Installation
InterDiode is available as Docker/OCI images from Docker Hub.
To test locally, a Local demo with docker-compose is available.
Table of Contents
Global architecture
Server requirements
A minimal production installation requires a server connected to the internet (the black side) and a server on the internal network (the red side). For data transfers, several solutions are available:
direct unidirectional UDP link,
direct TCP link accepting return acknowledgments,
or raw file export/import to use your own solution to transfer data.
If you use a direct UDP connection with a real data diode, you must know the MAC address of the red server to inject it into the ARP cache of the host machine before using the integrated air gap protocol. This must be done on the host machine, not in the Docker container. This is required since the black server will send data to the red server without any acknowledgment, and the ARP cache must be pre-populated to ensure that the data is correctly routed. More details are given on Transfer options.
Server sizing depends on the amount of data to transfer, but for testing purposes, a server with 100 GB of disk space, 4 vCPUs, and 8 GB of RAM is more than sufficient.
Data transfers require temporary copies, increasing the total disk space needed. It is advisable to plan for a few TB of disk space to avoid saturation issues.
The main storage can be a standard volume or S3, but a standard volume is still required to handle transfers. Each process also requires a local filesystem for temporary storage and cache, used for downloading new data and serving them to clients.
Client requirements
InterDiode is a web application and an up-to-date browser is needed. The following browsers are supported in their latest stable version:
Chrome (and Chromium-based like Edge),
Firefox,
Safari.
This does not mean that InterDiode will not work with other browsers or older versions, just that we do not test against or provide support for them.
The communication between client and server also use web sockets. Some firewalls may block such connections. Some features will then be disabled.