ADDERView Secure Digital Standard Manual

							



10


Connections to computer systems (continued)  
Connecting video inputs
The unit provides full DVI/I connections for video. This means that it c\
an receive, 
and	transfer,	any	VGA	or	DVI	input	(from	analog	to	single	or	dual	link	digital)	up	
to the following maximum resolutions and rates: 
•	 Analog:	1920	x	1200	x	60Hz
•	 Single	link	digital:	1920	x	1200	x	60Hz	(up	to	165MHz	pixel	clock)
•	 Dual	link	digital:	2560	x	1600	x	60Hz	(up	to	two	times	165MHz	pixel	clock)	
Generally,	all	inputs	should	be	of	the	same	type,	i.e.	all	analog	or	all	digital	(and	
the	monitor	should	correspondingly	be	of	the	correct	type).	However,	there	are	
certain situations where mixing of different video types is possible - c\
ontact 
technical support for more details.
The	use	of	EDID	information	(automatically	provided	by	the	video	display)	could	
cause issues in certain high security installations - please see the Video display 
(EDID) information	section	for	further	details).			
To	connect	a	video	input
1  Wherever possible, ensure that power is disconnected from the unit and t\
he 
host	computer(s)	to	be	connected.
2  As appropriate, connect either a digital or analog video link cable to t\
he 
required DVI/I socket on the rear panel:
•		Digital Connect a digital video link cable to the port labeled  within 
the appropriate channel group on the rear panel.
•		Analog Connect a converter module to the port labeled  within 
the appropriate channel group on the rear panel. Connect an analog 
video link cable to the converter module. In both cases, ensure that the\
 
securing screws are used to maintain reliable links.
3  Connect the plug at the other end of the cable to the corresponding vide\
o 
output socket of the appropriate host computer.5V2.0AINDOOR USE O NLY
2
1
5V2.0AINDOOR USE O NLY
2
1
Digital	video	input
Analog	video	input   
						

							



11


Connections to user console peripherals
To	connect	a	keyboard	and	mouse
Note: The AdderView Secure unit can directly accommodate only a USB-styl\
e 
keyboard and mouse. If required, you can use suitably shielded conversio\
n 
cables to connect peripherals that have PS/2-style interfaces.
1  Wherever possible, ensure that power is disconnected from the unit and t\
he 
host	computer(s)	to	be	connected.
2 At the far left side of the rear panel, connect the cables from the keyb\
oard 
and	mouse	to	the	USB	sockets	marked	 and  respectively.  
USER CONSOLE
USER CONSOLE
To	connect	speakers	
1  Wherever possible, ensure that power is disconnected from the unit and t\
he 
host	computer(s)	to	be	connected.
2 At the far left side of the rear panel, connect the speaker cable to the\
 socket 
marked     
						

							



12


USER CONSOLE
Connecting video displays
The unit provides full DVI/I connections for video outputs. This means t\
hat it can 
transfer	any	VGA	or	DVI	signal	(from	analog	to	single	or	dual	link	digital)	up	to	
the following maximum resolutions and rates: 
•	 Analog:	1920	x	1200	x	60Hz
•	 Single	link	digital:	1920	x	1200	x	60Hz	(up	to	165MHz	pixel	clock)
•	 Dual	link	digital:	2560	x	1600	x	60Hz	(up	to	two	times	165MHz	pixel	clock)
Generally,	all	video	signals	should	be	of	the	same	type,	i.e.	all	analog	or	
all	digital	(and	the	monitor	should	correspondingly	be	of	the	correct	type).	
However, there are certain situations where mixing of different video ty\
pes is 
possible - contact technical support for more details.
The	use	of	EDID	information	(automatically	provided	by	the	video	display)	could	
cause issues in certain high security installations - please see the Video display 
(EDID) information	section	for	further	details).				
To	connect	a	video	display
1  Wherever possible, ensure that power is disconnected from the unit and t\
he 
host	computer(s)	to	be	connected.
2  As appropriate, connect either a digital or analog video display to the \
DVI/I 
socket on the far left side of the rear panel:
•		Digital Connect the digital video display cable to the port labeled  
within the user console section on the rear panel.
•		Analog Connect a converter module to the port labeled  within the 
user console section on the rear panel. Connect the analog video display\
 
cable to the converter module. In both cases, ensure that the securing 
screws are used to maintain reliable links.
3  Connect the plug at the other end of the cable to the corresponding vide\
o 
output socket of the appropriate host computer.
USER CONSOLE
Digital	video	display	output
Analog	video	display	output   
						

