Diode Proxy
Ensures reliable file transfer through data diodes. Supports a large number of protocols for sending and retrieving files. This is easy to use flow control to match data diodes of all kinds.
Flow control for any DATA DIODE
The link22 Diode Proxy was built to make any data diode useful. It ensures reliable transfer and supports a wide range of network protocols. Run it on a physical or virtual host in combination with any data diode. This is flow control for any data diode.
Hardware independent
Our diode solutions are compatible with any data diode. Choose the most appropriate diode or let us help you.
Physical or virtual
All our products and solutions can be deployed either physically or virtually.
Unidirectional Transfer
Minimize impact from physical separation, take control over imported/exported files. Avoid sneakernet with our reliable and rapid File Transfer feature.
Bridging protocols
Bridge NTP, Media Streaming, Syslog and other protocols that support unidirectional UDP data streams over data diodes, clean and simple.
Explaining a Data Diode
A data diode, in isolation, will only offer limited functionality unsuitable for most protocols, since support is limited to basic one-way UDP. Most systems will contain services that operate on a higher level, e.g. file, TCP or two-way UDP based. By adding proxy software on each side of the data diode, the more complex protocols can be supported. The proxy on the sending side converts the complex protocol to UDP for transfer over the diode and reconstruction in the receiving proxy.
Specifics about Diode Proxy
Diode Proxy supports highly configurable and reliable file transfer from source networks to destination networks through data diodes, supporting a large number of protocols for sending and retrieving files. Files can be sent and retrieved using local shares (Dropzone) hosted by the proxies or externally mounted shares. All Shares can easily be mounted, configured and listed in the Web GUI for each proxy.
File transfer using external shares:
Diode Proxy supports external shares on both proxies for sending and receiving files. External shares have the privilege of unlimited storage space and enable additional access control using for example Active Directory.
File transfer can be configured to support the level of robustness required. Parameters such as bandwidth usage and robustness strategy (number of retransmissions) can be configured.
A transfer priority feature is implemented to secure that Transfer mode shares are prioritized over Mirror mode shares in the long run, since a user that drops a file in a transfer share most likely will be more interested in a fast transfer.
Mirror Mode:
Folder structures containing files are mirrored to an identical file structure on the destination network and supports CIFS/SMB and NFS. The mirrored share on the destination network is continuously traversed and processed to stay identical to the source share.
Transfer Mode:
Single files or folder structures are transferred as soon as they are dropped in the share to quickly appear on the corresponding share in the other system (supports CIFS/SMB and NFS).
Dropbox (local share):
The Dropbox share is a local share where files can be dropped, on the sending side, or collected, on the receiving side, using a combination of CIFS/SMB, SFTP or FTP protocol.
SFTP:
The local Dropbox on the sender and the receiver can be accessed using SFTP and personal accounts, if the SFTP feature has been enabled during installation. The list of personal accounts allowed to access the Dropbox share can easily be listed in the Web GUI on both the sender and the receiver.
FTP:
The local Dropbox on the sender and the receiver server can be accessed using FTP, if the FTP feature is enabled during installation. The FTP feature is a comfortable solution in absence of user tractability demands.
Any protocol that supports, or can be converted into, a one-way UDP stream can be sent through the UDP streaming channel. This feature can be configured to forward any incoming port on the data interface into a bridge over a data diode, clean and simple.
In a closed network, the computers have no access to reliable sources of accurate time such as Network Time Protocol (NTP) servers on the Internet. Diode Proxy is delivered with a feature capable of broadcasting accurate time to the closed network. Making it possible for computers in the closed network to retrieve reliable time from the downstream proxy that will act as an NTP server.
Diode Proxy can be configured to bridge the syslog protocol over data diodes, using similar streaming feature as is explained in UDP STREAMING. This setup allows many clients in the sending domain to send their syslog messages through a single point, the Upstream Proxy. Check out the Diode Syslog product if you are solely interested in the bridging of the syslog protocol. It comes with a number of nice to have features and more complex syslog channel setups.
A correct flow control is essential for one-way communication systems where the receiver can't report back problems. The sending proxy controls the data flow across the data diode depending on data diode performance and configuration of all transfer services. More than one data diode can be added between two proxies, called trunking, to increase bandwidth.
We also support shared use of a single data diode by multiple diode proxies in combination with flow control to control total data diode bandwidth usage.
Management access is through separate network interfaces on both sending and receiving proxy supporting the following protocols:
- SSH access for configuration and administration.
- Direct console access for configuration, administration and reinstallation when a screen and a keyboard are connected directly to the host.
- HTTPS access for web interface for configuration and administration.
Authentication and authorization of administrators using Windows Active Directory.
Supervision can be performed in several ways:
- SNMP Monitoring supporting UCD-SNMP-MIB with support for basic server monitoring like CPU and RAM usage. A Diode Proxy specific MIB is also included for monitoring heartbeat status.
- Analysis of syslog from both sending and receiving proxies.
- Reviewing performance graphs in web interface.
The sending proxy transmits a regular heartbeat that is monitored by the receiving proxy. The presence of a heartbeat lets the receiving proxy know that both the sending proxy and data diode is operational.
Delivered as an appliance based on CentOS.
System requirements
- Support for CentOS
- 110GB hard drive
- 4GB RAM
- 2 GHz, 4 cores
- 3x Gigabit Ethernet