Curtiss-Wright CNS4 CSfC User Manual Download

Page: 56 / 141

User Guide

DDOC0108-000-A2

CNS4 CSfC

6 - 12

Operation

Revision 1.0

Zeroization affects only the ILE. The data on the FSM-C modules is still accessible:
•

If the FSM-C module can be placed in another CNS4 with the same DEK loaded in its ILE.

•

If the DEK can be restored / reloaded.

Data stored on the CNS4 will be encrypted using the ILE module and software encryption on the

FSM-C modules. In addition, data on the FSM-C module can be secured by:
•

Physically separating (removing) the FSM-C module from the ILE which holds the encryption

key,

•

Zeroizing (erasing) the encryption key (zeroizing the ILE).

In both cases, the encrypted data remains on the FSM-C module, but is unintelligible and

inaccessible. To destroy the data on the FSM-C module, the FSM purge command must be used.

This action actually overwrites all the data on the FSM-C modules. Refer to paragraph 11.2.11

fsmpurge

for additional information.

6.4.2

Hardware Encryption Layer

6.4.2.1

LE Account - Internal / External Key Storage

NOTE

DEKs are created in two ways, depending on which Security Mode is selected at login.
The ILE has two security modes (Internal and External). Each mode will define how the Data

Encryption Key (DEK) management is performed. Table 6.2 describes the security modes. The

user may change the security modes as needed.

Requires the selection of NOT STORED storage option along with a host to generate and retain the DEK.

•

ILE Mode: security mode type. The security mode must be selected by user via user interface

on initial power up.

•

User Authentication: ILE user authentication is required to access available ILE services.

•

Authorized Services: ILE security modes restrict access to services until the user is identified

and granted access to perform requested service (identity based authorization).

•

DEK Generation: method used to create the encryption key. The DEK may be created by the

ILE (Internal Mode) or by the host and sent to the ILE (External Mode).

•

DEK Transport: is how the DEK is moved from the user's storage place to the ILE. If DEK

management is handled by the ILE host (External Mode) then the DEK must be passed to the

ILE via RS-232 or I2C. This DEK is passed in an encrypted form and may then be stored on

the ILE. When the ILE controls DEK management, the DEK is created by the ILE (Internal

Mode) and stored on the ILE. Therefore, the DEK never passes outside the ILE unit.

•

DEK Storage Location: is how and where the DEK is stored. The user selects one of three

storage options for the DEK (Not stored, SRAM, or EEPROM) when using the Internal or

External Mode.

Table 6.2

Security Modes

Feature

Internal

Mode

External

Mode

User Authentication Required

User Composed Key

ILE Generated Key

DEK is Internal to the ILE and is Not Accessible to the User

Data Recovery after Power cycle

Data Recovery after Zeroization*

Selectable Storage Location

User Must Execute a Key Transfer Procedure*

Summary of Contents for CNS4 CSfC

Page 1: ...CNS4 CSfC Common Airborne Recorder CSfC Encrypted Data Storage User Guide Part Number DDOC0108 000 A2 ...

Page 2: ...This Page Intentionally Left Blank ...

Page 3: ...evision Date Description PCN DDOC0108 000 PDF A0 02 12 19 NIAP Review NA DDOC0108 000 PDF A0 1 02 12 19 Incorporate Gossamer comments NA DDOC0108 000 PDF A1 03 06 19 Initial Release 0319 0001 DDOC0108 000 PDF A2 03 20 19 Change nomenclature to CNS4 CSfC 0319 0002 Chapter Appendix Topic Content Revision 1 0 Introduction 0 0 2 0 Overview 1 0 3 0 Controls and Indicators 0 0 4 0 Installation 1 0 5 0 Q...

Page 4: ...rocedural steps It also may be present in narrative text to warn operators or maintenance personnel of dangers present in the equipment NOTE Amplifying information that helps in making a task of procedure more easily understood NOTES are used to supply amplifying information that will result in ease of testing or be beneficial to personnel This information typically precedes procedural steps It al...

Page 5: ...Layer Account Log In 2 8 2 4 2 Software Layer Encryption 2 9 Controls and Indicators 3 1 CNS4 Chassis Controls Indicators 3 1 3 1 1 Chassis LED Brightness 3 1 3 2 ILE Module Controls Indicators 3 1 3 3 FSM C Module Controls Indicators 3 2 Installation 4 1 Package 4 1 4 2 Inspection 4 1 4 3 Mounting 4 2 4 3 1 Mounting User Defined 4 2 4 3 2 Mounting ARINC Tray 4 2 4 4 CNS4 Install Remove 4 2 4 4 1 ...

Page 6: ... 5 9 5 12 Erase Software Encryption Containers 5 10 5 13 ILE Account Logout 5 11 5 14 Access from Windows as NAS Device 5 11 5 15 Access from Linux as NAS Device 5 12 5 16 External Key Passing Example 5 12 Operation 6 1 Lab Setup Connections 6 1 6 2 Basic Operation 6 2 6 2 1 Initial Configuration 6 2 6 2 1 1 Time 6 2 6 2 1 2 Passwords 6 2 6 2 2 Communications 6 2 6 2 2 1 Terminal Emulation 6 3 6 2...

Page 7: ...3 Software Encryption 6 15 6 4 3 1 Software Encryption Container 6 15 System Configuration 7 1 add 7 2 7 2 all 7 2 7 3 file 7 3 7 4 format 7 3 7 5 free 7 4 7 6 fsck 7 4 7 7 fsep 7 5 7 8 getDevName 7 5 7 9 getFreeDisks 7 5 7 10 getNfsOpt 7 5 7 11 help 7 6 7 12 hide 7 6 7 13 iscsi0 1 2 3 7 6 7 14 isMounted 7 7 7 15 mount 7 7 7 16 multi 7 8 7 17 nas 7 8 7 18 numFreeDisks 7 9 7 19 numFsmDisks 7 9 7 20...

Page 8: ...0 3 1 Remove 10 3 10 3 2 Install 10 4 10 4 ILE Module Battery Replacement 10 4 10 4 1 Remove 10 4 10 4 2 Install 10 4 Command Line Interface 11 1 CLI Commands 11 1 11 1 1 CNS4 Commands 11 1 11 1 2 FSM C Module Commands 11 1 11 1 3 ILE Commands 11 1 11 2 Commands 11 1 Specifications A 1 Envelope Mounting Dimensions A 1 A 2 Physical Dimensions Weight A 3 A 3 Power Dissipation A 3 A 4 Electrical Requ...

Page 9: ...gure 4 3 CNS4 Mounting ARINC Tray 4 3 Figure 4 4 CNS4 Installed on ARINC Tray 4 4 Figure 4 5 CNS4 Connectors 4 4 Figure 4 6 Power RS 232 Lab Cable 4 5 Figure 4 7 Ethernet Lab Cable 4 5 Figure 6 1 CNS4 Test Setup 6 1 Figure 6 2 PuTTY Terminal Emulator 6 3 Figure 6 3 PuTTY Terminal Emulator SSH 6 4 Figure 6 4 CNS Update Utility 6 10 Figure 6 5 ILE Firmware Update 6 11 Figure 9 1 OID Tree 9 1 Figure ...

Page 10: ... 6 1 Ethernet Interfaces 6 3 Table 6 2 Security Modes 6 12 Table 7 1 Sysconfig Flags and Options 7 1 Table 8 1 LED Indicators 8 1 Table 8 2 Error Code List 8 1 Table B 1 Power RS 232 Lab Cable Pinout B 1 Table B 2 Ethernet Lab Cable Pinout B 2 Table C 1 Ordering Information C 1 ...

Page 11: ... referred to as the CNS4 the associated storage modules as FSM C modules and the associated encryptor module as the ILE module Figure 1 1 CNS4 CSfC CAR LRU 1 2 Scope The information in this user guide is intended for information systems personnel systems coordinators or highly skilled network users This manual contains the following information An overview of the CNS4 Unpacking installation and se...

Page 12: ...st and repair of board level products electronic sub systems related software and services for commercial aerospace and military applications Customer feedback is integral to our quality and reliability program We encourage customers to contact us with questions suggestions or comments regarding any of our products or services We guarantee professional and quick responses to your questions comment...

