6.1. Arbit Data Diode configuration

This guide describes how to deploy MetaDefender Kiosk, an Arbit data diode, and a MetaDefender Vault server for the following use case.

  1. Portable media is scanned by MetaDefender Kiosk.

  2. Clean files are passed through an Arbit data diode to a Vault Server.

  3. User downloads files from the Vault server.

System Deployment

The following should be done before configuring the individual systems.

  1. Install MetaDefender Kiosk with MetaDefender Core on the low-side network

  2. Install the Arbit data diode with the receiving side in the low-side network and the transmitting side on the high side network

    1. Assign a static IP address to the low side

    2. Assign a static IP address to the high side

  3. Install the Vault server on the high side network

    1. Assign a static IP address

Vault Server Configuration

  1. Create the known user accounts on the Vault server

    1. Note the account that should be used as the 'from' account for files coming from MetaDefender Kiosk

  2. Generate the Authorization token

Arbit Data Diode Configuration

  1. Define the URL list on the high side of the data diode to include the Vault server

    1. URL List includes http://<Vault IP Address>:8000/vault_rest/file

MetaDefender Kiosk Configuration

  1. Configure the appropriate MetaDefender Kiosk workflow profile to enable Copy To Vault in the post-action

  2. Put in the URL of the data diode low-side receiver

    1. http://<diode low-side IP address>:8080/pitcherrestapi/transfer/<URL List>

  3. Enter the Authorization token generated by the Vault Server

  4. Enter the Sender Vault account that was created on the Vault server