Diode Proxy
Our product Diode Proxy is the cornerstone in Diode Toolkit offering reliable transfer including retransmission; bandwidth management; heartbeat functionality that detects link errors; integrity verification of transferred data ensuring that you can trust that the data has been transferred correctly and without errors. The list of supported network protocols grows continuously and customers appreciate our powerful file transfer support.
link22 Diode Proxy is a software appliance based on Linux and runs on either physical or virtual hosts. Extensive hardening ensures secure integration in sensitive systems.
Diode hardware independent
Our diode solutions are compatible with any data diode on the market. For each installation, you can choose the most appropriate diode or let us help you.
Ready for virtualization
All our products and solutions can be deployed either physically or virtually.
Unidirectional File Transfer
Minimize the impact from physical separation on your daily work, take control over imported/exported files and avoid sneakernet with our reliable and rapid File Transfer feature.
Bridging Protocols (over data diodes)
Bridge NTP, Media Streaming, Syslog and other protocols that supports unidirectional UDP data streams over data diodes, clean and simple.
How it works
A data diode, in isolation, will only offer limited functionality unsuitable for most protocols, since support is limited to basic one-way UDP. Most systems will contain services that operate on a higher level, e.g. file, TCP or two-way UDP based. By adding proxy software hosted in either a virtual or physical computer (possibly integrated in the data diode) on each side of the data diode, the more complex protocols can be supported. The proxy on the sending side converts the complex protocol to UDP for transfer over the diode and reconstruction in the receiving proxy.
Features
File Transfer
Diode Proxy supports highly configurable and reliable file transfer from source networks to destination networks through data diodes, supporting a large number of protocols for sending and retrieving files. Files can be sent and retrieved using local shares (Dropzone) hosted by the proxies or externally mounted shares. All Shares can easily be mounted, configured and listed in the Web GUI for each proxy.
File transfer using external shares:
Diode Proxy supports external shares on both proxies for sending and receiving files. External shares has the privilege of unlimited storage space and enables additional access control using for example Active Directory.
File transfer can be configured to support the level of robustness required. Parameters such as bandwidth usage and robustness strategy (number of retransmissions) can be configured.
A transfer priority feature is implemented to secure that Transfer mode shares are prioritized over Mirror mode shares in the long run, since a user that drops a file in a transfer share most likely will be more interested in a fast transfer.
Mirror Mode:
Folder structures containing files are mirrored to an identical file structure on the destination network, supports CIFS/SMB and NFS. The mirrored share on the destination network is continuously traversed and processed to stay identical to the source share.
Transfer Mode:
Single files or folder structures are transferred as soon as they are dropped in the share to quickly appear on the corresponding share in the other system, supports CIFS/SMB and NFS.
Dropbox (local share):
The Dropbox share is a local share where files can be dropped, on the sending side, or collected, on the receiving side, using a combination of CIFS/SMB, SFTP or FTP protocol.
SFTP:
The local Dropbox on the sender and the receiver can be accessed using SFTP and personal accounts, if the SFTP feature was enabled during installation. The list of personal accounts allowed to access the Dropbox share can easily be listed in the Web GUI on both the sender and the receiver.
FTP:
The local Dropbox on the sender and the receiver server can be accessed using FTP, if the FTP feature is enabled during installation. The FTP feature is a comfortable solution in absence of user tractability demands.
UDP Streaming
Any protocol that supports or can be converted into a one-way UDP stream can be sent through the UDP streaming channel. Diode Proxy is delivered with a UDP streaming feature that can be configured using Control Center. The feature can be configured to forward any incoming port on the data interface into a bridge over a data diode, clean and simple.
NTP
In a closed network, the computers have no access to reliable sources of accurate time such as Network Time Protocol (NTP) servers on the Internet. Diode:Proxy is delivered with a feature capable of broadcasting accurate time to the closed network. The feature can easily be activated in the Control Center, making it possible for computers in the closed network to retrieve reliable time from the downstream proxy that will act as a NTP server.
Syslog
Diode Proxy can be configured to bridge the syslog protocol over data diodes, using similar streaming feature as is explained in UDP STREAMING. This setup allow many clients in the sending domain to send their syslog messages through a single point, the Upstream Proxy. Check out the Diode Syslog product if you are solely interested in the bridging of the syslog protocol. It comes with a number of nice to have features and more complex syslog channel setups.
Flow control
A correct flow control is essential for one-way communication systems where the receiver can't report back problems. The sending proxy controls the data flow across the data diode depending on data diode performance and configuration of all transfer services. More than one data diode can be added between two proxies, called trunking, to increase bandwidth.
We also support shared use of a single data diode by multiple diode proxies in combination with flow control to control total data diode bandwidth usage.
Administration
Management access is through separate network interfaces on both sending and receiving proxy supporting the following protocols:
- SSH access for configuration and administration.
- Direct console access for configuration, administration and reinstallation when a screen and keyboard is connected to directly to the host.
- HTTPS access for web interface for configuration and administration.
Authentication and authorization of administrators using Windows Active Directory.
Supervision
Supervision can be performed in several ways:
- SNMP Monitoring supporting UCD-SNMP-MIB with support for basic server monitoring like CPU and RAM usage. A Diode:Proxy specific MIB is also included for monitoring heartbeat status.
- Analysis of syslog from both sending and receiving proxies.
- Reviewing performance graphs in web interface.
The sending proxy transmits a regular heartbeat that is monitored by the receiving proxy. The presence of a heartbeat lets the receiving proxy know that both the sending proxy and data diode is operational.
Deployment
Delivered as an appliance based on CentOS with documentation.
System Requirements
- Support for CentOS
- 110GB memory
- 4GB RAM
- 2GHz CPU, 4 c
- 3x Gigabit Ethernet