Page 13: ...ion are from 8 00 a m to 5 00 p m Eastern Standard Daylight Time Phone 937 252 5601 or 800 252 5601 E mail DTN_support curtisswright com Fax 937 252 1465 World Wide Web address www cwcdefense com 1 6 Ordering Process To learn more about Curtiss Wright Defense Solutions products or to place an order please use the following contact information E mail DTN_support curtisswright com World Wide Web add...

Page 14: ...the power supply and hold up sub assemblies are connected to it as well In addition it supports external communications through the four Ethernet connectors and power RS 232 connector that are installed on it The Ethernet connectors GBE0 through GBE3 support 0 100 and 1000 Base T Ethernet They support Ethernet IEEE 802 3ab standard over copper in full duplex Refer to Cables Connectors section for ...

Page 15: ...C0108 0002 Power Supply Subassembly Main Carrier Subassembly Holdup Subassembly Storage Backplane ILE Backplane ILE Module Ethernet Connectors Power RS 232 Connector Power Supply Subassembly Main Carrier Subassembly Battery COM Express Module Memory Module Utility Connectors eUSB Flash Module ...

Page 16: ...ection and correction in the physical NAND memory In addition a Bad Block Management BBM algorithm is included to replace bad blocks Wear leveling ECC and BBM techniques provide an extended endurance rating for the FSM C module storage The FSM C supports Serial Advanced Technology Attachment SATA I II interface bus It is capable of data transfer rates of 1 5 Gbps and 3 0 Gbps SATA I and SATA II re...

Page 17: ...AUTION EQUIPMENT DAMAGE Use ESD precautions when handling a ILE module Failure to properly handle ILE modules can result in damage The CNS4 uses the Curtiss Wright FIPS 140 2 certifiable ILE module for hardware encryption For CSfC the ILE module works in conjunction with software encryption present on each FSM C module The FSM C module s accepts the cipher text written from the ILE module and reta...

Page 18: ...erforms the data encryption for all installed FSM C modules The four encryptors are labeled A through D with encryptor A assigned to FSM C module 0 B to 1 C to 2 and D to 3 As a result a single DEK can be assigned to all installed FSM C modules or a separate DEK can be assigned to each FSM C module RS 232 Optional I2C Status Key Purge RS 232 Reserve Keep Alive Zeroize Button Power LED Key LED Faul...

Page 19: ...terface section for additional information regarding applicable CLI commands Several ILE functions are monitored to ensure proper operation Refer to paragraph 6 2 5 Healthfor additional information Refer to paragraph Figure 10 1 ILE Module Replacement for instruction on installing or removing the ILE module The ILE requires use of an account to access data Refer to paragraph 6 4 1 Zeroizet for add...

Page 20: ...module the software encryption is performed on the FSM C module s loaded in the CNS4 chassis Proper encryption decryption is dependent on the use of keys and passphrases The key resides in hardware layer on the ILE module As a result if an ILE module is changed unless the exact same key is loaded on the second module the FSM C modules will not be accessible The passphrase resides in the software l...

Page 21: ...are layer HMAC If they are the same the user is logged in If they do not compare the user is denied access Figure 2 7 Hardware Layer Account Log In TERMINAL PC CNS4 CLI HARDWARE LAYER ILE MODULE Internally Generate 32 byte User Token Key PSK Keywraps User Token Key AES256 Keywrap PSK Generate HMAC User Token Key and PSK Send Encrypted User Token Key and HMAC Login Create Account on Hardware Crypto...

Page 22: ...module is connected to a different terminal or PC the user will be required to enter the specific user token key via the CLI After that procedure has been accomplished creation of the software layer encryption can begin Software encryption is performed after the FSM C module is formatted and mounted Multiple modules can be encrypted using the same or different encryption key passphrase In addition...

Page 23: ...LOW This LED turns ON whenever 28VDC is applied to the CNS4 power supply S2 GREEN This LED turns ON after the CNS4 has booted up and is ready for operation S3 GREEN This LED turns ON when the storage function via the FSM C modules is ready for read writer operations There are no controls associated with CNS4 chassis Figure 3 1 CNS4 Chassis Indicators 3 1 1 Chassis LED Brightness The brightness of ...

Page 24: ...C module The FSM C module Figure 3 3 has three LED status indicators P F and S During normal operation P and S will be ON F will be off The illumination level of the LEDs is preset and non adjustable The function of these indicators is as follows P GREEN This LED turns ON when 28VDC is applied and FSM C module initialization has occurred F RED This LED turns ON whenever there is a Built In Test BI...

Page 25: ...TR Tray Shock Mounts 4 2 Inspection The CNS4 is a multi part data storage system that consists of a CNS4 chassis up to four FSM C modules and an ILE module Additional accessories may be included if ordered All received items should be inspected for damage Inspect all units as follows All screws should be tight All anti tamper labels Figure 4 1 should be unbroken All components should be free from ...

Page 26: ...lation and or removal of FSM C modules is desired while the CNS4 remains mounted be sure to allow clearance 4 4 for the door to open and the FSM C module s to be positioned in front of the CNS4 Figure 4 2 Required Door Clearance 4 3 1 Mounting User Defined The CNS4 can be mounted directly to a mounting surface The unit provides holes in the rear for interfacing with mounting pins The front provide...

Page 27: ...f applicable turn 28VDC power supply OFF 2 Disconnect power RS 232 cable from front panel power connector 3 Disconnect Ethernet cables from front panel connectors GBE0 through GBE3 4 Rotate mounting knobs to release CNS4 from mounting surface 5 Pivot mounting knobs down away from J hooks 6 Slide CNS4 forward so mounting pins disengage chassis holes 7 Remove CNS4 from mounting surface 4 4 4 Remove ...

Page 28: ...Make sure the 28VDC power supply is OFF when connecting the power RS 232 cable to the unit or damage may occur NOTE The CNS4 typically does not have an Ethernet cable attached to GBE3 All connections to the CS4 are on the front panel Figure 4 5 Be sure the external 28VDC power supply is off when making connections Figure 4 5 CNS4 Connectors DDOC0108 0007 Mounting Knob J Hook Ethernet Connectors Po...

Page 29: ...e terminal RS 232 port Figure 4 6 Power RS 232 Lab Cable 4 5 2 Ethernet Cable The Ethernet lab cables Figure 4 7 are used to make network connections to the CNS4 Refer to paragraph B 2 Ethernet for connector pin signal information Each Ethernet connector is keyed to the respective CNS4 connector NOTE The CNS4 typically does not have an Ethernet cable attached to GBE3 GBE0 Ethernet Lab Cable 12 Inc...

Page 30: ...ctivated the user must be logged into the software layer as well 5 3 1 CNS4 NOTE The administrator can configure the unit using the Command Line Interface CLI Administrator Username admin Password istrator NOTE The user can access the drives configured as network storage The user cannot access the CLI User Username user Password password 5 4 Hardware Layer Refer to paragraph 6 4 2 Hardware Encrypt...

Page 31: ... 1 100 w sysconfig Partition_disk status OK sysconfig OK Check Status cns sysconfig sysconfig DiskConfig Unconfigured_disks numDisk 3 Disk0 name fsm1 d0 size 2000GB Disk1 name fsm2 d0 size 2000GB Disk2 name fsm3 d0 size 2000GB Individual_disks numDisk 1 Disk0 name fsm0 d0 size 2000GB Raid_disks numDisk 0 Raid_volumes numDisk 0 Partitions numPartitions 1 Part0 name fsm0 d0 size 2000246MB pSize 100 ...

Page 32: ...art0 name fsm0 d01 swe no Part1 name fsm1 d01 swe no swcrypt OK 5 6 5 Create Single Partition on FSM2 Command sysconfig part fsm2 d0 1 100 w Example cns sysconfig part fsm2 d0 1 100 w sysconfig Partition_disk status OK sysconfig OK Check Status cns sysconfig sysconfig DiskConfig Unconfigured_disks numDisk 1 Disk0 name fsm3 d0 size 2000GB Individual_disks numDisk 3 Disk0 name fsm0 d0 size 2000GB Di...

