IDQ Quantis Appliance, User Manual

Page 1: ...Quantis Appliance User Manual Version 2 13 Date 06 08 202 ...

Page 2: ... is subject to change without notice Copyright 2020 ID Quantique SA Printed in Switzerland No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise without the permission of ID Quantique Trademarks and trade names may be used in this document to refer to either the entities claimi...

Page 3: ...rietary rights relating to use of information in this specification ID Quantique assumes no liability whatsoever and disclaims any express or implied warranty relating to sale and or use of ID Quantique products including liability or warranties relating to fitness for a particular purpose merchantability or infringement of any patent copyright or other intellectual property right ID Quantique pro...

Page 4: ...er configuration 11 3 1 3 CLI configuration 11 3 2 Quick start 13 3 2 1 Change default password 13 3 2 2 Setup date 13 3 2 3 Setup Network interface 14 3 2 4 Setup hostname 15 3 2 5 Regenerate a new SSL certificate 16 3 2 6 Check the generated certificate 16 3 3 Retrieving Random numbers 18 3 3 1 Built in Webserver 18 3 3 2 JSON query using web browser 19 3 3 3 JSON query using Linux curl 20 3 3 4...

Page 5: ...vailable commands 32 6 2 cert new New SSL certificate 33 6 3 cert export Export a SSL certificate 35 6 4 cert import Import an SSL certificate 36 6 5 cert show Display current SSL certificate detail 37 6 6 clear Clear the console 39 6 7 date Change Date and Time 39 6 8 exit Exit the Command Line Interface 40 6 9 firmware info Firmware Information 40 6 10 firmware update Firmware Update 40 6 11 hos...

Page 6: ...Quantis Appliance User Manual Document version 2 13 Distribution Confidential Date 06 08 2020 Page 6 47 6 20 system info system identification 47 ...

Page 7: ...are used for different applications to generate high quality cryptographic keys for encryption or authentication to seed deterministic PRNGs or to provide entropy for online gaming and mathematical simulations This manual is intended for the system administrator network manager security manager or technician who will install configure and operate the Quantis Appliance The following sections provid...

Page 8: ...ource Multi threading up to 10 000 requests s Live status verification Health check output Seamless integration in any network or security solution Standard REST interface over HTTPs FIPS compliant appliance designed for high availability Hot pluggable and swappable into operating networks 2 1 Front panel The front panel provides 2 system buttons Power Reset and 3 LED indicators System power Syste...

Page 9: ...ibution Confidential Date 06 08 2020 Page 9 47 2 2 Rear panel The rear panel provides 3 LAN ports o LAN 1 o LAN 2 o LAN M 2 USB 3 0 double stack Type A 1 VGA port and 1 DB 9 COM port For Quantis Appliance please use only the LAN 1 and 2 ports and the COM port ...

Page 10: ...mbers interface The random numbers are available on the LAN1 interface For this connect the provided Ethernet cable to your LAN 3 Getting Started 3 1 Installation 3 1 1 Physical Installation In order to install the Quantis Appliance please perform the following steps 1 Plug the power cable in the Power supply socket 2 Plug the Ethernet cable in the Ethernet slot LAN1 3 Connect the USB to Serial co...

Page 11: ... Then configure the serial port with the next settings Serial port baud rate 115200 no parity 8 data bits one stop bit Open the connection and press RETURN and the login should be printed ___ ____ ___ _ _ _ _ _ _ _ _ __ _ _ __ _ _ __ _ _ _ ___ _ _ __ _ _ _ _ _ _ _ _ _ __ ___ ____ __ _ __ _ __ _ _ _ __ _ __ __ _ ___ _ qa login 3 1 3 CLI configuration Then log in with the factory default credentials...

Page 12: ...t Exports the QA certificate on an USB stick cert import Imports a certificate signed by an external CA cert new Create a new certificate cert show Shows the actual certificate clear Clears the console date Displays or sets the local date and time debug false Disable debug mode debug true Enable debug mode exit Exits the shell firmware info Shows information on the appliance firmware update update...

Page 13: ... the number of requests EXAMPLES ping addr 127 0 0 1 ping addr 192 164 2 3 count 10 3 2 Quick start 3 2 1 Change default password For security reasons it s recommended to change the default password Type pwd to change the password qa cli pwd Enter the new password Enter the new password once again Password correctly set 3 2 2 Setup date Make sure the date is up to date Type date to get the current...

Page 14: ... 0 0 0 0 This configuration should be changed to match the production LAN in particularly new IP addresses should be specified and separate subnets for each ethernet port should be used if more than one ethernet port is used in the deployment To change the network configuration type qa cli nic id 1 addr 10 17 17 10 8 gateway 10 0 0 1 Address changed Gateway changed GENERAL DEVICE eno1 GENERAL TYPE...

