We translate security requirements into a concrete, deployable architecture — including data diodes, CDR, and protocol handling.
Good security architecture is specific. A data diode in the wrong place, or without the right proxy configuration, does not provide the protection it promises. We design airgap and CDR solutions that fit your actual network — not a generic reference architecture.
Design typically follows a consultancy engagement where requirements have been defined. We take those requirements and turn them into a detailed technical design: which products, where they go, how they connect, what protocols are handled, and how the solution integrates with your existing infrastructure.
The result is a design document your internal team can review, challenge, and approve — and that we or your own engineers can then build from.
We map the relevant parts of your network — source and destination zones, existing security boundaries, data flows that need to be controlled, and any OT/IT separation requirements. This forms the basis for all design decisions.
Based on throughput, protocol, form factor, and assurance requirements we select the right data diode or CDR product and specify exactly where it sits in the network. For data diodes this includes proxy selection and configuration. For CDR this includes file type coverage and workflow integration.
Data diodes require protocols to be converted from bidirectional to unidirectional. We design the proxy and protocol handling layer — covering common protocols such as syslog, OPC UA, MQTT, file transfer, and HTTP/S — and specify any custom adaptations needed for your environment.
Where CDR is part of the solution we design how MetaDefender integrates into the data flow — specifying scanning policies, file type handling, sanitisation rules, and what happens to files that cannot be cleaned. CDR and data diodes are complementary: the diode enforces direction, CDR ensures content safety.
We document how the design addresses your specific compliance requirements — whether that is IEC 62443, NIS2, national classification standards, or internal security policy. This documentation supports internal sign-off and external audit.
A written design document covering network topology, product selection, placement, and integration — clear enough for internal review and external audit.
Logical and physical network diagrams showing data flows, security boundaries, and product placement.
A complete list of hardware and software components needed to build the solution, with specifications.
Step-by-step instructions for implementing the design — usable by your own team or as input for our deployment service.
Start with a consultancy engagement or come to us with requirements already defined. Either way we can help.
Get in touch →