Page 33: ... 0 Raid_volumes numDisk 0 Partitions numPartitions 3 Part0 name fsm0 d0 size 2000246MB pSize 100 00 dp 1 numServ 1 sName Unconfigured swe no Part1 name fsm1 d0 size 2000246MB pSize 100 00 dp 1 numServ 1 sName Unconfigured swe no Part2 name fsm2 d0 size 2000246MB pSize 100 00 dp 1 numServ 1 sName Unconfigured swe no Part3 name fsm3 d0 size 2000246MB pSize 100 00 dp 1 numServ 1 sName Unconfigured sw...

Page 34: ...3 sysconfig OK Check SWE Status cns swcrypt swcrypt Partitions 4 Part0 name fsm0 d01 swe no Part1 name fsm1 d01 swe no Part2 name fsm2 d01 swe no Part3 name fsm3 d01 swe no swcrypt OK 5 7 Create Software Encryption Containers on FSM2 and FSM3 Create Passphrase Linux echo Cns4 istratorFsm3 keyfile3 txt scp keyfile3 txt admin xx xx xx xx keyfiles Create Passphrase Windows 1 Create a passphrase for F...

Page 35: ... Part2 name fsm2 d0 size 2000246MB pSize 100 00 dp 1 numServ 1 sName fsm_nas2 fmt na mnt 0 enb 0 swe closed Part3 name fsm3 d0 size 2000246MB pSize 100 00 dp 1 numServ 1 sName fsm_nas3 fmt na mnt 0 enb 0 swe closed Device Partitions NAS on partition 0 1 2 3 Check SWE Status cns swcrypt swcrypt Partitions 4 Part0 name fsm0 d01 swe no Part1 name fsm1 d01 swe no Part2 name fsm2 d01 swe closed Part3 n...

Page 36: ...m2 d01 swe open Part3 name fsm3 d01 swe closed swcrypt OK 2 Repeat paragraph 5 8 0 1 Method 1 step 1 above substituting 3 for 2 to open FSM3 5 8 0 2 Method 2 1 Open FSM2 as follows Command swcrypt open 2 key file keyfiles keyfile2 txt Example cns swcrypt open 2 key file keyfiles keyfile2 txt swcrypt cmd open Part 3 status OK swcrypt OK Check Status cns sysconfig sysconfig DiskConfig Individual_dis...

Page 37: ...tting status OK FSM_NAS3 cmd Formatting status OK FSM_NAS0 mounted 1 status OK FSM_NAS1 mounted 1 status OK FSM_NAS2 mounted 1 status OK FSM_NAS3 mounted 1 status OK sysconfig OK Check Status cns sysconfig sysconfig DiskConfig Individual_disks numDisk 4 Disk0 name fsm0 d0 size 2000GB Disk1 name fsm1 d0 size 2000GB Disk2 name fsm2 d0 size 2000GB Disk3 name fsm3 d0 size 2000GB Raid_disks numDisk 0 R...

Page 38: ...GB Disk3 name fsm3 d0 size 2000GB Raid_disks numDisk 0 Raid_volumes numDisk 0 Partitions numPartitions 4 Part0 name fsm0 d0 size 2000246MB pSize 100 00 dp 1 numServ 1 sName fsm_nas0 fmt ext4 mnt 0 enb 0 swe no Part1 name fsm1 d0 size 2000244MB pSize 100 00 dp 1 numServ 1 sName fsm_nas1 fmt ext4 mnt 0 enb 0 swe no Part2 name fsm2 d0 size 2000244MB pSize 100 00 dp 1 numServ 1 sName fsm_nas2 fmt ext4...

Page 39: ...2 d0 size 2000246MB pSize 100 00 dp 1 numServ 1 sName fsm_nas2 fmt na mnt 0 enb 0 swe closed Part3 name fsm3 d0 size 2000246MB pSize 100 00 dp 1 numServ 1 sName fsm_nas3 fmt na mnt 0 enb 0 swe closed Device Partitions NAS on partition 0 1 2 3 sysconfig OK Check SWE Status cns swcrypt swcrypt Partitions 4 Part0 name fsm0 d01 swe no Part1 name fsm1 d01 swe no Part2 name fsm2 d01 swe closed Part3 nam...

Page 40: ...art2 name fsm2 d01 swe no Part3 name fsm3 d01 swe no swcrypt OK 5 13 ILE Account Logout Command cm_login o Example cns cm_login o cm_login status OK cm_login 5 14 Access from Windows as NAS Device NOTE When the partitions are formatted and mounted they can be accessed from a PC running Windows NOTE This procedure is performed via Ethernet connected to CNS4 port GBE0 1 Open a terminal window 2 Type...

Page 41: ...R key 6 Type serv and press ENTER key to see if NFS is enabled NFS enabled nfs 1 status ok NFS disabled nfs 0 7 If NFS is disabled type serv nfs 1 8 In the terminal window on the Linux PC a Create a mount point b Mount to the storage device Example mkdir fsm0 mount t nfs 192 168 0 1 fsm_shares fsm_nas0 fsm0 5 16 External Key Passing Example NOTE External key passing requires the use of the Curtiss...

Page 42: ...output 0x7b4398e2f5d89257b54656101d9d0ed335f54a74e8121ae48dc77 75f785707d4 cm_crypto 5 Login cns cm_login u user p Password1 cm_login challenge_nonce 0x57a1d98f7a6ada0a60d04c87194fe3a0ae334a73ad6a00a70f2abe bd2452dfe53a51d68d1a3282b10051e8fb05e36de9b738b8f4e142b59f2f081cd1fd73f9 b0 status OK cm_login 6 Generate User Authentication Token UAT cns cm_crypto t 57a1d98f7a6ada0a60d04c87194fe3a0ae334a73a...

Page 43: ...321 cm_crypto text 0xa062009e59d3623dd9f1059ea61deb3e9bbd1c6c9e8e62d85c710a461018db633 937c95585110bb8 key 0xe7f1d995bf53556836490b5dea45ec1261a5d1a2e515f003286152fada7c2321 hmac_output 0x6c67356ee62c190b7e96343191bf37ebf689ce4b3d5870c4eed69cf577 a8da77 cm_crypto 11 Decrypt KEK using PSK or previous plaintext KEK cns cm_crypto c a062009e59d3623dd9f1059ea61deb3e9bbd1c6c9e8e62d85c710a461018db633937c...

Page 44: ...7a6bbd473d3514a9f9f25cf3dcf0afe1b9a72d35f71405837 cm_crypto text 0x38c69b9a3d1f84e5bdc86500b5454ea390405c12a6249edc387167e43ce62acac 4813c33b69f8893 key 0x04170bc4b683ce47a6bbd473d3514a9f9f25cf3dcf0afe1b9a72d35f71405837 hmac_output 0xa257cc5fd5bc0132e9fdf36ecf5da5a5d99ce3df0c470dc97c189bae7e 3cb5ea cm_crypto 15 Send to the ILE cns cm_key e 38c69b9a3d1f84e5bdc86500b5454ea390405c12a6249edc387167e43c...

Page 45: ...oldup capacitor circuit time to discharge properly 1 If not previously accomplished connect the following cables to the CNS4 front panel connectors Figure 6 1 Power RS 232 lab cable Power Ethernet lab cable keyed for GBE0 GBE0 Ethernet lab cable keyed for GBE1 GBE1 Ethernet lab cable keyed for GBE2 GBE2 Ethernet lab cable keyed for GBE3 GBE3 Figure 6 1 CNS4 Test Setup Power Supply CNS4 POWER RS 23...

Page 46: ...r in some status displays and messages To display the current date and time type NOTE In the example shown below d option xx xx xx is the desired date and t option is desired time If the date or time needs to be corrected type 6 2 1 2 Passwords NOTE The admin account has configuration privileges while the user account has access to only network storage functionality To change admin account passwor...

Page 47: ... communications using serial communication RS 232 and a PuTTY terminal emulator 1 If not previously accomplished download a copy of the PuTTY terminal emulator and install on computer 2 Open PuTTY terminal emulator Figure 6 2 Figure 6 2 PuTTY Terminal Emulator 3 Configure PuTTY as follows Serial line COM1 Speed 115200 Connection type Serial 4 Click Open button A terminal screen should activate Tab...

Page 48: ...a PuTTY terminal emulator 1 If not previously accomplished download a copy of PuTTY terminal emulator and install on computer 2 Open PuTTY terminal emulator Figure 6 3 Figure 6 3 PuTTY Terminal Emulator SSH 3 Configure PuTTY as follows Connection Type SSH Port Host Name or IP Address see Table 6 1 4 Click Open button A terminal screen should activate 5 Click Enter button A login prompt should acti...

