Contents About This Administrators Guide Attention Introduction Overview................................6 Administrative Functions..........................6 Hardware Setup Before You Begin.............................. 7 Safety Instructions............................7 Tampering Prevention and Detection......................8 Using Qualified Peripheral Devices Only......................8 Supported Card Readers..........................10 Secure Installation Guidelines........................10 Secure Administrative Operation........................11 Operation Power ON...............................
Page 3
How does the Administrator Logon Function work?..................28 Format of Information Displayed in Text Editor..................... 29 Administrator Configuration Menu........................29 Log/Event Audit code.............................32 This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without the express prior written consent of Raritan, Inc.
About This Administrators Guide This Administrators Guide is intended for authorized administrators. The guide helps you audit logs and configure your Raritan Secure Switch system. To maximize security, the administrator should audit logs/events record and the Raritan Secure Switch configuration on a routine basis. The following Raritan Secure Switch models and are covered in this Administrators Guide.
Attention Read the following sections before operating the Secure Switch. ▶ Important Message: The device is equipped with a 3-wire grounding type plug as safety. If you are unable to insert the plug into the outlet, contact your electrician to replace your obsolete outlet. Do not attempt to defeat the purpose of the grounding-type plug.
Introduction In This Chapter Overview........................6 Overview Raritan Secure Switch series is NIAP-certified and compliant with NIAP PP 4.0 (Protection Profile for Peripheral Sharing Switch version 4.0) requirements, meeting the latest security requirements set by the U.S. Department of Defense for peripheral sharing switches. Compliance ensures maximum information security while sharing a single set of HIDs (keyboards, mice, speakers, and CAC readers) between multiple computers.
Hardware Setup In This Chapter Before You Begin......................7 Safety Instructions.......................7 Tampering Prevention and Detection................. 8 Using Qualified Peripheral Devices Only..............8 Secure Installation Guidelines...................10 Secure Administrative Operation................11 Before You Begin Before using the Secure Switch, make sure you have read Attention (on page 5).
• If an extension cord is used with this device make sure that the total of the ampere ratings of all products used on this cord does not exceed the extension cord ampere rating. Make sure that the total of all products plugged into the wall outlet does not exceed 15 amperes. •...
Page 9
▶ USB keyboard and mouse: • The Secure Switch only supports a standard USB keyboard and mouse (or pointing device). • DO NOT use the following keyboards and/or mice. • A wireless keyboard or mouse • A keyboard or mouse with internal USB hub •...
Do not connect a microphone to the Secure Switch's audio output port, including a headset with the microphone. ▶ ™ NO Thunderbolt technology devices: ™ • DO NOT connect any Thunderbolt technology device. ▶ USB card reader (optional): • The Secure Switch's USB CAC port supports only authorized User-Authentication Devices by default, such as a USB smart card or CAC reader.
• TEMPEST computers • Telecommunications equipment • Frame grabber video cards • Special audio processing cards • Before installation, make sure the power sources to all devices involved in the installation are turned off. • Hot-swapping of the console monitor is NOT supported. You must power OFF the Secure Switch and console monitor before changing or re‑...
Operation In This Chapter Power ON........................12 Manual Switching......................13 LED Indicators......................13 Chassis Intrusion Detection..................14 Power ON When you power on, reset, or power cycle the Secure Switch, the Secure Switch will perform a self-test on the following items to check the device’s integrity and security functions. •...
▶ KVM reset: This Administrator function allows the authorized Administrator to reset the KVM configuration to factory default. For actual instructions, refer to Reset to Factory Default (on page 19) in the Administrator Functions Section. Manual Switching For enhanced security, the Secure Switch offers manual port switching only. This is achieved by pressing the port-selection pushbuttons located on the Secure Switch’s front panel.
Port LED The port LEDs are located on the front panel to indicate the port selection or computer connection status. • Online – Lights up in WHITE to indicate that the computer attached to its corresponding port is up and running.
Administrator Functions The Secure Switch's Administrator Functions allow authorized Administrator to configure this product, configure user authentication device filtering, and audit log data generated by the Secure Switch. • Log data audit: Log data generating and recording is activated when the Secure Switch is manufactured, and cannot be disabled or erased.
Administrator Logon After Installation for Administrator Logon (on page 15), 1. Open a text editor on the connected computer. 2. Use the console keyboard for the following procedure: a. Press and hold down the [Ctrl] key, and then press the [F12] key. Ctrl + F12 b.
Log data audit Log data recording is activated when the Secure Switch is manufactured, and cannot be disabled or erased. After the successful Administrator Logon, type the command [LIST] to view logs data in the text editor. • The command "LIST" displays Administrator Functions. Administrator Logon Mode ID: Administrator Please enter password: ********...
• DATE-TIME: Current Date and Time in UTC. • MFG_DATE: Manufacturing Date (in UTC) of the Secure Switch. • TAMP_TEST: The Secure Switch's Tamper protection test status. • HW_TEST: The Secure Switch's hardware self-test status. • FW_TEST: The Secure Switch's firmware self-test status. •...
