Keysight Technologies S5040A User manual
Security Manual
Keysight S5040A
Open RAN Studio
Player and Capture Appliance
Notices
© Keysight Technologies 2021
No part of this manual may be reproduced
in any form or by any means (including
electronic storage and retrieval or transla-
tion into a foreign language) without prior
agreement and written consent from
Keysight Technologies as governed by
United States and international copyright
laws.
Manual Part Number
9921-01541.EN
Edition
Edition 1.0, April 2021
Available in electronic format only
Published by:
Keysight Technologies, 1900 Garden of the
Gods Rd, Colorado Springs, CO 80907,
United States
Technology Licenses
The hardware and/or software described in
this document are furnished under a
license and may be used or copied only in
accordance with the terms of such license.
U.S. Government Rights
The Software is “commercial computer
software,” as defined by Federal Acquisition
Regulation (“FAR”) 2.101. Pursuant to FAR
12.212 and 27.405-3 and Department of
Defense FAR Supplement
(“DFARS”) 227.7202, the U.S. government
acquires commercial computer software
under the same terms by which the
software is customarily provided to the
public. Accordingly, Keysight provides the
Software to U.S. government customers
under its standard commercial license,
which is embodied in its End User License
Agreement (EULA), a copy of which can
be found at:
http://www.keysight.com/find/sweula.
The license set forth in the EULA represents
the exclusive authority by which the U.S.
government may use, modify, distribute, or
disclose the Software. The EULA and the
license set forth therein, does not require
or permit, among other things, that
Keysight: (1) Furnish technical information
related to commercial computer software
or commercial computer software
documentation that is not customarily
provided to the public; or (2) Relinquish to,
or otherwise provide, the government
rights in excess of these rights customarily
provided to the public to use, modify,
reproduce, release, perform, display, or
disclose commercial computer software or
commercial computer software documen-
tation. No additional government require-
ments beyond those set forth in the EULA
shall apply, except to the extent that those
terms, rights, or licenses are explicitly
required from all providers of commercial
computer software pursuant to the FAR and
the DFARS and are set forth specifically in
writing elsewhere in the EULA. Keysight
shall be under no obligation to update,
revise or otherwise modify the Software.
With respect to any technical data as
defined by FAR 2.101, pursuant to FAR
12.211 and 27.404.2 and DFARS 227.7102,
the U.S. government acquires no greater
than Limited Rights as defined in FAR
27.401 or DFAR 227.7103-5 (c), as
applicable in any technical data.
Warranty
THE MATERIAL CONTAINED IN THIS
DOCUMENT IS PROVIDED "AS IS," AND IS
SUBJECT TO BEING CHANGED, WITHOUT
NOTICE, IN FUTURE EDITIONS. FURTHER,
TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW, KEYSIGHT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR
IMPLIED WITH REGARD TO THIS MANUAL
AND ANY INFORMATION CONTAINED
HEREIN, INCLUDING BUT NOT LIMITED TO
THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. KEYSIGHT SHALL
NOT BE LIABLE FOR ERRORS OR FOR
INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE
FURNISHING, USE, OR PERFORMANCE OF
THIS DOCUMENT OR ANY INFORMATION
CONTAINED HEREIN. SHOULD KEYSIGHT
AND THE USER HAVE A SEPARATE
WRITTEN AGREEMENT WITH WARRANTY
TERMS COVERING THE MATERIAL IN THIS
DOCUMENT THAT CONFLICT WITH THESE
TERMS, THE WARRANTY TERMS IN THE
SEPARATE AGREEMENT WILL CONTROL.
Safety Notices
CAUTION
A CAUTION notice denotes a hazard.
It calls attention to an operating
procedure, practice, or the like that,
if not correctly performed or adhered
to, could result in damage to the
product or loss of important data.
Do not proceed beyond a CAUTION
notice until the indicated conditions
are fully understood and met.
WARNING
A WARNING notice denotes a hazard.
It calls attention to an operating
procedure, practice, or the like that,
if not correctly performed or adhered
to, could result in personal injury or
death. Do not proceed beyond a
WARNING notice until the indicated
conditions are fully understood and
met.
2 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual 3
Safety Summary
This product has been designed and tested in accordance with accepted industry
standards, and has been supplied in a safe condition. The documentation contains
information and warnings that must be followed by the user to ensure safe operation and
to maintain the product in a safe condition.
