The Management Gateway enables secure file export to an internal server on the untrusted low-side of the unit, and browsing from the high-side classified network to a desktop server running on the low-side of the device.
From this low-side server, administrators can use VNC, RDP or SSH to access resources in the DMZ, or deploy software, for example through execution of ansible scripts.
Syslog data can be safely imported to the classified network via the transform-verify approach of the NCSC Safely Importing Data design pattern, in which hardware based syntax verification is performed by the Oakdoor™ Import Diode followed by semantic checking in software for valid syslog data.
Internet time (NTP) can be passed from the classified network down to the DMZ via the built-in Oakdoor™ Export Diode.
Secure network management of DMZs
via browse down across the classification boundary
Support for network services NTP and syslog
low CapEx and OpEx
from the high side of the network
Security enforcing functions
File import – hardware-based syntax verification (SISL–structured data, BMP–images for desktop framebuffer updates)
Secure file wrapping of unverified content
Signature checking of all exported content
Browse down using clientless access with LDAP user authentication
HTTPS file download
Low-side syslog server
High-side syslog client
RJ45 with 10/100/1000 Base-T Ethernet
6 status/fault LEDs on front panel
Operating temperature range
10% – 90% RH, non-condensing
Up to 500 Mbit/s
Desk mount or 19-inch rack mount using supplied rack mounting kit
12 V DC @ 3.5A via supplied power adaptor
100 – 240 V AC 50/60 Hz
Maximum supply current
2014/30/EU (EMC), EN 55024:2010+A1:2015, EN 55032:2015, Class A
2011/65/EU (RoHS) and EN 50581:2012
IEC 62368-1:2014 (Second Edition)
Dimensions (w x d x h)
350 mm x 212 mm x 44 mm (excluding rack mounting kit)
1-year hardware warranty
SOFTWARE AND SUPPORT
Allows cross-domain access to a remote desktop server through the Oakdoor™ Gateway, enabling users to safely browse the internet from segregated networks:
- access remote desktop systems
- safe internet browsing across a network boundary
- protocol breaks with hardware file content verification
- protocol conversion and schema checking may run on commodity server hardware
- coupling with Safe Data Software allows simultaneous data transfers.
Secure, reliable and fast transfer of large files across the Oakdoor™ Gateway. All unverified data, such as executables that have the potential to be malware, are safely wrapped by the Gateway hardware using the NCSC ‘Cloaked Dagger’ technique:
- safe handling of imported content
- assured delivery of large files
- designed to run in parallel with Safe Browse Software.
A range of support packages is available to ensure your cyber security is up to date:
- software updates for the internal servers of the Oakdoor™ Gateways
- technical support
- integration support
- support to integrate and configure the Oakdoor™ Gateways into your existing infrastructure
- customised data transfer to securely transfer your specific data and protocols across the Oakdoor™ Gateway.
Our Oakdoor™ products will ensure your files, data and networks remain secure from cyber threats.
Secure control of
Explore all Gateway