HighSecLabs K304E User manual

Category
KVM switches
Type
User manual
K304x-K308 Secure KM Switch User Manual
User Manual
Models:
K304 - Secure 4-port KM Switch w/audio
K304E - Secure 4-port KM Switch w/audio and DPP
K308 – Secure 8-port KM Switch w/audio
Rev: 2.7 Doc No : HDC06147
K304x-K308 Secure KM Switch
1
K304x-K308 Secure KM Switch User Manual
Table of Content
Section 1 – Introduction 2
What is KM? 2
Package Content 2
Section 2 – Overview 2
Security Features 3
Operational Features 5
What is Virtual Display Technology (VDT)? 6
Equipment Requirements 7
Safety Precautions 10
K304E Features 11
K308 Features 13
Tamper Evident Labels 15
Active Anti-Tampering System 15
Product Specifications 16
Section 3 – Installation 18
Before Installation 18
Installation 19
Administrator Setup 24
Driver installation 25
Section 4 – Operation 28
Operation 28
DPP Operation (Optional) 29
Section 5 – Troubleshooting 31
Troubleshooting Guide 31
High Sec Labs Warranty Programs 34
High Sec Labs Limited Warranty Terms and Conditions 34
High Sec Labs Security Procedures 36
COPYRIGHT AND LEGAL NOTICE 37
Record of Revisions
Rev Date Description of changes
2.1 Dec 30, 2011 Released for customers
2.2 Feb 4, 2012 Added security procedures text
2.3 April 19, 2012 Added support for composite device
2.4 June 19, 2012 Added K308 device
2.5 July 9, 2012 Web based configuration, function keys
2.6 Sept 19, 2012 Web based configuration process and
default settings updated
2.7 Oct 14, 2012 Changed preconfig. shortcuts (added F11)
2
K304x-K308 Secure KM Switch User Manual
Introduction
Thank you for purchasing this HSL Secure KM Switch. This KM
Switch is designed for use in secure defense and intelligence
environments across wide security gaps. This 3rd Generation Secure
KM Switch offers optical data diode per channel. Optical data diodes
are used to prevent data transfer between connected computers
running at different security levels even if these computers
attempts to attack the KM. This product provides the highest
security safeguards and features that meet today’s and will meet
future cyber prevention requirements.
This User Manual provides all the details you’ll need to install and
operate your new product, in addition to troubleshooting
guidance—in the unlikely event of a problem.
What is KM?
There are many cases where one computer user needs to work
simultaneously with few computers. In some cases users are having
multiple displays attached to these multiple computers. The
challenge is how a single user can interact with multiple computers
having multiple displays. KVMs would not do a good job for these
users as they were designed to switch displays as well.
KM switch is a device that switches a single set of keyboard and
mouse between multiple computers. KM switch is essentially a KVM
switch without the video switching - all displays are continuously
connected to their respective computers.
Package Contents
Inside product packaging you will find the following:
HSL Secure KM Switch unit
12V 1A wall-mounted power Supply (K304x only)
AC power cable (K308 only)
This User Manual
Important: This product is equipped with always-on active anti-
tampering system. Any attempt to open the product enclosure will
activate the anti-tamper triggers and render the unit inoperable.
If the unit’s enclosure appears disrupted or if all the channel-select
LEDs flash continuously, please remove product from service
immediately and contact HSL Technical Support.
Section 1 - Introduction
3
K304x-K308 Secure KM Switch User Manual
Security Features
HSL Secure KM Switch is the most advanced and secure
commercially available KM available today. This product is a
derivative of high security KVM product used in newest NATO
nuclear submarines. Below is a summary of some of the security
features incorporated into the product.
Unidirectional Data Paths
Optical diodes used to enforce unidirectional data flow from the
peripheral devices to computers preventing potential leakage paths
between computers even in the severe threat of two infected
computers attacking the KM.
