The FiberPlex QSFX28 Data Diode provides unidirectional network connections with 100-gigabit operation. The 100G Ethernet interface includes four independent 25Gbps wavelength channels according to 100GBASE-LR4 and offers long haul single mode fiber to 6.2 miles (10km).
Featuring data-diode functionality, the hardware modules transmit data in one direction with no return path. There is only one optical opening to connect a single fiber. The one direction communication does not allow any possibility for a return path.
The device works like a one-way bridge between physically separated source and destination networks to enable data to move from a source network to a destination network without allowing access between domains.
The QSFX module is hot pluggable following the MSA Quad Small Form-factor Pluggable (QSFP28) standard. The unit uses a +3.3V Power Supply with <4.5W power dissipation and is RoHS 2.0.
A special milled Brass enclosure provides maximum EMI/RFI containment and durability. ESD Protection is per MIL-STD-883 Method 3015 and EN 61000-4-2. Immunity protection is according to EN 61000-4-3 and EMI according to FCC Part 15 Class B.
Data Diodes Provide Network Security and Segmentation
Determining where data diodes should be deployed depends on the security goals. If the primary goal is to protect the source network, then the data diode is deployed at the edge of the security border of the source network. The data diode prevents any possibility of an external party hacking into the source network while making data available outside of the source network.
Data Availability
Many believe that remote monitoring cannot be achieved without remote access to systems. However, if remote access is provided via an external two-way connection, then a threat vector is created. By utilizing data diodes, a high-security network is secured by one-way transfer hardware, preventing all external access. Meanwhile the data required for remote monitoring, backup, or analysis is sent one-way to another network or the cloud, where end users and applications can access it as needed without compromising air-gapped security.
Bilateral/Bidirectional Transfers
Despite all of the security benefits of one-way data diode solutions, in many cases, limited bidirectional communication is still necessary for confirmation or command and control. In these cases, the U.S. Department of Homeland Security's guidance advocates using "a single open port over a restricted network path" to severely limit the attack surface. A bilateral solution includes two independent data diode one-way paths that permit a single, round-trip session between pre-configured IP addresses: a one-way data transfer solution responsible for outgoing traffic, and another responsible for incoming traffic.
Applications
To remove all access and the possibility of data exfiltration, this 100G Data Diode QSFP provides for UDP transfer of information to a secure network or from a secure network to or from another network of lower security while preventing any data from being transmitted in the opposing direction, assured on the hardware level. The device contains either a Receiver Optical Sub-Assembly (ROSA) or a Transmitter Optical Sub-Assembly (TOSA) allowing networks to be Senders or Receivers without allowing access.
Please Note: FiberPlex QSFX28-LR4DT-3100-A Transmitter is required (sold separately).