Page 15: ...101 8 IP4 GATEWAY 10 0 0 1 IP4 DNS 1 10 0 0 1 IP6 ADDRESS 1 fe80 ec4 7aff fe95 88ad 64 IP6 GATEWAY Warning although the IP addresses have been setup on the same subnet in this example this should not be done on a production LAN The Quantis Appliance has two ethernet ports if both are to be used then the first ethernet port should be on a different subnet from the second ethernet port It is importa...

Page 16: ...lidity days 365 return Could you please confirm Name 10 17 17 11 Country CH State Geneva City Geneva City Organization Id Quantique Organization Unit RNG Email info idquantique com Validity days 365 Self Signed yes Do you agree yes or no yes Generating a 2048 bit RSA private key Signature ok 3 2 6 Check the generated certificate Optionally you can verify the content of the certificate For this use...

Page 17: ... ce fe 94 f2 50 34 97 46 68 5e be f1 57 5c 7d 57 e1 d7 b2 bc 0d ed b6 6f 05 67 77 51 65 5f 95 d8 9c b7 29 cf 88 63 19 a5 5d b9 2e cf a8 d7 f5 b6 16 78 90 b1 2f 62 a8 1f f8 58 41 ca 54 6d 8b 9d 9e 3a b0 23 81 a7 20 1b 9a 7b 50 10 66 5c 15 fe af 1a 0d bc 6f ea eb 8f 47 e4 87 dd 6c d6 27 f8 b9 4e 35 82 48 00 94 7d 39 9b a9 5d 90 a3 d8 fe 76 4a b3 2c af b5 75 1f 3d 47 aa 6f f4 33 f3 14 97 85 84 cd 4f ...

Page 18: ...6c 32 85 15 cd ec 23 9b 82 40 63 10 2c 98 2d d9 5c 1f cd 19 90 c7 5b 0c ff 1f 45 29 1d 72 0f db cf 8f b6 92 fa 68 After this quick configuration the appliance is ready for operations 3 3 Retrieving Random numbers To operate the system the appliance must be up and connected to the LAN1 or LAN2 port Random bytes can be retrieved from the Quantis Appliance using HTTPS protocol Port 80 of the HTTP pro...

Page 19: ...ptional scaling between min inclusive and max exclusive o Short o Integer o Float without scaling the outputted numbers are between 0 and 1 o Double without scaling the outputted numbers are between 0 and 1 a binary random number file ready to download 3 3 2 JSON query using web browser A web browser can be used to retrieve random numbers from the server through JSON HTTPS query The server exposes...

Page 20: ...Example of command for HTTPS protocols can be found below https IpAddress api 2 0 int min 1 max 50 quantity 10 3 3 3 JSON query using Linux curl In a Linux terminal random numbers can be retrieved through a curl command curl k https IpAddress api 2 0 int min 1 max 50 quantity 10 2 37 4 17 30 17 23 34 43 8 ...

Page 21: ...ng feature target the gaming application It means the random number can be in the interval min inclusive and a max value exclusive curl k https IpAddress api 2 0 double min 0 max 1 quantity 3 0 5381045206003764 0 05909736119066311 0 18390003030724533 3 3 5 System Information The system information page retrieves information for management such as General information that identifies the hardware Fi...

Page 22: ...UI A description of all the available REST commands is detailed on this page including each argument of each command It is also available directly from https IpAddress swagger swagger ui html 3 4 3 Swagger file All the available queries are described in a standard swagger file available here https IpAddress swagger json ...

Page 23: ... cert new self signed yes qa cli cert export self signed yes name 192 168 1 21 crt Please insert media into USB port Press any key to continue 4 1 2 Generation of a Quantis Appliance certificate signed by an external CA This example shows how to create a request to sign the certificate and copy it to a USB Memory drive qa cli cert new self signed no qa cli cert export self signed no name 192 168 1...

Page 24: ...ception Procedure When using secure https connection the browser is asking for adding security exceptions if the certificate is self signed Please go through the following steps to add security exceptions 4 2 1 Chrome Procedure Chrome will present the warning as follows Click Advanced The following window will be opened ...

Page 25: ...anual Document version 2 13 Distribution Confidential Date 06 08 2020 Page 25 47 Press Proceed to 10 17 17 1 unsafe and you will be forwarded to the main page 4 2 2 Firefox Procedure Firefox will present the warning as follows ...

Page 26: ...Quantis Appliance User Manual Document version 2 13 Distribution Confidential Date 06 08 2020 Page 26 47 Click Advanced The following window will be opened ...