							



13


Video display (EDID) information
The	Display	Data	Channel	(or	DDC)	scheme	was	introduced	to	allow	analog	and	
digital	video	displays	to	provide	details	(using	the	information	format	of	EDID	
-	Extended	Display	Identification	Data)	about	themselves	and	their	capabilities	
to the computer’s graphic adapter circuitry. In most applications thi\
s is a useful 
and positive feature. However, in a highly secure environment this prese\
nts two 
potential problems:
•	 Most	video	displays	provide	manufacturer,	model	and	serial	number	
information as part of their EDID transfer. This unique information coul\
d 
possibly be used as a marker by anyone attempting to compromise security\
 
within one or more of the connected computers/networks.
•	 The	operation	of	the	DDC	scheme	could	theoretically	provide	a	means	to	
transfer a small packet of EDID information to the computers at each pow\
er 
on cycle of the AdderView Secure. 
If your organization wishes to protect against such scenarios then it is\
 
recommended that the DDC lines are disconnected in the cable between the\
 
AdderView Secure and the monitor. Alternatively, Adder would be happy 
to discuss configuring the AdderView Secure with a DDC policy to suit \
your 
organization.
AdderView Secure EDID policy
The AdderView Secure maintains individual EDID memories for each connect\
ed 
computer port. During manufacture, these memories are each loaded with a\
 
default EDID packet. 
When the AdderView Secure is powered on, its response will be determined\
 by 
the condition of the DDC signalling pins of the video monitor connector:\
•	If the DDC pins are connected as standard: The AdderView Secure reads 
the EDID information from the attached video monitor and loads a copy 
into each port memory, which can then be made available to the connected\
 
computers.
•	If	no	video	monitor	is	connected	or	the	monitor’s	DDC	signalling	pins	
are disconnected: The AdderView Secure will maintain the default data 
held in the EDID memories and make them available to the computers. 
•	If	the	video	monitor’s	DDC	signalling	pins	have	been	connected	
to ground: The AdderView Secure will load a set of default data to the 
EDID memories and no data will be made available to the computers. 
This provides a means of clearing information about previously attached \
monitors.
Note: Most analog video cards will output a video signal without EDID 
information. In such installations it may be acceptable to disconnect th\
e DDC 
connections from the AdderView Secure so that no EDID information is mad\
e 
available to the computers. However, some graphics cards will not output\
 a 
video signal unless they can read the EDID information.
To	determine	how	EDID	information	is	used
Note: The information given here is provided purely as an overview. It i\
s beyond 
the scope of this document to provide detailed instructions on how to mo\
dify 
video display cables, which should only be attempted by a qualified en\
gineer.
If the transfer of EDID information is unsuitable for your installation,\
 you can 
take steps to bypass or disable its use. EDID information is sent from t\
he video 
display on the following pins of their connectors:
•	Analog	VGA	(15-pin	D-type)	connector:		 pins	12	and	15
•	Digital DVI connector:     pins 6 and 7
As mentioned earlier, the AdderView Secure unit responds in the differen\
t ways, 
depending upon how the DDC data lines within the video display cable hav\
e 
been wired:
DDC pin conditions AdderView Secure unit response
Connected EDID information is harvested from the connected 
video display during unit power on and written to all 
computer port memories.  
Not	connected	 Unit	retains	the	EDID	information	that	is	already	held	
in the port memories and continues to present them to 
the attached computers. No new EDID information can 
be sought from the currently connected video display.
Grounded	Unit	overwrites	all	EDID	information	held	in	memory	
with default information but does not present anything 
to the attached computers.
In situations where no EDID information is being supplied, it may be nec\
essary to 
use a special driver on the connected computers to inform their graphic adapters 
on the appropriate signals to send. 
Alternatively, a ‘surrogate’ video display of the appropriate type\
 could be 
temporarily connected to the AdderView Secure unit in order to harvest t\
he 
necessary EDID information. The surrogate video display could then be re\
placed 
by	the	real	one,	which	has	its	DDC	pins	disconnected	(not	grounded).	   
						

