IDQ Quantis Appliance User manual
Quantis Appliance User Manual
Version : 2.13
Date : 06.08.202
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 2 / 47
ID Quantique SA
Ch. de la Marbrerie, 3bis
CH-1227 Carouge/Geneva
Switzerland
Tel: +41 (0)22 301 83 71
Fax: +41 (0)22 301 83 79
www.idquantique.com
info@idquantique.com
Please send any comment to
support@idquantique.com
Information in this document is subject to change without notice.
Copyright © 2020 ID Quantique SA. Printed in Switzerland.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
or by any means –electronic, mechanical, photocopying, recording or otherwise –without the
permission of ID Quantique.
Trademarks and trade names may be used in this document to refer to either the entities claiming the
marks and names or their products. ID Quantique SA disclaims any proprietary interest in the
trademarks and trade names other than its own.
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 3 / 47
Disclaimer
THIS DOCUMENT IS PROVIDED “AS IS” WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY
WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR
ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.
No license, express or implied, to any intellectual property rights is granted herein, except that a license
is hereby granted to copy and reproduce this specification for internal use only. Contact ID Quantique for
information on further licensing agreements and requirements. ID Quantique disclaims all liability,
including liability for infringement of any proprietary rights, relating to use of information in this
specification. ID Quantique assumes no liability whatsoever, and disclaims any express or implied
warranty, relating to sale and/or use of ID Quantique products including liability or warranties relating to
fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other
intellectual property right. ID Quantique products are not intended for use in medical, life saving, or life
sustaining applications.
ID Quantique may make changes to documents, specifications and product descriptions at any time,
without notice. Designers must not rely on the absence or characteristics of any features or instructions
marked reserved or undefined. ID Quantique reserves these for future definition and shall have no
responsibility whatsoever for conflicts or incompatibilities arising from future changes to them.
Copyright © ID Quantique 2019.
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 4 / 47
Contents
1 Introduction .......................................................................................................................................... 7
2 System Overview................................................................................................................................... 7
2.1 Front panel....................................................................................................................................8
2.2 Rear panel.....................................................................................................................................9
2.3 Configuration Interface...............................................................................................................10
2.4 Random numbers interface ........................................................................................................10
3 Getting Started.................................................................................................................................... 10
3.1 Installation ..................................................................................................................................10
3.1.1 Physical Installation.............................................................................................................10
3.1.2 Computer configuration......................................................................................................11
3.1.3 CLI configuration.................................................................................................................11
3.2 Quick start...................................................................................................................................13
3.2.1 Change default password....................................................................................................13
3.2.2 Setup date...........................................................................................................................13
3.2.3 Setup Network interface.....................................................................................................14
3.2.4 Setup hostname..................................................................................................................15
3.2.5 Regenerate a new SSL certificate........................................................................................16
3.2.6 Check the generated certificate..........................................................................................16
3.3 Retrieving Random numbers ......................................................................................................18
3.3.1 Built-in Webserver ..............................................................................................................18
3.3.2 JSON query using web browser ..........................................................................................19
3.3.3 JSON query using Linux curl................................................................................................20
3.3.4 Retrieving numbers.............................................................................................................21
3.3.5 System Information.............................................................................................................21
3.4 Documentation ...........................................................................................................................21
3.4.1 User manual........................................................................................................................21
3.4.2 Swagger UI ..........................................................................................................................22
3.4.3 Swagger file.........................................................................................................................22
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 5 / 47
4 SSL Certificates and security exceptions............................................................................................. 23
4.1 SSL Certificates............................................................................................................................23
4.1.1 Generation of a new self-signed certificate........................................................................23
4.1.2 Generation of a Quantis Appliance certificate signed by an external CA...........................23
