U

Start » Cross Domain Solutions » Data Diode Engine

Advenica Data Diode Engine

Purpose-built proxy software for unidirectional network solutions

The Data Diode Engine is a proxy software optimised for efficient and secure data transfer through Ethernetbased data diodes. Paired with plug-and-play software services it offers tailored network segmentation solutions across diverse installation environments.

Persistent cybersecurity with data diodes

Protecting critical infrastructure from downtime or classified information
from leakage often leaves no option but to isolate the system completely
using an air-gap solution. However, air-gapped systems come with several
cybersecurity related challenges. All interaction with the isolated network
must be handled manually which is both inconvenient and introduces the
risk of human error.

A data diode is a network device which guarantees unidirectional data flow,
achieving the protective characteristics of air-gap and at the same time
enabling automation of a unidirectional data flow. Persistent unidirectional
data flow is guaranteed in hardware, ensuring a reliable solution regardless of the system configuration.

Unidirectional network solutions made easy

A complicating factor when integrating data diodes is that most applications require bidirectional communication.

The Data Diode Engine takes care of the conversion between bidirectional and unidirectional data flow, significantly lowering the impact on surrounding systems.

The Data Diode Engine can be used with any Ethernet-based (layer 2) data diode and combined with specialised software services from Advenica, enabling flexible and scalable unidirectional network solutions for a variety of usage scenarios.

Multiple integration options

The Data Diode Engine can either be designed into a new system, serve as an additional component in an integrated solution, or extend an existing installation of Ethernet-based (layer 2) data diodes with more functionality. Supported on several different hardware platforms, a Data Diode Engine installation can easily be optimised for your specific system requirements.

Technical brief

  • Runs on standard server or customised appliance from Advenica.
  • Support for Linux host operating system (Debian and Ubuntu distributions).
  • Always-on data encryption between up- and downstream Data Diode Engines.
  • Support for automated system setup using Ansible.
  • Developed according to IEC 62443 4-1 product development requirements.

Key features

  • Optimised for performance and secure data transfer over Ethernet-based data diodes.
  • Manage and run a growing library of software services for multiple use cases.
  • UDP and TCP services included. Additional services available on request.
  • Easy to scale installations.
  • Intuitive system management and configuration tools supporting multiple installations.

Technical data

Supported host operating systems

  • Linux (Debian, Ubuntu)
  • Arm/Raspbian

 

Software requirements

  • Docker for Linux
  • Ansible

 

Hardware & performance

The following recommendations assume optimising for performance. For more information, please see the online documentation.

CPU recommendations

  • Intel Haswell based (Xeon v3, Core 4xxx) or newer
  • AMD Zen based (Epyc, Ryzen 1xxx) or newer

Networking

  • 1Gbps interfaces

Memory

  • 4GB (service dependent)

Performance

  • Compatible with 1Gb Ethernet-based (layer 2) data diodes using recommended hardware.

Configuration & management

System setup

  • Ansible playbook collection for automated system setup.

Configuration

  • Configuration and management of Data Diode Engine systems including services using DD Manager.
  • Options: Web application, REST API

 

Compatible products

Data Diodes

  • Advenica DD1G
  • Advenica SecuriCDS DD1000A

 

Data Diode Services

  • The Data Diode Engine comes with a growing library of services covering a large number of use cases. For a complete list of available services, please see our online documentation at advenica.com.

Some security challenges where datadiodes are a good solution

Traceability and security logging

Centralised logging in security-sensitive systems involves an enhanced risk of attacks. To reduce the risks, a solution is needed that protects both log data and all connected systems. Read more about traceability and security logging.

Secure transfer of SCADA information

To transmit critical information, e.g. from a SCADA system to an administrative office network means potential security risks. But there are solutions that take care of security problems and at the same time enables an exchange of information. Read more about secure transfer of SCADA information.

Secure updates

Updates for Windows and Linux systems are an important part of maintaining the security of the digital information in these systems. However, the updates themselves may be a security risk – to avoid these risks and to maintain the integrity and availability of the systems and be able to make secure updates, special solutions are required. Read more about secure updates.

Certifications and approvals

Advenica solutions have been awarded several prestigious approvals by the European Union, national certification bodies and international IT security certification bodies. We also hold US patent for our VPN technology, Three Domain Separation.

Warranty

Advenica warrants that this product will be free from defects in material and workmanship for one (1) year from the date of purchase.