This function allows the Administrator to configure the Secure Switch to accept or reject specific USB devices (for CAC Port), and reject specific HID devices (for Keyboard / Mouse Ports). CAC Port device filtering can also be configured via Raritan’s Port Authentication Utility. For detailed information on port authentication utility, refer to Raritan's Port Authentication Section in this Administrator Guide.
Port Authentication Utility The Raritan Secure Switch offers a Port Authentication Utility to allow authorized administrator to configure the Secure KVM to accept or reject specific USB devices. Through secured access and authentication process, device filtering can be done through the Port Authentication Utility. Administrators can create a list and add to Blocklist/Allowlist to the USB CAC Port filter which by default supports a USB Smartcard or a CAC reader as authentication device.
Port Authentication Utility Operation Set Password Open the Port Authentication Utility installed on the secure source computer. 1. First time you will be prompted to enter the default password ( abcd@XYZ#1357! (case sensitive)). 2. You will be forced to change the password. A strong password of 8 to 22 characters in length, should have 1 lower case letter, 1 upper case letter, 1 numeric character, and 1 special character.
Operation Interface After the new password has been confirmed, you will be prompted to create a new filter list or open an existing filter list. The operation interface allows you to add, remove, or edit filtering rule entries to the Blocklist or the Allowlist.
Page 24
Menu: Menu offers options to create new Blocklist/ Allowlist filter, save an edited filter, open/import an existing filter in source computer, update the Secure KVM filter and change password. Blocklist /Allowlist Area: Filtering rules added to the Blocklist/Allowlist will be displayed in these areas.
Page 25
The filtering rules listed in the Blocklist area can be edited, deleted, or moved to the Allowlist and vice versa. A maximum of 32 filtering rules can be added to the Blocklist, and another 32 filtering rules can be assigned to the Allowlist. Note: If a device is added to the Blocklist, it will be blocked from all Secure KVM ports.
Page 26
Retrieve from the device Retrieve USB device value from the device on the Secure KVM USB CAC Port. In addition to manually typing the value for each filtering rule, you can retrieve the USB device info from the USB device connected to the Secure KVM USB CAC Port.
Page 27
Base class Sub class Protocol Device Smart Card device Note: When adding the value to Class, Sub-Class, Protocol, PID or VID field, the last digit “h” can be ignored. For example, when adding “0Bh” to the Class ID filed, just type “0B” ▶...
Page 28
▶ To exit the port authentication utility: Choose the "Exit" option in the drop-down menu to exit Port Authentication Utility.
Administrator Log Audit Code • Basic Administrator Logon Functions has been described in the Administrator Guide. • Details of Administrator Functions will be available only to Raritan Secure KVM Customers, rather than to the general public • Some special Log/Event data logs (such as KVM shut down due to tampering, KVM locked) can only be decoded by the Secure KVM Switch manufacturer* ▶...
Format of Information Displayed in Text Editor Administrator Logon Mode ID: Administrator Please enter password: ******** Logon ok. LIST DATE-TIME= 25-12-2016_17:23:05_UTC MFG_DATE= 23-12-2016 TAMP_TEST= PASS HW_TEST= PASS FW_TEST= PASS FW_CHECKSUM= xxxx AUDT_ST 23-12-2021_18:23:07_UTC AUDT_SP NA FW_VER= v1.1.101 TTL_LOGS= 8 ----------------------------------------------------------------------------------------------- No.
Page 31
Administrator must press the number of an option to perform the configuration. ▶ Example: If Administrator wants to audit logs and events, Administrator presses “1” to access the 2nd Level of text menu. If Administrator presses “2” after the options of second level menu are displayed in the text editor, all critical logs and events will be displayed in the text editor.
Page 32
▶ Text Menu Levels and Options Text Menu Level 1 Text Menu Level 2 [1-2] Display logs & events. Please choose an option. 1. Show all logs & events 2. Show critical logs & events 1. Show logs and events 3.
[6-2] Reset KVM & CAC filter, & KB_MS filter to factory default. Please choose an option 6. Reset KVM to Default 1. Continue 7. Return 8. Exit logon session ▶ Notes: * The “Show info of all added devices” option lists only devices added by the Administrator on the KVM switch through the Administrator Logon function.
Page 34
Administrator password change PWCO (Critical area keeps only the last password change event; This event will also be logged in Non-critical area) Administrator performs Reset to Factory Default RSTO (Critical area keeps only the last Administrator Reset to Factory Default event) ADML KVM locked due to Administrator’s failure attempts to login Yes ADCWO Administrator changes CAC port Allowlist...
Page 35
BTNJ Button jam detected TMPH Anti-Tampering triggered. (Anti-tempering) TMPR Anti-Tampering triggered by RPS being tampered. KVM Power Cycle (KVM system) Reset by Front Panel *For TST event, the secure KVM self-test includes the hardware integration test, firmware checksum test, memory test, port data test, and pushbutton jam test. Only Pushbutton could occur more than once.
Need help?
Do you have a question about the Raritan RSS4-102 and is the answer not in the manual?
Questions and answers