PA100 Series FAQ’s

The CDI devices are sold with a PRIVATE LTE APN SIM CARD already installed into the product. This is a private circuit and is already configured. You can optionally buy your own private APN from CDI or you can supply your own SIM cards for the devices. They do require STATIC IP addresses on the LTE side.

You should just connect the antennas , power up the device and it should begin connecting to a tower. As long as you do not have a RED alarm LED it should be connected to the LTE network.

Contact CDI support if you are having problems.

Yes certificate #1627 recently updated in January 2017 for hardware Random Number Generator requirement.

For more detailed information, sign up for our Support Center.

Yes they will work with our AES 128 and out triple DES devices (configured as clients).

All CDI host serial ports are pinned to connect directly to a CISCO type RJ45 console port via a straight CAT5 cable. CDI provides a flat silver satin RJ45-RJ45 for each serial port on the device. This cable can be connected directly from the CDI device to the CISCO or CISCO LIKE device. We recommend using the supplied “Flat Silver Satin cables” as it makes it obvious that they are SERIAL RJ45 cables and not Ethernet connections.

PA200 Series FAQ’s

The CDI devices are sold with a PRIVATE LTE APN SIM CARD already installed into the product. This is a private circuit and is already configured. You can optionally buy your own private APN from CDI or you can supply your own SIM cards for the devices. They do require STATIC IP addresses on the LTE side.

You should just connect the antennas , power up the device and it should begin connecting to a tower. As long as you do not have a RED alarm LED it should be connected to the LTE network.

Contact CDI support if you are having problems.

Yes they will work with our SAM11, SAM22, and SAM44 devices.

All CDI host serial ports are pinned to connect directly to a CISCO type RJ45 console port via a straight CAT5 cable. CDI provides a flat silver satin RJ45-RJ45 for each serial port on the device. This cable can be connected directly from the CDI device to the CISCO or CISCO LIKE device. We recommend using the supplied “Flat Silver Satin cables” as it makes it obvious that they are SERIAL RJ45 cables and not Ethernet connections.

Enterprise Software FAQ’s

Our hardware supports ANY software platform. Our management system supports Windows , W7 Pro 32/64, Server 2008,2008R2, 2016  SQL 2008,2012.2014. The system can run as a VM-Slice. We recommend installing on a server so that multiple users can access simultaneously. The system can be installed on a desktop for smaller installations.

Yes. OBM also combines with a built in intelligent SSH terminal that can automatically build the outbound connection to the device by just clicking the device icon in the OBM system. This will also get keystroke logged in the OBM log database for later forensic retrieval.

 

Yes. You can also tie the OBM into your Active Directory domain.

Yes the OBM will automatically log ALL keystroke data of an engineer’s session which will be stored on the secure server for later retrieval by a security administrator for audit.

The default address of the network interface is 199.199.199.1. As long as an IP address has not already been configured in the product you can use a web browser to change the IP address. You can also connect a SERIAL cable to the console interface and access config menus using the administrator password.

As long as an IP address has not already been configured in the product you can use a serial connection to the CDI console port to configure an IP address in the CDI device. The default is 8/n/1 9600 baud.

Security Related FAQ’s

PA100 series supports up to AES 256 bit cipher feedback that is NIST FIPS 140-2 validated along with multisession SSH 2048. PA200 series supports AES 128 bit encryption and multisession SSH 2048.

RSA SecureID (built in, no need for ACE server connection), Password and ID, Challenge Response Token, Password and ID/ encryption, Full AES encryption. CDI recomnends setting up your HEAD END devices for TACACS+ or Active Directory and then setting your remote device to “Device Authentication”. This will authenticate the user at the HEAD END and the device will automatically authenticate with each other from the HEAD END to the remote.

 

 

Power Control FAQ’s

First determine how much current ( IN AMPS) that your connect device draws. This can be found in the manual or on the product itself.

Another way to measure current is through POWER or WATTS. for a 110 Volt device , devide the WATTS by 110 to get the current (AMPS). For a 230 volt device, divide the WATTS by 230  to get the current in AMPS.

CDI power control devices come in 10AMP and 20AMP models. You also need to know the VOLTAGE as the external Power control modules use different parts numbers based on the voltage.

Keep in mind that our 10 AMP and 20AMP models use a different size IEC connector. Take a look at you power cord for your existing device. If it is using a C13 connector it is under 10AMPs. If it is using the large square C19 connector it is over 10 amps and should use our 20 AMP models.

If you are using the INTERNAL POWER CONTROL on a PA244x or PA288x then you can use ANY voltage.

Contact CDI support and they would be glad to help you determine which , and how many PCM’s to select for your application.

Category: Power Control

The DTM LED on the front panel indicates the CDI device is ready for communication. If this LED is not lit then there is a problem with your hardware. Contact customer support.

This is normal and indicates that the CDI device has no keying information in it. You need to configure the device with OBM or FEL This also could indicates that the device has been completely reset via the front panel switch or has been tampered via opening the chassis.

