6.1. Arbit Data Diode configuration

This guide describes how to deploy MetaDefender Kiosk, an Arbit data diode, and a MetaDefender Vault server for the following use case.

  1. Portable media is scanned by MetaDefender Kiosk.

  2. Clean files are passed through an Arbit data diode to a Vault Server.

  3. User downloads files from the Vault server.

System Deployment

The following should be done before configuring the individual systems.

  1. Install MetaDefender Kiosk with MetaDefender Core on the low-side network

  2. Install the Arbit data diode with the receiving side in the low-side network and the transmitting side on the high side network

    1. Assign a static IP address to the low side

    2. Assign a static IP address to the high side

  3. Install the Vault server on the high side network

    1. Assign a static IP address

Vault Server Configuration

  1. Create the known user accounts on the Vault server

    1. Note the account that should be used as the 'from' account for files coming from MetaDefender Kiosk

  2. Generate the Authorization token

Arbit Data Diode Configuration

  1. Define the URL list on the high side of the data diode to include the Vault server

    1. URL List includes:

      1. http://<Vault IP Address>:8000/vault_rest/file

      2. http://<Vault IP Address>:8000/vault_rest/transfer

      3. http://<Vault IP Address>:8000/vault_rest/transfer_diode

      4. http://<Vault IP Address>:8000/vault_rest/transfer_file

      5. http://<Vault IP Address>:8000/vault_rest/transfer_file_diode

      6. http://<Vault IP Address>:8000/vault_rest/file/status/<file_id>

      7. http://<Vault IP Address>:8000/vault_rest/file/<file_id>

      8. http://<Vault IP Address>:8000/vault_rest/folder_content/<id>/<start>/<count>

      9. http://<Vault IP Address>:8000/vault_rest/root_folder

      10. http://<Vault IP Address>:8000/vault_rest/files/my/<start>/<count>

      11. http://<Vault IP Address>:8000/vault_rest/transfer_file_chunk_diode

      12. http://<Vault IP Address>:8000/vault_rest/authenticate

      13. http://<Vault IP Address>:8000/vault_rest/scan

MetaDefender Kiosk Configuration

  1. Configure the appropriate MetaDefender Kiosk workflow profile to enable Copy To Vault in the post-action

  2. Put in the URL of the data diode low-side receiver

    1. http://<diode low-side IP address>:8080/pitcherrestapi/transfer/<URL List>

  3. Enter the Authorization token generated by the Vault Server

  4. Enter the Sender Vault account that was created on the Vault server