Flow control management and supervision

Diode:Proxy is a software appliance running on a physical or virtual host on either side of a data diode for the purpose of supporting a large number of network solutions for data transfer from a source network to a destination network.

You only pay for the functionality you need. This is controlled through a license model, where only the protocols purchased are enabled. This is also in line with common practice, where only the required interfaces should be available. Note that it is not possible to combine certain protocols.

In addition to the protocol support Diode:Proxy handles:

  • Flow control based on configurable reliability and bandwidth settings for transfer services
  • Administration through separate interface
  • Supervision through SNMP and logs

The software appliance is delivered as a Linux image with custom setup steps and hardening according to relevant parts of Security Technical Implementation Guide (STIG) for

Flow control

A correct flow control is essential for one-way communication systems where the receiver can't report back problems. The sending proxy controls the data flow across the data diode depending on data diode performance and configuration of all transfer services. More than one data diode can be added between two proxies, called trunking, to increase bandwidth.

We also support shared use of a single data diode by multiple diode proxies in combination with flow control to control total data diode bandwidth usage.

Administration

Management access is through separate network interfaces on both sending and receiving proxy supporting the following protocols:

  • SSH access for configuration and administration.
  • Direct console access for configuration, administration and reinstallation when a screen and keyboard is connected to directly to the host.
  • HTTPS access for web interface for configuration and administration.

Authentication and authorization of administrators using Windows Active Directory.

Supervision

Supervision can be performed in several ways:

  • SNMP Monitoring supporting UCD-SNMP-MIB with support for basic server monitoring like CPU and RAM usage. A Diode:Proxy specific MIB is also included for monitoring heartbeat status.
  • Analysis of syslog from both sending and receiving proxies.
  • Reviewing performance graphs in web interface.

The sending proxy transmits a regular heartbeat that is monitored by the receiving proxy. The presence of a heartbeat lets the receiving proxy know that both the sending proxy and data diode is operational.