Note: this document assumes that dial-up-networking (DUN) has been setup on the management Laptop/PC and Element manager plus Key manager have been installed.

1. Checking data, time and setting IP address on Cryptomanager
2. Checking data, time and setting IP address on Local Datacryptor® Link E1 unit
3. Loading CESG key material onto Local Datacryptor® Link E1 unit
4. Setting the Local Datacryptor® Network Interface for E1 operation using Cryptomanager
5. Checking data and time on Remote Datacryptor® Link E1 unit
6. Loading CESG key material onto Remote Datacryptor® Link E1 unit
7. Setting the Remote Datacryptor® Network Interface for E1 operation using Cryptomanager
8. Managing Datacryptor® Link E1 units via Cryptomanager
9. Removing force standby after Datacryptor® power outage
10. Loading New dated CESG key material onto Datacryptor® Link E1 unit

1. Checking data, time and setting IP address on Cryptomanager
Connect Laptop/PC to Crytpomanager using a serial 9-way cable as shown below. Do not apply power to the Cryptomanager.

Click on picture thumbnails to view diagrams

Run Hyperterminal on the Laptop/PC. Insert physical key and turn to the transport position.
Now apply power to Cryptomanager.
After approximately 10-20s, CONFIG STARUP ? will be displayed on Hyperterminal, you have 5s to hit the Y keyboard character. This will take you into low level config. Mode, the prompt is now IPCONFIG>.

To check the date and time enter settime command. If the date is incorrect, this can be changed using the settime command. The following is an example:

settime 2002-10-31 11:31

To view all the current IP addresses enter display.

You will now need configure a valid IP address on Cryptomanagers Ethernet port using the set ethernet command, the following is an example:

set ethernet 10.10.10.1 255.255.255.0

Now enter exit and remove key from unit. Cryptomanager will now continue to boot up normally.

2. Checking data, time and setting IP address on Local Datacryptor® Link E1 unit
Connect Laptop/PC to Datacryptor® using a serial 9-way cable as shown below. Do not apply power to the Datacryptor®.

Click on picture thumbnails to view diagrams

Run Hyperterminal on the Laptop/PC. Insert physical key and turn to the transport position.
Now apply power to Datacryptor®.
After approximately 10-20s, CONFIG STARTUP ? will be displayed on Hyperterminal, you have 5s to hit the Y keyboard character. This will take you into low level config. Mode, the prompt is now IPCONFIG>.

To check the date and time enter settime command. If the date is incorrect, this can be changed using the settime command. The following is an example:

settime 2002-10-31 11:31

To view all the current IP addresses enter display.

You will now need configure a valid IP address on Datacryptor® Ethernet port using the set ethernet command, the following is an example:

set ethernet 10.10.10.2 255.255.255.0 (Note that this address must be on the same subnet as the Cryptomanagers Ethernet port address

Now enter exit and remove key from unit. Datacryptor® unit will now continue to boot up normally.

3. Loading CESG key material onto Local Datacryptor® Link E1 unit
Connect Laptop/PC to Datacryptor® using a serial 9-way cable as shown below. Apply power to the Datacryptor® , run DUN and Key manager( you will be prompted to enter the Datacryptor® control port address, this is 2.2.2.2).

Click on picture thumbnails to view diagrams

Then select Install Cert and insert CESG user certificate disk( e.g. user 1), proceed to load user certificate onto Datacryptor®. You will also be prompted to select the name file from the user disk in order to change the unit name to that of the user number. The flashing alarm light should now be extinguished. Close down Key manager and DUN.

4. Setting the Local Datacryptor® Network Interface for E1 operation using Cryptomanager
Before deploying the Local unit into the network, its Network port interface must be changed from D-Type to E1. This can only done by managing the unit via Cryptomanager. Connect the Laptop/PC, Cryptomanager and the Local Datacryptor® as shown below.

Click on picture thumbnails to view diagrams

Run DUN on the Management Laptop/PC and run Element manager.

Create a Datacryptor® Icon by clicking the blue icon on the top menu bar. This will be a Cryptomanager by default. Enter address 2.2.2.2 and give it a name Cryptomanager of CM etc.

Create another Datacryptor® again, but this time enter address of the local unit’s Ethernet port address: 10.10.10.2 in this case. Then give it a name e.g. Datacryptor® local unit.

To log into this unit, double click the local unit icon. This will launch Front Panel Viewer(FPV).
Click the Login button, you will now be prompted for a user certificate/disk. Insert user 0(recommend that user 0 is always used for Cryptomanager). You will also be prompted for the CA disk. Insert the CESG CA disk, then click OK. (Any future logins will not require the CESG CA disk as this is stored by Cryptomanager).

During the login session a dialogue box will appear stating that this unit has just powered up and do you wish to enable data transfer. Select Yes to enable data transfer. This process is referred to as
‘ taking unit out of forced standby mode’.

Select the properties button followed by General tab. Then click the scroll down for Interface and select the E1 option. The Comms tab will now change to Comms E1. If necessary, you can select framed or unframed operation under the Comms E1 tab(unframed is the default).

5. Checking data and time on Remote Datacryptor® Link E1 unit
Follow the same procedure outlined in section 2, except set the Ethernet port IP address to 10.10.10.3 using the following command: set ethernet 10.10.10.3 255.255.255.0.