4.2 Security Exception Procedure.....................................................................................................24
4.2.1 Chrome Procedure..............................................................................................................24
4.2.2 Firefox Procedure................................................................................................................25
5 Hot Standby ........................................................................................................................................ 29
5.1 Configuration of the Hot Standby...............................................................................................30
5.2 Audit............................................................................................................................................31
6 Command Line Interface Description ................................................................................................. 32
6.1 help: Get the list of available commands ...................................................................................32
6.2 cert-new: New SSL certificate.....................................................................................................33
6.3 cert-export: Export a SSL certificate ...........................................................................................35
6.4 cert-import: Import an SSL certificate ........................................................................................36
6.5 cert-show: Display current SSL certificate detail .......................................................................37
6.6 clear: Clear the console...............................................................................................................39
6.7 date: Change Date and Time.......................................................................................................39
6.8 exit: Exit the Command Line Interface........................................................................................40
6.9 firmware-info: Firmware Information ........................................................................................40
6.10 firmware-update: Firmware Update...........................................................................................40
6.11 hostname: Set network hostname .............................................................................................41
6.12 keep-alive: Configure Hot Standby .............................................................................................41
6.13 list-usb: List files on a USB memory drive...................................................................................43
6.14 monitor-log: Manage Monitor Log .............................................................................................43
6.15 nic: Configure Network Interface Card .......................................................................................44
6.16 ping: Test LAN connection ..........................................................................................................45
6.17 pwd: Change Password...............................................................................................................45
6.18 reboot: Reboot Appliance...........................................................................................................46
6.19 shutdown: Shutdown Appliance................................................................................................46
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 7 / 47
1Introduction
The Quantis Appliance is a network-attached device, which securely generates and delivers high-quality
random numbers for security and cryptographic applications in enterprise, government, gaming, and
cloud environments. The Quantis Appliance is designed for environments where high availability is
necessary. It can be inserted in or removed from an operating network with no impact on any other
appliance, such as servers, switches, and Hardware Security Modules (HSMs).
The random numbers generated by the Quantis Appliance are used for different applications: to generate
high-quality cryptographic keys for encryption or authentication, to seed deterministic PRNGs or to
provide entropy for online gaming and mathematical simulations.
This manual is intended for the system administrator, network manager, security manager or technician
who will install, configure, and operate the Quantis Appliance.
The following sections provide detailed descriptions of installation, operation, procedures and reference
material.
2System Overview
The Quantis Appliance serves as a hardware source of trust for cloud or distributed environments, on any
operating systems via the REST API. It provides secure keys for Virtual Machines (VMs), Virtual Private
Networks (VPNs), HSMs, and remote desktops. It is also used in Randomness-as-a-Service (RaaS) or
Security-as-a-Service (SaaS) environments.
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 8 / 47
Key features :
•Quantum source of full entropy, intrinsically random
•True randomness from the first bit
•Provably unpredictable entropy source
•Multi-threading up to 10’000 requests/s
•Live status verification & Health check output
•Seamless integration in any network or security solution
•Standard REST interface over HTTPs
•FIPS-compliant appliance designed for high availability
•Hot pluggable and swappable into operating networks
2.1 Front panel
The front panel provides 2 system buttons (Power & Reset) and 3 LED indicators (System power, System
hard drive disk activity, Service ID).
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 9 / 47
2.2 Rear panel
The rear panel provides:
•3 LAN ports
oLAN 1
oLAN 2
oLAN M
•2 USB 3.0 double stack Type A
•1 VGA port and 1 DB-9 COM-port.
For Quantis Appliance, please use only the LAN 1 and 2 ports, and the COM port.
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 10 / 47
2.3 Configuration Interface
The configuration of the system is done through a Command Line Interface (CLI). It uses the serial COM
port of the appliance. Use the provided USB to Serial COM port and connect to your computer.
2.4 Random numbers interface
The random numbers are available on the LAN1 interface. For this connect the provided Ethernet cable
to your LAN.
3Getting Started
3.1 Installation
3.1.1 Physical Installation
In order to install the Quantis Appliance, please perform the following steps:
1) Plug the power cable in the Power supply socket.
2) Plug the Ethernet cable in the Ethernet slot LAN1.
3) Connect the USB to Serial converter in the COM port for configuration.
4) Turn on the QA using the button in the front panel.
The appliance takes around 1 minute to boot.
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 11 / 47
3.1.2 Computer configuration
On your computer connect the USB to Serial cable to an available USB port.