The following general safety precautions must be observed during all phases of operation
of this instrument. Failure to comply with these precautions or with specific warnings or
operating instructions in the product manuals violates safety standards of design,
manufacture, and intended use of the instrument. Keysight Technologies assumes no
liability for the customer's failure to comply with these requirements. Product manuals
are provided on the Web. Go to www.keysight.com and type in your product number in
the Search field at the top of the page.
Safety symbols & Instrument markings
Instrument Marking Description
The instruction manual symbol. The product is marked with this warning symbol when it
is necessary for the user to refer to the instructions in the manual.
Standby supply. Unit is not completely disconnected from AC mains when switch is
off.
The CE mark is a registered trademark of the European Community.
The CSA mark with the 'c' and 'us' subscript indicates the instrument is certified to the
applicable Canadian and United States of America standards respectively.
The RCM mark is a registered trademark of the Australian Communications and Media
Authority
The KC mark is the Korean certification mark. This equipment is Class A suitable for
professional use and is for use in electromagnetic environments outside of the home.
Attach ESD protective wrist strap to avoid damage by direct contact with the equipment.
4 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
China Restricted Substance Product Label. The EPUP (environmental protection use
period) number in the center indicates the time period during which no hazardous
or toxic substances or elements are expected to leak or deteriorate during normal
use and generally reflects the expected useful life of the product.
Hot surface. The metallic panels may get warm after powering on the equipment.
Caution, risk of electric shock. After disconnection from mains allow internal capacitors
to fully discharge.
Symbol 7, the frame or chassis terminal.
NOTE
The QSFP communication cables (or any other with potential laser
energy) are not sold as part of the equipment and as such the unit
has no laser safety classification. The QSFP communication
cables used must be compliant with the requirements of the
authorities having jurisdiction where the equipment is used.
Instrument Marking Description
Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual 5
Compliance and Environmental Information
Table 1 Compliance and Environmental Information
Declaration of Conformity
Declarations of Conformity for this product and for the Keysight products may be
downloaded from the Web. Go to http://www.keysight.com/go/conformity.
You can then search by product number to find the latest Declaration of Conformity.
Safety Symbol Description
This product complies with WEEE Directive (2002/96/EC) marking requirements.
The affixed label indicates that you must not discard this electrical/electronic
product in domestic household waste.
Product Category: With reference to the equipment types in WEEE Directive Annex I,
this product is classed as a “Monitoring and Control instrumentation” product.
Do not dispose in domestic household waste.
To return unwanted products, contact your local Keysight office, or see
http://about.keysight.com/en/companyinfo/environment/takeback.shtml for more
information.
6 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
Warranty
This Keysight technologies instrument product is warranted against defects in material
and workmanship for a period of one year from the date of shipment. During the warranty
period, Keysight Technologies will, at its option, either repair or replace products that
prove to be defective. For warranty service or repair, this product must be returned to a
service facility designated by Keysight Technologies. Buyer shall prepay shipping charges
to Keysight Technologies, and Keysight Technologies shall pay shipping charges to return
the product to Buyer. For products returned to Keysight Technologies from another
country, Buyer shall pay all shipping charges, duties, and taxes.
Where to Find the Latest Information
Documentation is updated periodically. For the latest information about these products,
including instrument software upgrades, application information, and product
information, see the following URLs:
http://www.keysight.com/find/S5040A
http://www.keysight.com/find/U5040B
To receive the latest updates by email, subscribe to Keysight Email Updates:
http://www.keysight.com/find/MyKeysight
Is your product software up-to-date?
Periodically, Keysight releases software updates to fix known defects and incorporate
product enhancements. To search for software updates for your product, go to the
Keysight Technical Support website at:
http://www.keysight.com/find/techsupport
Contacting Keysight Sales and Service Offices
Assistance with test and measurement needs, and information on finding a local Keysight
office, is available on the Internet at: http://www.keysight.com/find/assist.
If you do not have access to the Internet, please contact your field engineer.
NOTE
In any correspondence or telephone conversation, refer to the
instrument by its model number and full serial number. With this
information, the Keysight representative can determine whether your
unit is still within its warranty period.
Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual 7
Products covered by this document
This document describes instrument security features and the steps to declassify an
instrument through memory clearing, sanitization or removal.
For additional information, go to: http://www.keysight.com/find/security.
Security terms and definitions
CAUTION
Make sure that all information, which you store in the instrument
that must be saved, is properly backed up before attempting to
clear any of the instrument memory. Keysight Technologies cannot
be held responsible for any lost files or data resulting from the
clearing of memory. Be sure to read this document entirely before
proceeding with any file deletion or memory clearing.
Term Definition
Clearing As defined in Section 8-301a of DoD 5220.22-M, clearing is the process of
eradicating the data on media before reusing the media so that the data can no
longer be retrieved using the standard interfaces on the instrument. Clearing is
typically used when the instrument is to remain in an environment with an
acceptable level of protection.
Instrument Declassification A term that refers to procedures that must be undertaken before an instrument can
be removed from a secure environment, such as is the case when the instrument is
returned for calibration. Declassification procedures include memory sanitization or
memory removal, or both. Keysight declassification procedures are designed to meet
the requirements specified in DoD 5220.22-M, Chapter 8.
Sanitization As defined in Section 8-301b of DoD 5220.22-M, sanitization is the process of
removing or eradicating stored data so that the data cannot be recovered using any
known technology. Instrument sanitization is typically required when an instrument
is moved from a secure to a non-secure environment, such as when it is returned to
the factory for calibration.
Keysight memory sanitization procedures are designed for customers who need to
meet the requirements specified by the US Defense Security Service (DSS). These
requirements are specified in the “Clearing and Sanitization Matrix” in Section
5.2.5.5.5 of the ISFO Process Manual.
Secure Erase Secure Erase is a term that is used to refer to either the clearing or sanitization
features of Keysight instruments.
8 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual 9
Contents
Safety Summary 3
Compliance and Environmental Information 5
Declaration of Conformity 5
Warranty 6
Products covered by this document 7
1 Security Guidelines for Keysight S5040A Appliance
Instrument Memory 12
FPGA Configuration EEPROM 12
FPGA Memory 13
SDRAM 14
DDR Random Access Memory 15
Solid State Hard Drive (SSD) 15
Procedure for Declassifying a Faulty Instrument 16
Memory Clearing, Sanitization, & Removal Procedures 16
User and Remote Interface Security Measures 18
Operating System Security Features 18
USB Interfaces 18
References 21
10 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
Contents
12 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
1 Security Guidelines for Keysight S5040A Appliance
Section 1.1: Instrument Memory
This section contains information on the types of memory available in your
instruments. It explains the size of memory, how it is used, its location,
volatility, and the sanitization procedure.
The memory within the S5040A Appliance are classified below.
1.1.1: FPGA Configuration EEPROM
Memory Characteristic Description
Memory Size 1 Gbits
User-accessible as a
mass storage device?
No
Writable During Normal
Operation?
No
User data stored in
device?
No
Data Retained When
Powered Off?
Yes
Purpose/ Contents Stores:
•Licensing information
•Model number
•Serial number
•Board serial information
Storage remarks Does not contain user data.
Data Input Method Programmed before installation or by firmware updates.
Location in Instrument Main Board.
Memory clearing Since this memory does not contain user information, it need not be
cleared.
Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual 13
Security Guidelines for Keysight S5040A Appliance 1
1.1.2: FPGA Memory
The S5040A Appliance supports the following FPGA type:
• XCVU9P-L2FLGB2104E (Xilinx Virtex®UltraScale+TM VU9P)
Memory sanitization This memory does not contain user-accessible information,
therefore sanitization is not applicable, and there is no provision for
sanitizing this memory.
Memory removal This memory is not accessible to the instrument user and therefore
need not be cleared or sanitized.
Memory validation Not required.
Memory Characteristic Description
Memory Characteristic Description
Memory Size •Total Block RAM — 75.9 Mbits
•Ultra RAM — 270 Mbits
User-accessible as a
mass storage device?
No
Writable During Normal
Operation?
Yes
User data stored in
device?
Yes
Data Retained When
Powered Off?
No
Purpose/ Contents Stores:
•Firmware image in the Static region
•Intelligent / User-Programmed data in the Sandbox region
Storage remarks User data stored and accessible until Appliance is powered off.