Technical FAQ’s

RSA SecureID (built in, no need for ACE server connection), Password and ID, Challenge Response Token, Password and ID/ encryption, Full AES encryption. CDI recomnends setting up your HEAD END devices for TACACS+ or Active Directory and then setting your remote device to “Device Authentication”. This will authenticate the user at the HEAD END and the device will automatically authenticate with each other from the HEAD END to the remote.

 

 

All CDI devices are intentionally shipped with no credentials in them. You must configure the device through the OBM or the free Front End Loader “FEL”.

All CDI host serial ports are pinned to connect directly to a CISCO type RJ45 console port via a straight CAT5 cable. CDI provides a flat silver satin RJ45-RJ45 for each serial port on the device. This cable can be connected directly from the CDI device to the CISCO or CISCO LIKE device. We recommend using the supplied “Flat Silver Satin cables” as it makes it obvious that they are SERIAL RJ45 cables and not Ethernet connections.

Ensure that you see the DTR LED on the port that you connected the cable to. DTR is one of the  indicators that the cable is pinned correctly and the device is ready for communication.

The default address of the network interface is 199.199.199.1. As long as an IP address has not already been configured in the product you can use a web browser to change the IP address. You can also connect a SERIAL cable to the console interface and access config menus using the administrator password.

As long as an IP address has not already been configured in the product you can use a serial connection to the CDI console port to configure an IP address in the CDI device. The default is 8/n/1 9600 baud.

The DTM LED on the front panel indicates the CDI device is ready for communication. If this LED is not lit then there is a problem with your hardware. Contact customer support.

This is normal and indicates that the CDI device has no keying information in it. You need to configure the device with OBM or FEL This also could indicates that the device has been completely reset via the front panel switch or has been tampered via opening the chassis.

Each CDI flat RJ45-RJ45 cable also comes with an RJ45 to DB9F connector, The connector is pinned out to connect to any DTE type serial interface typically found on a PC type product. Use the flat RJ45-RJ45 cable and snap on the RJ45-DB9 adapter. If you see DTR on the CDI device when the cable is connected, odds are it is the correct cable.

Contact CDI support with the make and model number of your device and we can tell you how to connect to the interface. This will require purchase of an adapted from CDI or the ability for you to make an adapter.

After you authenticate to the CDI device you will see of list of ports that are supported. Each port with show the status of both DTR and RTS. You should see DTR/UP RTS/UP. This indicates that the connected device is presenting RS232 signals to the CDI device. If you see DTR/DWN RTS/DWN , chances are that your cable is wrong or unplugged (or your appliance is powered down).

Pre-Purchase FAQ’s

The CDI devices are sold with a PRIVATE LTE APN SIM CARD already installed into the product. This is a private circuit and is already configured. You can optionally buy your own private APN from CDI or you can supply your own SIM cards for the devices. They do require STATIC IP addresses on the LTE side.

You should just connect the antennas , power up the device and it should begin connecting to a tower. As long as you do not have a RED alarm LED it should be connected to the LTE network.

Contact CDI support if you are having problems.

Yes certificate #1627 recently updated in January 2017 for hardware Random Number Generator requirement.

For more detailed information, sign up for our Support Center.

Our hardware supports ANY software platform. Our management system supports Windows , W7 Pro 32/64, Server 2008,2008R2, 2016  SQL 2008,2012.2014. The system can run as a VM-Slice. We recommend installing on a server so that multiple users can access simultaneously. The system can be installed on a desktop for smaller installations.

Yes, we can ship to all countries on the US export list. The devices have an international power supply, but the country plug must be requested at time of order or you will have to provide a standard IEC C13 power cord, in country.

CDI devices contain a third party modem that has been homologated for global operation around the world and is accepted in most of the civilized countries.

Yes.

Yes. OBM also combines with a built in intelligent SSH terminal that can automatically build the outbound connection to the device by just clicking the device icon in the OBM system. This will also get keystroke logged in the OBM log database for later forensic retrieval.

 

PA100 series supports up to AES 256 bit cipher feedback that is NIST FIPS 140-2 validated along with multisession SSH 2048. PA200 series supports AES 128 bit encryption and multisession SSH 2048.

Yes they will work with our AES 128 and out triple DES devices (configured as clients).

Yes they will work with our SAM11, SAM22, and SAM44 devices.

RSA SecureID (built in, no need for ACE server connection), Password and ID, Challenge Response Token, Password and ID/ encryption, Full AES encryption. CDI recomnends setting up your HEAD END devices for TACACS+ or Active Directory and then setting your remote device to “Device Authentication”. This will authenticate the user at the HEAD END and the device will automatically authenticate with each other from the HEAD END to the remote.

 

 

Yes. In fact we recommend setting up our client devices for network authentication and enforcing auto key exchange no the remote devices. This allows the use of ANY token along with immediate changes to the database being reflected in the system.

Yes. You can also tie the OBM into your Active Directory domain.

Yes the OBM will automatically log ALL keystroke data of an engineer’s session which will be stored on the secure server for later retrieval by a security administrator for audit.