Note: this document
assumes that dial-up-networking (DUN) has been setup on the management
Laptop/PC and Element manager plus Key manager have been installed.
- Checking data, time and setting IP
address on Cryptomanager
- Checking data, time and setting IP address
on Local Datacryptor® Link unit
- Loading CESG key material onto Local
Datacryptor® Link unit
- Checking data and time on Remote Datacryptor® Link unit
- Loading CESG key material onto Remote Datacryptor® Link unit
- Managing Datacryptor® Link units via Cryptomanager
- Removing force standby after Datacryptor® power outage
- Loading New dated CESG key material onto Datacryptor® Link unit
1. Checking data, time and setting IP address on
Cryptomanager
Connect Laptop/PC to Crytpomanager
using a serial 9-way cable as shown below. Do not apply power
to the Cryptomanager.
Click
on picture thumbnails to view diagrams
Run Hyperterminal on the Laptop/PC. Insert physical key and turn
to the transport position.
Now apply power to Cryptomanager.
After approximately 10-20s, CONFIG STARUP ? will be displayed on
Hyperterminal, you have 5s to hit the Y keyboard character. This
will take you into low level config. Mode, the prompt is now IPCONFIG>.
To check the date and time enter settime command. If the date is
incorrect, this can be changed using the settime command. The following
is an example:
settime 2002-10-31 11:31
To view all the current IP addresses enter display.
You will now need configure a valid IP address on Cryptomanagers
Ethernet port using the set ethernet command, the following is an
example:
set ethernet 10.10.10.1 255.255.255.0
Now enter exit and remove key from unit. Cryptomanager will now
continue to boot up normally.
2. Checking data, time and setting IP address on Local
Datacryptor® Link E1 unit
Connect Laptop/PC to Datacryptor® using a serial 9-way cable as shown below.
Do not apply power to the Datacryptor®.
Click
on picture thumbnails to view diagrams
Run Hyperterminal on the Laptop/PC. Insert physical key and turn
to the transport position.
Now apply power to Datacryptor®.
After approximately 10-20s, CONFIG STARTUP ? will be displayed on
Hyperterminal, you have 5s to hit the Y keyboard character. This
will take you into low level config. Mode, the prompt is now IPCONFIG>.
To check the date and time enter settime command. If the date is
incorrect, this can be changed using the settime command. The following
is an example:
settime 2002-10-31 11:31
To view all the current IP addresses enter display.
You will now need configure a valid IP address on Datacryptor® Ethernet
port using the set ethernet command, the following is an example:
set ethernet 10.10.10.2 255.255.255.0 (Note that this address must
be on the same subnet as the Cryptomanagers Ethernet port address
Now enter exit and remove key from unit. Datacryptor® unit will now continue
to boot up normally.
3. Loading CESG key material onto Local
Datacryptor® Link unit
Connect Laptop/PC to Datacryptor® using a serial 9-way cable as
shown below. Apply power to the Datacryptor® , run DUN
and Key manager( you will be prompted to enter the Datacryptor® control
port
address, this
is 2.2.2.2).
Click
on picture thumbnails to view diagrams
From Key Manager select Install CA and insert CESG CA/Department
disk, proceed to load CA onto Datacryptor®.
Then select Install Cert and insert CESG user certificate disk(
e.g. user 1), proceed to load user certificate onto Datacryptor®. You will
also be prompted to select the name file from the user disk in order
to change the unit name to that of the user number. The flashing
alarm light should now be extinguished. Close down Key manager and
DUN.
4. Checking data and time on Remote Datacryptor® Link unit
Follow the same procedure outlined in section 2, except omit
setting the Ethernet port IP address.
Enter the command display, and make a note of the Network port address.
This will be needed later in section 6 when remote managing this
unit via Element manager.
5. Loading CESG key material onto Remote Datacryptor® Link unit
Connect Laptop/PC to Datacryptor® using a serial 9-way cable as
shown below. Apply power to the Datacryptor® , run DUN and
Key manager( you will be prompted to enter the Datacryptor® control port
address, this is 2.2.2.2).
Click
on picture thumbnails to view diagrams
From Key Manager select Install CA and insert CESG CA/Department
disk, proceed to load CA onto Datacryptor®.
Then select Install Cert and insert CESG user certificate disk( NOTE:
user disk for the remote unit must be different to that used for the Local
unit, e.g. user 2 in this case), proceed to load user certificate onto
Datacryptor®. You will also be prompted to select the name file from the user disk
in order to change the unit name to that of the user number. The flashing
alarm light should now be extinguished. Close down Key manager and DUN.