Page 49: ...he following configuration attributes Will there be a RAID configuration Which FSM C modules to use for a RAID How many and what size partitions to configure What services iSCSI NAS to assign to which partitions 6 2 4 1 Preparation Before any attempt to configure or reconfigure the storage system be sure the NAS services are stopped and unmounted Use CLI command serv nas 0 to stop NAS service Use ...

Page 50: ...graph 7 21 part 6 2 4 6 Assign NAS Service To assign NAS services the command sysconfig nas is applied Option are used to select partitions to command flag is applied to The options are parts Number of partitions to use with the device part Partition number can have multiple partitions all All partitions used with device In the example below the NAS is assigned to partition 0 Example cns sysconfig...

Page 51: ...rnal sensors to monitor critical environmental and operational parameters When activated the health command displays health information for the CNS unit FSM C status system status and network status can be displayed depending on the chosen suffix attribute See paragraph 11 2 13 health for additional information NOTE The CNS4 S0 LED will turn on if any of the values exceed the listed limits Tempera...

Page 52: ...aph 11 2 19 log for information on how to determine the error Main Carrier Temperature Power Supply Temperature FSM C Voltage Levels 5V 3 3V rails Super I O Voltage 3 3V 12V rails plus two Marvell controller voltage levels Processor CPU Voltage 12V 5V rails plus the AA sized battery voltage 6 2 6 2 IBIT Initiated Built In Test The following items are monitored by the IBIT The IBIT must be initiate...

Page 53: ...version cnsf_csfc image_year_month_day ver_ _ bin cnsf_csfc image_year_month_day ver_ _ gz cnsf_csfc image_year_month_day ver_ _ hdr cnsf_csfc image_yyear_month_day ver_ _ md5 The fupdate command boots the CNS4 system into a RAM disk image where the user can install a new CNS4 disk image onto the system By default the new image file should be copied to fsm0 partition 0 location Upon logging into t...

Page 54: ...es for performing ILE firmware update The ver_ is a variable that will reflect the update file version ile_csfc_ver_ bin signature_ile_csfc_ver_ bin NOTE The disk the firmware update is loaded onto must be configured so it will be able to accept the files e g not configured as a RAID 1 Reconfigure FSM C module as follows a Type sysconfig E This command will erase the current configuration b Type s...

Page 55: ...ts at logging into an encryption layer will block any further attempts until a power cycle or zeroization is initiated The CNS4 uses two methods of encryption Hardware Encryption Layer Software Encryption Layer The zeroize function removes the encryption keys from both layers 6 4 1 Zeroize CAUTION LOSS OF STORED DATA Pushing the ILE Zeroize button will zeroize the ILE erase the DEK This action wil...

Page 56: ...n along with a host to generate and retain the DEK ILE Mode security mode type The security mode must be selected by user via user interface on initial power up User Authentication ILE user authentication is required to access available ILE services Authorized Services ILE security modes restrict access to services until the user is identified and granted access to perform requested service identi...

Page 57: ...on to unwrap the package and extract the KEK The DEKs are stored in the EEPROM or SRAM or None not stored on the ILE per the user s selection at login The None selection retains the DEK on the host Advantages Stored data retained accessible if ILE is zeroized as long as DEK has been retained Creates a custom DEK created and known by the user Disadvantages Requires more effort on the user s part 6 ...

Page 58: ...f four within the ILE in plain text non encrypted transfer cns cm_create_account u john p aBcDeFg1 m i k s cm_create_account user_token 0xab491feccdd158654adab4bb10ddfffe3948571fddeee43f6b7c9a0cc0013693 token_hmac 0xce6256b4220638eefb3bb3c428ddd853353bc9ce3f436062ab59d9fcd9f93642 status OK cm_create_Account cns cm_create_account u john p aBcDeFg1 m e k e cm_create_account user_token 0xc9ed6c3bbc3d...

Page 59: ...erred to as an old or retired KEK the PSK is used if it is the first KEK cmd for the unit and sent to the user s equipment The corresponding MAC is generated in the same manner and sent to the user s equipment The user s equipment has the old KEK and the PSK and uses the appropriate key to decrypt the KEK package and the MAC which is used to verify that the KEK is correct The KEK is only used once...

Page 60: ...xample below opens a SWE container on partition 2 by manually entering the passphrase Example The example below opens a SWE container on partition 2 using a keyfile Example The status of the SWE container can be checked by using the swcrypt command without any associated flags The example show below shows no SWE containers on partitions 1 and 2 The container on partition 3 is open while the contai...

Page 61: ...csi1 options iSCSI on assigned partition using GBE1 iscsi2 options iSCSI on assigned partition using GBE2 iscsi3 options iSCSI on assigned partition using GBE3 isMounted VID Check to see if NAS volume is mounted M mount all Mount partition s as NAS multi Used with assign services flag to allow multiple services to use the same partition nas options Network attached storage numFreeDisks Get number ...

Page 62: ...12GB Disk1 name fsm0 d1 size 512GB Disk2 name fsm0 d2 size 480GB Disk3 name fsm0 d3 size 512GB Raid_volumes numDisk 1 Raid0 name fsm_raida level 0 size 2016GB numDisk 4 disk fsm0 d0 disk fsm0 d1 disk fsm0 d2 disk fsm0 d3 Partitions numPartitions 6 Part0 name fsm_raida size 322629MB pSize 16 00 dp 1 numServ 1 sName fsm_nas0 fmt ext4 mnt 1 enb 0 Part1 name fsm_raida size 322630MB pSize 16 00 dp 2 nu...

Page 63: ...ize 512GB Raid_volumes numDisk 1 Raid0 name fsm_raida level 0 size 2016GB numDisk 4 disk fsm0 d0 disk fsm0 d1 disk fsm0 d2 disk fsm0 d3 Partitions numPartitions 6 Part0 name fsm_raida size 322629MB pSize 16 00 dp 1 numServ 1 sName fsm_nas0 fmt ext4 mnt 1 enb 0 Part1 name fsm_raida size 322630MB pSize 16 00 dp 2 numServ 1 sName fsm_nas1 fmt ext4 mnt 1 enb 0 Part2 name fsm_raida size 342794MB pSize ...

Page 64: ...umDisk 1 Raid0 name fsm_raida level 0 size 2016GB numDisk 4 disk fsm0 d0 disk fsm0 d1 disk fsm0 d2 disk fsm0 d3 Partitions numPartitions 6 Part0 name fsm_raida size 322629MB pSize 16 00 dp 1 numServ 1 sName fsm_nas0 fmt ext4 mnt 1 enb 0 Part1 name fsm_raida size 322630MB pSize 16 00 dp 2 numServ 1 sName fsm_nas1 fmt ext4 mnt 1 enb 0 Part2 name fsm_raida size 342794MB pSize 17 00 dp 3 numServ 1 sNa...

Page 65: ...of the NAS volume specified ie dev fsm0 d0p0 dev fsm_raida1 Example 7 9 getFreeDisks Purpose Get list of unconfigured disks Command sysconfig getFreeDisks Flag Modifiers Explanation Not Applicable Example 7 10 getNfsOpt Purpose Get current NFS export flags Command sysconfig getNfsOpt Flag Modifiers Explanation Not Applicable Example cns sysconfig getDevName 0 sysconfig dev fsm0 d0p1 sysconfig OK c...

Page 66: ...d2 480GB Individual disks 1 Disk0 fsm0 d3 512GB Raid disks 2 Disk0 fsm0 d0 512GB Disk1 fsm0 d1 512GB Raid volumes 1 Raid0 fsm_raida level 0 1024GB numDisk 2 fsm0 d0 fsm0 d1 Partitions 6 Part0 fsm0 d3 128027MB 25 00 dp 1 fsm_nas0 fmt ext4 mnt 1 enb 0 FC1_L0 enb 0 Part1 fsm0 d3 128027MB 25 00 dp 2 iSCSI0_L0 enb 0 Part2 fsm0 d3 128028MB 25 00 dp 3 fsm_nas1 fmt ext4 mnt 1 enb 0 iSCSI0_L1 enb 0 iSCSI0_...