							



14


Connection to power supply
Important: Please read and adhere to the electrical safety information g\
iven 
within the Safety information section of this guide. In particular, do not use an 
unearthed power socket or extension cable.
To	connect the power supply
1 Attach the output connector of the power supply (country	specific	power	
supplies	are	available)	to the socket on the far right of the rear panel.
5V2.0AINDOOR USE O NLY
2
1
2 When all other connections have been made, connect the main body of the \
power supply to a nearby earthed mains socket.   
						

							



15


SECT	4
Operation
In operation, the AdderView Secure unit allows you to quickly and secure\
ly 
switch between up to four systems. Strictly only one system may be acces\
sed at 
a time, whereupon the common keyboard and mouse are linked to that syste\
m. 
Selecting computers
In order to guard against the possibility of malicious software and also\
 to 
minimize the chance of accidental switching, the AdderView Secure unit o\
ffers 
only one method to change between channels. All switching is done using \
the 
front panel switches.
Error indicator
The red error indicator is located on the right side 
of the front panel and is labeled ERR. Separate 
microprocessors monitor each channel and any 
of them can trigger an error state if they detect 
unexpected or unauthorized operations. If the ERR 
indicator illuminates, you will need to first locate and 
confirm the source of the fault. Then you will need to 
either power cycle the offending computer or remove 
and	replace	its	USB	connection	to	the	AdderView	
Secure.  
1234
•	 The	buttons	are	clearly	labeled	to	eliminate	any	ambiguity.
•	 Press	the	appropriate	button	to	select	the	labeled	channel.
•	 When	the	chosen	channel	has	been	connected,	the	adjacent	indicator	
will	illuminate	(continuously)	to	confirm.	If	the	indicator	flashes,	then	the	
selected computer is either switched off or disconnected.
•	 Each	channel	uses	a	differently	colored	indicator	to	provide	additional	visual	
feedback about the chosen channel. Channel 1 has a green indicator and 
is generally configured to link with the lowest security computer/netw\
ork, 
whereas	channel	4	(or	channel	2	on	two-port	versions)	has	a	red	indicator	
and is generally configured to link with the highest security computer\
/network.    
Note: If a keyboard key is held down during a channel change then the ke\
y will 
be sent to the selected computer upon release of the channel change butt\
on. 
Do not hold down keys during a channel change.   
ERRPWR
Tamper-evident seals
The primary casing access screws are pre-fitted with tamper-evident se\
als. It 
may be a policy of your organization to fit proprietary tamper-evident\
 labels 
across certain chassis screws. Additionally, seals could be added betwee\
n each 
connection and the unit to highlight any connections that have been alte\
red.
IMPORTANT:	Do	not	use	the	unit	if	the	tamper-evident	seals	are	
damaged. Do not use if there are any signs of damage to the unit or its \
power supply.   
						

							



16


Further information
Troubleshooting
If you experience problems when installing or using the AdderView Secure\
 unit, 
please check through this section for a possible solution. If your probl\
em is not 
listed	here	and	you	cannot	resolve	the	issue,	then	please	refer	to	the	‘Getting	
assistance’ section.
No	video	from	computer
•	 This	is	most	likely	to	be	associated	with	a	mismatch	between	the	host	
computer’s video output and the DDC data held within the AdderView 
Secure. Computers often need read the correct DDC data before they will \
output a video signal. If digital DDC data is presented to a computer’\
s 
analog video port, a video signal will not be generated. Conversely, if \
analog 
DDC data is presented to a computer’s digital video port, a video sig\
nal will 
also not be generated. 
	 Depending	on	your	DDC	connection	policy	(see	Video display (EDID) 
information	for	details),	remember	that	the	AdderView	Secure	will	
only attempt to read the EDID information from your monitor when the 
AdderView Secure is first powered on. To ensure that your monitor’s\
 EDID 
information is read and stored correctly, ensure that it is attached and\
 