Page 27: ...Quantis Appliance User Manual Document version 2 13 Distribution Confidential Date 06 08 2020 Page 27 47 Press Add Exception The following window will be opened ...

Page 28: ...Quantis Appliance User Manual Document version 2 13 Distribution Confidential Date 06 08 2020 Page 28 47 And finally click on Confirm Security Exception to access the Web Quantis page ...

Page 29: ...client is requesting randomness to the Quantis Appliance though a virtual IP address QA 1 IP 10 17 17 11 Hostname qa v1 1 VRRP Virtual IP 10 17 17 10 State BACKUP Priority 100 Syslog server IP 10 17 17 3 Hostname syslog server1 Client QA 2 IP 10 17 17 12 Hostname qa v1 2 VRRP Virtual IP 10 17 17 10 State MASTER Priority 101 In this example 2 appliances share a common virtual IP address 10 17 17 10...

Page 30: ...qa cli keep alive enable true Log in the CLI of the appliance 2 and type qa cli monitor log type syslog addr 10 17 17 3 qa cli keep alive virtual ip 10 17 17 10 qa cli keep alive state MASTER interfacenum 1 interfacename eno1 qa cli keep alive priority 101 interfacenum 1 qa cli keep alive enable true qa cli keep alive global_defs notification_email sysadmin mydomain com support mydomain com notifi...

Page 31: ..._vrrp 2061 VRRP_Instance VI_1 Entering MASTER STATE Dec 6 17 46 20 qa v1 2 Keepalived_vrrp 2061 VRRP_Instance VI_1 setting protocol VIPs Dec 6 17 46 20 qa v1 2 Keepalived_vrrp 2061 VRRP_Instance VI_1 Sending gratuitous ARPs on eno1 for 10 17 17 10 Dec 6 17 46 20 qa v1 2 Keepalived_healthcheckers 2060 Netlink reflector reports IP 10 17 17 10 added Warning Certificate must be created cert new with a...

Page 32: ...eate a new certificate cert show Shows the actual certificate clear Clears the console date Displays or sets the local date and time debug false Disable debug mode debug true Enable debug mode exit Exits the shell firmware info Shows information on the appliance firmware update update Apply an update help List all commands usage hostname Get or set the hostname keep alive Configure Hot Standby lis...

Page 33: ... 1 Specify the number of requests EXAMPLES ping addr 127 0 0 1 ping addr 192 164 2 3 count 10 The commands are listed by alphabetical order 6 2 cert new New SSL certificate NAME cert new DESCRIPTION Create a new certificate OPTIONS self signed yes to create a self signed certificate no to create a certificate request to be signed by an external certificate authority EXAMPLE qa cli cert new self si...

Page 34: ...m Name 10 17 17 11 Country CH State Geneva City Geneva City Organization Id Quantique Organization Unit RNG Email info idquantique com Validity days 365 Self Signed yes Do you agree yes or no yes Generating a 2048 bit RSA private key Signature ok qa cli cert new self signed no Name 10 17 17 11 return Country CH return State Geneva return City Geneva City return Organization ID Quantique return Org...

Page 35: ...ique com Validity days 365 Self Signed no Do you agree yes or no yes Generating a 2048 bit RSA private key New certificate request created successfully To activate this certificate please export the request and sign it with a certificate authority You can choose the default value by typing return or choose the information that fits your requirements 6 3 cert export Export a SSL certificate NAME ce...

Page 36: ...ted qa cli cert export self signed no name myRequest csr Plug the usb device and press enter to continue Certificate correctly exported 6 4 cert import Import an SSL certificate NAME cert import DESCRIPTION Imports a certificate signed by an external CA OPTIONS name the filename of the externally signed certificate in the root filesystem of the USB memory drive ca file the filename of the certific...

Page 37: ...a City ST Geneva O Id Quantique OU RNG CN 10 17 17 11 emailAddress info idquantique com Validity Not Before Jul 26 14 17 45 2017 GMT Not After Jul 26 14 17 45 2018 GMT Subject C CH L Geneva City ST Geneva O Id Quantique OU RNG CN 10 17 17 11 emailAddress info idquantique com Subject Public Key Info Public Key Algorithm rsaEncryption Public Key 2048 bit Modulus 00 c7 35 a2 da 37 7d f9 a2 b8 e9 09 1...

