Data Diode Dual Server
- Dual, fully independent motherboards
- Single Intel Xeon E5-1660-V4 or Dual E5-2687W-V3 / side
- 8 Cores, 3.1GHz base freq / 10 Cores 3.0GHz / side
- Up to 512GB RAM / side.
- Fiber connection to BAE Data Diode
- 2U Chassis, 18″ deep
The Portexa DDDS is a 2U rack-mountable dual server with space for a BAE data diode. It has been recently updated to perform effortlessly with Gigabit connections. Two completely independent computer systems flank the data diode and ensure efficient, high speed data throughput between networks of dissimilar security clearance. Such is the independence of the computing components that the system even needs three power cords!
The Portexa DDDS is designed to perform in tactical and deployed applications – especially where space is at a premium.
Data diodes are most commonly found in high security environments such as defense, where they serve as connections between two or more networks of differing security classifications. This technology can now be found both in the military and at the industrial control world for such facilities as nuclear power plants, and electric power generation.
Network speeds are inevitably getting faster, and the latency and throughput of the servers becomes a bottleneck to performance. Portexa recently revised the DDDS to include two dual-Xeon processors per side. Up to 20 cores a side at >3GHz base frequency.
BAE data diodes are listed on the Unified Cross Domain Services Management Office (UCDSMO) baseline, and backed by a Common Criteria EAL7+ security certification. When combined with a Portexa DDDS, the Data Diode Solution offers unparalleled assurance, while delivering superior unidirectional throughput.
Connections to the networks are via Gigabit Ethernet connections, while the data that goes to the data diode travels through fiber. All the connectivity is visible from the front panel, and a nice friendly arrow indicates the direction that the information may flow.
Access to the front panel USB connections is restricted by a hasp for a padlock. Of course if a determined hacker has physical access to your hardware, it’s game over, but at least it prevents opportunistic attack vectors using thumb drives.
DDDS – Quad Xeon 2U-rack-mount
A data diode is a controlled interface which strictly enforces a unidirectional flow of data at the physical level.
“Connects between networks of different security classifications.”
Theory of operation and use cases
Controlled interface which strictly enforces a unidirectional data flow at the physical level.
The BAE Data Diode functions in conjunction with Data Pump Applications and content filtering software. Typically sitting between two servers attached to their respective security domains, the Data Diode physically supports unidirectional file-based transfers, video-streaming, and email.
Data Pump Application
Data Forwarding Application (DFA)
• Streams UDP, TCP and multicast data
• Can receive data from various sources on multiple ports
File Transfer Application
Enables unidirectional transfer of bulk files with deep content inspection
• Transfer Mode
º All files are moved to the high-side destination and immediately deleted from the low-side
• Archive Mode
º Files are moved to the high-side destination, archived in a configured folder on the low-side, and deleted from the low-side source folder
• Mirror Mode
º Regardless of low-side source folder activity, files are copied to the high-side as is, according to a configured time period
• Replicate Mode
º Any changes detected in the low-side source folder are replicated into the high-side destination folder while retaining the files on the low-side
Reav view showing independent power supplies.
For details on the Data Diode itself, please contact:
Network Separation
Physically prevents data leakage from secure to non-secure domains.
Streaming Video Feeds
Delivers HD video from non-secure field assets into secure environments.
Live sensor feeds
Facilitates active streaming of field data from sensors to mission operation centers.
Multi-cast broadcast
Distributes data from a single source to authorized recipients.
critical infrastructure Protection
Safeguards industrial control system networks and assists with North American Electric Reliability Corporation Critical Infrastructure Plan (NERC CIP) compliance.
Bulk File Transfers
Automates high-speed file transfers between shared network folders and streamlines database replication.
Quarantine Separation
Ensures the isolation of malicious data in a controlled sandbox environment.
Cloud Separation
Provides secure connection between sensitive cloud infrastructures.
Secure email messaging
Facilitates active streaming of field data from sensors to mission operation centers.