No Cross Cabled, No Shared Resources
No cabling connecting together computers. This product designed
to securely operate even when peripheral devices are vulnerable to
signaling attacks. The K304 does not allow computer access to any
shared resource and does not share controllable power sources.
Dedicated Processors for Emulation
The K300 product features a dedicated processor per computer port
to emulate peripheral devices. This keeps each computer running
on different security levels physically separated and secure at all
times, and prevents any unintended data leakage between
computers.
Non-Reprogrammable Firmware
The product features custom firmware that is not reprogrammable,
preventing the ability to remotely attack the KM control logic.
USB Ports Protection
Console USB ports are protected from the use of storage and other
unsafe USB devices through strong filtering (independent of
computer protection means). Unqualified devices are rejected when
connected to the product. Only mouse and keyboard data are
passed through.
Heavy-duty Steel Enclosure
HSL Secure KM Switch uses thick steel components to protect the
product from physical tampering and to minimize radiated
electromagnetic emissions that can be snooped or intercepted.
Active Always-On Anti-Tamper
Active chassis anti-tamper system prevents the KM electronic
circuitry from being accessed and tampered with by permanently
disabling the product once tampering is detected.
Holographic Tamper-Evident Labels
Four serially numbered holographic security tamper-evident labels
are placed on the enclosure surface to provide a visual indication if
the product has been opened or compromised.
Dedicated Peripheral Port (K304E only)
HSL patented Dedicated Peripheral Ports enables secure use of not
only CAC or smart-card readers but also fingerprint readers, face
recognition and iris recognition devices. Separate cables used for
this port enable further protection and isolation of this function.
Section 2 - Overview
4
K304x-K308 Secure KM Switch User Manual
Secure Packaging
“Tear away” packaging ensures secure delivery of the product as it
is routed to the end user.
Common Criteria EAL-4 Listing
The product is the only KM in the market that is listed by the
Common Criteria organization. It is Common Criteria validated to
EAL 4+ (Evaluation Assurance Level 4) to assure the highest level of
protection. Product complies with standard higher than NIAP
Protection Profile 2.1 for Peripheral Sharing Devices.
Section 2 - Overview
5
K304x-K308 Secure KM Switch User Manual
Operational Features
The HSL Secure KM Switch was designed with the user in mind for
today’s IT environment. Below is a summary of some of the features
incorporated into the Product.
Virtual Display Technology (VDT)
VDT allows the K304 to switch automatically between computers
once mouse cursor crosses display borders. Seamless switching
between multiple computers with cusrsor movement.
Support for multiple head
Product can be easily configured to support dual, triple and up to 16
head computers through signed software driver. Note that single
head installation does not need any software installation.
Extensive administrator setup options
Administrator mode provides many customized settings from
display arrangement, size to cursor speed and acceleration.
Dedicate Peripheral Port (K304E only)
HSL K304E Secure KM Switch products supports parallel switching of
wide set of user authentication devices including CAC, smart-card
and biometric readers.
Dedicate Peripheral Port Host Detection and Freeze Functions
(K304E only)
HSL patented Host detection function enables simple switching of
display, keyboard audio and mouse without disconnecting user
authentication session through detection of unconnected computer
and through the use of freeze push-button.
RDC Support
HSL Secure KM products support patented Remote Desktop
Controller device to enable easy and intuitive KVM operation at the
user’s desktop. Channel names may be programmed into the RDC
display to improve usability and security.
Audio Support
The KM Switch support audio out switching. Microphone switching
not supported to prevent analog leakages through audio ports.
KVM Extenders Support
HSL Secure KM Switch supports most copper and fiber KVM
extenders connected to the console port.
Section 2 - Overview
6
K304x-K308 Secure KM Switch User Manual
What is Virtual Display Technology (VDT)?
