interfaces.

  • Page 105: Appendix I: Log And Snmp Trap Numbers

    There are a number of log/trap message numbers, usually failures, that have the same text; this is because the effect the user experiences can be caused by subtly different internal events occurring. Logging these events differently can help Thales e-Security diagnose complex support issues.

  • Page 106: Log Trap Errors Hardware

    All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Trap Errors Hardware Log Type Code Trap Severity Message Information Error Critical Random no. generator fault (Hardware) Error Critical Real time clock faulty...
  • Page 107 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information Error Major Alarm condition: movement Unit recovered from alarm (Hardware) alarm activated and noted movement...

  • Page 108: Log Trap Errors Software

    All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information Error Minor Decrypt Clock Now in Range Decrypt clock fault cleared (Hardware cleared) Error Minor...
  • Page 109 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information Error Warning Corrupt Log text entries (Software) Error Warning Inconsistent Log error counts (Software) Error...

  • Page 110: Key Errors

    All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Key Errors Log Type Code Trap Severity Message Information Warning No response from peer No response from peer when waiting for Key...
  • Page 111 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information Minor DEK exchange unsuccessful Unexpected time out in key exchange - connection may be lost or units may...
  • Page 112 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information Minor Certificate exchange Unexpected time out in unsuccessful key exchange - connection may be lost or units may...
  • Page 113 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information Minor Certificate exchange Generated by master unit unsuccessful when attempting to perform a Key Exchange...
  • Page 114 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information Major Failed to set line mode Conditions are not met to enter encryption mode Major...
  • Page 115 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information Informational Key Material erased 1000 Warning Peer reported no response This may indicate an from us?
  • Page 116 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information 1012 Warning Peer reported DEK exchange Unexpected time out in unsuccessful key exchange – connection may be lost or...
  • Page 117 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information 1024 Warning Peer reported Certificate Unexpected time out in exchange unsuccessful key exchange – connection may be lost or...
  • Page 118 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information 1042 Warning Peer reported commissioning Unexpected time out in unsuccessful protocol – connection may be lost or units may be...
  • Page 119 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information 1063 Minor Peer reported DEK exchange unsuccessful 1064 Minor Peer reported DEK exchange unsuccessful 1065...
  • Page 120 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information 2018 Minor No Encrypt channel is The maximum number of available encrypt slots has been reached.
  • Page 121 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information 2044 Minor SA set to Trunk by Peer Trunk Mode not supported by Datacryptor 2045...
  • Page 122 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information 2064 Minor Peer Failed to Add SA, Auto- Notify is Disabled 2065 Minor SA is Offline, Peer Unit has...

  • Page 123: Audit Errors

    All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Audit Errors Log Type Code Trap Severity Message Information Audit Informational Session started User has successfully logged into unit Audit Informational Session stopped...
  • Page 124 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information Audit Informational Encrypt mode configured Audit Informational Standby mode configured by peer Audit Informational Plain mode configured by...
  • Page 125 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information Audit Major Keylock moved to Transport Audit Major Keylock moved from Transport Audit Major Keylock moved to Erase...
  • Page 126 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information Audit Critical Primary mode reboot: KAT The encryption algorithm test failure failed a "Known Answer Test"...
  • Page 127 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information Audit Major Primary: Response back from Hot standby: primary unit Private virtual IP address has detected itself,...
  • Page 128 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information Audit Informational SNMP configuration updated Audit Major Random No. Generator Random number DISCONNECTED generator has stopped -...
  • Page 129 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information Audit Informational RIP-2 authentication enabled Audit Informational RIP-2 authentication disabled Audit Informational RIP metric changed...
  • Page 130 All manuals and user guides at all-guides.com Appendix I: Log and SNMP Trap Numbers Datacryptor Ethernet User Manual Log Type Code Trap Severity Message Information Audit Informational ToS byte passthrough in tunnel mode disabled Audit Informational SNMP MIB VIEW enabled...
  • Page 131 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix I: Log and SNMP Trap Numbers Log Type Code Trap Severity Message Information Audit Critical Hardware Monitor reports This can be due to fan, alarm heat, or power failure.

  • Page 132: Appendix J: Glossary Of Terms

    All manuals and user guides at all-guides.com Appendix J: Glossary of Terms Datacryptor Ethernet User Manual Appendix J: Glossary of Terms Advanced Encryption A symmetric algorithm (same key for encryption and decryption) Standard (AES) using block encryption of 128 bits in size, supporting key sizes of 128, 192 and 256 bits.
  • Page 133 All manuals and user guides at all-guides.com Datacryptor Ethernet User Manual Appendix J: Glossary of Terms Element Manager (EM) Application used to manage Datacryptor Ethernet devices and is used to launch the Front Panel Viewer (FPV) application. Encrypted data Transformed plaintext data to ciphertext.
  • Page 134 All manuals and user guides at all-guides.com Appendix J: Glossary of Terms Datacryptor Ethernet User Manual Public Key In public key cryptography different keys are used for encryption Cryptography and decryption. The public key is public, but the private key is known only to its owner.

Table of Contents

Save PDF