powered on when you switch on the AdderView Secure.
Video from some computers only
•	 Remember	that	the	AdderView	Secure	does	not	convert	digital	video	
signals to analog signals and vice versa so it is not generally possible\
 to 
mix digital and analog inputs. Mixed systems are possible in certain spe\
cial 
circumstances but these will require specialist assistance from Adder 
technical support.  
SECT 5
Summary of threats and solutions
This section provides a list of potential security threats that the Adde\
rView 
Secure might face during operation and the special steps that have been \
taken 
to counteract them. 
ThreatSolution
Microprocessor 
malfunction or 
unanticipated software 
bugs causing data to flow 
between ports.
Unidirectional	data	flow	is	enforced	by	
hardware “data diodes” so data isolation 
doesn’t rely on software integrity.
Subversive snooping 
by means of detecting 
electromagnetic radiation 
emitted from the 
equipment.
Carefully shielded metal case with dual 
shielding in critical areas.
Detection of signals 
on one computer by 
monitoring for crosstalk 
(leakage)	signals	on	
another computer.
No connection to sensitive analogue inputs 
(such	as	computer	microphone	ports)	are	
provided. A very high level of crosstalk 
separation is provided between signals 
from different computers.
Malicious modification of 
microprocessor software 
causing data to leak 
between ports.
Data isolation is assured by hardware and so 
is not compromised by any changes to the 
microprocessor software. Microprocessors 
use one time programmable memory so 
flash upgrades are not possible. Case uses 
counter-sunk screws which can be protected 
by tamper-evident seals.
Buffered data within a 
keyboard or mouse is sent 
to the wrong computer 
after switchover. 
Keyboard and mouse are powered down 
and reset between each switchover to 
ensure that all buffers are cleared out.
Data leakage by means 
of monitoring conducted 
emissions on mains power.
The power circuitry provides strong 
protection against signal leakage via the 
power cable.   
						

							



17


ThreatSolution
Data being sent to ports 
by means of faulty or 
subverted keyboards or 
mice causing the channel 
to switch and sending 
data in turn to each port.
Channel switching is controlled by the front 
panel buttons only with all keyboard hotkey 
or mouse switching capabilities removed 
from the design.
Data transfer by means of 
common storage.
USB	ports	support	keyboard	and	mouse	
connections only. The product does 
not	enable	a	USB	memory	stick	or	disk	
drive to be shared between computers. 
Unidirectional	keyboard	and	mouse	data	
signalling protects against data transfer 
across the switch.
Timing analysis attacks.If a connection exists between a computer 
and a shared microprocessor system, it 
is potentially possible to determine what 
may be happening on the micro by timing 
the responses to repeated requests that 
the micro must service. For example, if 
a high data bit takes longer to transmit 
through the system than a low bit it may 
be possible to detect the pattern of data 
flowing between other ports by attempting 
to time the responses to otherwise normal 
requests. In the AdderView Secure, each 
port has a dedicated processor that only 
has input signals from the rest of the 
system. These input signals are only active 
when the port is selected. Consequently a 
timing analysis attack from one computer 
would yield no information about data 
flowing to another computer.
The user selects the wrong 
port. 
Only	one	simple	method	of	selecting	
computers is provided. The selected port 
is clearly and unambiguously indicated on 
the front panel by means of colored lights 
adjacent to each key switch. For high levels 
of security, the screens of high and low 
security computers should be arranged to 
look visibly different in general appearance.
Threat
Forced malfunctions due 
to overloaded signalling.
It is potentially possible to create forced 
malfunctions by constantly and quickly 
sending	a	stream	of	valid	requests	(such	as	
the	request	to	update	the	keyboard	lights).	
A well known example of an undesirable 
KVM malfunction is a “crazy mouse” 
which was quite common with early KVM 
switches and was caused by data loss on 
PS/2 systems with the result that the mouse 
darted around the screen randomly clicking 
and opening windows. The unidirectional 
design of the AdderView Secure ensures 
that the influence of signalling on one port 
cannot flow past the data diodes. This 
means that overload signalling on one port 
will not affect the operation of another 
port.	USB	signalling	is	not	susceptible	to	the	
failure mechanism that caused the crazy 
mouse on PS/2 systems.
Signalling by means of 
shorting the power supply 
or loading the power 
supply.
Each port is independently powered by its 
USB	port.	Shorting	the	power	supply	on	
one port will not cause the power on other 
ports to be switched off. 
Tampering with the 
switch.
The switch is fitted with tamper protection 
measures.   
						

