How can MetaDefender Kiosk and Vault (formerly SFT) be configured to work with an Arbit Data Diode?

This article describes how to deploy MetaDefender Kiosk, an Arbit data diode, and a MetaDefender Vault server for the following use case:

  1. Portable media is scanned by MetaDefender Kiosk.

  2. Clean files are passed through an Arbit data diode to a Vault server.

  3. User downloads files from the Vault server.

System Deployment

Do the following before configuring the individual systems:

  1. Install MetaDefender Kiosk with MetaDefender Core on the low side network.

  2. Install the Arbit data diode with the receiving side in the low side network and the transmitting side on the high side network.

    1. Assign a static IP address to the low side.

    2. Assign a static IP address to the high side.

  3. Install the Vault server on the high side network.

    1. Assign a static IP address.

Vault Server Configuration

  1. Create the user accounts on the Vault server.

    1. Note the account that should be used as the 'from' account for files coming from MetaDefender Kiosk.

  2. Generate the authorization token.

Arbit Data Diode Configuration

  1. Define the URL list on the high side of the data diode to include the Vault server.

    1. URL list includes http://:8000/Vault_rest/file

MetaDefender Configuration

  1. Configure the appropriate MetaDefender Kiosk workflow profile to enable Copy To Vault in the post-action.

  2. Put in the URL of the data diode low-side receiver.

    1. http://<diode low-side IP address>:8080/pitcherrestapi/transfer/<URL List>

  3. Enter the authorization token generated by the Vault server.

  4. Enter the Sender Vault account that was created on the Vault server.

This article pertains to MetaDefender Kiosk
This article was last updated on 2019-10-06