Virtual Display Technology (VDT) is implemented in HSL K300 Secure
KM switches series to enable seamless cursor and keyboard
switching between multiple displays. VDT allows administrators to
configure any desired displays configuration with same or different
size and resolution. User simply moves mouse cursor across
neighboring displays to switch between connected computers.
Refer to the example in the figure at the right side. Assume that
computer #1 is connected to the left display, computer #2 is
connected to the top display, computer #3 is connected to the
center bottom display and computer #4 is connected to the display
at the right side. In this example all four displays are identical. VDT
allows the user to move the mouse cursor across the four displays
while automatically switch the shared peripherals based on the
current cusrsor location. For example when the user moves the
cursor from the left display to the center bottom display, the KM
identifies the display boarder crossing between these two displays
and switches the KM to computer #3.
HSL VDT is now further enhanced with the inclusion of pointing
device drivers to support dual, triple and up to 16 head computers.
With this technology user workstation may be integrated with any
combination of single, dual, triple and quad head computers.
VDT Configurator software enables the user administrator to easily
configure any set of display sizes, resolutions, geometry and
physical arrangements.
Section 2 - Overview
7
K304x-K308 Secure KM Switch User Manual
Equipment Requirements
Cables
HSL highly recommends you use HSL Cable Kits for your product to
help ensure superior security and performance. These cables offer
the highest quality possible to ensure optimal data transmission.
One Cable Kit is required per connected computer.
How to order?
To connect: Use: Order No.
Computer CAC or other
user authentication USB
device (K304E only)
KVM Cable short (1.8 m),
CAC, Black-Yellow
CPN05487
Computer keyboard and
mouse USB
KVM Cable short (1.8 m),
USB Type-A to USB Type-B,
Black
CPN05493
Computer audio output KVM Cable short (1.8 m),
Audio Out, Black-Green
CPN05490
Important: The use of cables other than those provided by HSL is
not recommended. Use of other cables may affect system security,
may permanently damage the product and may void product
warranty.
Section 2 - Overview
8
K304x-K308 Secure KM Switch User Manual
Computers
The K304x-K308 Secure KM Switches are compatible with
computers, thin-clients, servers and laptops running the following
OS platforms:
• Windows® 2000
• Windows XP (Home/Professional)
• Windows 2003 Server
• Windows 7
• Windows Vista®
• Red Hat® Linux® (multiple head not supported)
• Ubuntu® Linux® (multiple head not supported)
• Other Linux distributions (multiple head not supported)
• Mac OS® X v10.3 and higher (multiple head not supported)
Note: Multiple head computers require software driver installation.
For latest compatibility list see HSL website or contact HSL support.
USB Keyboard console port
The K304x-K308 USB keyboard console port is compatible with the
following types of devices:
Standard USB keyboard (excluding devices having other
internal functions such as USB hub, or composite device);
and:
Bar-code readers emulating USB keyboard.
PS/2 Keyboard console port
The K304x-K308 PS/2 keyboard console port is compatible with the
following types of devices:
Standard PS/2 keyboard; and:
Bar-code readers emulating USB keyboard.
USB Mouse console port
The K304x-K308 USB mouse console port is compatible with the
following types of devices:
Standard USB mouse (excluding USB hubs or other USB
functions in composite device); or
Standard USB keyboard or Standard KVM Extender
composite device having a keyboard/mouse functions
PS/2 Mouse console port
The K304x-K308 PS/2 mouse console port is compatible with the
following types of devices:
Standard PS/2 mouse.
User Authentication Devices (K304E only)
The K304E is compatible with the following types of user
authentication devices plugged into the product Dedicated
Peripheral Port (DPP):
USB smart-card reader (or Common Access Card reader); or:
USB biometric device such as fingerprint recognition device;
or:
USB authentication token.
For latest compatibility list see HSL website or contact HSL support.
Section 2 - Overview
9
K304x-K308 Secure KM Switch User Manual
Remote Desktop Controllers
The KM Switch is compatible with the following types of Remote
Desktop Controller device:
HSL RDC440 device connected to the switch RDC port.