Page 67: ... disk fsm0 d0 disk fsm0 d1 disk fsm0 d2 disk fsm0 d3 Partitions numPartitions 6 Part0 name fsm_raida size 322629MB pSize 16 00 dp 1 numServ 1 sName fsm_nas0 fmt no mnt 0 enb 0 Part1 name fsm_raida size 322630MB pSize 16 00 dp 2 numServ 1 sName fsm_nas1 fmt no mnt 0 enb 0 Part2 name fsm_raida size 342794MB pSize 17 00 dp 3 numServ 1 sName FC0_L0 enb 0 Part3 name fsm_raida size 342794MB pSize 17 00 ...

Page 68: ...0 name fsm0 d0 size 512GB Disk1 name fsm0 d1 size 512GB Disk2 name fsm0 d2 size 480GB Disk3 name fsm0 d3 size 512GB Raid_volumes numDisk 1 Raid0 name fsm_raida level 0 size 2016GB numDisk 4 disk fsm0 d0 disk fsm0 d1 disk fsm0 d2 disk fsm0 d3 Partitions numPartitions 6 Part0 name fsm_raida size 322629MB pSize 16 00 dp 1 numServ 1 sName fsm_nas0 fmt no mnt 0 enb 0 Part1 name fsm_raida size 322630MB ...

Page 69: ... Get total number of partitions Command sysconfig numPartitions Flag Modifiers Explanation Not Applicable Example 7 21 part Purpose Create partition Command sysconfig part device num parts 1 n part sizes Flag Modifiers Explanation device FSM device name of disk to create partitions on fsmX dY num parts Number of partitions to create on the disk 1 to n part sizes List of partition sizes Can be spec...

Page 70: ...d to monitor the raid state and check the status of the synchronization progress of each raid in the system The raid status command reports RAID level RAID size RAID state Number of disks Name of each disk device Mode of each disk device If the disk is being synchronized it will report the percentage of synchronization completed the estimated time to finish and the speed at which the data is being...

Page 71: ...FSM connections Command sysconfig scan Flag Modifiers Explanation Not Applicable Example cns sysconfig raidStatus sysconfig fsm_raida level raid1 size 511 98GB state active resyncing active_dev 2 raid_dev 2 dev fsm0 d0 dstate active sync dev fsm0 d1 dstate active sync resync 1 1 finish 71 5min speed 115080K sec sysconfig OK cns sysconfig remove fsm0 d3 sysconfig Remove_spare raid dev md fsm_raida ...

Page 72: ...tion on the configuration of each software raid Partitions describes how each disk partition on the system is configured and used Each line contains Name of the individual disk or raid the partition is located on Raw size of each partition Individual disk partition dp number of the partition on the disk or raid Number of device services associated with each partitions and the exported name of the ...

Page 73: ...een assigned to each possible service Example 7 29 sw Purpose Generate single line machine output Command sysconfig sw Flag Modifiers Explanation Not Applicable 7 30 trim Purpose Trim one or more mounted NAS partitions Command sysconfig trim all Flag Modifiers Explanation single NAS disk volume number two or more NAS disk volumes all all NAS disk volumes cns sysconfig status sysconfig DiskConfig I...

Page 74: ... Modifiers Explanation Not Applicable 7 33 version Purpose Show software version Command sysconfig version Flag Modifiers Explanation Not Applicable Example 7 34 wipe Purpose Wipe RAID and partition data from all disks Command sysconfig wipe Flag Modifiers Explanation Not Applicable cns sysconfig trim all sysconfig FSM_NAS0 cmd trim status OK FSM_NAS1 cmd trim status OK sysconfig OK cns sysconfig ...

Page 75: ...nconfigured_disks numDisk 1 Disk0 name fsm0 d3 size 512GB Individual_disks numDisk 1 Disk0 name fsm0 d0 size 512GB Raid_disks numDisk 2 Disk0 name fsm0 d1 size 512GB Disk1 name fsm0 d2 size 512GB Raid_volumes numDisk 1 Raid0 name fsm_raida level 0 size 1024GB numDisk 2 disk fsm0 d1 disk fsm0 d2 Partitions numPartitions 5 Part0 name fsm0 d0 size 128027MB pSize 25 00 dp 1 numServ 1 sName Unconfigure...

Page 76: ...ure Condition Meaning Remedial Action Chassis S0 Red ON See Table 8 2 Enter health ibit or log commands via CLI to determine cause Chassis S1 Yellow OFF No 28VDC input power applied Cycle power Chassis S2 Green OFF System did not boot OS did not load Cycle power Chassis S3 Green OFF Storage not ready Enter health ibit or log commands via CLI to determine cause FSM P Power Green OFF No power applie...

Page 77: ...rror 0x0609 RNG Known Answer Test KAT failed 0x0705 TEMP Temperature read error 0x0804 I2C i2c switch write error 0x0809 I2C i2c switch queue error 0x0810 I2C Interrupt handler error 0x080F I2C Checksum failed 0x0910 VOLT 1 8v sensor failure 0x0920 VOLT 3 3v sensor failure 0x0930 VOLT 5v sensor failure 0x0940 VOLT 1 8v sensor failure 0x0950 VOLT 3 3v sensor failure 0x0960 VOLT Low battery warning ...

Page 78: ...5 NVRAM_1 Read error 0x0E07 NVRAM_1 NVRAM corrupt 0x0F03 NVRAM_2 Memory allocation error 0x0F04 NVRAM_2 Write error 0x0F05 NVRAM_2 Read error 0x0F07 NVRAM_2 NVRAM corrupt 0x1001 ILE Invalid storage type 0x1002 ILE Invalid credentials 0x1003 ILE Invalid credentials 0x1004 ILE Invalid login 0x1005 ILE Invalid user type 0x1006 ILE Invalid PSK 0x1007 ILE User accounts have exceeded 5 0x1008 ILE Permis...

Page 79: ...6 FUPDATE Program failed 0x0C10 SECURITY Tamper event 0x0C20 SECURITY Tamper event 0x0C30 SECURITY Tamper event 0x0C40 SECURITY Tamper event 0x0C50 SECURITY Tamper event 0x0C60 SECURITY Tamper event 0x0C70 SECURITY Tamper event 0x0C80 SECURITY Tamper event 0x0009 HOST Communications error 0x0000 Not Applicable Status OK Table 8 2 Error Code List Error Code Type Meaning ...

Page 80: ...y passing an s to the set command A Refer to SNMP MIB for the CNS4 MIB for SNMP The MIB default path is usr share snmp mibs As of the date of this document the appropriate way to start stop the SNMP agent via command line is serv snmp 1 starts the snmp agent serv snmp 0 stops the snmp agent NOTE Traps may not be included in all installations Figure 9 1 OID Tree Adjust Brightness Read Only ETH0 1 I...

Page 81: ...FSM0 21 C 4 88V 3 29V OFF OFF FSM1 27 C 4 90V 3 31V OFF OFF FSM2 26 C 4 91V 3 29V OFF OFF FSM3 25 C 4 89V 3 29V OFF OFF ETH_0 ip 192 168 1 22 link 1000Mb s status OK ETH_1 ip 192 168 2 22 link 1000Mb s status OK ETH_2 ip 192 168 3 22 link 1000Mb s status OK ETH_3 ip 192 168 4 22 link 1000Mb s status OK DAR Status Present Zero Yellow Blue Tamper Alarm bit bit bit bit bit DAR0 YES 1 1 1 1 0 DAR1 YES...

Page 82: ...RIPTION version 1 0 enterprises 27675 top level structure cnsFSMStatus OBJECT IDENTIFIER cnsSnmp 3 cnsLED OBJECT IDENTIFIER cnsSnmp 4 cnsIPConfig OBJECT IDENTIFIER cnsSnmp 5 cnsLiveServices OBJECT IDENTIFIER cnsSnmp 7 cnsBootServices OBJECT IDENTIFIER cnsSnmp 8 cnsEth0 OBJECT IDENTIFIER cnsIPConfig 1 cnsEth1 OBJECT IDENTIFIER cnsIPConfig 2 cnsEth2 OBJECT IDENTIFIER cnsIPConfig 3 cnsEth3 OBJECT IDE...