Use a Serial terminal software for instance:
•On Linux: Putty, Minicom, MobaXterm
•On Windows: Putty, Teraterm, MobaXterm
Then configure the serial port with the next settings:
•Serial port baud rate: 115200
•no parity, 8 data-bits, one stop-bit
Open the connection and press RETURN and the login should be printed:
___ ____ ___ _ _
|_ _| _ \ / _ \ _ _ __ _ _ __ | |_(_) __ _ _ _ ___
| || | | | | | | | | |/ _` | '_ \| __| |/ _` | | | |/ _ \
| || |_| | |_| | |_| | (_| | | | | |_| | (_| | |_| | __/
|___|____/ \__\_\\__,_|\__,_|_| |_|\__|_|\__, |\__,_|\___|
|_|
qa login:
3.1.3 CLI configuration
Then log in with the factory default credentials:
Username: cliUser
Password: cliUser
qa login: cliUser
Password:
Last login: Fri Jul 21 16:48:18 on tty1
=======================================
* *
* ~~ Quantis Appliance CLI ~~ *
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 12 / 47
* *
=======================================
Welcome to Quantis Appliance CLI
qa-cli>
If the login success the CLI print the next command invit: qa-cli>
The CLI is easy to use because it contains almost all the standards functions of a command line:
•Auto-completion of commands and arguments by typing: Tab
•History of the commands by typing: ↑
•A specific help for each command with examples by typing: help
Then Type help to show the list of the available commands:
qa-cli>help
Usage: help <command>
where <command> is one of:
cert-export (Exports the QA certificate on an USB stick)
cert-import (Imports a certificate signed by an external CA)
cert-new (Create a new certificate)
cert-show (Shows the actual certificate)
clear (Clears the console)
date (Displays or sets the local date and time)
debug false (Disable debug mode)
debug true (Enable debug mode)
exit (Exits the shell)
firmware-info (Shows information on the appliance)
firmware-update update (Apply an update)
help (List all commands usage)
hostname (Get or set the hostname)
keep-alive (Configure Hot Standby)
list-usb (Lists the usb key contents)
monitor-log (Monitor the log output)
nic (Specify an ipv4 address)
ping (Ping an IP address)
pwd (Allows the user to change the CLI Password)
reboot (Reboot the system)
shutdown (Shutdown the system)
system-info (Shows information on the appliance)
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 13 / 47
To get a command specific help type: help command
For instance, for the ping command type:
qa-cli>help ping
COMMAND
ping <options...> - Ping an IP address
OPTIONS
--addr <IPV4> (Mandatory) - Specify the IP address to ping
--count <INT> (Default: 1) - Specify the number of requests
EXAMPLES
ping --addr 127.0.0.1
ping --addr 192.164.2.3 --count 10
3.2 Quick start
3.2.1 Change default password
For security reasons, it’s recommended to change the default password:
Type pwd to change the password
qa-cli>pwd
Enter the new password: *******
Enter the new password once again: *******
Password correctly set
3.2.2 Setup date
Make sure the date is up to date:
Type date to get the current date and time.
qa-cli>date
Tuesday, July 25, 2017 12:40:31 PM CEST
If required, it is possible to change the date and time using this command:
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 14 / 47
qa-cli>date --set '2017-07-26 16:13:00'
Wed Jul 26 16:13:00 CEST 2017
3.2.3 Setup Network interface
The factory default configuration is:
•Network interface LAN1
•IPv4: 10.17.17.1
•Netmask: 255.255.255.0
•Gateway: 0.0.0.0
•Network interface LAN2
•IPv4: 10.17.17.101
•Netmask: 255.255.255.0
•Gateway: 0.0.0.0
This configuration should be changed to match the production LAN, in particularly new IP addresses
should be specified and separate subnets for each ethernet port should be used, if more than one
ethernet port is used in the deployment.