6. Managing Datacryptor® Link units via Cryptomanager
Deploy
both Datacryptor® Link units into the network and connect Cryptomanager
to the Local Datacryptor® as shown below.
Click
on picture thumbnails to view diagrams
Run DUN on the Management Laptop/PC and run Element manager.
Create a Datacryptor® Icon by clicking the blue icon on the top menu bar. This
will be a Cryptomanager by default. Enter address 2.2.2.2 and give it
a name Cryptomanager of CM etc.
Create another Datacryptor® again, but this time enter address of the local
unit’s Ethernet port address: 10.10.10.2 in this case. Then give
it a name e.g. Datacryptor® local unit.
To log into this unit, double click the local unit icon. This will launch
Front Panel Viewer(FPV).
Click the Login button, you will now be prompted for a user
certificate/disk. Insert user 0(recommend that user 0 is always used
for Cryptomanager). You will also be prompted for the CA disk. Insert
the CESG CA disk, then click OK. (Any future logins will not require
the CESG CA disk as this is stored by Cryptomanager).
During the login session a dialogue box will appear stating that this
unit has just powered up and do you wish to enable data transfer. Select
Yes to enable data transfer. This process is referred to as
‘
taking unit out of forced standby mode’.
Then select properties followed by Connection tab. Then under Target Unit
mode, select encrypt.
Now select the Diagnostics tab and click the Ping Peer Unit. If
the Service Provider network link is operational, then you will get a reply
form the remote Datacryptor® Link unit. This reply contains information about that
unit( including its Network port address, this should be the same as that
noted during the Hyperterminal session in section 4.) Log out of unit.
And close down FPV
In Element manager create another new Datacryptor® icon. Enter the remote Datacryptor®
network port address, in this case 1.0.254.1, then give it a name e.g.
Datacryptor® remote unit.
Double click this new icon to launch FPV. FPV will not be able
to reach the remote unit because Cryptomanager does not know how to route
packets destined for 1.0.254.1.
Click the Cryptomanager button on FPV.
Then select routes tab followed by Add route button. Then enter
the following information:
IP address 1.0.254.1
Mask 255.255.255.255
Next-hop 10.10.10.2
This in effect intructs Cryptomanager to forward packets destined for
1.0.254.1 to the local Datacryptor® Ethernet port( the Local Datacryptor® will forward
them onto the remote Datacryptor® over the Network link).
Click OK and close down cryptomanager session.
Close down FPV and relaunch, FPV will now reach the remote unit.
Click the Login button, you will now be prompted for a user
certificate/disk. Insert user 0(recommend that user 0 is always used
for Cryptomanager). You will not need the CESG CA disk as this is stored
by Cryptomanager.
During the login session a dialogue box will appear stating that this
unit has just powered up and do you wish to enable data transfer. Select
Yes to enable data transfer. This process is referred to as
‘
taking unit out of forced standby mode’.
Then select properties followed by Connection tab. Then under Target
Unit mode, select encrypt.
Both encrypt lights will stay on and link is now encrypting and operational.
7. Removing force standby after Datacryptor® power outage
Refer to diagram showed in section 6.
Run DUN and Element manager on the management laptop/PC
Double click icon for Datacryptor® that has suffered power outage. This
will launch FPV.
Click the Login button, you will now be prompted for a user certificate/disk.
Insert user 0(recommend that user 0 is always used for Cryptomanager).
You will not need the CESG CA disk as this is stored by Cryptomanager.
During the login session a dialogue box will appear stating that this
unit has just powered up and do you wish to enable data transfer. Select
Yes to enable data transfer. This process is referred to as
‘
taking unit out of forced standby mode’.
Logout out and close down FPV, Element manager and DUN.
8. Loading New dated CESG key material onto Datacryptor® Link unit
This process is required when existing unit certificate key material
has expired(or is about to expired).
Connect Laptop/PC to Datacryptor® using a serial 9-way cable as shown
below. Apply power to the Datacryptor® , run DUN and Key manager( you will
be prompted to enter the Datacryptor® control port address, this is 2.2.2.2).
Click
on picture thumbnails to view diagrams
Select Install Cert and insert CESG user certificate disk( use
the same user disk number as the previously expired disk number), proceed
to load user certificate onto Datacryptor®.
Close down Key manager and DUN.
You will not need the CESG CA disk since this has a three year lifetime.
When this expires you will need to load both new dated CA and
new dated user certificate/disk.
|
)
)
)
)
)
)