Page 83: ...96 MAX ACCESS read write STATUS current DESCRIPTION Object that is used to set and get the system date DEFVAL cnsSnmp 10 cnsSystemTime OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Object that is used to set and get the system time DEFVAL cnsSnmp 11 cnsReboot OBJECT TYPE SYNTAX INTEGER MAX ACCESS read write STATUS current DESCRIPTION Object that is us...

Page 84: ...PROMOBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read only STATUS current DESCRIPTION Output of command Contents of FSM2 EEPROM cnsFSMDiskStatus 3 cnsFSM3EEPROMOBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read only STATUS current DESCRIPTION Output of command Contents of FSM3 EEPROM cnsFSMDiskStatus 4 LED Objects cnsS0 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read...

Page 85: ...PE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Read eth0 status Set eth0 IP DEFVAL cnsEth0 1 cnsGatew ayEth0 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Read eth0 status Set eth0 gateway DEFVAL cnsEth0 2 cnsNetmaskEth0 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Re...

Page 86: ...ETH1 ITEMS cnsIpEth1 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Read eth1 status Set eth1 IP DEFVAL cnsEth1 1 cnsGatew ayEth1 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Read eth1 status Set eth1 gateway DEFVAL cnsEth1 2 cnsNetmaskEth1 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write...

Page 87: ...th1 6 ETH2 ITEMS cnsIpEth2 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Read eth2 status Set eth2 IP DEFVAL cnsEth2 1 cnsGatew ayEth2 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Read eth2 status Set eth2 gateway DEFVAL cnsEth2 2 cnsNetmaskEth2 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read...

Page 88: ...th2 6 ETH3 ITEMS cnsIpEth3 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Read eth3 status Set eth3 IP DEFVAL cnsEth3 1 cnsGatew ayEth3 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Read eth3 status Set eth3 gateway DEFVAL cnsEth3 2 cnsNetmaskEth3 OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read...

Page 89: ...TS cnsCifsLive OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Used to start 1 and stop 0 the CIFS server DEFVAL cnsLiveServices 1 cnsNfsLive OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Used to start 1 and stop 0 the NFS server DEFVAL cnsLiveServices 2 cnsFtpLive OBJECT TYPE SYNTAX OCTET STRING SIZE 1 409...

Page 90: ...SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Used to ONLY stop 0 SNMP DEFVAL cnsLiveServices 7 cnsAllLive OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Used to start 1 and stop 0 all the services EXCEPT SNMP DEFVAL cnsLiveServices 8 CONTROL BOOT SERVICES OBJECTS cnsCifsBoot OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read wr...

Page 91: ...ET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Used to start 1 and stop 0 the HTTP server on boot DEFVAL cnsBootServices 5 cnsTelnetBoot OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS read write STATUS current DESCRIPTION Used to start 1 and stop 0 the Telnet server on boot DEFVAL cnsBootServices 6 cnsSnmpBoot OBJECT TYPE SYNTAX OCTET STRING SIZE 1 4096 MAX ACCESS r...

Page 92: ...damage 10 1 1 Remove 1 If applicable turn 28VDC power supply OFF 2 Remove four screws and FIPS CRYPTO cover panel 3 Loosen two Allen screws Figure 10 1 to release wedgelocks 4 Grasp eject lever and carefully pull ILE module from the CHS4 chassis 5 Place ILE module in a static safe container and close cover Figure 10 1 ILE Module Replacement 10 1 2 Install 1 Remove ILE module from static safe conta...

Page 93: ...h 4 2 Inspection for label location Refer to Ordering Information section for tamper label information 10 2 FSM C Module Install Remove CAUTION EQUIPMENT DAMAGE Do not remove install a FSM C module with power applied or damage to the FSM C module and or CNS4 will occur CAUTION EQUIPMENT DAMAGE Exercise ESD precautions when installing removing or handling the FSM C module Failure to properly handle...

Page 94: ... to raise wedgelocks and secure module in place 4 Close FSM cover panel and secure with two captive screws Tighten screws finger tight 10 3 Chassis Battery Replacement NOTE The battery should be replaced every five years Refer to Ordering Information section for part number information 10 3 1 Remove 1 If applicable turn 28VDC power supply OFF 2 Disconnect cables and remove CNS4 from mounting surfa...

Page 95: ...ling removing or handling the ILE module Failure to properly handle ILE modules can result in damage NOTE The batteries should be replaced every five years Refer to Ordering Information section for part number information NOTE Replacement of the batteries will require breaking ILE tamper seal NOTE The ILE module contains two batteries They should be replaced as a pair 10 4 1 Remove 1 If applicable...

Page 96: ...er old label Refer to Ordering Information section for part number information NOTE Install and replacement dates should use MM YYYY format 8 Use a permanent marker to write Install and Replacement dates on label 9 Install ILE module in CNS4 Refer to paragraph 10 1 ILE Module Install Remove for additional information DDOC0108 0040 Cover Battery Battery Holder 9 1 7 8 6 4 5 3 10 2 Tighten Pattern ...

Page 97: ...or gets current configuration serv Sets boot configuration and manually starts stops CNS4 services shutdown Stops all services unmounts storage and halts CNS4 operating system swcrypt Sets shows disk encryption options sysconfig Sets shows CNS4 disk and system storage sysdate Sets shows CNS4 time and date 11 1 2 FSM C Module Commands diskcfg Shows information about FSM C module disk interface fsmp...

Page 98: ...e EEPROM s SRAM n NONE Example 1 Create a crypto officer account with username john password aBcDeFg1 with internal key generation stored on the SRAM Example 2 Create a crypto officer account with username john password aBcDeFg1 with external key generation stored on the EEPROM Example 3 Create a user account with username marty password gHpErCf7 cns cm_create_account u john p aBcDeFg1 m i k s cm_...

Page 99: ...resented by 128 hex characters k key hex Key to be used against AES256 Keywrap KeyUnwrap and HMAC SHA 256 Must be a 32 byte value represented by 64 hex characters Example 1 Perform AES256 KeyUnWrap Example 2 Perform AES256 KeyWrap cns cm_crypto c aa6db2ebee5438665f49d4b228942a2a53b78552b7f16be37c77508b596bdc5998e5ba844947227f k 0000000000000000000000000000000000000000000000000000000000001234 cm_cr...

Page 100: ...n the CNS4 Refer to paragraph 6 3 2 ILE Module Firmware for more details NOTE Curtiss Wright will be the only entity who provides ILE firmware updates Options h help Help v version Show version information f Filename ex file bin s Signature ex signature bin Example 1 Performing an update with official files supplied by Curtiss Wright Example 2 Performing an update with an invalid update file and a...

Page 101: ...ented by 80 hex characters m hmac hex MAC message authentication code 32 byte value represented by 64 hex characters Plaintext Operation Options d dek hex Plaintext DEK data encryption key 32 byte value represented by 64 hex characters p psk hex Plaintext PSK pre shared key 32 byte value represented by 64 hex characters Options used for both key generation methods r resetKek Resets key used to enc...

Page 102: ...ey e 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef m fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210 s 0 cm_key status OK cm_key cns cm_key d 1111222233334444555566667777888899990000AAAABBBBCCCCDDDDEEEEFFFF p 098765432109876543210987654321AB098765432109876543210987654321CD s 1 cm_key status OK cm_key cns cm_key r cm_key status OK cm_key cns cm_ke...

Page 103: ...E error log Only the crypto officer has permission to clear the ILE error log Options h Help version Show version information c Clear error log Example 1 Example 2 Example 3 cns cm_log cm_log 0x0c20 SECURITY tamper event T1 0x0960 VOLT low battery warning 0x080f I2C checksum failed 0x1009 ILE invalid keygen method 0x100a ILE invalid state cm_log cns cm_log cm_log status OK cm_log cns cm_log c cm_l...

Page 104: ... Show version information u string Specify username p string Specify password m hmac MAC message authentication code 32 byte value represented by 64 hex characters o Log out current user Example 1 Login with username user password Password1 Example 2 Complete the login process by submitting the HMAC SHA256 Example 3 Logout current user cns cm_login u user p Password1 cm_login challenge_nonce 0xf9c...

