How can MetaDefender Kiosk and Managed File Transfer (formerly Vault) be configured to work with an Arbit Data Diode?

This article describes how to deploy MetaDefender Kiosk, an Arbit data diode, and a MetaDefender Managed File Transfer server for the following use case:

1. Portable media is scanned by MetaDefender Kiosk.
2. Clean files are passed through an Arbit data diode to a Managed File Transfer server.
3. User downloads files from the MFT server.

System Deployment

Do the following before configuring the individual systems:

1. Install MetaDefender Kiosk with MetaDefender Core on the low side network.

2. Install the Arbit data diode with the receiving side in the low side network and the transmitting side on the high side network.

   1. Assign a static IP address to the low side.
   2. Assign a static IP address to the high side.

3. Install the MFT server on the high side network.

   1. Assign a static IP address.

MFT Server Configuration

1. Create the user accounts on the MFT server.

   1. Note the account that should be used as the 'from' account for files coming from MetaDefender Kiosk.

2. Generate the authorization token.

Arbit Data Diode Configuration

1. Define the URL list on the high side of the data diode to include the MFT server.
   1. URL list includes http://:8000/Vault_rest/file

MetaDefender Configuration

1. Configure the appropriate MetaDefender Kiosk workflow profile to enable Copy To MFT in the post-action.

2. Put in the URL of the data diode low-side receiver.

   1. http://<diode low-side IP address>:8080/pitcherrestapi/transfer/<URL List>

3. Enter the authorization token generated by the MFT server.

4. Enter the Sender MFT account that was created on the MFT server.