Enter the command display, and make a note of the Network port address. This will be needed later in section 6 when remote managing this unit via Element manager.
Now enter exit and remove key from unit. Datacryptor® unit will now continue to boot up normally.

6. Loading CESG key material onto Remote Datacryptor® Link E1 unit
Connect Laptop/PC to Datacryptor® using a serial 9-way cable as shown below. Apply power to the Datacryptor® , run DUN and Key manager( you will be prompted to enter the Datacryptor® control port address, this is 2.2.2.2).

Click on picture thumbnails to view diagrams

From Key Manager select Install CA and insert CESG CA/Department disk, proceed to load CA onto Datacryptor®.

Then select Install Cert and insert CESG user certificate disk( NOTE: user disk for the remote unit must be different to that used for the Local unit, e.g. user 2 in this case), proceed to load user certificate onto Datacryptor®. You will also be prompted to select the name file from the user disk in order to change the unit name to that of the user number. The flashing alarm light should now be extinguished. Close down Key manager and DUN.

7. Setting the Remote Datacryptor® Network Interface for E1 operation using Cryptomanager
Before deploying the Local unit into the network, its Network port interface must be changed from D-Type to E1. This can only done by managing the unit via Cryptomanager. Connect the Laptop/PC, Cryptomanager and the Local Datacryptor® as shown below

Run DUN on the Management Laptop/PC and run Element manager.

Create another Datacryptor® icon, but this time enter address of the remote unit’s Ethernet port address: 10.10.10.3 in this case. Then give it a name e.g. Datacryptor® remote unit.

To log into this unit, double click the local unit icon. This will launch Front Panel Viewer(FPV).
Click the Login button, you will now be prompted for a user certificate/disk. Insert user 0(recommend that user 0 is always used for Cryptomanager). You will also be prompted for the CA disk. Insert the CESG CA disk, then click OK. (Any future logins will not require the CESG CA disk as this is stored by Cryptomanager).

Click on picture thumbnails to view diagrams

During the login session a dialogue box will appear stating that this unit has just powered up and do you wish to enable data transfer. Select Yes to enable data transfer. This process is referred to as
‘ taking unit out of forced standby mode’.

Select the properties button followed by General tab. Then click the scroll down for Interface and select the E1 option. The Comms tab will now change to Comms E1. If necessary, you can select framed or unframed operation under the Comms E1 tab(unframed is the default).

Finally, select the management tab and set the Ethernet port address to DHCP/Bootp then click apply and reboot unit. This is done by selecting the Diagnostics tab and selecting the reboot button.
Close down Element manager and DUN.

8. Managing Datacryptor® Link E1 units via Cryptomanager
Deploy both Datacryptor® Link units into the network and connect Cryptomanager to the Local Datacryptor® as shown below.

Click on picture thumbnails to view diagrams

Run DUN on the Management Laptop/PC and run Element manager.

To log into this unit, double click the local unit icon. This will launch Front Panel Viewer(FPV).
Click the Login button, you will now be prompted for a user certificate/disk. Insert user 0(recommend that user 0 is always used for Cryptomanager). You will also be prompted for the CA disk. Insert the CESG CA disk, then click OK. (Any future logins will not require the CESG CA disk as this is stored by Cryptomanager).

During the login session a dialogue box will appear stating that this unit has just powered up and do you wish to enable data transfer. Select Yes to enable data transfer. This process is referred to as
‘ taking unit out of forced standby mode’.

Select properties followed by Security tab. Change the KEK lifetime to 7 days and then Apply.

Then select the Connection tab. Then under Target Unit mode, select encrypt and then Apply.
Now select the Diagnostics tab and click the Ping Peer Unit. If the Service Provider network link is operational, then you will get a reply form the remote Datacryptor® Link unit. This reply contains information about that unit( including its Network port address, this should be the same as that noted during the Hyperterminal session in section 4.) Log out of unit. And close down FPV

The Remote Datacryptor® can now be managed in-band via its network port address as follows:

In Element manager, right mouse click the Datacryptor® Remote icon and select edit. Change the IP address from 10.10.10.3 to 1.0.254.1(remote Datacryptor® network port address).
Double click this new icon to launch FPV. FPV will not be able to reach the remote unit because Cryptomanager does not know how to route packets destined for 1.0.254.1.
Click the Cryptomanager button on FPV.
Then select routes tab followed by Add route button. Then enter the following information:

IP address 1.0.254.1
Mask 255.255.255.255
Next-hop 10.10.10.2

This in effect intructs Cryptomanager to forward packets destined for 1.0.254.1 to the local Datacryptor® Ethernet port( the Local Datacryptor® will forward them onto the remote Datacryptor® over the Network link).

Click OK and close down cryptomanager session.

Close down FPV and relaunch, FPV will now reach the remote unit.
Click the Login button, you will now be prompted for a user certificate/disk. Insert user 0(recommend that user 0 is always used for Cryptomanager). You will not need the CESG CA disk as this is stored by Cryptomanager.

During the login session a dialogue box will appear stating that this unit has just powered up and do you wish to enable data transfer. Select Yes to enable data transfer. This process is referred to as
‘ taking unit out of forced standby mode’.

Select properties followed by Security tab. Change the KEK lifetime to 7 days and then Apply.

Then select the Connection tab. Then under Target Unit mode, select encrypt and then Apply

Both encrypt lights will stay on and link is now encrypting and operational.