Page 105: ... information will be displayed depending on the state of the ILE Options h help Help v version Show version information Example 1 Example 2 cns cm_state cm_state ile_firmware_version 0 1 ile_id_number 789 ile_state initialized cm_state cns cm_state cm_state ile_firmware_version 0 1 ile_id_number 789 ile_state keys_loaded encryptors_loaded 0 1 2 3 current_user john key_location eeprom key_gen_metho...

Page 106: ...s b bootp str Name for bootp entry Required m mac str Ethernet MAC to identify bootp client c clientid str Alternative bootp client identifier value t tftpfile str TFTP file for bootp client to download boot f fixedip ip Fixed IP for bootp client NOTE To start and stop the DHCP service use serv command Example View configuration enumerated Line Identifier SUBNET Reports a DHCP subnet declaration H...

Page 107: ...bnet configuration Example 3 Delete subnet configuration Example 4 Add BOOTP client Example 5 Delete BOOTP client cns dhcpconfig dhcpconfig SUBNET subnet 192 168 1 0 rn 192 168 1 1 192 168 1 10 gw 192 168 1 1 dns 192 168 1 1 nm 255 255 255 0 dmn CWNAS toff 8 status OK BOOTP host target mac 00 1b ac 70 10 42 tftp fsm_shares fsm_nas0 bootfile status OK dhcpconfig OK cns dhcpconfig A s 192 168 3 0 25...

Page 108: ...ields scan Delete all existing FSM SATA connections then scan each SATA host port for disks rescan Scan each SATA host port for disks version Show program version Field label definitions dev Disk device D00 to D07 based on position osName Disk name as seen my OS ex dev sdb fsmName FSM device name ex dev fsm0 d0 sz Disk size link SATA link state ex 1 0Gb s mode Disk mode Partition or raid member ct...

Page 109: ...and iSCSI0_L2 dev fsm3 d0 1000GB 3 0Gb s PART S1D9NSAF633990D Samsung SSD 840 EXT0 fsm_nas1 fsm_nas2 and iSCSI0_L1 diskcfg OK cns diskcfg c diskcfg FSM name Size Link Mode Cntlr Ata dev fsm0 d0 512GB 1 5Gb s RAIDa Ctrl_C ata3 dev fsm0 d1 512GB 1 5Gb s RAIDa Ctrl_D ata7 dev fsm0 d2 512GB 1 5Gb s RAIDa Ctrl_C ata4 dev fsm0 d3 512GB 1 5Gb s RAIDa Ctrl_D ata8 diskcfg OK cns diskcfg l diskcfg fsm1 d0 f...

Page 110: ...to number of targets on this port psize iSCSI target partition size str ex 500G is_tgt_en iSCSI target enabled 1 enable 0 disables status Status enum OK ERR str INVALID status INVALID Command parameter s or Unit state invalid status Status str ERR str ERROR status ERROR Critical error has occurred status Status str ERR str Example 1 Example 2 Example 3 cns fsmdiskstatus fsmdiskstatus FSM_NAS0 psiz...

Page 111: ...FSM C drive E enhanced Issue ATA Security Enhanced Erase Command on each FSM C drive M Mil Erase data from disk using military algorithm C cnt Show elapsed time counter verb Show verbose output p pass Specify password to use to lock drive Max 32 char Responses fsmX dY cmd type status fsmX dY FSM disk y in slot X cmd Command name type Disk erase method Example 1 Example 2 Example 3 Example 4 cns fs...

Page 112: ...Interface Revision 0 0 Example 5 cns fsmpurge fsm fsm0 d0 N verb fsmpurge Device Name dev fsm0 d0 Password Model name TRITON HC Serial Number 201602080001 Firmware rev NV R1000 Perform normal erase Start Erase Elapsed time 00 01 53 Erase Complete fsmpurge OK ...

Page 113: ...ue sysconfig E This command will E erase the current configuration that is shown by sysconfig upon entering the command sysconfig part fsm0 1 100 W This will create partition part on fsm0 FSM C module 0 fsm0 with one partition 1 using all 100 of FSM C module 0 to which we will write W the system configuration sysconfig nas 1 0 This assigns one partition 1 as 0 to the system NAS partition View the ...

Page 114: ...e file name does not appear select 1 SCAN FOR DOWNLOADED IMAGE After the scan is complete select S SELECT THE DESIRED IMAGE FROM LIST OF IMAGE FILES If the file is not found then the firmware folder does not exist on the NAS volume and reloading the file to the FSM C should be performed The update process takes approximately 25 minutes A notification will be presented upon completion of the field ...

Page 115: ... 3 1 firmware ver Micro Controller firmware version str ex 1 0 power supply temp int CNS Power Supply Temp int 128 to 127 main board temp str int CNS Main Board Temp int 1 2 int 128 to 127 flash Flash Read Write state str ro rw boot Flash Hardware Read Write switch state str ro rw FSM EEPROM Hardware Read Write switch state str ro rw status Status enum OK NA ERR str FSMX state id Temp 5V pwr 3V pw...

Page 116: ...1 22 link 1000Mb s status OK ETH_1 ip 192 168 2 22 link 1000Mb s status OK ETH_2 ip 192 168 3 22 link 1000Mb s status OK ETH_3 ip 10 19 6 4 link 1000Mb s status OK health OK cns health F health FSM Status Temp 1 5 V 3 3V Fault LED Status LED FSM0 24 C 4 92V 3 31V OFF OFF FSM1 23 C 4 92V 3 30V OFF OFF FSM2 23 C 4 94V 3 31V OFF OFF FSM3 22 C 4 93V 3 30V OFF OFF health OK cns health N F health FSM St...

Page 117: ...hown in the text box below NOTE For help on a specific command use help command or issue h to the command For example help ipconfig or ipconfig h cns help cm_create_account cm_crypto cm_field_update cm_key cm_log cm_login cm_state dhcpconfig diskcfg fsmdiskstatus fsmpurge fupdate health help ibit ipconfig istarget ledcntrl log password reboot serial_config serv shutdown swcrypt sysconfig sysdate ...

Page 118: ...hows all FSM Cs and reports errors for those not installed Example 1 Line Identifier IBIT_MON Results for system monitor subsystem IBIT_ETH Results for Ethernet subsystem IBIT_FSM Results for FSM in slot Fields mcu s Result for sysmon microcontroller i2c s Result for I2C bus volt s Result for voltage regulator monitors eth s Result for Ethernet device eth eth0 eth1 ata s Result for ATA driver log ...

Page 119: ... interface status and configuration settings Default action when other options absent M mac View MAC addresses S Like V but status only Example 1 Status config display NOTE Command ipconfig S reports only the STS_ETH_ lines as above Line Identifier STS_ETH_ Current status for Ethernet device eth CFG_ETH_ Configuration settings for Ethernet device eth Fields ink lnk Link speed link down indicator i...

Page 120: ...examples mac MAC address Ex format 00 11 22 33 44 55 ipnm IP netmask length Ex 10 19 6 6 20 or NA for Not available summary Command status summary OK ERR Example 3 Set static IP and netmask on interface eth1 Example 4 Set DHCP config force reconfiguration on interface eth1 Example 5 Configure enable boot configuration of eth1 Line Identifier IP Configuration status line Fields status sts Summary s...

Page 121: ...ation char for machine output When used sw or fsep should be the first argument NOTE The IQN format takes the form iqn yyyy mm naming authority unique name where yyyy mm is the year and month when the naming authority was established naming authority is usually reverse syntax of the Internet domain name of the naming authority NOTE unique name is any name you want to use for example the name of yo...

Page 122: ...n 2015 05 net cwnas iscsi gbe0 is_tgt_en 1 status OK iSCSI1_L0 iqn iqn 2015 05 net cwnas iscsi gbe1 is_tgt_en 1 status OK istarget OK cns istarget getTargetName istarget ISCSI0 iqn iqn 2015 05 net cwnas iscsi gbe0 ISCSI1 iqn iqn 2015 05 net cwnas iscsi gbe1 istarget OK cns istarget blockSize 4096 istarget Set_target_block_size 4096 istarget OK cns istarget getBlocksize istarget WARNING status WRN ...