Data Input Method FPGA programmable interface or API.
Location in Instrument FPGA Sandbox region.
Memory clearing Shut down the Appliance to clear the firmware information from the
Static region and user data from Sandbox region.
14 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
1 Security Guidelines for Keysight S5040A Appliance
1.1.3: SDRAM
Memory sanitization •The Static memory does not contain user information.
Therefore, sanitization is not applicable, and there is no
provision for sanitizing this memory.
•The Sandbox memory contains user data, which is cleared when
Appliance is powered off; thereby, completing the memory
sanitization process.
Memory removal This memory is not accessible to the instrument user. Any user data
in the configurable region is cleared when Appliance is powered off.
Memory validation Not required.
Memory Characteristic Description
Memory Characteristic Description
Memory Size 16 GBytes
User-accessible as a
mass storage device?
No
Writable During Normal
Operation?
Yes
User data stored in
device?
Yes
Data Retained When
Powered Off?
No
Purpose/ Contents Stores I/O data and associated information
Storage remarks I/O data stored and accessible until Appliance is powered off
Data Input Method Read/Write API functions
Location in Instrument Motherboard
Memory clearing Power down the Appliance to clear information on the Volatile RAM
Memory sanitization Power down the Appliance to clear information on the Volatile RAM
Memory removal This memory is not accessible to the instrument user. Any I/O data
in the Volatile memory is cleared when Appliance is powered off.
Memory validation Not required
Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual 15
Security Guidelines for Keysight S5040A Appliance 1
1.1.4: DDR Random Access Memory
1.1.5: Solid State Hard Drive (SSD)
Memory Characteristic Description
Memory Size 10 GBytes
User-accessible as a
mass storage device?
No
Writable During Normal
Operation?
Yes
User data stored in
device?
Yes
Data Retained When
Powered Off?
No
Purpose/ Contents Stores I/O data and associated information
Storage remarks I/O data stored and accessible until Appliance is powered off
Data Input Method Read/Write API functions
Location in Instrument Acquisition Board
Memory clearing Power down the Appliance to clear information on the Volatile RAM
Memory sanitization Power down the Appliance to clear information on the Volatile RAM
Memory removal This memory is not accessible to the instrument user. Any I/O data
in the Volatile memory is cleared when Appliance is powered off.
Memory validation Not required
Memory Characteristic Description
Memory Size 480 GBytes
User-accessible as a
mass storage device?
Yes
Writable During Normal
Operation?
Yes
16 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
1 Security Guidelines for Keysight S5040A Appliance
1.1.6: Procedure for Declassifying a Faulty Instrument
If the instrument is not functioning and you are unable to use the security
functions, you must physically remove the solid state drive, if present, from
the instrument. The declassification procedure declassifies all RAM on the
motherboard, which is cleared when power is cycled.
1.1.7: Memory Clearing, Sanitization, & Removal Procedures
Follow these steps to declassify the S5040A Open RAN Studio Player and
Capture Appliance.
1 To clear all volatile RAM memory, cycle power on the Appliance.
2 To ensure a generic setup in the non-volatile SSD, go to Instrument
Image Recovery System and choose option 2 “Recover the original
factory system image.” from the main menu.
User data stored in
device?
Yes
Data Retained When
Powered Off?
Yes
Purpose/ Contents Storage device for application data, operating system, option
license keys, and other applications.
Storage remarks I/O data stored and saved even after Appliance is powered off.
Accessible only when device is on.
Data Input Method Read/Write API functions.
Location in Instrument Connected via SATA cable to motherboard.
Memory clearing Remove hard drive; replace with a sanitized hard drive.
Memory sanitization Remove hard drive; replace with a sanitized hard drive.
Memory removal Loosen the screws on the back panel. Pull out to remove the hard
drive.
Memory validation The hard disk drive contains the Windows 10 operating system
along with pre-installed O-RAN testing and validation software.
Memory Characteristic Description
Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual 17
Security Guidelines for Keysight S5040A Appliance 1
3 Remove the SSD from the instrument completely, and replace it with a
Removable SSD that has no security issues. (For details about the
SSD, refer to its data sheet.)
18 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
1 Security Guidelines for Keysight S5040A Appliance
Section 1.2: User and Remote Interface Security Measures
This section describes options you can use to control and configure remote
access to the instrument, including operating system security features and
USB interfaces.