Order No. CPN06125
RDC must be connected through standard CAT-5 and higher LAN
cable.
User Audio Devices
The K304x-K308 is compatible with the following types of user audio
devices:
Stereo headset; or:
Amplified stereo speakers.
Power Supply (K304x only)
Use only HSL power supply provided with the switch. In case of a
power supply failure, order a replacement unit from HSL.
Order No.
EU – CPN06175
US – CPN06174
UK - CPN06176
Programming Cable
In order to use HSL’s external configuration tool it is required to
purchase and use HSL’s special USB configuration cable.
Cable is: HSL USB Type-A to USB Type-A Programming cable (1.8 m),
Black, Order No. CPN06580
Rack Mounting Kit
The K308 KM may be mounted into a standard 19” rack using
optional rack mounting kit.
Order No. CPN06597
Important: Do not use LAN cables longer than 8 meters. Do not use
crossed cables. Do not connect either cable ends to LAN switch, PoE
power injector or other LAN ports. Immediate permanent damage
to the switch or to the RDC may be resulted.
Section 2 - Overview
10
K304x-K308 Secure KM Switch User Manual
Safety Precautions
Please read the following safety precautions carefully before using
the product:
Before cleaning, disconnect the product from DC or
AC power.
Be sure not to expose the product to excessive
humidity.
Be sure to install the product on a clean secure
surface.
Do not place the DC/AC power cord in a path of foot
traffic.
If the product is not used for a long period of time,
remove the product’s wall-mount power supply from
the mains jack.
If one of the following situations occurs, get the
product checked by a qualified service technician:
The product’s power supply is overheated,
damaged, broken, causes smoke or shortens
the mains power socket.
Liquid penetrates the product’s case.
The product is exposed to excessive moisture
or water.
The product is not working well even after
carefully following the instructions in this
user’s manual.
The product has been dropped or is physically
damaged.
The product has obvious signs of breakage or
loose internal parts.
The product should be stored and used only in
temperature and humidity controlled environments
as defined in the product’s environmental
specifications.
The wall-mount power supply used with this product
should be the model supplied by the manufacturer
or an approved equivalent provided by HSL or an
authorized service provider. The use of improper
power source will void product warranty.
Section 2 - Overview
11
K304x-K308 Secure KM Switch User Manual
Front Panel Features – K304E
Section 2 - Overview
1
2 3
5b
4 5a
1 – Steel enclosure
2 – DPP (Dedicated Peripheral Port) Freeze push-button and Status LED
3 – DPP channel select LEDs
4 – Channel Select push-buttons and LEDs
5a-5b – Holographic Tamper Evident Labels
12
K304x-K308 Secure KM Switch User Manual
Rear Panel Features – K304E
Section 2 - Overview
1a – Holographic Tamper Evident Label
2 DPP (Dedicated Peripheral Port) console USB jack
(K304E)
3 – RDC Port – RJ-45 jack
4 – Audio console output 3.5 mm stereo jack
5 – USB Mouse jack
6 – USB Keyboard jack
7 – PS/2 Keyboard jack (Mini-DIN)
8 – PS/2 Mouse jack (Mini-DIN)
9 - Computer #3 group area
10 – Computer #3 group Keyboard/Mouse USB jack
11 - Computer #3 group audio input jack 3.5 mm stereo
12 – Computer #2 group DPP USB jack (K304E only)
13 - Chassis ground connection screw
14 – DC Power input jack – barrel type
2
4
5
3
7
1a
8
9
10 11
12
14
13
6
13
K304x-K308 Secure KM Switch User Manual
Front Panel Features – K308
Section 2 - Overview
1
2
3b
3a
1 – Steel enclosure
2 – Channel Select push-buttons and LEDs
3a-3b – Holographic Tamper Evident Labels
14
K304x-K308 Secure KM Switch User Manual
Rear Panel Features – K308
Section 2 - Overview
1 – RDC Port – RJ-45 jack
2 – Audio console output 3.5 mm stereo jack
3a - Holographic Tamper Evident Label
4 - USB Mouse jack
5 – PS/2 Keyboard jack (Mini-DIN)
6 – PS/2 Mouse jack (Mini-DIN)
7 – USB Keyboard jack
8 – Computer #4 group area
9 – Computer #4 group Keyboard/Mouse USB jack
10 - Computer #4 group audio input jack 3.5 mm stereo
11 – AC Power switch
13 – AC Cable jack (IEC-3)
1
7
5
4 3a 8
9 11
10
12
6
2
15
K304x-K308 Secure KM Switch User Manual
Tamper Evident Labels
HSL Secure KM Switch uses four holographic tamper evident labels
to provide visual indications in case of enclosure intrusion attempt.
