AROW Data Diode- Software
Uniquely, Somerdata provides free open-source data management software for AROW. Written in the highly portable Python scripting language, the software can be examined for security auditing purposes, used as the basis for further customization by local system integrators or end-users, and extended to include content filtering or other additional security measures.
The software suite, called AROWBftp, consists of two separate applications, one for the Send side of AROW and one for the Receive side. The software automatically manages file transfers across AROW, scanning selected directory trees for changes in file content or added or deleted files, formatting the data into frames with timestamps and error detection information, and reconstructing the original file tree on the receive side.
File transfer is Operating System-agnostic meaning files can be transferred across file systems, eg Linux to Windows, Windows to Mac etc.
You can try it out using our single file executables which include an emulator. This is fully-functional software with all features. There are Windows and Linux executables available and they can be run on a single device (e.g. laptop) for functional evaluation purposes without installing Python or any compilers or support apps..
AROWBftp software can also manage real-time UDP and TCP streams, interleaving with file transfers where necessary to maintain real-time stream transfer.
Data Diodes can perform most of the same functions as normal routers but usually with the aid of some support software. This software is used to marshall the data so that it can be accessed as if it were presented by a normal router.
System Administrators must make data available to users in response to requests that are extra to the normal user interaction with applications, for example, requesting web pages or database access. Marshalling software usually makes copies of data on the uncontrolled side of the diode, perhaps with extra filtering and data inspection.
The principle of AROWBftp management software is to maintain an exact copy of a file tree structure from the low (dirty) side to the high ( clean) side of the diode.
Data to be transferred should be in file format – software updates, converted web sites, file-based mail clients ( outlook.pst files for example) etc. Interactive databases such as relational or transactional databases will require conversiion to a back-up format for transmission, and then extraction and reconstruction on the high-side. There is no limit to the size of file that can be handled.
Constructing the file tree to be sent is a matter for system administrators. The list of files to be made available to protected users is a matter of choice but there is no requirement to make extra copies of these files. The tree can be constructed using symlinks (Symbolic Links). Standard on Unix/Linux systems and available on Windows NTFS systems since Server 2003, Vista and some versions of XP, these are simply links to the files in a system that are treated as if they were the files themselves. Thus access, copying, deleting, moving etc can be accomplished (subject to permissions) as if directly operating on the files. For example, a symlink can be created to a mail database, placed in AROWBftp’s Send folder, and all of the database files will be copied to AROWBftp’s Receive folder on the protected side of AROW. Symlinks placed in the Receive folder can be used to direct the received database files to their final destination for user access.
Performance figures can be complex and very dependent on setups and configuration. AROWBftp Performance explores this topic in detail with some real-life measurements.
Similarly Web pages can be transmitted after conversion to a file format by applications such as HTTrack. Again, symlinks can be used to control source and destination paths, and a stnadrd web browser in offline mode can be used to access the cached files on the protected side of AROW.
Logging and Management
The assurance that data has been successfully transferred is a key part of the AROWBftp suite. To this end, a comprehensive logging facility is provided detailing exception reporting of inconsistent transfer results, data transfer statistics and error reporting. This logging is easily customisable to create standard syslog entries, smtp and http alerts. The embedded web server also provides a handy visual display of current and historical status.
The open-source nature of AROWBftp means that additional functionality is easily added. If required, file filtering and cleansing can be added.
We recommend the use of ExeFilter Python file filtering and antivirus checking software . This can be used stand-alone or integrated with AROW to provide pre- or post-transfer filtering.
At the same time as files are being transferred, UDP and /or TCP streamed traffic can be accomodated. This means for example that streaming video or audio , telemetry data, out of band transmissions can be sent simultaneously. This principle can be applied to any file-based transaction including hardware input devices, such as webcams and data acquisition devices.
UDP Data Through TCP
While AROW supports UDP streaming directly, for mixed systems here are examples on how to use raw UDP data streams through TCP on AROW, see AROWUDP Tunnelling UDP through AROW
AROW Bftp Functions
- Full-speed GBE support
- Automatic file tree replication
- Guaranteed file integrity when used with AROW-G hardware
- Customisable and extendable Python open source code
- Comprehensive logging and performance notification
- Cross-platform single code source
- Simultaneous File Transfer, TCP and UDP stream transfer