SyBard® Highly Available Diode

Transfer of Business Critical Data

Data diodes are widely used to connect disparate networks in a strictly one-way manner. There are two typical use cases: to import data (such as anti-virus updates) into a protected network with no risk of data leakage; to publish data (such as corporate information for public consumption) from a protected network guarding against attacks from the untrusted domain. SyBard Diodes provide fast, high integrity data transfer between networks that is guaranteed to be uni-directional.

Business critical systems are often required to meet stringent service level agreements (SLAs), with unplanned periods of downtime resulting in financial penalties or damage to reputation. To ensure continuous service delivery, such systems are usually designed using multiple redundant components in order to be resilient to common component failures. Data diodes are frequently single points of failure within these systems; standby appliances may not mitigate against the SLA, as the time taken to switch to the standby appliance can still result in significant disruption to service. The SyBard Highly Available (HA) Diode provides a solution to this problem, ensuring continued operation in the event of hardware or software failure.

The SyBard HA Diode is based upon the proven standard SyBard Diode and provides a highly resilient solution by building redundancy into the hardware and software components. Developed and manufactured by QinetiQ, a world-leading Cyber- Security organisation, the HA Diode provides a turn-key solution that can be easily integrated into accredited systems.

The input and output interfaces to the SyBard HA Diode are network file shares hosted on the diode appliance. Files and directories are transferred over the diode to the Output File Share on the target network by simply placing them in the Input File Share. This is shown in the following diagram:

Sybard HA Diode Diagram

Conceptually, the SyBard HA Diode consists of two independent Diode links operating in parallel. When input files are written into the Input File Share, they are replicated over both links to the Output File Share. This ensures that, should either link become unavailable for any reason, the files are still delivered. For example, a security upgrade of the SyBard HA Diode system software can be performed on each link independently, allowing the other link to continue to transfer files and thus maintain service.

To ensure that each component within the HA Diode is as robust as possible, the HA Diode uses enterprise grade components throughout including:

  • HA cluster and data replication technology (to host the Input and Output File Shares)
  • Multiple bonded network interfaces
  • Redundant power supplies
  • RAID 10 SSD based storage
  • Dedicated management interface and iDRAC connections

For more information email