These labels indicate white dots or the text “VOID” once removed.
When opening product packaging inspect the four tampering
evident labels.
If for any reason one or more tamper-evident label is missing,
appears disrupted, or looks different than the example shown
here, please call HSL Technical Support and avoid using that
product.
HSL Holographic Tampering Evident Label
Active Anti-Tampering System
HSL Secure KM Switch is equipped with always-on active anti-
tampering system. If mechanical intrusion is detected by this
system, the Switch will be permanently disabled and LED will blink
continuously.
If product indication tampered state (all LEDs blinking) - please call
HSL Technical Support and avoid using that product.
Section 2 - Overview
16
K304x-K308 Secure KM Switch User Manual
Product Specifications
Part No. K304 - CGA05516
K304E - CGA05517
K308 – CGA06410
Enclosure Steel metal enclosure
Power Requirements K304x
12V DC, 1A (maximum) power
adapter with center-pin-positive
polarity
K308
Internal AC to DC power supply.
Power consumption 0.2A @110V
maximum.
AC Input 100 to 240VAC
No. of Secure Channels K304x – 4
K308 - 8
No. of Users Supported 1
Maximum number of
Supported displays per
computer 16 (special driver must be installed)
Maximum total number
of supported displays 32
Maximum total number
of transitions 100
Console Keyboard Input USB Type-A female connector or
PS/2 Mini-DIN 6 pin female
connector
Console Mouse Input USB Type-A female connector or
PS/2 Mini-DIN 6 pin female
connector
Console DPP Input USB Type-A jack (K304E only)
Console Audio Out 3.5mm stereo jack
CPU Keyboard/Mouse Ports USB Type-B jack
CPU DPP Ports USB Type-B jack (K304E only)
CPU Audio Input 3.5mm stereo jack
Port Selectors push-buttons 4
LED Indicators 4 Channel selected and 4 for DPP
Section 2 - Overview
17
K304x-K308 Secure KM Switch User Manual
User Channel Selection Methods
- Front panel push-buttons
- VDT
- Keyboard shortcut keys
- RDC (Optional)
Administrator Settings - Display physical size
- Display resolution X
- Display resolution Y
- Display orientation (Portrait /
Landscape)
- Display head# (1st, 2nd …16th)
- Display location (coordinates)
- Mouse speed (1-10)
- Mouse acceleration (1-10)
- VDT Enable / Disable
- Prevent transition while dragging
feature Enable / Disable
Operating Temp 32° to 104° F (0° to 40° C)
Storage Temp -4° to 140° F (-20° to 60° C)
Humidity 0-80% RH, non-condensing
Dimensions K304x
80 (W) x 158 (D) x 34 (H) mm /
3.15 (W) x 6.22 (D) x 1.34 (H) inches
K308
80 (D) x 470 (W) x 34 (H) mm /
3.15 (D) x 18.5 (W) x 1.34 (H) inches
Weight K304x 0.6 Kg. (1.3 lbs.)
K308 1.0 Kg (2.2 lbs.)