							



18


Getting assistance
If you are still experiencing problems after checking the information co\
ntained 
within this guide, then we provide a number of other solutions:
•	Online solutions and updates – www.adder.com/support
 Check the Support section of the adder.com website for the latest soluti\
ons 
and firmware updates.
•	Adder Forum – forum.adder.com
	 Use	our	forum	to	access	FAQs	and	discussions.
•	Technical support – www.adder.com/contact-support-form
 For technical support, use the contact form in the Support section of th\
e 
adder.com website - your regional office will then get in contact with\
 you.    
						

							



19


Safety information
•	 For	use	in	dry,	oil	free	indoor	environments	only.
•	 Warning	-	live	parts	contained	within	power	adapter.
•	 No	user	serviceable	parts	within	power	adapter	-	do	not	dismantle.
•	Plug the power adapter into a socket outlet close to the module that it \
is 
powering.
•	Replace the power adapter with a manufacturer approved type only. 
•	Do not use the power adapter if the power adapter case becomes damaged, \
cracked or broken or if you suspect that it is not operating properly.
•	Do not attempt to service the unit yourself.
•	 Not	suitable	for	use	in	hazardous	or	explosive	environments	or	next	to	highly	
flammable materials.
•	 Do	not	use	the	power	adapter	if	the	power	adapter	case	becomes	damaged,	
cracked or broken or if you suspect that it is not operating properly.
•	 If	you	use	a	power	extension	cable,	make	sure	the	total	ampere	rating	of	the	
devices plugged into the extension cable do not exceed the cable’s am\
pere 
rating. Also, make sure that the total ampere rating of all the devices \
plugged into the wall outlet does not exceed the wall outlet’s ampere rating.
•	 The	power	adapter	can	get	warm	in	operation	–	do	not	situate	it	in	an	
enclosed space without any ventilation. 
Lithium battery
CAUTION: This product contains a lithium battery which must be disposed \
of in the correct manner.
CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN 
INCORRECT TYPE.
•	If the lithium battery needs to be changed, you must return the product to your 
nearest Adder dealer. The battery must be replaced by an authorized Adder 
dealer. 
•	 Once	the	product	has	come	to	the	end	of	its	useful	life,	the	lithium	battery	
must be removed as part of the decommissioning process and recycled in 
strict accordance with the regulations stipulated by your local authorit\
y. 
Advice on battery removal can be provided on request by Adder. 
Warranty
Adder Technology Ltd warrants that this product shall be free from defects in 
workmanship and materials for a period of two years from the date of ori\
ginal 
purchase. If the product should fail to operate correctly in normal use \
during the 
warranty period, Adder will replace or repair it free of charge. No liab\
ility can be 
accepted for damage due to misuse or circumstances outside Adder’s co\
ntrol. 
Also Adder will not be responsible for any loss, damage or injury arisin\
g directly 
or indirectly from the use of this product. Adder’s total liability u\
nder the terms 
of this warranty shall in all circumstances be limited to the replacemen\
t value of 
this product.
If any difficulty is experienced in the installation or use of this pr\
oduct that you 
are unable to resolve, please contact your supplier.