To change the network configuration type:
qa-cli>nic –-id 1 –-addr 10.17.17.10/8 –-gateway 10.0.0.1
Address changed
Gateway changed
********************
GENERAL.DEVICE: eno1
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 0C:C4:7A:95:88:AC
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: System eno1
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/ActiveConnection/10
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 15 / 47
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 10.17.17.10/8
IP4.GATEWAY: 10.0.0.1
IP4.DNS[1]: 10.0.0.1
IP6.ADDRESS[1]: fe80::ec4:7aff:fe95:88ac/64
IP6.GATEWAY:
********************
GENERAL.DEVICE: eno2
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 0C:C4:7A:95:88:AD
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: System eno2
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/ActiveConnection/11
WIRED-PROPERTIES.CARRIER: off
IP4.ADDRESS[1]: 10.17.17.101/8
IP4.GATEWAY: 10.0.0.1
IP4.DNS[1]: 10.0.0.1
IP6.ADDRESS[1]: fe80::ec4:7aff:fe95:88ad/64
IP6.GATEWAY:
********************
Warning: although the IP addresses have been setup on the same subnet in this example, this should
not be done on a production LAN. The Quantis Appliance has two ethernet ports, if both are to be used,
then the first ethernet port should be on a different subnet from the second ethernet port. It is
important to do this because this gives the user assurance of the route that traffic takes through the
network hardware, which otherwise could be inconsistent.
3.2.4 Setup hostname
The factory default hostname is qa2-proto1.localdomain
To change the hostname, type:
qa-cli>hostname –-name myhostname
Hostname correctly changed to 'myhostname'
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 16 / 47
3.2.5 Regenerate a new SSL certificate
An SSL Certificate must be generated if the date or the hostname is modified. In order to regenerate a
new certificate, the following command is used.
qa-cli>cert-new --self-signed yes
Name: (10.17.17.11) [return]
Country: (CH) [return]
State: (Geneva) [return]
City: (Geneva City) [return]
Organization: (ID Quantique)[return]
Organization Unit: (RNG) [return]
Validity days: (365) [return]
Could you please confirm:
Name: 10.17.17.11
Country: CH
State: Geneva
City: Geneva City
Organization: Id Quantique
Organization Unit: RNG
Email: [email protected]
Validity days: 365
Self-Signed: yes
Do you agree? (yes or no) yes
Generating a 2048 bit RSA private key
-----
Signature ok
3.2.6 Check the generated certificate
Optionally you can verify the content of the certificate. For this use the cert-show command.
qa-cli>cert-show
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 13755274384353211908 (0xbee48d2c8b673604)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CH, L=Geneva City, ST=Geneva, O=Id Quantique, OU=RNG,
CN=10.17.17.11/[email protected]
Validity
Not Before: Jul 26 14:17:45 2017 GMT
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 17 / 47
Not After : Jul 26 14:17:45 2018 GMT
Subject: C=CH, L=Geneva City, ST=Geneva, O=Id Quantique, OU=RNG,
CN=10.17.17.11/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:35:a2:da:37:7d:f9:a2:b8:e9:09:15:fe:d5:
87:a7:d5:79:13:17:10:2b:7a:9f:48:1a:18:22:59:
10:2f:bd:7e:35:ff:a4:8e:bc:37:70:75:8f:b4:02:
4e:a0:fd:9b:1b:19:99:98:70:33:e0:8e:4e:73:d6:
bb:a4:cd:0c:ef:27:31:30:b1:82:44:39:bf:64:38:
5e:7b:ce:fe:94:f2:50:34:97:46:68:5e:be:f1:57:
5c:7d:57:e1:d7:b2:bc:0d:ed:b6:6f:05:67:77:51:
65:5f:95:d8:9c:b7:29:cf:88:63:19:a5:5d:b9:2e:
cf:a8:d7:f5:b6:16:78:90:b1:2f:62:a8:1f:f8:58:
41:ca:54:6d:8b:9d:9e:3a:b0:23:81:a7:20:1b:9a:
7b:50:10:66:5c:15:fe:af:1a:0d:bc:6f:ea:eb:8f:
47:e4:87:dd:6c:d6:27:f8:b9:4e:35:82:48:00:94:
7d:39:9b:a9:5d:90:a3:d8:fe:76:4a:b3:2c:af:b5:
75:1f:3d:47:aa:6f:f4:33:f3:14:97:85:84:cd:4f:
84:f4:33:22:e8:60:14:ed:51:80:1d:89:7a:15:80:
06:c3:5b:1a:b9:d0:67:7a:40:be:32:8f:a3:0f:a0:
6c:5c:6e:c2:c1:9a:59:65:98:ba:2c:b1:38:57:ec:
10:d5
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
03:32:4d:dc:bd:6f:ff:af:4d:d6:83:d4:c7:d7:58:2d:b9:99:
3b:f0:67:97:10:2d:3d:0b:1c:35:bf:98:12:fe:f6:80:19:22:
ea:b4:66:8e:1e:4e:74:ea:81:a4:d0:d9:97:c1:b4:7a:9a:3f:
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 18 / 47
e1:6a:9f:95:ed:a8:7b:cd:40:42:9e:b4:71:ed:f0:a6:3f:06:
4a:a4:40:8f:be:b7:4a:e5:63:f8:4b:01:99:19:15:47:bd:6d:
2c:d7:76:bf:68:fc:4c:d2:c6:48:fe:d2:c3:e7:af:99:7c:f0:
34:32:ea:ee:69:a9:00:47:c7:a0:86:6f:25:2c:a5:23:62:5b:
33:c6:8a:b6:4f:91:db:4a:4c:a0:cd:bc:a9:23:d9:d3:ec:5b:
03:09:17:f9:36:a6:7f:fb:ad:8a:5f:0a:a5:a6:da:c1:18:b8:
12:23:0b:aa:e1:76:12:35:64:dc:03:30:98:76:56:81:64:f9:
55:7f:c0:0c:87:ce:fc:54:12:58:89:2e:51:e0:36:5b:cb:46:
5c:a7:cd:0f:93:e7:55:9b:c7:60:7b:d3:66:60:29:96:b1:f5:
c7:cd:6c:32:85:15:cd:ec:23:9b:82:40:63:10:2c:98:2d:d9:
5c:1f:cd:19:90:c7:5b:0c:ff:1f:45:29:1d:72:0f:db:cf:8f:
b6:92:fa:68
After this quick configuration, the appliance is ready for operations.
3.3 Retrieving Random numbers
To operate the system the appliance must be up and connected to the LAN1 or LAN2 port.
Random bytes can be retrieved from the Quantis Appliance using HTTPS protocol.
Port 80 of the HTTP protocol can be used but it is redirected to the HTTPS port (443).
There are 3 main ways to get query the Quantis appliance, either by:
•Using the built-in webserver
•Using REST API with JSON query in a web browser
•Using REST API with JSON query in Linux curl command
3.3.1 Built-in Webserver
Using a web browser (Firefox or Chrome supported) type the IP address of the appliance as defined in
the configuration.
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 19 / 47
The Web Quantis application allows to generate:
•random bytes displayed as binary or hexadecimal numbers
•random numbers in different data types with optional scaling (between min inclusive, and max
exclusive):
oShort
oInteger
oFloat (without scaling, the outputted numbers are between 0 and 1)
oDouble (without scaling, the outputted numbers are between 0 and 1)
•a binary random number file, ready to download.
3.3.2 JSON query using web browser
A web browser can be used to retrieve random numbers from the server through JSON HTTPS query.
The server exposes a REST API described in details in the swagger UI file.
Quantis Appliance User Manual
Document version : 2.13
Distribution : Confidential Date : 06.08.2020
Page: 20 / 47
Example of command for HTTPS protocols can be found below:
https://IpAddress/api/2.0/int?min=1&max=50&quantity=10
3.3.3 JSON query using Linux curl
In a Linux terminal, random numbers can be retrieved through a curl command.
$ curl -k 'https://IpAddress/api/2.0/int?min=1&max=50&quantity=10'
[2,37,4,17,30,17,23,34,43,8]
Table of contents
Popular Firewall manuals by other brands
One Identity
One Identity Safeguard 2000 Setup guide
Forcepoint
Forcepoint V5000 G4 quick start guide
SonicWALL
SonicWALL TZ 100 / 200 quick start guide
Draytek
Draytek Vigor2930 Series quick start guide
Ruijie Networks
Ruijie Networks RG-WALL1600-S3600 Hardware installation and reference guide
Fortinet
Fortinet FortiGate-7030E System guide