Page 38: ... be 32 8f a3 0f a0 6c 5c 6e c2 c1 9a 59 65 98 ba 2c b1 38 57 ec 10 d5 Exponent 65537 0x10001 Signature Algorithm sha1WithRSAEncryption 03 32 4d dc bd 6f ff af 4d d6 83 d4 c7 d7 58 2d b9 99 3b f0 67 97 10 2d 3d 0b 1c 35 bf 98 12 fe f6 80 19 22 ea b4 66 8e 1e 4e 74 ea 81 a4 d0 d9 97 c1 b4 7a 9a 3f e1 6a 9f 95 ed a8 7b cd 40 42 9e b4 71 ed f0 a6 3f 06 4a a4 40 8f be b7 4a e5 63 f8 4b 01 99 19 15 47 b...

Page 39: ...1d 72 0f db cf 8f b6 92 fa 68 6 6 clear Clear the console NAME clear DESCRIPTION Clears the console EXAMPLE qa cli clear 6 7 date Change Date and Time NAME date DESCRIPTION Displays or sets the local date and time OPTIONS set Set the date in the format YYYY MM DD hh mm ss EXAMPLE qa cli date Wednesday July 25 2017 4 11 04 PM CEST qa cli date set 2017 07 26 16 13 00 Wed Jul 26 16 13 00 CEST 2017 ...

Page 40: ...6 9 firmware info Firmware Information NAME firmware info DESCRIPTION Shows information on the appliance EXAMPLE qa cli firmware info Firmware name QuantisAppliance Firmware version 1 0 0 20170921 To apply an update the user needs to plug a USB drive containing an official Update File delivered by ID Quantique 6 10 firmware update Firmware Update NAME firmware update DESCRIPTION Apply an update EX...

Page 41: ... qa srv2 Hostname correctly changed to qa srv2 6 12 keep alive Configure Hot Standby An example is provided in part 7 4 NAME keep alive DESCRIPTION Configure the keep alive for Hot Standby OPTIONS enable true false enable the Hot Standby Must be identical on both appliance priority 1 254 numeric value High value has higher priority Must be different on both appliance state MASTER BACKUP Define the...

Page 42: ...state MASTER interfacenum 1 qa cli keep alive priority 101 interfacenum 1 qa cli keep alive enable true qa cli keep alive global_defs notification_email sysadmin mydomain com support mydomain com notification_email_from lb1 mydomain com smtp_server localhost smtp_connect_timeout 30 vrrp_instance VI_1 state MASTER interface eno1 virtual_router_id 51 priority 101 advert_int 1 authentication auth_typ...

Page 43: ... NAME list usb DESCRIPTION Lists the usb key contents EXAMPLE qa cli list usb total 8 drwxr xr x 2 root root 4096 Jan 1 1970 drwxr xr x 3 root root 17 Aug 21 16 57 rwxr xr x 1 root root 1322 Aug 21 16 57 myCertificate pem 6 14 monitor log Manage Monitor Log NAME monitor log DESCRIPTION Monitor the log output OPTIONS addr Specify the IP address of the target syslog server type Specifiy the type of ...

Page 44: ...ess and the netmask of the QA gateway Specify the IPv4 gateway of the QA id Specify the interface to configure LAN1 or LAN2 EXAMPLE qa cli nic id 1 addr 10 17 17 2 8 gateway 10 0 0 1 Address changed Gateway changed GENERAL DEVICE eno1 GENERAL TYPE ethernet GENERAL HWADDR 0C C4 7A 95 88 AC GENERAL MTU 1500 GENERAL STATE 100 connected GENERAL CONNECTION System eno1 GENERAL CON PATH org freedesktop N...

Page 45: ...Manager ActiveConnection 11 WIRED PROPERTIES CARRIER off IP4 ADDRESS 1 10 17 17 101 8 IP4 GATEWAY 10 0 0 1 IP4 DNS 1 10 0 0 1 IP6 ADDRESS 1 fe80 ec4 7aff fe95 88ad 64 IP6 GATEWAY 6 16 ping Test LAN connection NAME ping DESCRIPTION Ping an IP Address OPTIONS addr Specify the IP address to ping count number of request default 1 EXAMPLE qa cli ping addr 10 17 17 2 count 3 ping host 10 17 17 2 host st...

Page 46: ...s the user to change the CLI Password EXAMPLE qa cli pwd Enter the new password Enter the new password once again Password correctly set 6 18 reboot Reboot Appliance NAME reboot DESCRIPTION Reboot the system EXAMPLE qa cli reboot 6 19 shutdown Shutdown Appliance NAME shutdown DESCRIPTION Shutdown the system EXAMPLE qa cli shutdown ...

Page 47: ...ate 06 08 2020 Page 47 47 6 20 system info system identification NAME system info DESCRIPTION Shows information on the appliance EXAMPLE qa cli system info Manufacturer IDQuantique Product Name Quantis Appliance version QA v1 A0 Serial number 1739002S020 RNG type Quantis 16Mbit s ...