1.2.1: Operating System Security Features
The instrument’s Windows 10 operating system includes features you can
invoke or modify to enhance system security.
• The instruments provide the ability to create custom user accounts, and
assign different security levels to each account by adding it to an
existing group. The group types predefined by Windows are:
Administrator, Power User, User, Backup Operator, and Guest, but you
can also define new group types.
• The instruments have the standard Windows Firewall enabled by
default to provide more protection for instruments that have a network
(or internet) connection.
• The instruments provide the ability to install standard third-party
antivirus and spyware detection software designed for use with
Windows. If your instrument uses a network (or internet) connection,
using this software is advisable.
1.2.2: USB Interfaces
The instrument’s Microsoft Windows operating system can be configured
to improve the security of the USB interfaces.
Disabling or Enabling AutoRun/AutoPlay
AutoRun and AutoPlay are Windows features that help you select
appropriate actions when new media and devices are detected. AutoRun is
disabled in the instrument by default, for improved security, unless the
Administrator account is running. (In Administrator mode, AutoRun is
enabled, to aid with program installation.)
You can change the AutoRun configuration by editing the value of one of
two Windows Registry keys. The Windows Registry is a database that
stores critical configuration information for the instrument’s operating
system.
Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual 19
Security Guidelines for Keysight S5040A Appliance 1
Register Key Definitions
AutoRun can be configured per-machine or per-user.
The Registry key that controls the per-machine AutoRun settings is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
The Registry key that controls the per-user AutoRun settings is:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\Explorer\NoDriveTypeAutoRun
The following section uses the industry-standard abbreviation HKLM for the
root key HKEY_LOCAL_MACHINE, and the industry-standard abbreviation
HKCU for the root key HKEY_CURRENT_USER.
The DWORD value of either of these entries represents a set of single-bit
flags. Each flag specifies the AutoRun setting for a specific drive type.
Setting a bit flag to 1 disables AutoRun for that drive type.
You can disable AutoRun for all drive types by changing the value to 0xFF,
as described in the following section.
Disable & Enable Procedure
Due to the interaction between the per-machine and per-user Registry
settings, it is recommended that, if both keys exist in your instrument’s
Registry, you should alter the settings of both Registry keys to the same
value at the same time.
CAUTION
Exercise extreme caution whenever you edit the Windows Registry.
Entering an incorrect Registry value, or accidentally deleting Registry
keys, may have serious consequences that can prevent the system from
starting, or require that you reinstall Windows. The instructions in the
“Disable & Enable Procedure” section assume you are familiar with the
use of the Windows Registry Editor to modify Registry settings.
NOTE
If the per-machine Registry key is present, its settings override those of
the per-user Registry key.
20 Keysight S5040A Open RAN Studio Player and Capture Appliance Security Manual
1 Security Guidelines for Keysight S5040A Appliance
Use the following procedure to disable AutoRun for all drive types, or to
revert all AutoRun settings to their Windows default values.
1 Open the Windows Registry editor by clicking the Windows Start icon,
typing regedit.exe into the Search box, and pressing [Enter]. The
Registry Editor window appears.
2 Using the tree view control on the left side of the window, navigate to
the per-machine (HKLM) key:
HKLM\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer
3 To disable AutoRun for all drive types, set the value of entry
NoDriveTypeAutoRun to 0xFF. If the entry does not exist, you can
create it by right-clicking and entering NoDriveTypeAutoRun.
To revert AutoRun settings to the Windows default values, set the value
of entry NoDriveTypeAutoRun to 0x91.
4 Use the tree view control to navigate to the per-user (HKCU) key:
HKCU\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer
5Todisable AutoRun for all drive types, set the value of entry
NoDriveTypeAutoRun to 0xFF.
To revert AutoRun settings to the Windows default values, set the value
of entry NoDriveTypeAutoRun to 0x91.
6 From the Registry Editor menu, select File > Exit to save the settings
and exit the editor.
7 Shut down and restart the instrument to enable the new settings to
take effect.
More information
The following Wikipedia articles provide more information about AutoRun
and AutoPlay:
http://en.wikipedia.org/wiki/AutoRun
http://en.wikipedia.org/wiki/AutoPlay
Table of contents