Page 123: ...ings s0 LED_0 activity bool 0 1 d0 LED_0 duty cycle int 0 to 100 s1 LED_1 activity bool 0 1 d1 LED_1 duty cycle int 0 to 100 s2 LED_2 activity bool 0 1 d2 LED_2 duty cycle int 0 to 100 s3 LED_3 activity bool 0 1 d3 LED_3 duty cycle int 0 to 100 status Status enum OK NA ERR str INVALID status INVALID Command parameter s invalid status Status enum OK NA ERR str ERROR status ERROR Command parameter s...

Page 124: ... f Ctrl C to quit export Export log files to an FSM C NAS partition selected by p archive Like export but package files in a tar gz file p number Selects FSM C NAS partition used by export or archive Example 1 View list of log files Enumerated Types filename Name of a log file summary Command status summary OK ERR NOTE Output of viewer s not formalized Example 2 View log file pbit log using page v...

Page 125: ...utive characters of the same class is four Password must contain one lowercase character one upper case character one digit and one other character Options h help Print help message version Print program version u user str Username of account p pass str New password Responses PASS status PASS CNS4 login password status Status enum OK NA ERR str INVALID status INVALID Command parameter s invalid st...

Page 126: ... storage and does a soft reset of the hardware Options h helpPrint help message versionPrint program version Responses REBOOT status REBOOT CNS4 reboot status Status enum OK NA ERR str INVALID status INVALID Command parameter s invalid status Status str ERR str ERROR status ERROR Critical error has occurred status Status str ERR str Example cns reboot reboot REBOOT status OK reboot OK ...

Page 127: ... flow control e Enable XON XOFF d Diable XON XOFF parity P neo Set device parity n none o odd e even stop S 12 Set Stop bits 1 or 2 char C 78 Set charater bits 7 or 8 info i Show current device settings version Show command version string sw Generate single line machine output fsep char Specify field separation char for machine output When used sw or fsep should be the first argument Example 1 Exa...

Page 128: ...rate single line machine output fsep char Specify field separation character for machine output When used sw or fsep should be the first argument Enumerated Type num Selects server state 0 Disable 1 Enable 2 Use boot setting Enumerated type num Selects server state 0 Disable 1 Enable 2 Use boot setting Example 1 Status configuration display Line Identifier BOOTCFG Reports of service states to be a...

Page 129: ...sts Summary status for the line Example 3 Mount nas with machine output mode Example 3 Start Stop Servers Line Identifier LIVESET Indicates change to operational state of server Fields serv s Indicator of which server is being started stopped status sts Status for action OK ERR str cns serv boot cifs 1 nfs 0 serv BOOTSET status sts serv OK cns serv boot cifs 1 nfs 0 serv LIVESET mnt 1 status OK se...

Page 130: ...rage and halts the CNS4 operating system Options h help Print help message version Print program version Responses SHUTDOWN status SHUTDOWN CNS4 shutdown status Status enum OK NA ERR str INVALID status INVALID Command parameter s invalid status Status str ERR str ERROR status ERROR Critcal error has occurred status Status str ERR str Example cns shutdown shutdown SHUTDOWN status OK shutdown OK ...

Page 131: ...ore it can be opened closed or erased Create a SWE container on specified partition init all key file filename all List of one or more partitions or all for all partitions key file filename Use passphrase stored in specified file pass str Use password specified on command line as the passphrase User will be prompted for a passphrase when key file or pass flag are not present This is the most secur...

Page 132: ... file name File name of keyfile to overwite and then delete Example 1 Example 2 Example 3 Example 4 Example 5 cns swcrypt init 1 swcrypt cmd init Part 1 Enter passphrase Verify passphrase status OK swcrypt OK cns swcrypt init 1 swcrypt cmd init Part 1 Enter passphrase Verify passphrase status ERR str Password error The password contains less than 1 uppercase letters swcrypt ERR cns swcrypt init al...

Page 133: ...se Part 1 status OK cmd erase Part 2 status OK cmd erase Part 3 status OK swcrypt OK cns swcrypt status swcrypt Partitions 4 Part0 name fsm_raida1 swe closed Part1 name fsm_raida2 swe closed Part2 name fsm_raida3 swe closed Part3 name fsm_raida4 swe closed swcrypt OK cns swcrypt delfile keyfiles pw txt swcrypt cmd delfile deleting file keyfiles pw txt status OK swcrypt OK ...

Page 134: ... status and raid config 2 Detailed command and response descriptions version Show software version scan Delete and then scan for FSM connections rescan Rescan sata hosts for FSM connections status S Show system status Default action if no flags numFreeDisks Get number of free disks numFsmDisks Get total number of disks numPartitions Get total number of partitions getFreeDisks Get list of unconfigu...

Page 135: ...m version d date str Set date Month Date Year t time str Set time Hour Minute Second Response DATE date time status DATE CNS4 date and time date Date str Month Date Year time Time str Hour Minute Second status Status enum OK NA ERR str INVALID status INVALID Command parameter s invalid status Status str ERR str ERROR status ERROR Critical error has occurred status Status str ERR str Example 1 Exam...

Page 136: ...ifications A 1 Envelope Mounting Dimensions NOTE Dimensions are in inches and millimeters Figure A 1 CNS4 Envelope Mounting Dimensions 333 1 13 12 320 4 12 61 193 5 7 62 3 18 0 13 330 2 13 00 320 5 12 62 185 55 7 31 6 35 0 25 DDOC0108 00034 196 7 7 75 257 2 10 13 9 37 238 0 ...

Page 137: ...A 2 Specifications Revision 0 0 NOTE Dimensions are in inches and millimeters Figure A 1 CNS4 Envelope Mounting Dimensions Continued 0 373 9 462 0 373 9 462 0 40 10 16 0 40 10 16 DDOC0108 0038 13 11 333 0 13 87 352 3 2 94 74 55 4 25 107 95 ...

Page 138: ...6 2 Humidity Storage 0 to 100 condensing Operating 0 to 100 condensing A 6 3 Vibration Operating 0 005 g2 Hz at 20Hz X Y and Z Axes 0 02g2 Hz at 80 to 300Hz X Y and Z Axes 0 003g2 Hz at 2000Hz X Y and Z Axes A 7 EMI The Curtiss Wright CNS4 was evaluated with respect to MIL STD 461F electromagnetic interference EMI requirements Testing was performed in accordance with the Standard The CNS4 has pass...

Page 139: ... equipment in which the CNS4 is installed Signal lines are standard primary RS 232 transmit and receive RS 232 ground is the zero voltage reference for the RS 232 Figure B 1 Power RS 232 Lab Cable Figure B 2 CNS4 Bulkhead Power Connector Zeroize Chassis GND Reserved 4 1 2 3 5 6 7 8 9 10 11 12 13 DDOC0108 0035 28V GND DB9 5 2 3 4 1 8 7 6 9 1 2 3 4 5 6 7 8 9 10 11 12 13 5 2 1 6 4 3 9 8 7 12 11 10 13...

Page 140: ... lab cable bulkhead connector pin information It also shows the cable terminations at the opposite end of the cable Figure B 3 Ethernet Lab Cable Figure B 4 CNS4 Bulkhead Ethernet Connectors 3 2 1 6 7 5 4 10 9 8 DDOC0108 0039 AA AA AB AB AC AC AD AD 1 2 3 4 5 6 7 8 9 10 Shown Keyed for GBE0 DDOC0108 0037 GBE0 GBE1 GBE2 GBE3 3 2 1 6 7 5 4 10 9 8 3 2 1 6 7 5 4 10 9 8 3 2 1 6 7 5 4 10 9 8 3 2 1 6 7 5...

Page 141: ...028 R00 LF or equivalent FSM C Storage Module 2 TB 3671213E08039 405 FSM C Storage Module Tamper Label D800028 R00 LF or equivalent ILE Module 3671213E08039 307 ILE Module Battery Label D800027 R00 LF ILE Module Tamper Label D800028 R00 LF or equivalent ILE Battery TLH 5934 Tadiran Chassis Battery Lithium D700097 000 00 LS 14500 Saft ATR Mounting Tray VS CNS4Tray 00 Power RS 232 Lab Cable 36 Inch ...

Search results

Summary of Contents for CNS4 CSfC

Reviews:

Related manuals for CNS4 CSfC

Brands by name

Popular brands

Curtiss-Wright CNS4 CSfC, User Manual

Search results

Summary of Contents for CNS4 CSfC

Reviews:

Related manuals for CNS4 CSfC

Brands by name

Popular brands