Security Accreditation Common Criteria EAL 4+
Made in Israel
Product design life-cycle 10 years per MIL-HDBK-217E
Warranty 2 years; can be extended to up to 7
years at cost.
Section 2 - Overview
18
K304x-K308 Secure KM Switch User Manual
Before Installation
Unpacking the Product
Before opening the product sealed packaging inspect the seal
condition to assure that product was not accessed or tampered
during delivery. If packaging seal looks suspicious contact HSL
support team and do not use the product.
After seal removal inspect packaging content to verify that required
components included. See packaging content list in page 4 above.
After the Secure KM Switch removed from its packaging materials
inspect the four tampering-evident labels to assure that product is
properly sealed. If one or more label is damaged or missing contact
HSL support and do not use that product.
Where to locate the KM Switch?
The enclosure of the K304x-K308 is designed for desktop or under
the table configurations. An optional Mount Kit is available. The
K308 can also be mounted in a standard 19” racks.
Product must be located in a secure and well protected
environment to prevent potential attacker access.
Consider the following when deciding where to place the Switch:
User access to the front panel push-buttons is typically not
required as all user controls available through the mouse
and indications available on screen.
Keyboard and mouse cables length. Cables typically may be
extended to a distance of 4 meters.
Display cable length. Typically may be extended to around
10 meters without video quality degradation (still depends
on display and cables quality and must be tested prior to
fixed installation).
The location of the computers in relation to the switch and
the length of available KM cables (typically 1.8 m)
Warning: Avoid placing cables near fluorescent lights, air-
conditioning equipment, RF equipment or machines that create
electrical noise (e.g., vacuum cleaners).
Section 3 - Installation
19
K304x-K308 Secure KM Switch User Manual
Installation
Step 1 Connecting the Console devices to the Switch
See figure in page 11 above for connector locations.
Connect the user displays directly to the computers. Mark
which computer coupled to each display.
Connect the user keyboard (USB or PS/2).
Connect the user mouse (USB or PS/2).
Note: If USB mouse is connected to the USB keyboard port or if USB
keyboard is connected to the USB mouse port it would not work!
Note: Keyboards with integrated USB hub, card-reader, storage
device or multimedia extension will be either not supported at all or
only keyboard function will be operating.
Connect the user authentication device to the DPP USB port
[Optional].
Connect the user headphones or amplified speakers to the
switch console audio output jack.
Note: In any case do not connect a microphone to the switch audio
output port.
Step 2 Connecting the Computers
Connect the 2-8 computers to the Secure KM Switch through the
following steps:
Connect each computer with a USB cable (CPN05493). For
additional details on cables see page 7. USB cable can be
connected to any free USB port in the computer.
Note: If the number of computers used is less than the number of
KM channels (4 / 8) connect the computers in proper order 1, 2 and
then 3.
Note: Note: The USB cable must be connected directly to a free USB
port on the computer, with no USB hubs or other devices in
between.
Connect an audio cable (CPN05490) to the computer audio
output (lime green color) or line output (blue color) jacks.
Step 3 Power up
Power up user display. Select through display setup menu DVI
input if applicable.
K304x - Power up the Secure KM Switch by connecting the DC
power plug.
K308 - Power up the Secure KM Switch by connecting the AC
power plug to the mains outlet.
Power up the connected computers.
Note: When you power on your computers, the K304x-K308
emulates both a mouse and keyboard on each port and allows your
computers to boot normally. You should be able to move the mouse
cursor on the primary display connected to computer #1. Check to
see that the keyboard and mouse are working normally on each
computer. Repeat this check with all occupied ports to verify that all
computers are connected and responding correctly.
If you encounter an error, check your cable connections for that
computer and reboot. If the problem persists, please refer to the
Troubleshooting section in this User Manual.
Section 3 - Installation
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38

HighSecLabs K304E User manual

Category
KVM switches
Type
User manual

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI