Nps 5 D66

ALL RIGHTS RESERVED. IT’S NOT ALLOW ANY REPRODUCTION OF THIS DOCUMENT WITHOUT WRITTEN AGREEMENT OF EPICOM,S.
ED2
EP2703830EZ01
ED.1
EP830E
EP2703830EZ01
CLASSIFICATION
USER GUIDE
SECURE MULTILEVEL SYSTEM
16/06/09
1/119
EDITIONS AND MODIFICATIONS
MODIFICATION PREPARED REMARK OF

ED. DATE (Show modified chapters or sections and a brief description) BY MODIFICATION
1 06/04/09 First Edition Eng. Dept. N/P
2 16/06/09 Changes Eng. Dept. --
ALL RIGHTS RESERVED. IT’S NOT ALLOW ANY REPRODUCTION OF THIS DOCUMENT WITHOUT WRITTEN AGREEMENT OF EPICOM,S.A
N/P = DO NOT PROCEED
EP2703830EZ01 16/06/09
ED2 2/119
INDEX
1. OBJECT ....................................................................................................................... 8
1.1. DOCUMENT CONTENT ..................................................................................................... 8
1.2. APPLICATION AREA ......................................................................................................... 8
2. APPLICABLE DOCUMENTS AND REGULATIONS .................................................... 9
2.1. GENERAL REFERENCES.................................................................................................. 9

2.2. SPECIFIC REFERENCES .................................................................................................. 9
3. SYSTEM DESCRIPTION ............................................................................................ 10
3.1. DESCRIPTION OF THE EP43 DEVICE .............................................................................12
3.2. EP43 MESSAGES.............................................................................................................14
3.3. PC DESCRIPTION ............................................................................................................18
3.4. SD’S GENERATION CENTRE...........................................................................................19
3.5. USER TYPES....................................................................................................................21
4. INSTALLATION.......................................................................................................... 25
4.1. UNPACKING .....................................................................................................................25
4.2. CONNECTION ..................................................................................................................26
4.3. MANAGEMENT BASIC RULES.........................................................................................27
4.3.1. First Installation .............................................................................................................27
4.3.1.1. Previous steps in the PC ...........................................................................................28
4.3.1.2. EP43 – SD Association .............................................................................................29
4.3.1.3. EP43-PC Association. Installation Procedure.............................................................31
4.3.1.4. Initial Authentication ..................................................................................................34
5. OPERATION............................................................................................................... 38
5.1. USUAL SYSTEM STARTUP..............................................................................................38
5.1.1. Hardware Inconsistencies ..............................................................................................43
5.2. SYSTEM CONTROL AND ADMINISTRATION OPERATIONS...........................................45
5.2.1. Add Machine (virtual machine).......................................................................................46
5.2.2. Resources Management ................................................................................................48
5.2.2.1. Memory Management................................................................................................48
5.2.2.2. Network Management ...............................................................................................52
EP2703830EZ01 16/06/09
ED2 3/119
5.2.2.3. Hard Disk Management.............................................................................................54
5.2.3. User Management .........................................................................................................68
5.2.4. Events 74
5.2.5. System 82
5.2.6. Authenticate/Unauthenticate User..................................................................................83
5.2.7. Turn Off .........................................................................................................................84
5.3. VIRTUAL MACHINE OPERATION.....................................................................................85

5.3.1. Machine Information ......................................................................................................87
5.3.2. Start Machine ................................................................................................................87
5.3.3. Stop Machine ................................................................................................................88
5.3.4. Pause Machine..............................................................................................................88
5.3.5. Machine Configuration...................................................................................................88
5.3.5.1. General Configuration ...............................................................................................89
5.3.5.2. Removable Devices ..................................................................................................92
5.3.6. Delete Machine..............................................................................................................95
5.3.7. In and out the virtual machines ......................................................................................96
6. ADMINISTRATION USER OPERATIONS .................................................................. 96

6.1. SET DATE AND HOUR .....................................................................................................97
6.2. RESTORE CONFIGURATION DEFAULT SETTINGS........................................................98
6.3. SYSTEM VERSION UPDATE..........................................................................................100
6.3.1. Firmware and Software update ....................................................................................101
6.3.2. EP43 Firmware update (only firmware) ........................................................................104
6.3.3. EP830E Software update (only software) .....................................................................107
6.4. TAMPER RECOVERY.....................................................................................................108
6.5. CORRECT EP43-PC DISASSOCIATION.........................................................................109
7. PERMISSIONS ......................................................................................................... 110

7.1. PERMISSIONS DEPENDING ON THE USER TYPE .......................................................110
7.2. RELATION AMONG PERMISSIONS AND DESCRIPTION ..............................................111
8. FUNTIONALITY INFORMATION .............................................................................. 115

8.1. AUDIO AND MICROPHONE............................................................................................115
8.2. CD/DVD MANAGEMENT.................................................................................................115
EP2703830EZ01 16/06/09
ED2 4/119
8.2.1. CD/DVD Management .................................................................................................115
8.2.2. CD Burning..................................................................................................................115
8.2.3. Multisession CDs.........................................................................................................116
8.3. MISCELLANEOUS ..........................................................................................................116
8.4. PC MODELS ...................................................................................................................116
8.5. USB STORAGE DEVICES MANAGEMENT.....................................................................117
8.6. BLUETOOTH...................................................................................................................117
9. TECHNICAL SPECIFICATIONS............................................................................... 118
9.1. PHYSICAL FEATURES ...................................................................................................118
9.2. DEVICE PROTECTIONS.................................................................................................119
EP2703830EZ01 16/06/09
ED2 5/119
FIGURE INDEX
Figure 1 – System Architecture.........................................................................................................11

Figure 2 – EP43 external elements. Top view ...................................................................................12
Figure 3 – Navigation Keyboard .......................................................................................................13
Figure 4 – EP43 external elements. Frontal View..............................................................................13
Figure 5 – EP43 external elements. Rear View.................................................................................14
Figure 6 – Display View....................................................................................................................15
Figure 7 – Package View..................................................................................................................26
Figure 8 – EP43 display Menu..........................................................................................................30
Figure 9 – Display after the start up sequence ..................................................................................33

Figure 10 – Main screen on the PC monitor......................................................................................33
Figure 11 – Identification window (User Name).................................................................................35
Figure 12 – Authentication window (Password).................................................................................35
Figure 13 – Hard Disk detected ........................................................................................................35
Figure 14 - Assign Name to the Hard Disk ........................................................................................36
Figure 15 –Multilevel System wallpaper............................................................................................39
Figure 16 – Identification window (user name) ..................................................................................40
Figure 17 – Authentication Window (Password) ................................................................................40
Figure 18 – Waiting for authentication from the EP830E ...................................................................41
Figure 19 – Control and Administration Screen.................................................................................42
Figure 20 – CDROM unit not detected ..............................................................................................43
Figure 21 – Hard Disk not detected ..................................................................................................44
Figure 22 – RAM memory modified ..................................................................................................44
Figure 23 – Virtual network not detected...........................................................................................44
Figure 24 – Add New Virtual Machine...............................................................................................46
Figure 25 - Colour selection..............................................................................................................47
Figure 26 – Memory resources management....................................................................................49
Figure 27 – EP43 external elements. Rear View...............................................................................52
Figure 28 – Network resources management....................................................................................53
Figure 29 – Hard Disk Resources Management................................................................................54
Figure 30 – Create New Partition......................................................................................................55
Figure 31 – Partition Information.......................................................................................................57
Figure 32 – Partition Export Configuration ........................................................................................58
Figure 33 – Partition Export Progress ...............................................................................................60
Figure 34 – Partition export completed .............................................................................................61
Figure 35 – Partition Import Configuration.........................................................................................62
Figure 36 – Partition Import Progress ...............................................................................................64
Figure 37 – Partition import completed .............................................................................................64
Figure 38 – Not enough space message...........................................................................................65
Figure 39 – Wrong partition size message ........................................................................................65
Figure 40 – Clean partition ...............................................................................................................67
Figure 41 – User Management .........................................................................................................68
EP2703830EZ01 16/06/09
ED2 6/119
Figure 42 – Add new user.................................................................................................................69
Figure 43 – Add a new user with EP830E authentication mode.........................................................69
Figure 44 – User Global Parameters.................................................................................................71
Figure 45 – Change authentication parameters window ....................................................................71
Figure 46 – Virtual machine permissions ..........................................................................................73
Figure 47 – Delete User ...................................................................................................................73
Figure 48 – Events ...........................................................................................................................78
Figure 49 – Event sending configuration...........................................................................................79
Figure 50 – Event Export completed.................................................................................................81
Figure 51 – Reaching event storage limit ..........................................................................................82
Figure 52 – Saving Events into the SD .............................................................................................82

Figure 53 – System Configuration.....................................................................................................83
Figure 54 – Confirm Unauthentication...............................................................................................84
Figure 55 – Stopped Virtual Machine................................................................................................85
Figure 56 – Non accessible virtual machine......................................................................................85
Figure 57 – Machine Information ......................................................................................................87
Figure 58 – Virtual machine configuration. General configuration section..........................................90
Figure 59 – Virtual Machine Configuration. Removable Devices Section............................................93
Figure 60 – Confirmation before saving changes ..............................................................................95
Figure 61 – Delete machine confirmation..........................................................................................95
Figure 62 – EP43 display menu........................................................................................................98
Figure 63 – EP43 display menu........................................................................................................99
Figure 64 – Software and Firmware version....................................................................................101
Figure 65 – EP43 display Menu......................................................................................................102
Figure 66 – EP43 display Menu......................................................................................................105
EP2703830EZ01 16/06/09
ED2 7/119
1. OBJECT
The Secure Multilevel System allows the coexistence of several applications

managing information with different levels of security classification in a single PC,
where several independent virtual machines are presented. In these virtual
machines, different Operating Systems and applications can be loaded.
The system guarantees the independency of the virtual machines and

prevents any information leakage. The user access to the system and to each
virtual machine is controlled as well.
1.1. DOCUMENT CONTENT
This document is the installation, configuration and operation guide of the

Secure Multilevel System EP830E.
Besides the description and definition of its technical and functional

characteristics, this user guide explains in a detailed way the steps to follow to a
correct installation of the system, basic rules to its management and the different
ways of operation.
Different system recovery processes are also described.
1.2. APPLICATION AREA
This user guide is addressed to every system user and describes the full
permission operation mode, including permissions related to the plain virtual
machine operation functionality as well as permissions related to administration
operations.
This user guide applies to the software version 81.89.90.75 of EP830E and
version 32.88 of EP43).
EP2703830EZ01 16/06/09
ED2 8/119
2. APPLICABLE DOCUMENTS AND REGULATIONS
2.1. GENERAL REFERENCES
Do Not Apply
2.2. SPECIFIC REFERENCES

Do Not Apply
EP2703830EZ01 16/06/09
ED2 9/119
3. SYSTEM DESCRIPTION
Secure Multilevel System EP830E consists of an application running in a PC

in collaboration with an external equipment named EP43.
The application is loaded from the EP43 as the PC boots and allows the
presentation of several virtual machines where the user may load standard
operating systems like Windows or Linux.
Each virtual machine has its hard disk or its own independent partition on the
hard disk. When the virtual machine is running, it uses the PC resources without
any information leakage from / to other virtual machines. The system works as if
there were several independent PCs and allows the connection of up to three
independent Ethernet networks.
Main functionalities that the system, and more concretely the EP43 device,
provides are:
· Installation and configuration of virtual machines in the PC.
· Control and audit functions over virtual machines installed in the

PC.
· Traffic distribution and classification from and towards the PC

through an internal switch.
· Storage of system secrets.
· Download of the virtualization software in the PC. This software

is encrypted and stored in a removable SD (Secure Digital)
memory. This SD memory is associated to an internal PUK
code, which is necessary to a correct installation of the system
and to the recovery of the equipment in case of blocking in a
TAMPER situation.
· The layout of the system elements is shown in the figure:
EP2703830EZ01 16/06/09
ED2 10/119
Figure 1 – System Architecture
The Multilevel System needs a SD memory, which must be inserted in the

EP43 SD card lector. The EP43 and the SD memory are associated in the first
installation of the system. The software of the system is loaded in the SD card
using the SD Generation Centre. An administrator of the Multilevel Network can
manage the SD card generation.
The multilevel System installation consists of a double association of the

EP43: an association between EP43 and the SD card and a second association
between EP43 and the PC to be used in the Multilevel System. At this installation
stage, both the PC and the virtual machine resources are configured so that the
operating systems determined by the user can be loaded1. This procedure is
described in chapter 4.3.1 First Installation.
The association or pairing set during the installation between the PC and the
EP43 implies that if the EP43 is replaced by another device during the start up
sequence, it will not be possible neither to access the disks of the virtual
1 It is out of the scope of this user guide to describe how to install the operating systems that the
user decides to load on each virtual machine.
EP2703830EZ01 16/06/09
ED2 11/119
machines nor to introduce any kind of software which could attempt against the
security of the system. However, it is possible to use the PC and load programs if
there is available space on the hard disk. The association between EP43 and SD
guarantees that it is not possible to start up the Multilevel System with an SD
belonging to another Multilevel System.
Depending on permissions given to an user of the Multilevel System, he or

she can manage different operations, such as administration operations (as, for
example, first installation and configuration of each virtual machine) and users
related operations (basically, use virtual machines once they have been already
configured).
This user guide describes the full permission operation mode.
REMARK
In order to use the EP830E Secure Multilevel System, user identification

and authentication is required, so that it is possible to block system access
when there is capture or non authorised use risk.
3.1. DESCRIPTION OF THE EP43 DEVICE
Externally, the EP43 device has the following elements on its top side:
Figure 2 – EP43 external elements. Top view
EP2703830EZ01 16/06/09
ED2 12/119
· Graphic monochrome display to inform permanently of device
status.
· Navigation Keyboard to interact with the system. It has a central

validation key and four lateral keys (up, down, right and left) to
navigate through the different options.
Figure 3 – Navigation Keyboard
On the frontal side:
· SD (Secure Digital) memory card reader.
· Smartcard reader which allows the multilevel user authentication

(this option is not available in the current version of the system).
· Zeroization button (also called “R key”). In case of emergency,

this button may be pressed in order to erase all keys derived
from the PUK code and deactivate the system. To recover the
system, EP830E Administration User, who knows the PUK code,
will be required.
Figure 4 – EP43 external elements. Frontal View
EP2703830EZ01 16/06/09
ED2 13/119
On the rear side:
· Local network connector to communicate with the PC (labelled

as PC in Figure 5)
· Power supply connector (labelled as 5VCC in Figure 5)
· 3 local network connectors from the internal switch (labelled as

1, 2 and 3 in Figure 5)
Figure 5 – EP43 external elements. Rear View
Internally:
· System control board, which includes a switch to perform the

functionality that allows the use of three Ethernet networks.
· Navigation keyboard and display connections.
· Battery, which maintains the PUK code, date and time in

absence of power supply.
3.2. EP43 MESSAGES
Different kind of information and symbols shown on the EP43 display, reveal
different states of the device. There are four display areas:
EP2703830EZ01 16/06/09
ED2 14/119
Figure 6 – Display View
The date, hour and internal temperature are shown at the top left corner.
When the EP43 is at the start up stage, a sequence of numbers from 1 to 5
appears below the hour to indicate de start up progress.
Different information regarding the EP43 is shown at the top right corner.
There are different possible symbols:
SYMBOL MEANING
SmartCard inserted and activated
SmartCard inserted and deactivated
SD (removable Secure Digital memory) not inserted
SD memory inserted
SD memory inserted not acknowledged
No user authenticated
User authenticated
EP2703830EZ01 16/06/09
ED2 15/119
SYMBOL MEANING
User authenticated through SmartCard
Battery loaded
Loading Battery
Low Battery
No Battery
Number of current running virtual machines
Virtual network with no activity
Virtual network with activity
A bigger symbol regarding the general state of the EP43 is shown at the left
down corner.
The symbol used to demarcate the drawing has a meaning about the
severity level of the information:
· Ellipse: Information provided is informative.
· Triangle: Failure or Warning information. In this situation, PUK

code introduction is required.
· Octagon: General failure of the EP43.
SYMBOL MEANING
EP43 and PC in connection progress.
Associating EP43 and PC (see chapter 4.3.1 - First

Installation). Only while first installation and whenever system
EP2703830EZ01 16/06/09
ED2 16/119
SYMBOL MEANING
is restored to default configuration.
Start up sequence successfully completed.
Saving events in the SD.

New EP43 firmware loaded. Insert SD card.
Waiting SD card (removable memory).
Failure in EP43 (breakdown).
TAMPER: Trying to connect the associated PC. Associated

PC has been manipulated.
TAMPER: Module hardware alteration.
TAMPER: Battery depleted or extrated from EP43.
TAMPER: Zeroization button pressed.
TAMPER: Opening detectors activated.
TAMPER: SD information is not consistent.
TAMPER: Temperature is over or below the normal

thresholds.
TAMPER: 6 consecutive errors inserting user password.
EP2703830EZ01 16/06/09
ED2 17/119
SYMBOL MEANING
TAMPER: Exceeding PUK attempts (6). EP43 blocked.
TAMPER: System restored to default configuration.
TAMPER: Events could not be stored in SD.

The right down corner is used to show messages provided by the EP43
while system operation: i.e. name of the current authenticated user and name of
the virtual machine where this user is working.
3.3. PC DESCRIPTION
The PC to be used in a Multilevel System may be a laptop or a desktop PC

and must fulfil the following minimum requirements:
· Last generation processor with virtualization hardware

technology.
· TPM (Trusted Platform Module) security module.
· At least 2GB RAM memory 2.
· Local network board.
· Password lockable BIOS, which includes virtualization enabling

option.
· 64 bit processor.
2 Depending on the number of virtual machines to install and the kind of operating systems to be
configured, more or less RAM memory will be required (Windows XP requires a minimum of 512
Mb to run with an acceptable level of performance).
EP2703830EZ01 16/06/09
ED2 18/119
3.4. SD’S GENERATION CENTRE
SD’s Generation Centre allows to load a specific Multilevel System software

version in SD cards. This Generation Centre produces two printed stickers for
each generated SD:
· The first sticker is printed with the card identification number

(ID). This sticker is fixed to the SD card which will be delivered

to the user.
· The second one is printed with the ID number and also with the
PUK code. This sticker must be kept by the administration user,
who is the only one who must have access to the PUK code.
Software application recorded in the SD card is configured with a lower or

higher security level depending on the generation parameter to be chosen.
Security level can take following values:
1. Level 1, low. The software does not ask for any kind of user
confirmation before performing a required action.
This level allows users to:
o Delete a partition with data without having to clean it

previously.
o Create a partition without having to clean it previously.
2. Level 2, medium. Application asks for user confirmation in order

to:
o Delete virtual machines.
o Import a partition into an existing partition with data.
o Delete a user.
This level allows users to:
EP2703830EZ01 16/06/09
ED2 19/119
o Create a partition without having to clean it previously.
3. Level 3, high. Application asks for user confirmation in order to:
o Delete virtual machines.
o Import a partition into an existing partition with data.
o Delete a user.
o Attach/detach partitions with data from/to a virtual

machine.
o Log out with running virtual machines.
o Modify networks.
o Modify any virtual machine configuration.
o Save changes in user profile.
At this level, creation of non encrypted hard disk partitions is not

allowed. Besides, these partitions are cleaned (high security
mode) before being created without asking for user confirmation.
This level does not store the “URL” field, located in the windows
“Sending Events” or “Sending Partition”, to prevent a user who
does not know the access password to the remote server from
exporting partitions or events.
Following table shows the different security levels and their features:
ACTIONS LEVEL 1 LEVEL 2 LEVEL 3
Permission to delete a partition with data without cleaning it previously YES NO NO
Permission to create a partition without cleaning it previously YES YES NO
Permission to create a non encrypted partition YES YES NO
Confirmation before deleting a virtual machine NO YES YES
Confirmation before importing an image partition from the remote server to a hard
NO YES YES
disk partition with data
EP2703830EZ01 16/06/09
ED2 20/119
ACTIONS LEVEL 1 LEVEL 2 LEVEL 3
Confirmation before deleting an user NO YES YES
Confirmation before attaching /detaching hard disk partitions with data to/from a
NO NO YES
virtual machine
Confirmation before user logging out if any virtual machine is running NO NO YES
Confirmation before modifying networks NO NO YES
Confirmation before modifying any virtual machine configuration NO NO YES

Confirmation before modifying a user profile NO NO YES
Confirmation before cleaning partitions NO NO YES
Storage of “URL” field in windows “Sending events” or “Sending Partitions” YES YES NO
Table 1 – Features of the different security levels
REMARK
At the highest security level (level 3), partitions are automatically cleaned on
“high security” mode without asking for user confirmation, when they are
reated.
This feature would prevent a hypothetical system recovery if necessary (i.e.

in case of PC or EP43 breakdown). To an effective system recovery, a SD
memory with a lower security level (level 2 or level 1) must be employed.
Once the system is recovered, the SD memory may be replaced with a SD
card with security level 3, if required.
Management of the SD Generation Centre is out of the scope of this user

guide; there is a specific user guide available for this application.
3.5. USER TYPES
Three different types of users may operate the Secure Multilevel System
EP830E:
· EP43 Administration User:
EP2703830EZ01 16/06/09
ED2 21/119
Administration user does not have identification but it does have
authentication; in other words, it does not have an associated
user name. Its authentication code is called PUK (Personal
Unblocking Key).
This user must always authenticate itself through the navigation

keyboard located on the top side of the EP43.
The PUK authentication allows only the following operations:

o System installation
o Loading default configuration (Delete configuration)
o Set date
o Application updating (firmware and software)
o TAMPER recovery.
REMARK
PUK code must only be known by administration user, who takes

responsibility for keeping it secret. This code is associated with the SD
memory and assigned at its generation stage, so it cannot be modified.
· Default User:
Default User is the initial user of the system once it has been
installed or after default configuration has been loaded. By
default, this user has all the privileges to operate and manage
the system (see Table 2 – Permissions for the different types of
user).
The name of this user is ADMIN (capital letters) and its

associated password is ‘0000000000000000’ (16 zeros). This
user must use the PC keyboard and monitor in the first
authentication.
EP2703830EZ01 16/06/09
ED2 22/119
Once authenticated, this user may configure the system:
o It may modify his password and way of authentication (PC

keyboard/monitor or EP43 keyboard)
o It may create new users, assigning them a permission

profile according to the access control policy to apply.
REMARK
For security reasons, default user password expires after a period of 90

days; after that, it must be modified.
Furthermore, as security policy, default user password is recommended to
be changed the first time this user works with the EP830E.
REMARK
In order to delete the default user, all privileges this user owns will have to
be previously assigned to another user or distributed among several users
(i.e. one user handles the user management, another user handles the
virtual machines, etc.).
· Authorized Users:
Every user authorized to manage the different system operations

and who has received the privilege from a user with this
privilege.
These users may authenticate themselves either through the PC

keyboard and monitor or through the EP43 navigation keyboard,
depending on their authentication profile.
The associated password has a minimum of 8 and a maximum

of 16 characters. If a random password is required, the system
generates a 16-alphanumeric character by default, if the
EP2703830EZ01 16/06/09
ED2 23/119
authentication is going to be made through the PC. In case the
authentication is going to be made through the EP43, the
password is numeric and is introduced selecting the digits, which
appear randomly on the display.
REMARK
For security reasons, any authorized user’s password expires in a period of

90 days. After that, the user must change it.
EP2703830EZ01 16/06/09
ED2 24/119
4. INSTALLATION
4.1. UNPACKING
· When the EP830E system arrived to its emplacement, examine

its packaging in search of possible damage, bumps or
deficiencies.
· Unpack the equipment removing the security protections and

examine any kind of possible defect. If the equipment has

suffered any kind of damage during the transportation, notify it to
the Responsible Organization. Keep the package in case of
possible refunds.
· Verify that inside the package, box with dimensions

270x105x250 mm (wide x high x deep), there are following
elements:
o Local network Ethernet cable.
o Power cable A77001-ICOC 01 NC B, 2 metres long.
o Power adaptor AC-DC which admits:
· Input: 100-240V AC 50/60Hz 0.45 Amax
· Output: 5V 3A
o Desktop device EP43.
The name EP830E is printed on the top side of this

device. However, in this user guide every reference to this
device are done with the name of EP43 in order to make a
distinction between the device and the complete Multilevel
System (EP830E), which integrates the device EP43 and
the application that runs in the PC.
o 1 copy of this user guide.
EP2703830EZ01 16/06/09
ED2 25/119
Figure 7 – Package View
4.2. CONNECTION
The device EP43 needs power supply with voltage of 110 / 220Vca with
50/60 Hz together with an external transformer working at 5V/3A D.C.
In order to proceed with the installation of a Secure Multilevel System, all the
system elements must be connected:
· Connect the PC with a local network cable to the connector “PC”

in the EP43 (connector 1 in the Figure 5)
· Connect the power supply to the connector 2 (see Figure 5) in

the EP43. The device has no power-on switch, so it will be
switched on when the power supply is connected and switched
off when the power supply is disconnected.
The connections to the different networks where the system is installed use
the zone 3 connectors (see Figure 5). These connections can be fixed once the
system is already installed.
EP2703830EZ01 16/06/09
ED2 26/119
REMARK
When the users of the different virtual machines / networks have different
reliability levels, the Multilevel System must be protected against potential
interchange of the cables connected to the different networks with different
security classification levels.
This protection can be made through the assignment of MAC addresses to
each virtual machine network and programming the switch of each local
network to only send the traffic to the matching MAC address.
4.3. MANAGEMENT BASIC RULES
The Multilevel System management needs an initial installation and an

association between EP43 and the PC, operations that must be performed by the
administration user and a next phase when the PC is used together with the EP43
as a multilevel PC with several virtual machines installed. These virtual machines
will be managed by different users, who can have or not administration privileges.
4.3.1. First Installation
This first installation procedure requires to be performed in a secure

environment and the knowledge of the secret PUK code.
This PUK code will only be necessary during the first installation, for future
firmware/software updates, to recover the system from a TAMPER situation, to
set date and hour or to set the default configuration settings. The only user who
must know the PUK code is the EP43 administration user.
REMARK
It is a responsibility of the environment to guarantee the lack of threats in

the physical access to the equipment and the cable between the PC and
the EP43, as well as the connections between the EP43 and the different
networks.
EP2703830EZ01 16/06/09
ED2 27/119
REMARK
In order to install the system, a SD memory with the correct boot software is
necessary. This SD must have been generated in the SD Generation
Centre. In the first installation, the SD will be associated to the EP43 and
the EP43 will be associated to the PC.
4.3.1.1. Previous steps in the PC
First of all, access the BIOS of the PC to be associated to the EP43 and
implement the following modifications:
· Clean and enable the TPM. To complete this operation, it may

be necessary to reboot the PC several times.
· Configure the PC to only allow the local network boot. This is the
recommended option in the system usage security policy.
· Make sure that the virtualization option is enabled in the BIOS.
· Assign a password to the BIOS configuration access. This is the

recommended option in the system usage security policy.
REMARK
It is not necessary that the PC is connected to the EP43 in order to

complete these initial steps.
REMARK
The PC must be reliable and must not have any malicious software in the
BIOS or other storage elements before beginning with the installation of the
system.
EP2703830EZ01 16/06/09
ED2 28/119
4.3.1.2. EP43 – SD Association
The EP43 is delivered from factory with no association with any SD or PC.
The administration user associates the EP43 and a SD (generated in the SD
Generation Centre) as well as the EP43 with the PC.
To associate SD and EP43, it is necessary to complete following steps:
1. Connect the EP43 to the power supply and insert the SD

memory to be associated to the system in the corresponding slot

(see Figure 4). The SD memory must be inserted with the
contacts downwards.
On the EP43 display appears the symbol or the symbol
, the message “Press central key” and the following data:
o Date and Hour
o Internal Temperature (at the top left corner)
o The symbol (user not authenticated) blinks at the top

right corner.
o The symbol (inserted SD memory not acknowledged)

appears at the top right corner.
o EP43 firmware version at the down right corner.
2. Press central key. The message “Insert PUK” appears.
3. The EP43 administration user must insert the PUK code at this
moment. On the display appears a number, which changes
when the keys up and down are pressed on the EP43 navigation
keyboard. In order to validate each digit, the right key must be
pressed. To confirm the whole input, the central key must be
pressed. Each validated number is shown as an asterisk on the
display. If necessary, each validated digit can be deleted
pressing the left key.
EP2703830EZ01 16/06/09
ED2 29/119
To prevent the PUK code detection by listening the number of
clicks on the EP43 navigation keyboard, following procedure has
been implemented: The initial number appearing on the display,
which will be the starting value to select each PUK digit,
changes randomly, so the number of clicks is different each time
the PUK code is inserted.
If the selected PUK is not correct the message “PUK erróneo”

(i.e. “Wrong PUK (x)”) appears, where x is the number of

wrong attempts.
If the selected PUK is correct, the message “SD sin asociar”

(i.e. “SD unattached”) appears and, after that, “Pulse R para
asociar. Extraiga SD para cancelar” (i.e. “Press R to attach.
To cancel, remove SD”).
REMARK
At the sixth wrong PUK attempt, the system blocks and it is necessary to
wait one hour until it is possible again to try another PUK. On the display
appears a message showing the hour when the system will be operative
again. This situation repeats with another blocking hour if there is another
wrong PUK attempt. And the same again with successive wrong PUK
attempts.
If the system is blocked, the EP43 does not respond to any other TAMPER
situation.
4. Press the zeroization button (press R). On display

appears the following menu (from now on EP43 display menu):
Figure 8 – EP43 display Menu
EP2703830EZ01 16/06/09
ED2 30/119
In order to select the different options of this menu, use the up
and down keys. To confirm the selection, press the central key.
The options available are:
o Poner en hora: (i.e. Clock Settings) This option is used to

set the date (dd-mm-yyyy) and hour (hh:mm) in the EP43
device. The blinking cursor points out the digit that is going to
be modified. The value is changed using the up and down
keys and to confirm the digit, press the right key. To confirm
the complete modification, use the central key.
o Borrar configuración: (i.e. Configuration Default Settings)

This option erases the current system configuration restoring
the default settings. After that, the PC data is not any more
accessible and a new installation is required.
o Nuevo Firmware: (i.e. New Firmware) This option allows the

system firmware update, if required.
o Salir: (i.e. Quit) To quit the menu and continue with the start
up sequence.
5. At this stage, it is only necessary to set the date and hour. After
that, select “SALIR” (i.e. Quit). The other options are described
in detail in chapter 6.2 Restore Configuration Default Settings).
On the display appears the symbol , and at the top right

corner appears the symbol (SD card inserted) and blinks the
symbol (user not authenticated).
4.3.1.3. EP43-PC Association. Installation Procedure
The Secure Multilevel System installation procedure must be performed as
EP2703830EZ01 16/06/09
ED2 31/119
follows:
First of all, make sure that the PC is switched off and connected to the EP43
through the local network cable. After that, start up the PC, which will boot from
the local network (previously configured in the BIOS). The EP43 device assign an
IP address to the PC and transfers the boot software stored in the SD memory.
With this software the system start up will begin. The start up sequence follows
several stages, shown on the display with the following number sequence:
Symbol : The PC is asking for an IP address to the EP43 device.
Symbol : At least 1 file has been transferred between EP43 and the PC.
At this moment, the EP43 device identifies that this is the first installation
(pairing) and asks one more time for the PUK code (on the PC screen appears
the message “Introduzca el PUK en el EP43” – i.e. “Insert PUK”). The PUK
code must be inserted with the EP43 keyboard.
After that, the PC must be rebooted and on the EP43 display appear again
the symbols (user not authenticated) and (EP43 and PC are in

connection progress) as well as the number sequence:
Symbol : The PC is asking for an IP address to the EP43 device.
Symbol : At least 1 file has been transferred between EP43 and the PC.
At this moment, the stage symbol changes to , indicating that the

association (pairing) between PC and EP43 has started. At this stage the PC and
the EP43 interchange some data that will be used to the later mutual
identification.
Next system start up sequences will only be successful is both equipment

(PC and EP43) and the SD are the same that have been used at this first start up.
If any of these three elements is replaced, it will be necessary to repeat the first
installation.
Symbol : All the files have been transferred between EP43 and the PC.
EP2703830EZ01 16/06/09
ED2 32/119
Symbol : Waiting for the software boot.
Symbol : System connection attempt. This symbol disappears very quickly

so it is possible that most of the times it will not be visible.
When the start up sequence between the PC and the EP43 is completed, on
the display appears the following information:
Figure 9 – Display after the start up sequence
On the PC monitor appears the control application:
Figure 10 – Main screen on the PC monitor
At the top of this screen, time registered by the PC is shown, while at the
bottom, “Authenticate User” and “Turn Off” buttons.
EP2703830EZ01 16/06/09
ED2 33/119
The number shown at the upper side of the screen represents the EP830E
software version, in other words, software application the runs on the PC; the
number showed on the lower right corner corresponds to the software version that
runs on the EP43.
Along this user guide, EP43 firmware is referenced. This corresponds to part
of the software application that runs on the EP43 and it is identified by the first
digit of the software version that runs on the EP43.
The EP43 has a sticker with the system version number. This number is
associated to the succession of version numbers shown on the screen.
REMARK
Next system start up sequences will only be successful is both equipment

(PC and EP43) and the SD are the same that have been used at this first
start up. If any of these three elements is replaced, it will be necessary to
repeat the first installation.
In case the replaced element is the PC, it is not necessary to make the
association between SD and EP43. However, if the replaced element is the
SD, it will be necessary to complete the whole procedure again, including
the TPM in the PC.
4.3.1.4. Initial Authentication
Once the start screen appears (Figure 10), log in as Default User clicking
with the mouse on the option “Autenticar usuario” (i.e. “Authenticate User”).
REMARK
After first installation or after loading the configuration default settings, the
default language is Spanish.
Insert the user name in the system login window:
EP2703830EZ01 16/06/09
ED2 34/119
Figure 11 – Identification window (User Name)
Insert the Default user name, ADMIN, and select “Aceptar” (i.e. “Accept”).
Insert the Default User password: 16 zeros (‘0000000000000000’) in the

next window.
Figure 12 – Authentication window (Password)
After the first installation or after loading the configuration default settings,
once the Default User has correctly logged in, the system detects the hard disk
and asks for confirmation to install it.
Figure 13 – Hard Disk detected
Select “Aceptar” (i.e. Accept) and introduce the name to be assigned to the
hard disk in the next window:
EP2703830EZ01 16/06/09
ED2 35/119
Figure 14 - Assign Name to the Hard Disk
This window informs about the size of the hard disk.
Once this hard disk installation has been completed, it is possible to proceed
with the system control and administration operations (see 5.2 System Control
and administration Operations): creation of hard disk partition to be assigned to
each virtual machine, creating of the virtual machines and attachment of the PC
resources to each virtual machine.
REMARK
For security reasons, it recommended to change the user ADMIN password

at this moment (see chapter 5.2.3 - User Management).
Once the virtual machines are created and configured, it is possible to

proceed with the installation of the operating system to be used in each of them.
This installation must be performed following the instructions of the operating
system provider.
REMARK
If, for maintenance reasons, it is required to break the association between

the PC and the EP43, it will be necessary to clean and enable the TPM, as
described at the beginning of the installation procedure. The operating
systems and other hard disk data (applications, user data …) will remain
encrypted in the PC and will only be decrypted by means of the connection
to the EP43.
To the successful EP43 replacement, without losing the PC hard disk data,
EP2703830EZ01 16/06/09
ED2 36/119
it is essential to keep the values of the fields described in chapter 5.2.2.3 -
Hard Disk Management. It will also be necessary to use a level 2 or 1 SD
and after the system recovery replace it with a level 3 SD.
EP2703830EZ01 16/06/09
ED2 37/119
5. OPERATION
5.1. USUAL SYSTEM STARTUP
The EP43 is supplied with an internal rechargeable battery which maintains

the essential system parameters even when there is no power supply. This allows
any user to start up the system without needing to insert the PUK code. If the
battery runs flat from charge the system gets to a TAMPER situation, a TAMPER
event is produced and the system must be recovered according to chapter 6.4 -
TAMPER Recovery.
To start up the system, the EP43 device must be connected to power supply
and the SD memory must be inserted in the EP43 (see Figure 4). Start up the
PC. The message interchange between the EP43 and the PC will start, the PC
authenticity is checked and the startup software stored in the SD is transferred to
the PC and executed.
When the startup has finished:
· On the EP43 display the symbol appears:
· In the PC screen appears the following main screen:
EP2703830EZ01 16/06/09
ED2 38/119
Figure 15 –Multilevel System wallpaper
REMARK
The system startup does not progress if the SD is not the one previously
associated. To use a non associated SD, it is necessary to associate the
EP43 and the new SD.
The system startup does not progress if the PC is not the one previously
associated. To use a non associated PC, it is necessary to associate the
EP43 and the new PC.
When the startup has finished, at the bottom of the PC screen two menu
options appear:
· Authenticate User
· Turn Off
Click on the menu “Authenticate user” to insert the user name:
EP2703830EZ01 16/06/09
ED2 39/119
Figure 16 – Identification window (user name)
If it is the first login after the initial installation, when no user has been
created yet, the default user (ADMIN) must be inserted in the identification
screen.
If it is a usual login after an ordinary startup, the default user can be inserted
in the identification as well as any other authorized user.
Select “Accept”. If the user inserted is not an authorized user, an error

message appears and no system options will be available.
If the user name is correct the system will ask for the password.
A. If the user has been configured to authenticate using the external PC

keyboard and monitor (“PC authentication mode”), the following
window appears requesting the password:
Figure 17 – Authentication Window (Password)
If it is the first login after the initial installation, when no user has been
created yet, the default user password must be introduced in the
authentication window: ‘0000000000000000’ (16 zeros).
If it is a usual login after an ordinary startup, the password associated

to the previously selected user (Figure 16) must be inserted in the
authentication window.
EP2703830EZ01 16/06/09
ED2 40/119
B. If the user has been configured to authenticate using the EP43
navigation keyboard (“EP830E authentication mode”), the following
window appears on the external PC monitor. The system waits for the
user to insert the password through the EP43 navigation keyboard:
Figure 18 – Waiting for authentication from the EP830E
In order to insert the password from the EP43, use the Navigation
keyboard. A number appears on the EP43 display. This number
changes when up or down keys are pressed. To validate a single
character right key must be pressed, to validate the complete value,
press central key. For each validated character an asterisk is showed.
To delete a single character, press left key.
REMARK
The EP43 navigation keyboard authentication mode is considered the

safest multilevel system operation mode.
When “Accept” is selected, on the monitor screen or on the navigation

keyboard (depending on which authentication mode is selected), if values are not
correct an error message appears and no system options are available.
REMARK
After the sixth wrong user password insertion, an error message appears
and the system gets into a TAMPER situation. To recover the system from
this situation, the administration user, who knows the PUK code, must
EP2703830EZ01 16/06/09
ED2 41/119
follow the procedure described in chapter 6.4 - TAMPER Recovery.
If the password is correct, the system options that the user has permissions
to see, appear at the bottom of the screen. The virtual machines that the user has
permissions to see appear on the screen indicating their state. This screen is
called in this manual “Control and Administration screen”.
REMARK
If it is the first login after the initial installation, at the bottom of the Control
and Administration screen, all the operations will be available, since the
default user has full permission. No virtual machines will appear, since none
has been created yet.
Figure 19 – Control and Administration Screen
REMARK
Any other start up sequence different from the described sequence, is not a
correct Multilevel System startup. Contact your system administration to
EP2703830EZ01 16/06/09
ED2 42/119
detect the reason for the incorrect startup.
5.1.1. Hardware Inconsistencies
During the start up sequence, the EP830E system makes a comparison

between the hardware devices it founds and the information it had stored in the
memory from other previous startups. In case that the EP830E detects any
inconsistence, at the end of the startup sequence, the system waits for a user with
system recovery permissions to accept or refuse the inconsistencies detected.
Reasons for possible hardware inconsistencies may be the disconnection of

any device (PC opening needed) or a hardware failure; for this reason, an
authorised user confirmation is required in order to check the problem causes.
The following cases can arise:
· The system does not detect any CDROM unit
Figure 20 – CDROM unit not detected
Selecting Accept, the CDROM unit is deleted from the system.

Otherwise, the system keeps the reference but the system does
not complete the startup.
· The system does not detect the hard Disk
EP2703830EZ01 16/06/09
ED2 43/119
Figure 21 – Hard Disk not detected
Selecting Accept, the hard disk unit is deleted from the system.
· RAM memory has changed

Figure 22 – RAM memory modified
Selecting Accept, the system updates the RAM memory.

· The system does not detect a virtual network
Figure 23 – Virtual network not detected
Selecting Accept, the hard reference to the old network is

deleted from the system. Otherwise, the system keeps the
reference but the system does not complete the startup.
REMARK
For security reasons, only users with system recovery permissions can
EP2703830EZ01 16/06/09
ED2 44/119
approve system inconsistencies.
If the EP830E detects hardware inconsistencies and a user without system

recovery permissions logs in, the system logs him out and waits for the
authentication of a user with permissions.
REMARK
The system startup does not progress if the SD or the PC are not the ones
previously associated or if the TPM detects any modification in the
hardware configuration.
5.2. SYSTEM CONTROL AND ADMINISTRATION OPERATIONS
This kind of operations allows both the system resources configuration and
management and the event log monitorisation. These Operations are accessible
from the Control and Administration screen and are available or not depending on
the user permissions. A full permission user will be able to access:
· Add Machine
· Resources Management
· Users management
· Events
· System
· Unauthenticate / Authenticate user
· Turn Off
These operations are described as follows, considering a full permission
EP2703830EZ01 16/06/09
ED2 45/119
user.
5.2.1. Add Machine (virtual machine)
Selection the option Add Machine on the bottom side of the screen, the
system request the available parameters to assign to the new virtual machine.
The following window appears:
Figure 24 – Add New Virtual Machine
Define a name for the new virtual machine. After selecting Accept, a new
window appears where a colour must be selected. This colour will identify the
machine colouring the banner that appears at the top of the virtual machine in full
screen.
REMARK
For security reasons, the system does not permit the creation of virtual
machines with the same name in order to avoid the user confusion.
The system does make a distinction between capital and small letters when
checking that two virtual machines do not have identical names.
EP2703830EZ01 16/06/09
ED2 46/119
Figure 25 - Colour selection
Colour selection options:
· Click on one of the squares under the title “Basic Colours”.
· Create a customized colour clicking on the colour section on the

right side of the window. The parameters Hue, Sat (saturation),
value, Red, Green, Blue present automatically the
corresponding value to the selected colour.
· Create a customized colour defining the value of each

parameter: Hue, Sat (saturation), value, Red, Green, Blue.
Once the colour has been chosen, select Accept. The virtual machine will be
automatically created.
REMARK
For security reasons, the system does not permit the creation of virtual
machines with the same colour in order to avoid the user confusion among
machines with different security classification levels.
On the Control and Administration screen appears a square symbolizing the

virtual machine. This square has a frame coloured with the selected colour for the
machine. The name of the virtual machine appears below the square and the
EP2703830EZ01 16/06/09
ED2 47/119
image “Closed” indicates that the machine is stopped.
In order to assign resources to the virtual machine, it is necessary to have

defined them previously (see chapter - 5.2.2 Resources Management).
5.2.2. Resources Management

In this menu option the PC resources (RAM memory, Hard Disk, Networks)
can be managed in order to assign them to the created virtual machines.
This is the first operation to perform the first time the multilevel system is
installed with a PC or when it is required to modify the virtual machines
configuration.
To access this menu, select the option Resources Management in the

Control and Administration screen and a window with three sections will appear:
· Memory
· Networks
· Hard Disk Name
If the PC has more the one hard disk, additional sections with the name for
these additional hard disks will appear.
5.2.2.1. Memory Management
In the section Memory, the user may create RAM memory segments to
assign later to the virtual machines.
At the top of the window appears the total RAM memory (in Megabytes)
installed in the PC.
The memory is divided in segments whose size can be modified. The

memory availability is represented with a colour bar (see following figure):
EP2703830EZ01 16/06/09
ED2 48/119
Figure 26 – Memory resources management
When a new memory segment is created, the following parameters must be

defined:
· Minimum memory: Minimum memory value considered

necessary for the virtual machine to be operative. If the system
does not have this minimum value available, the virtual machine
with this segment assigned, will not start up. The minimum
memory value must be defined depending on the operating
system that is going to be installed in the virtual machine and
depending on the kind of applications that are going to be used.
For example, the minimum memory value for the operating
system Windows Vista should not be established below 1500
Megabytes. The minimum memory value of each segment is
represented with the yellow colour (see previous figure).
· Maximum memory: Desirable memory value for the virtual

machine. If the system has this maximum memory value
available, the virtual machine will start up with this value.
Otherwise, it will start up with the minimum memory value, if the
system has enough memory. The maximum memory value of
each segment is represented with the blue colour (see previous
figure).
· Available memory: Available memory for each segment without
EP2703830EZ01 16/06/09
ED2 49/119
taking into account the other segments; that is, the limit is set by
the total memory installed in the PC (taking off about 350
Megabytes used by the Multilevel System application). The
available memory for each segment is represented by the green
colour (see previous figure).
The minimum and maximum values (in Megabytes) assigned to each

segment are displayed in the columns on the right (see previous figure).
Non available memory (brown stripe on the bottom side of the bars)
represent the addition of the maximum memory values assigned to the other
segments; that is, the addition of every maximum value but the maximum value of
the selected segment. This stripe has several meanings depending on where it is
located:
· If the stripe appears only in the green zone of the segment, it

means that the machine that has this segment assigned will
operate with the maximum RAM memory value assigned to this
segment. Thereby, it is guaranteed that all the virtual machines
can run at their maximum memory value.
· If the stripe not only appears in the green zone but also in the
blue zone of the segment, it means that in case that the
machines using the other segments are running, the machine
using the selected segment will not run at the maximum memory
value, but at its minimum memory value.
· If the stripe not only appears in the green and blue zones, but
also in the yellow zone of the segment, it means that in case that
the machines using the other segments are running, the
machine using the selected segment will not have enough
available memory to start up, since the memory available is
under its minimum memory value.
In this window the following operations are available:
· Add
EP2703830EZ01 16/06/09
ED2 50/119
· Delete
· Accept
· Cancel
· Quit
In order to create a new memory segment, select Add. A new colour bar
appears and the columns on the right indicate the default minimum and maximum
values of 256 Mb and 512 Mb.
To enlarge the size of an already created segment, double-click on it to

select it. The columns on the right side of the window will be enabled, so the
required values can be inserted. The mouse pointer can also be used and drag
the border between yellow and blue or the border between the blue and green,
left or rightwards, so that the number of assigned Megabytes increases or
decreases.
Other operations to perform from the section Memory are:
· Delete: Deletes a memory segment already created.
It is not possible to delete a segment that is assigned to a virtual

machine. To delete it, it is necessary to detach it previously from
the virtual machine.
· Accept: Last changes are accepted.
· Cancel: Last changes are accepted.
· Quit: Quits the window Resources Management. If the option

Accept has not been previously selected, last changes will not
be saved.
REMARK
At the highest security level (level 3), the system asks for user confirmation
EP2703830EZ01 16/06/09
ED2 51/119
before modifying the memory segments.
REMARK
Once a segment has been assigned to a virtual machine, it is necessary to

detach it before modifying it.
5.2.2.2. Network Management
The local networks that can be used with the Multilevel System are the ones
provided by the EP43 device through the three network connectors of the
following figure (connectors 3) - labelled as 1 to 3) and called virtual networks:
Figure 27 – EP43 external elements. Rear View
Available local networks with network boards installed in the PC (for

example, an optical fiber), are called physical networks.
In the section Networks, the user may configure the virtual and physical
networks:
EP2703830EZ01 16/06/09
ED2 52/119
Figure 28 – Network resources management
In this window the virtual and physical networks are listed. The MAC
assigned by default to each of the virtual networks is the MAC of the network
board installed in the PC and connected to the port “PC” of the EP43. The fact
that the three virtual networks have the same MAC, forces that each of the must
be connected to a different physical network. However, it is possible to program
the application software in the SD so that the MAC addresses can be modified.
This programming option is described in the SD Generation Centre user guide.
The system can emulate three types of network boards. One of them must
be selected in the field “Emulation”. The available network board emulations are:
· AMD PCNet32 Lance.
· Novell NE2000.
· Realtek RTL8139.
The default emulation “Realtek RTL8139” is valid for the most usual
operating systems (Windows XP, Windows VISTA, Fedora…).
To accept the data presented in the screen, select “Accept”. The option
“Cancel” does not save changes and “Quit” quits the window.
REMARK
EP2703830EZ01 16/06/09
ED2 53/119
At the highest security level (level 3), the system asks for user confirmation
before modifying the networks.
5.2.2.3. Hard Disk Management
In the section identified by the name of the hard disk (assigned during the
first installation) the user can define the partitions to be used in each virtual
machine.
Figure 29 – Hard Disk Resources Management
Clicking on New partition or clicking on a green segment in the bar that

symbolizes the hard disk, a new partition record appears. In this new line the
initial and final sectors as well as the partition size in Megabytes must be defined.
When clicking on New partition, the system will select the first not used
sector on the hard disk as the initial sector. The partition size will be limited by the
gap existing till the beginning of an existing partition or till the end of the hard disk.
Once the fields “initial sector” and “size” have been defined, select “Create”
in order to generate the partition. The following window appears:
EP2703830EZ01 16/06/09
ED2 54/119
Figure 30 – Create New Partition
Introduce the partition’s name in this window and select whether it will be
encrypted on the hard disk or not ticking the option Encrypt.
REMARK
The security policy of the equipment usage must consider whether the
existence of non encrypted partitions is permitted or not. At the highest
security level (level 3) of the application, does not permit the creation of non
encrypted partitions.
In case the option Encrypt is selected, the field Key becomes writable.
Insert the key to encrypt the partition on the hard disk (each partition can be
encrypted with a different key).
There are two ways of inserting the key:
· Manually. Type 32 characters (only numbers from 0 to 9 y letters

from A to F are allowed)
· Automatically: Selecting the button , a 32-character

hexadecimal key (128 bits) is randomly generated and shown in
the key field with asterisks. In order to view the value, place the
mouse on the symbol .
REMARK
Once the partition is created, the key will not be visible any more.
EP2703830EZ01 16/06/09
ED2 55/119
Therefore, it is necessary to write it down and keep it in a safe location in
case it is necessary for future system recoveries.
At levels 1 (low) and 2 (medium) the option Clean must be selected (x) if it
is required that the partition is cleaned before being created.
REMARK
At the highest security level (level 3), the partition is automatically cleaned
before being created without asking for user confirmation.
If the cleaning is cancelled, the partition will not be created, since the
cleaning has not been completed.
In this window the partition can be selected as first startup partition ticking
the option “Select as first startup partition”. This option is used when several
partitions are assigned to one virtual machine. The virtual machine will boot from
the partition selected as first startup partition. This is a no static option; that is, it
can be modified after the partition has been created.
There is another kind of special partition: CopyOnWrite partitions. If the

option CopyOnWrite is selected, the user will have the possibility of store
information temporally in this partition. This information will disappear when the
virtual machine that has this partition assigned is switched off (see Settings in this
chapter for more information).
After having selected the partition settings, select “Accept”. The partition is
created and the initial and final sectors together with the size appear on the
partition list. On the colour bar, on the top side of the window, appears blue-
coloured the hard disk zone assigned to the partition and green-coloured the free
zones.
EP2703830EZ01 16/06/09
ED2 56/119
Figure 31 – Partition Information
REMARK
It is highly recommended that the authorized user keeps in a safe location

the following values:
· initial sector and size (or final sector) of each hard disk partition,
· encryption key of each hard disk partition, in case it is encrypted
in case it is necessary to recover the information stored in a partition after

restoring the EP43 default settings or in case it is required to associate the
EP43 to replace it with another EP43 without loosing the data stored in the
PC (operating systems, installed applications, user data, etc.).
In order to perform the new system installation (association between the PC
and the new EP43), it will be necessary to clear the TPM and enable it
again and follow the usual installation procedure. Once the system has
started, all the information regarding resources management, users and
virtual machines will be lost, since this information was stored in the former
EP43. If the mentioned data is available (partitions geometry and encryption
keys), it is possible to recover the system.
The administration user must bear in mind that the highest security level
(level 3) cleans every new partition before creating it without asking for user
confirmation. For this reason, the system recovery will not be possible with
EP2703830EZ01 16/06/09
ED2 57/119
this application level. The system recovery will only be possible with an
application of level 2 or 1. Once the system is recovered, the SD can be
replaced with a level 3 SD if required.
Click on a partition’s name to select it. If the partition is assigned to any

virtual machine, the following operations will be available:
·
Export: It is possible to export partitions to a server in order to

recover them if necessary. This option makes it easier to
configure several virtual machines with the same information
(operating system, application, user, data…) as a partition
previously exported.
When this option is selected, the following window appears:
Figure 32 – Partition Export Configuration
EP2703830EZ01 16/06/09
ED2 58/119
The export parameters are:
o Selected Profile: The system can store the configuration

data inserted in this window. It is possible to keep up to 3
export/import profiles, so that selecting one of them, the
values for each configuration field for this profile appear in
the window automatically.
o Source Network: Local network (EP43 port) that the

system will use to export the partition. This port must

have connection to the server’s network where the
partition is going to be exported to.
o IP address: IP address belonging to the source network.

This IP address does not need to be the same IP address
assigned to the EP43 port in the virtual machine when it
is working as a virtual network.
o URL: Remote configuration. It follows the format:
ftp://user:password@host/filename
Where “user” and “password” are a user and password

previously created on the server. “Host” is the IP address
of the server and “filename” is the name given to the file
that contains the partition. If the directory where the file is
going to be stored is not in the root user “user” directory,
it will be necessary to indicate the whole path.
Example: ftp://user:password@10.22.0.2/pub/filename
REMARK
At the highest security level application (level 3), the field “URL” is not
saved in the profile in order to prevent any user who does not know the
access password to the server from exporting partitions.
o Transmission Key: Alphanumeric key for the partition
EP2703830EZ01 16/06/09
ED2 59/119
transportation. The hard disk partitions are encrypted on
the PC hard disk with a key generated when the partition
is created. However, when exporting a partition, it is sent
to the server encrypted with a transmission key. Thereby
it is possible to import a partition to another Multilevel
System where the destination hard disk partition may be
encrypted with another hard disk encryption key. This
way, the exported partition is compatible with every
Multilevel System independently of the hard disk

encryption keys. Furthermore, the hard disk encryption
keys are protected, since they are not involved in any
partition export/import. It is possible to insert this
transmission key manually o generate it automatically by
selecting the option “Generate key”.
o Establish as default configuration: The selected profile

is set as the default profile.
o Enable compression (slow connections): If the network

connection is slow, the export can perform faster by
compressing the partition file to be exported. This option
should be selected only if the network connection is slow.
If the connection is fast, the saved time during the export
is not worth the time needed to compress the file.
Press “Accept” to start the partition export. A window showing

the export progress appears on the screen.
Figure 33 – Partition Export Progress
The following window appears when the export has successfully
EP2703830EZ01 16/06/09
ED2 60/119
completed:
Figure 34 – Partition export completed

The partition is stored in the server, encrypted with the

transmission key and ready to be imported by another Multilevel
System.
REMARK
Before importing the partition, make sure that the user who imports the
partition has the necessary permissions in the server to download the file.
· Cancel: Last changes will not be saved.
· Quit: Quits the Resources Management window.
If the partition is not assigned to any virtual machine, following

operations will be available, in addition to the previous ones:
· Import: This option allows the user to import a partition

previously exported to a server.
EP2703830EZ01 16/06/09
ED2 61/119
Figure 35 – Partition Import Configuration
The export parameters are:
o Selected Profile: The system can store the configuration

data inserted in this window. It is possible to keep up to 3
export/import profiles, so that selecting one of them, the
values for each configuration field for this profile appear in
the window automatically.
o Source Network: Local network (EP43 port) that the

system will use to import the partition. This port must
have connection to the server’s network where the
partition is going to be imported from.
o IP address: IP address belonging to the source network.

This IP address does not need to be the same IP address
assigned to the EP43 port in the virtual machine when it
EP2703830EZ01 16/06/09
ED2 62/119
is working as a virtual network.
o URL: Remote configuration. It follows the format:

previously created on the server. “Host” is the IP address
of the server and “filename” is the name given to the file
that contains the partition. If the directory where the file is

going to be stored is not in the root user “user” directory,
it will be necessary to indicate the whole path.
REMARK
access password to the server from importing partitions.
o Transmission Key: Alphanumeric key for the partition

transportation. The partition is stored in the server,
encrypted with the transmission key defined when it was
exported. It is necessary to know this key to import the
partition correctly.
o Establish as default configuration: The selected profile

is set as the default profile.
The option “Enable compression” is not available in this window.

If the partition was compressed before been exported, the
decompression will be done automatically during the import
progress.
Press “Accept” to start the partition export. A window showing

the import progress appears on the screen:
EP2703830EZ01 16/06/09
ED2 63/119
Figure 36 – Partition Import Progress
The following window appears when the import has successfully

completed:
Figure 37 – Partition import completed
REMARK
Applications with level 2 (medium) and 3 (high) ask for user confirmation
before importing a partition into a destination hard disk partition with data.
If the destination partition is smaller than the file with the partition
to be imported, the system warns the user about it and asks for
his confirmation to resize it to an appropriate value:
EP2703830EZ01 16/06/09
ED2 64/119
Figure 38 – Not enough space message
REMARK
The destination partition will be resized always that there is free space
where to be expanded; that is, always that it is not limited by adjacent
partitions.
The partition is resized by increasing the final sector value, if possible; if

not, decreasing the initial sector value. If necessary, the partition is
expanded in both directions; that is, both sectors are modified.
If the destination partition is larger than the file with the partition
to be imported, the system warns the user about it and asks for
his confirmation to resize it to an appropriate value:
Figure 39 – Wrong partition size message
The destination partition will be reduced to the same size of the

file to be imported.
EP2703830EZ01 16/06/09
ED2 65/119
REMARK
To make the multilevel system network installation easier and faster, it is

recommended to install a complete virtual machine (operating system,
applications…) in a partition with the smallest size allowed (e.g. 3 GB for a
Windows XP). This partition can be exported to a server and imported by
the multilevel systems in the network that are going to use the same virtual
machine. The import must be imported to a destination partition with the
real size required for the usual operation of the virtual machine (e. g. 40
GB). Select the option “Do not resize” when the system warns of the waste
of space. When the import completes, there will be free space on the
partition. This free space can be integrated in the partition system of the
operating system using like “Partition Magic”.
· Modify: In order to select this option, the partition must have

been cleaned. It is possible to modify following parameters:
o Initial Sector
o Final Sector
o Size
REMARK
The partition’s name and encryption key (if it is encrypted) can not be
modified. To make this kind of changes, the partition must be deleted and
created again.
· Delete: Deletes the selected partition. This option requires the

previous cleaning of the partition for level 2 (medium) and 3
(high).
· Clean: Formats the selected hard disk partition, always that it is

not assigned to any virtual machine. There are two cleaning
possibilities: Normal (every partition bit is overwritten with 0)
and High Security (first of all, every partition bit is overwritten
EP2703830EZ01 16/06/09
ED2 66/119
with 0, after that, with 1 and finally with random value). Any data
stored in the partition will be lost. Press “Accept” to start the
partition cleaning. A window showing the cleaning progress
appears on the screen:
Figure 40 – Clean partition
REMARK
High security cleaning can need a lot of time to be performed and, in any
case, more than the normal cleaning option.
· Settings: This option will only be enabled if the partition is not

assigned to any virtual machine.
In this window the option “Select as first startup partition” can be

selected. When several partitions are assigned to one virtual
machine, it will boot from the partition selected as first startup
partition.
If the selected partition has been created as a CopyOnWrite

partition, the Copy On Write functionality can be activated /
deactivated in this window:
o Deactivated: the partition behaves as a normal partition.

When it is assigned to a virtual machine, all the
information stored will not be removed in future startups
of the virtual machine.
o Activated: when the partition is assigned to a virtual

machine, all the information is temporally stored. That is,
EP2703830EZ01 16/06/09
ED2 67/119
all the information will be lost when the virtual machine is
turned off.
REMARK
The information will only be erased if the virtual machine is turned off, not if
it is only rebooted.
5.2.3. User Management
To access the user management options, select the menu User

Management on the main screen:
Figure 41 – User Management
Following operations can be performed:
· Add: Creates a new authorised user. Name, password and

screensaver activation can be configured in this window:
EP2703830EZ01 16/06/09
ED2 68/119
Figure 42 – Add new user
In order to add a new user, insert the new user’s name and
select the authentication mode ticking one of the following
options: PC (through the PC monitor and keyboard) or EP830E
(through the EP43 display and navigation keyboard).
If the selected authentication option is “PC”, insert the password

manually and confirm in the field “Repeat password”. To
generate a random alphanumeric password, press the button
“Generate”. Placing the mouse over the symbol the
generated password can be viewed.
Select “Accept” to add the new user to the user list.
If the selected authentication option is “EP830E”, the following

window will appear when clicking “Accept”:
Figure 43 – Add a new user with EP830E authentication mode
Insert the user password through the EP43 keyboard and
EP2703830EZ01 16/06/09
ED2 69/119
confirm it. In order to generate a random password, select the
digits that appear on the EP43 display, since they appear
randomly.
REMARK
Every new user is created with all the permissions disabled by default. An
authorised user must modify the new user’s profile to assign the appropriate
permissions.
· Modify: To modify a specific user’s profile (name, permissions,

etc.).
To access a user’s profile, select this user from the user list
(Figure 41), double-click on the user or press the button
“Modify”. In the user information window there are different
sections: one section refers to the global parameters and the
rest refer to the specific permissions related to each existing
virtual machine.
o Global Parameters: User management operations

(authentication mode modification, name and password
modification, screensaver management …) and
permissions related to the general system management
(management of virtual machines, user and events).
EP2703830EZ01 16/06/09
ED2 70/119
Figure 44 – User Global Parameters
The fields “User” and “Authentication Mode” can not be

modified; it is necessary to press the button
“Authentication” at the left down corner of the window and
modify these parameters in the following window:
Figure 45 – Change authentication parameters window
EP2703830EZ01 16/06/09
ED2 71/119
The old password will be required to change the
authentication mode and it will be inserted using the
appropriate authentication mode.
For a detailed description of the different permissions

appearing in the Global Parameters window, see the
chapter 7.2 Relation among permissions and description.
o Sections for each virtual machine: The user permissions

for each virtual machine can be configured in these

sections.
The following startup options can also be configured: If

“Start” is selected, this virtual machine will start up
automatically when the user authenticates without
needing to start it manually. If “Select” is selected the
virtual machine will start up automatically when the user
authenticates and, besides, it will be viewed in full screen
mode, so the system will be more transparent for the
user. The option “Select” can only be selected in one
virtual machine simultaneously.
For a detailed description of the different permissions

appearing in each virtual machine section, see the
chapter 7.2 Relation among permissions and description.
EP2703830EZ01 16/06/09
ED2 72/119
Figure 46 – Virtual machine permissions
REMARK
Only the highest security level (level 3) asks for user confirmation before
modifying another user’s parameters.
· Delete: Deletes the selected user from the system. Applications

with level 2 or 3 present following confirmation window:
Figure 47 – Delete User
EP2703830EZ01 16/06/09
ED2 73/119
REMARK
The lowest security level (level 1) does not ask for user confirmation before
deleting a user.
· Quit: Quits the User management window.

5.2.4. Events
The multilevel system registers during its operation every event considered
important to the system security. The events can be classified in three groups:
Information Event
Warning Event
Error Event
The following list describes all the possible system events:
Information Event
· Communications established.
· Communications closed, cause: “cause”.
· User “user name” added.
· User “user name” deleted.
· User “user name” password renewed.
· User “user name” renamed to “new user name”.
· User “user name” screensaver period modified.
· User “user name” permits modified.
EP2703830EZ01 16/06/09
ED2 74/119
· User “user name” starting options modified.
· User “user name” authenticated.
· User “user name” session ended.
· Machine “machine name” added.
· Machine “machine name” deleted.

· Machine “machine name” renamed to “new machine name”.
· Machine “machine name” started.
· Machine “machine name” stopped.
· PUK ok.
· Power supply restored.
· Loss of power supply.
Warning Events
· Authentication failure of user “user name”.
· Disk configuration of machine “machine name” modified.
· Memory configuration of machine “machine name” modified.
· Network configuration of machine “machine name” modified.
· Cdrom configuration of machine “machine name” modified.
· Port configuration of machine “machine name” modified.
· Disk resources configuration modified.
· Memory resources configuration modified.
· Network resources configuration modified.
EP2703830EZ01 16/06/09
ED2 75/119
· Cdrom resources configuration modified.
· Port resources configuration modified.
· Events transmission configuration to a remote server modified.
· Remote partitions server configuration modified.
· Dynamic device of type “device type” attached to machine

“machine name”.
· Dynamic device of type “device type” detached to machine

“machine name”.
· PUK error.
· Date-time modified.
· Partition cleaning started, sectors “initial sector” – “final sector”.
· Partition cleaning cancelled.
· Events storage system restarted. Ref. “reference”.
· EP43 reprogramming. Previous revision “previous revision”.
Error Events
· TAMPER: EP43 opening
· Tamper: Exceeding PUK attempts
· Tamper: Exceeding authentication attempts
· Tamper: R button.
· Tamper: PC authentication failure (the original PC has been

modified).
· Tamper: Temperature T= “Temperature”.
EP2703830EZ01 16/06/09
ED2 76/119
· Tamper: Battery.
· Tamper: Incorrect SD.
· Tamper: Events overwriting.
· Loading of default settings.
· Breakdown (“number”) (hardware breakdown)

· SW failure (“number”).
In the menu Events, the system event log appears. Each event is
described with a symbol that indicates its importance, the date and a description.
The events are automatically generated and stored in the system. However,
the storage of some events is not immediately stored as it is produced; the
system waits for an event of another type to happen in order to store them. This is
the case of the warning events generated when a virtual machine configuration is
modified. They are stored when the virtual machine starts up or when the menu
Events is selected.
EP2703830EZ01 16/06/09
ED2 77/119
Figure 48 – Events
Clicking on the option “Send”, all the events that were not still stored, are
saved. This operation is displayed on the EP43 with the symbol .
REMARK
While this symbol appears on the EP43 display (while the events are
being saved in the SD), the SD card must not be removed, since it could be
damaged.
After that, it is possible to send a file with the event log to a remote server.
EP2703830EZ01 16/06/09
ED2 78/119
Figure 49 – Event sending configuration
This window is similar to the partition export window and the parameters to
be inserted are similar:
· Initial and final event to export.
· Selected Profile: The system can store the configuration data

inserted in this window. It is possible to keep up to 3
export/import profiles, so that selecting one of them, the values
for each configuration field for this profile appear in the window
automatically.
NOTA
Event sending profiles are different from the profiles defined for partition
export/import. If it is required to have the same profiles to send the event
log and to export/import partitions, it is necessary to define them in both
windows: Send Events and Export Partition (or Import Partition).
EP2703830EZ01 16/06/09
ED2 79/119
· Source Network: Local network (EP43 port) that the system will
use to send the event log. This port must have connection to the
server’s network where the event log is going to be sent to.
· IP address: IP address belonging to the source network. This IP

address does not need to be the same IP address assigned to
the EP43 port in the virtual machine when it is working as a
virtual network.
· URL: Remote configuration. It follows the format:

previously created on the server. “Host” is the IP address of the
server and “filename” is the name given to the file that contains
the partition. If the directory where the file is going to be stored is
not in the root user “user” directory, it will be necessary to
indicate the whole path.
REMARK
access password to the server from sending events.
· Transmission Key: Alphanumeric key for the partition

transportation. It is possible to insert this transmission key
manually o generate it automatically by selecting the option
“Generate key”.
· Establish as default configuration: The selected profile is set

as the default profile.
Press “Accept” to start the sending of the event log. A window

showing the sending progress appears on the screen. The
EP2703830EZ01 16/06/09
ED2 80/119
following window appears when the export has successfully
completed:
Figure 50 – Event Export completed
REMARK
If software updating is needed, an authorized user is recommended to

export the event log to an external server, since software updating means
its loss.
During the normal operation of the Multilevel System, the events generated
in the system are periodically stored in the SD (if it is inserted). This operation is
displayed on the EP43 with the symbol .
REMARK
While this symbol appears on the EP43 display (while the events are
being saved in the SD), the SD card must not be removed, since it could be
damaged.
It is recommended to take as usage policy, that the SD is always inserted in

the EP43.
When event log comes closer to the internal storage limit (500 events), a
warning message is shown asking the user to insert the SD in the EP43 in order
to make the event transfer to the SD and get some free space in the EP43. Select
“Accept” to continue:
EP2703830EZ01 16/06/09
ED2 81/119
Figure 51 – Reaching event storage limit
Once the user inserts the SD and selects “Accept”, a message informing
about the event storage in the SD appears:
Figure 52 – Saving Events into the SD
In case the SD is not inserted before the event storage limit is exceeded, the
event log is overwritten and the EP43 will get into a TAMPER situation and in the
EP43 display appears the symbol .
REMARK
In order to recover the equipment after a TAMPER induced by an event

overwriting, a new SD must be associated to the equipment since
recovering the equipment with the current associated SD is not possible.
As a new SD must be employed, event log is initialized and, thereby, all

events which had not be saved to the old SD will be lost.
5.2.5. System
This option allows the user to select the screen resolution and the
EP2703830EZ01 16/06/09
ED2 82/119
application language:
Figure 53 – System Configuration
Select “Accept” to save the changes. The system needs to restart to apply
the changes.
5.2.6. Authenticate/Unauthenticate User
This option behaves as a switch, since it changes its functionality depending

on whether any user is authenticated or not.
If the user is unauthenticated, this menu shows the option

Authenticate
User. The user name and password must be inserted to access the system and
its functionality. If the inserted user is not a valid user, a message informs of the
failed login operation.
If the user is authenticated, this menu shows the option Unauthenticate

User. This option blocks the system and stops automatically every running virtual
machine.
REMARK
It is recommended that the user turns off the virtual machines before
unauthenticating.
EP2703830EZ01 16/06/09
ED2 83/119
Security level 3 asks for user confirmation before unauthenticating the user
in case there are running virtual machines.
Figure 54 – Confirm Unauthentication
5.2.7. Turn Off
This option turns off the system selecting Turn off.
REMARK
Security level 3 asks for user confirmation before turning off the system in
case there are running virtual machines.
It is recommended to turn off the running virtual machines.
The system will switch off and on the PC screen appear the messages:
“Interfaz de control desconectado” (this message disappears after a very short
period of time, so it is possible that it is not visible) and “Terminando la ejecución”.
The EP43 stays on and waiting for the PC to start up again .
REMARK
It is recommended to always turn off the system correctly (first of all, turning
off the running virtual machines and after that, selection the turn off menu).
Following this procedure, the RAM memory assigned to each virtual
machine is correctly reseted.
This shut down procedure must be established as a security policy.
EP2703830EZ01 16/06/09
ED2 84/119
5.3. VIRTUAL MACHINE OPERATION
Each virtual machine is represented by a square with its name and

associated colour that allows its identification when it is running. On the bottom
side of the square, there are several green symbols indicating the available
operations and, at the top right corner, a blue symbol indicating the machine
state. The green symbol at the top left corner allows to access Machine
Information.
The following figure shows an example of a stopped virtual machine and the
description of each operation:
Figure 55 – Stopped Virtual Machine
If the user has permissions to see a virtual machine but he does not have
permissions to execute or modify it, the virtual machine appears as in the
following figure:
Figure 56 – Non accessible virtual machine
EP2703830EZ01 16/06/09
ED2 85/119
If a virtual machine is running, an image of what it is being executing is
shown inside the square (this window is not refreshed in real time, though the
frequency is enough to have a representative image of the performance of the
operating system).
Status of the virtual machine is displayed with a blue symbol at the top right
corner of the square:
Started and running virtual machine.

Stopped virtual machine.
Started and paused virtual machine.
The green symbols at the bottom of the window are:
Machine information. This symbol (top left corner) is only enable if the
virtual machine is running.
Play – Start virtual machine. This symbol is enabled whether the virtual
machine is stopped or paused.
Stop virtual machine. This symbol is enabled whether the virtual

machine is running or paused.
Pause virtual machine. This symbol is only enabled when the virtual
machine is running.
Virtual machine configuration. This symbol is always enabled, although

its functionality depends on the state of the virtual machine. If the virtual machine
is stopped, this option allows to configure static resources the machine is
assigned. On the other hand, if the virtual machine is not stopped, only removable
devices can be configured.
Delete virtual machine. This symbol is only enabled when the virtual
machine is stopped.
EP2703830EZ01 16/06/09
ED2 86/119
5.3.1. Machine Information
This option , which is only available if the virtual machine is running,

provides general information about the virtual machine. On selecting it, following
window is shown:
Figure 57 – Machine Information
Information:
· Memory employed by the virtual machine. This memory

represents the addition of the memory the virtual machine has
been assigned by the user and the memory used by control
application to start up and manage this machine.
· CPU load: percentage of processor usage due to this virtual

machine. Total processor usage results from the addition of the
usage all current running virtual machines and the usage of the
control application.
5.3.2. Start Machine
Clicking on the symbol (Play), the virtual machine starts up. The
application assigns the CPU resources that have been configured and the
EP2703830EZ01 16/06/09
ED2 87/119
machine boots from the boot unit configured in the section “General
Configuration” (network, hard disk or CDROM). If the machine boots from the
hard disk, the installed operating system starts.
REMARK
If the application detects that the virtual machine that is trying to start up
does not have any RAM memory segment assigned, or that there is not
enough memory available at that moment, a warning message will appear

indicating that it is not possible to start the virtual machine as well as the
reason why.
5.3.3. Stop Machine
On selecting symbol (Stop), control application stops the virtual machine.

This button is equivalent to the physical power off button on a conventional PC, so
this button is recommended to be only used if operating system which runs on the
virtual machine is blocked.
The virtual machine must be turned off following the appropriate operating
system procedure; then, pressing the stop button will no be necessary.
5.3.4. Pause Machine
This option suspends the machine so that there are no CPU resources
assigned to it.
Pressing , the virtual machine will be operative again.
5.3.5. Machine Configuration
This option allows to modify hardware resources the virtual machine is

assigned. On selecting this option, configuration window is shown with two
EP2703830EZ01 16/06/09
ED2 88/119
different tabs, although only one of them is accessible, depending on virtual
machine status.
General Configuration tab, accessible whenever the virtual machine is

stopped, allows to modify the static hardware resources the virtual machine is
assigned: i.e. CDROM, RAM memory segments, hard disk partitions, virtual
networks and ports.
Removable Devices tab, accessible whenever the virtual machine is not

stopped, allows to attach / detach removable devices such as USB memories to /

from the virtual machine.
REMARK
Different configuration options available from both tabs, General

Configuration and Removable Devices, will be enabled to the authenticated
user depening on its permission profile.
5.3.5.1. General Configuration
In order to configure these parameters, the virtual machine must be stopped.

Otherwise, all fields will appear disabled.
On clicking on symbol , following window appears:
EP2703830EZ01 16/06/09
ED2 89/119
Figure 58 – Virtual machine configuration. General configuration section
In this section the permanent resources of a virtual machine can be

assigned, since the general configuration can only be modified if the virtual
machine is stopped. To attach and detach the resources, use the buttons
and .
1. Machine name
2. Startup unit: The machine will boot from the network (if a
network is assigned), from CD (if the CDROM unit is assigned)
or from hard disk (if any partition is assigned).
3. Processors: To select how many PC processors the virtual

machine is going to use.
To improve system performance, only one processor is
EP2703830EZ01 16/06/09
ED2 90/119
recommended to be assigned to those virtual machines running
operating systems such as Windows 2000 or Windows 2000
Server.
4. CDROM unit. In this section, the CD unit of the PC can be

assigned to the virtual machine as an IDE device. If the PC
CDROM unit is assigned to a virtual machine, it will not be
available to the rest.
There two ways to assign a CDROM unit depending on if it is the

internal PC CDROM unit (assignation in the global configuration
section) or if it is an external USB CDROM unit (assignation in
the removable devices section). The only way that allows that
the machine starts up from a CD is using this first way; that is,
using the internal CDROM unit. In case of working with an
external USB CDROM lector, the resource is assigned from the
section “Removable Devices” as any other USB device;
however, it is not possible to boot a virtual machine from an
external CDROM unit.
5. Partitions: Selection of the partition (or partitions) to be assigned

to the virtual machine from a list of available partitions. When a
partition is assigned to a virtual machine, it will not be available
to the rest.
It is possible to assign more than one partition to a virtual

machine. The machine will start up from the partition created in
the first place and the rest will appear in the operative system as
additional hard disks. To start up from a specific partition, select
this partition in the menu Resources Management and access
the window Settings. In this window, select the option “Select
as first startup partition”.
REMARK
Security level 3 asks for user confirmation before attach/detach hard disk
partitions with data to/from a virtual machine.
EP2703830EZ01 16/06/09
ED2 91/119
6. Memory: Selection of the RAM memory segment to be assigned
to the virtual machine from a list of available segments. When a
segment is assigned to a virtual machine, it will not be available
to the rest. Only one memory segment can be assigned to a
virtual machine.
7. Networks: Selection of the network to be assigned to the virtual

machine from a list of available virtual or physical networks.
When a network is assigned to a virtual machine, it will not be

available to the rest. Only one network can be assigned to a
virtual machine.
8. Ports: Selection of the serial or parallel port(s) to be assigned to

the virtual machine from a list of available ports. When a port is
assigned to a virtual machine, it will not be available to the rest.
9. Selecting the symbol the colour assigned to the machine

can be modified.
REMARK
To configure the parameters in this section, it is necessary that the virtual

machine is stopped. Otherwise, these parameters are disabled.
5.3.5.2. Removable Devices
In order to configure these parameters, it is necessary that the virtual

machine is running. Otherwise, the section is accessible but the removable
devices detected by the system (e.g. USB memories) do not appear. Clicking on
the symbol when the machine is running, the following window appears:
EP2703830EZ01 16/06/09
ED2 92/119
Figure 59 – Virtual Machine Configuration. Removable Devices Section
In the left column the removable devices connect to the system are listed.
Selecting one of them and clicking it is added to the right column, where the
devices attached to the virtual machine are listed. When a removable device is
assigned to a virtual machine, it will not be available for the rest until it is detached
or the machine is stopped. Click on the button to detach the device. It will be
removed from the list on the right and will be available again for all the virtual
machines.
On clicking symbol , a removable device is permanently assigned to a

virtual machine. Therefore, if and USB memory is permanently attached to
“MACHINE1”, each time this USB memory is inserted, it will be automatically
assigned to virtual machine “MACHINE1”, if it is started, and will not be available
to the rest. Removable devices permanently assigned to the virtual machine will
be represented in the right column with symbol .
EP2703830EZ01 16/06/09
ED2 93/119
If the USB memory is inserted when virtual machine “MACHINE1” is not
started, it will be available for its assignment to any other virtual machine. For
example, on accessing Removable Devices tab of virtual machine “MACHINE2”,
the USB memory would appear in the column on the left (Non Attached Devices)
with the symbol to indicate that, although it is configured as a permanent
attached device to another virtual machine, it can be temporally attached to
“MACHINE2”.
If the USB memory is detached from virtual machine “MACHINE2” while

virtual machine “MACHINE1” is running, the USB memory will be automatically
attached to “MACHINE1”.
Click on the button to detach the permanently attached devices.
The Smartcard lector appears in the left column (non attached devices) as
an available removable device. This device refers to the Smartcard lector in the
EP43. If it is attached to a virtual machine, it can be used from the operating
system of the virtual machine as an external USB smartcard lector. In order to use
this lector properly, it will be necessary to install in the operating system of the
virtual machine the specific drivers of the smartcard to be used.
In case there is an external CDROM lector connected to the EP830E

system, reference code of the lector will appear in the left column (non attached
devices). The lector can be attached / detached to a virtual machine as a
standard USB removable device (this attachment is different from the attachment
performed in the section “General Configuration”, where the lector is assigned as
an IDE device, see chapter 5.3.5.1. - General Configuration). Main advantage of
this kind of attachment is that switching off virtual machines is not required to
change the CDROM lector from one to another.
Security level 3 asks for user confirmation before saving configuration

changes in the virtual machine:
EP2703830EZ01 16/06/09
ED2 94/119
Figure 60 – Confirmation before saving changes
Before detaching a removable device from a virtual machine, it is

recommended to always close the directories associated from the operating
system and to umount the device using the operating system tools. Otherwise, the
changes may not be correctly saved or the device may even be damaged.
WARNING
It is possible to attach removable communication devices (USB modems,

Bluetooth USB devices…) to a virtual machine that already has an attached
LAN network. The authorised user must verify if using a removable
communication device is endangering the information of the virtual machine
or is connecting a confidential network to a non secure network like Internet.
5.3.6. Delete Machine
This option deletes the virtual machine. When the virtual machine is deleted,
its associated resources (memory segment, partition…) are available again.
Deleting a virtual machine does not imply the loss of the user data or the
operating system, since the hard disk partition is not modified; it is simply not
assigned to that virtual machine any more…
At level 2 (medium) and 3 (high) the system asks for user confirmation:
Figure 61 – Delete machine confirmation
EP2703830EZ01 16/06/09
ED2 95/119
REMARK
At level 1 (low) the system does not ask for user confirmation before
deleting the virtual machine.
5.3.7. In and out the virtual machines

To enter a virtual machine; that is, to see the machine in full screen mode,
just click with the mouse on the square that represents the virtual machine.
To go back to the Control and Administration Screen, use the key

combination Ctrl + Alt + Backspace.
To go from a running virtual machine to another running virtual machine

without going into Control and Administration Screen, use the key combination
Ctrl + Alt + (ß or à).
EP2703830EZ01 16/06/09
ED2 96/119
6. ADMINISTRATION USER OPERATIONS
The administration user is the user who knows the system PUK code. The
authentication with the PUK code enables following operations:
· System installation
· Date and Hour settings

· Configuration default settings load
· System version update (firmware and software).
· TAMPER recovery
These operations are described in this chapter excepting “System

installation”, since it has been already described in chapter 4.3.1 - First
Installation.
In this chapter it is also described the correct procedure to break the EP43-
PC association. This operation will be required if, for maintenance reasons, it is
necessary to reuse an EP43 device with a different PC. In this case, the
information of the former Multilevel System remaining in the EP43 should be
deleted.
6.1. SET DATE AND HOUR
The EP43 date and hour settings must be configured in the first installation
procedure. In case these settings need to be modified, the administration user is
required, since it is necessary to cause a TAMPER situation to modify them. The
procedure is described as follows:
1. Turn off the Multilevel System, clicking on the menu “Turn Off”.
2. Press the zeroization button in the EP43 (press R).
3. Press the central key on the EP43. The PUK code is requested
on the EP43 display.
EP2703830EZ01 16/06/09
ED2 97/119
4. Insert the PUK code. If it is correct, the EP43 display menu
appears:
Figure 62 – EP43 display menu

5. Select the option “Poner en Hora” (i.e. “Date and Hour

Settings”) confirming with the central key. The top left side of
the display becomes accessible.
6. Modify the date and hour taking into account the following
indications: The blinking cursor points out the digit that is going
to be modified. The value is changed using the up and down
keys and to confirm the digit, press the right key. To confirm the
complete modification, use the central key.
7. Once the date and hour modification has been confirmed, the
EP43 display menu is shown again.
8. Select the option “Salir” (i.e. “Quit”). The normal system start
up sequence takes place with the new date/hour (on the display
appears the symbol ).
9. Switch the PC on.
6.2. RESTORE CONFIGURATION DEFAULT SETTINGS
When the administration user restores the EP43 configuration default

settings, all the information regarding the system resources and users is erased.
EP2703830EZ01 16/06/09
ED2 98/119
The procedure is described as follows:
1. Turn off the Multilevel System, clicking on the menu “Turn Off”.
2. Press the zeroization button in the EP43 (press R).
3. Press the central key on the EP43. The PUK code is requested
on the EP43 display.
4. Insert the PUK code.
5. If the PUK is correct, the EP43 display menu appears:
Figure 63 – EP43 display menu

6. Select the option “Borrar Configuración” (i.e. “Default

Settings”) confirming with the central key. This option erases
the current system configuration. The message “Pulse R para
aceptar. Extraiga SD para cancelar.” (i.e. “Press R to accept.
Remove SD to cancel.”) appears on the display.
7. Press the zeroization button (press R). On the display appears
the symbol .
At the stage the EP43 has no stored configuration. In order to

start up the multilevel system again it will be necessary to clean
and enable the TPM in the PC, as described at the beginning of
the installation procedure, and introduce the PUK code.
EP2703830EZ01 16/06/09
ED2 99/119
REMARK
The load of the configuration default settings implies the loss of all the
information regarding the system configuration; that is, the partitions
geometry and encryption keys, RAM memory segments, virtual machines,
users…
However, the load of the configuration default settings does not imply the
hard disk partitions cleaning (formatting) in the PC. If the partitions
geometry (initial and final sectors) and encryption keys are known (see
chapter 5.2.2.3 Hard Disk Management), it will be possible to get back the
operating systems in the PC. This will be possible if the system recovery is
done with a level 2 or 1 SD.
If the system recovery is done with a level 3 SD, the data are lost at the
moment of creating the partitions, since with this security level, the cleaning
of the partition is done automatically before creating it without asking for
user confirmation.
6.3. SYSTEM VERSION UPDATE
The Secure Multilevel System update may involve two operations: the
system software update (EP830E application whose number version appears on
the top side of the screen) and the EP43 firmware update (whose version number
appears on the bottom left side of the screen).
EP2703830EZ01 16/06/09
ED2 100/119
Figure 64 – Software and Firmware version
There are three different procedures to be followed depending on the kind of

update:
6.3.1. Firmware and Software update
1. Export the event log to a server in order to store them before

they get lost during the software update.
2. Make sure that there is a system configuration backup available

(partition initial and final sectors and the hard disk encryption
keys).
3. Turn off the Multilevel System.
4. Press the zeroization button (press R).
5. Press the central key in the EP43 keyboard.
EP2703830EZ01 16/06/09
ED2 101/119
7. After that, the following menu appears on the EP43 display:


8. Select the option “Nuevo Firmware” (i.e. “New Firmware”)

confirming with the central key. The message “Pulse R para
9. Press the zeroization button (press R). on the EP43 display

appear the following messages:
o “Borrando… Espere un momento por favor"
o “Aplicación no válida”
o “Tarjeta inválida”
o “Extraiga tarjeta”.
That is:
o “Deleting… Wait a moment please"
o “Not valid application”
o “Not valid SD card”
o “Remove SD card”.
10. Remove SD. On the display appear the EP43 boot version and
the message “Esperando módulo de carga” (i.e. “Waiting for
EP2703830EZ01 16/06/09
ED2 102/119
load module”).
11. Insert the special SD card with the firmware update. Following
messages are shown:
o “Cargando... Espere un momento por favor”
o “Arrancando Aplicación principal”

That is:
o “Loading... Wait a minute please”
o “Booting main application”
12. The symbol appears and the message “Extraiga tarjeta

firmware” (i.e. Remove firmware SD card).
13. Remove the firmware SD and insert the SD with the new
software version.
14. Press the central key in the EP43 keyboard. The PUK code is
required.
15. Insert the PUK code of the new SD. If the PUK code is correct
the following message sequence appears:
o “SD sin asociar”
o “Pulse R para asociar. Extraiga SD para cancelar”.
That is:
o “SD unattached”
o “Press R to attach. Remove SD to cancel”.
REMARK
It is possible that, instead of this last message (“Press R to attach. Remove
EP2703830EZ01 16/06/09
ED2 103/119
SD to cancel”), the message says:
§ “SD sin asociar y config. errónea”
§ “Pulse R para asociar y borrar configuración. Extraiga

SD para cancelar”.
That is:
§ “SD unattached and wrong config”

§ “Press R to attach and delete config. Remove SD to

cancel”.
This can happen with some software versions if the firmware has been
updated but not the SD. In this case, if the administration user decides to
attach the SD, the EP43 configuration will be lost (the same effect as
restoring the configuration default settings). Thereby it is indeed
recommended to have a system configuration backup (partition initial and
final sectors and the hard disk encryption keys).
16. Press the zeroization button (press R). The EP43 display menu
appears on the display.
up sequence takes place with the new firmware and software
versions (on the display appears the symbol ).
6.3.2. EP43 Firmware update (only firmware)

keys).
EP2703830EZ01 16/06/09
ED2 104/119
4. Press the central key in the EP43 keyboard.
6. After that, the following menu appears on the EP43 display:


7. Select the option “Nuevo Firmware” (i.e. “New Firmware”)

confirming with the central key. The message “Pulse R para
8. Press the zeroization button (press R). on the EP43 display

appear the following messages:
o “Borrando… Espere un momento por favor"
o “Aplicación no válida”
o “Tarjeta inválida”
o “Extraiga tarjeta”.
That is:
o “Deleting… Wait a moment please"
o “Not valid application”
EP2703830EZ01 16/06/09
ED2 105/119
o “Not valid SD card”
o “Remove SD card”.
9. Remove SD. On the display appear the EP43 boot version and
the message “Esperando módulo de carga” (i.e. “Waiting for
load module”).
10. Insert the special SD card with the firmware update. Following
messages are shown:
o “Cargando... Espere un momento por favor”
o “Arrancando Aplicación principal”
That is:
o “Loading... Wait a minute please”
o “Booting main application”
11. The symbol appears and the message “Extraiga tarjeta

firmware” (i.e. Remove firmware SD card).
12. Remove the firmware SD and insert again the same SD used
before the firmware update.
required.
14. Insert the PUK code. If the PUK code is correct the EP43 display
menu appears on the display.
up sequence takes place with the new firmware version (on the
display appears the symbol ).
EP2703830EZ01 16/06/09
ED2 106/119
6.3.3. EP830E Software update (only software)
1. Export the event log to a server in order to store them before

they get lost during the software update.

keys).
6. Remove the SD card.
7. Insert the new SD card with the new software version. As this
new SD is not the attached one, the symbols and

appear on the display indicating that the SD is not
acknowledged.
required.
10. Insert the PUK code of the new SD. If the PUK code is correct
the following message sequence is shown:
o “SD sin asociar”
o “Pulse R para asociar. Extraiga SD para cancelar”.
That is:
o “SD unattached”
o “Press R to attach. Remove SD to cancel”.
EP2703830EZ01 16/06/09
ED2 107/119
REMARK
It is possible that, instead of this last message (“Press R to attach. Remove

SD to cancel”), the message says:
§ “SD sin asociar y config. errónea”
§ “Pulse R para asociar y borrar configuración. Extraiga

SD para cancelar”.
That is:
§ “SD unattached and wrong config”
§ “Press R to attach and delete config. Remove SD to

cancel”.
This can happen with some software versions if the firmware has been
updated but not the SD. In this case, if the administration user decides to
attach the SD, the EP43 configuration will be lost (the same effect as
restoring the configuration default settings). Thereby it is indeed
recommended to have a system configuration backup (partition initial and
final sectors and the hard disk encryption keys).
11. Press the zeroization button (press R). The EP43 display menu
appears on the display.
up sequence takes place with the new software versions (on the
display appears the symbol ).
6.4. TAMPER RECOVERY
In case the system gets into a TAMPER state because of the detection of
any irregular situation, the EP43 administration user, who is the only one who
EP2703830EZ01 16/06/09
ED2 108/119
knows the PUK code, must be informed so that the TAMPER situation cause can
be evaluated and the security implications can be checked.
In order to recover the system from a TAMPER situation, the EP43

administration user must implement the following steps:
1. Make sure that the PC is switched off.
2. Check that the SD is inserted in the EP43 SD lector.

3. Press the central key on the EP43 keyboard.
4. The PUK code is requested. Once the PUK code is correctly

introduced, the normal Multilevel System start up sequence
takes place.
6.5. CORRECT EP43-PC DISASSOCIATION
This operation must also be performed by the EP43 administration user. The
procedure is described as follows:
1. Restore configuration default settings.
2. Press the zeroization button (press R) to induce a TAMPER

situation.
It is necessary to perform this operation if the EP43 device is going to be

used with another PC or if the EP43 device is going to be used in another location
and the information of the former Multilevel System remaining in the EP43 is
required to be deleted.
EP2703830EZ01 16/06/09
ED2 109/119
7. PERMISSIONS
7.1. PERMISSIONS DEPENDING ON THE USER TYPE
EP43 Default
Authorized
Administration User
User
User (ADMIN)
Restore Configuration Default Settings YES NO NO
Set date/hour YES NO NO

System Version Update YES NO NO
TAMPER Recovery YES NO NO
MACHINES View All NO YES SI/NO
MANAGEMENT
Create/delete NO YES YES/NO
SYSTEM Recovery NO YES YES/NO
MANAGEMENT Update NO YES YES/NO
View
GLOBAL PARAMETERS
NO YES YES/NO
Modify NO YES YES/NO

USER
MANAGEMENT Add/Delete NO YES YES/NO
Memory NO YES YES/NO

PERMISSIONS
Hard Disks NO YES YES/NO
Networks NO YES YES/NO

DEVICES
Handle Partitions NO YES YES/NO
MANAGEMENT
Permanent NO YES YES/NO
Removables
View NO YES YES/NO
EVENTS Manage NO YES YES/NO

FOR EACH VIRTUAL MACHINE
View NO YES YES/NO
MACHINE Modify NO YES YES/NO
Execute NO YES YES/NO
Attach/Detach NO YES YES/NO

ATTACHED Removables
DEVICES Attach/Detach NO YES YES/NO
Devices
SESSION Start NO YES YES/NO
STARTING Select NO YES YES/NO
Table 2 – Permissions for the different types of user
EP2703830EZ01 16/06/09
ED2 110/119
7.2. RELATION AMONG PERMISSIONS AND DESCRIPTION
TODOS LOS DERECHOS RESERVADOS. NO SE PERMITE SIN AUTORIZACIÓN ESCRITA DE EPICOM LA CESIÓN O
REPRODUCCIÓN TOTAL O PARCIAL DE ESTE DOCUMENTO, NI EL USO Y COMUNICACIÓN DE SU CONTENIDO.
Global Permissions
Linked
Number Permission Description Comments
Permissions
- A user cannot remove this permission
1 See all machines - View all virtual machines. - from its own profile (because it is linked
to the permission "Modify User").
- The permissions 14 to 18 related to a
- Access to the button “Add Machine”. virtual machine are automatically
2 Add/delete machines -
- Delete virtual machine. assigned to the user who has created
General this machine.
- There must be at least one user with
- Access to the Resources management menu
this permission.
and all its sections.
- With only this permission the recovery
3 System recovery - System recovery: Create and configure the 7, 8, 9, 10
of the system user list is not allowed (it is
PC resources (partitions, memory segments
not allowed the creation and modification
and networks).
of other users).
- Access to the button “User management".

- View other user’s configuration parameters1.
Users 4 View - from its own profile (even if there are
- Modification of the own user’s basic
more users with this permission).
parameters2.
- Access to the button “User Management”.
5 Modify 1, 4 from its own profile (even if there are
- Modification of all parameters of all users.
more users with this permission).
1 Always that the user has permissions to see the virtual machines.
2 Basic user parameters: Screensaver, User Name, Authentication mode, Password.
EP2703830ZZ01 16/06/09
ED2 111/119
Global Permissions
Linked
Permissions
- Access to the button “User Management".

6 Add/Delete - Modification of all parameters of all users. 1, 4, 5
- User Creation and Deletion.
- Access to the section "Memory" in the menu

7 Memory -
"Resources Management".
- Access to the section "Networks" in the menu
8 Networks -
"Resources Management".
- Access to the section "Hard Disk Name"3 in
9 Hard disks 10
Devices the menu "Resources Management".
Management
Attach/detach memory segments in section
10 Handle Partitions "General Configuration" in the window "Virtual -
Machine Configuration" of virtual machines4.
Permission to assign devices permanently to a

11 Permanent Removables -
virtual machine5.
12 View - View of the system event log. -
Events - View of the system event log.
13 Manage - Event sending to the SD card. 12
- Event export to a remote server.
3 "Hard Disk Name " refers to the name assigned to the PC hard disk in the first installation.
4 Permission conditioned to the access to the configuration of the virtual machines (permission 15 Modify).
5 Permission conditioned to the permission attach/detach removables to/from this virtual machine.
EP2703830ZZ01 16/06/09
ED2 112/119
Global Permissions
Linked
Permissions
- View the virtual machine. With only this
14 View permission, it is not possible to start it up or -
modify it.
- Access to the section "General Configuration"
in the window "Virtual Machine Configuration ".
- Modification of the basic parameters of the
Machine 15 Modify virtual machine6. 14
- Attach/detach Devices (CDROM, partitions,
memory segments, networks) of the virtual
machine7.
- Enables the buttons "play", "stop" and "pause"
16 Execute 14
of the virtual machine.
- Access to the section "Removable Devices" in
Attached the window "virtual Machine Configuration ".
17 Attach/detach Removables 14, 16
Devices - Attach/detach removable devices to/from the
virtual machine.
6 Basic parameters of a virtual machine: Name, Banner Colour, Startup Unit.

7 Attach/detach Devices conditioned to the permission Attach/Detach Devices.
Attach/detach Partitions conditioned to the permission Handle Partitions.
EP2703830ZZ01 16/06/09
ED2 113/119
Global Permissions
Linked
Permissions
- Access the section "General Configuration" of
the window "Virtual Machine Configuration ".
18 Attach/detach Devices - Attach/detach devices (CDROM, partitions, 14, 15
memory segments, networks) of the virtual
8
machine .
- Automatic starting of the virtual machine when
19 Start the user authenticates, without needing to start 14, 16
it manually.
Session - Automatic starting of the virtual machine when
Starting the user authenticates, without needing to start
This option can only be selected in
20 Select it manually. 14, 16, 19
one of the virtual machines.
- Visualization of the virtual machine in full
screen.
Points to bear in mind:
· A user with no permissions in the window “User Information” has only privileges to change its basic
parameters: screensaver, user name, authentication mode and password.
· A user can not delete himself from the user list.
8 Attach/detach Partitions conditioned to the permission HandlePartitions.
EP2703830ZZ01 16/06/09
ED2 114/119
8. FUNTIONALITY INFORMATION
Specific Multilevel system operating features are described in this chapter.
8.1. AUDIO AND MICROPHONE
The Multilevel System does not support neither audio nor microphones.
8.2. CD/DVD MANAGEMENT
8.2.1. CD/DVD Management

The PC internal CD/DVD lector can be only assigned to a virtual machine

when the machine is stopped. The CD/DVD lector remains assigned to that virtual
machine and in order to assign it to another virtual machine it is necessary to stop
both machines, reassign the CD/DVD lector and start the machines up again.
To change CDs in the same virtual machine it is not necessary to stop the
virtual machine, as in a normal computer.
REMARK
It is possible that the mouse blocks a couple of seconds when inserting a

CD.
REMARK
Sometimes and with some operating systems (Windows XP) the

replacement of a CD with another one is not properly updated, so the files
shown are the files from the replaced CD. In this situation, select the option
“eject” (clicking with the mouse right button on the CD). The CD is rejected.
Insert it again and the correct files will appear.
8.2.2. CD Burning
The Multilevel System does not support CD burning; neither through the PC
EP2703830ZZ01 16/06/09
ED2 115/119
internal CD lector nor through an external USB CD lector.
8.2.3. Multisession CDs
Sometimes, the second and sucessive sessions recorded on a multisession

CD can not be correctly readen by the operative system so from the operative
system only the first sesión is visible.
8.3. MISCELLANEOUS
· Screen resolution for Windows: 1024x768.
· The system does make a distinction between capital and small

letters when checking that two virtual machines do not have
identical names.
· If a virtual machine has more than one hard disk partition

assigned, it will boot from the partition created on the first place.
To select the boot partition, activated the option “Select as first
startup partition” on the menu Resources Management > Hard
Disk > Settings.
8.4. PC MODELS
Specific BIOS configuration features of concrete PC models are described in

this chapter:
· HP Compaq dc 7800P, BIOS version 786F1 1.04:
Storage/Storage Options/SATA Emulation à RAID option enabled
Advanced/Device options/SATA ROM dischargeàRAID option disabled
EP2703830ZZ01 16/06/09
ED2 116/119
8.5. USB STORAGE DEVICES MANAGEMENT
The Multilevel System emulates USB memories version 1.1. USB memories
version 2.0 are emulated with version 1.1.
It is necessary to remove the USB memories correctly:
· Close any directory where the files in the USB memory appear.
· Detach the USB memory from the virtual machine.

If these steps are not followed, it is possible that the changes done in the
memory are not correctly saved.
8.6. BLUETOOTH
The Multilevel System does not support Bluetooth connections.
EP2703830ZZ01 16/06/09
ED2 117/119
9. TECHNICAL SPECIFICATIONS
9.1. PHYSICAL FEATURES
· Desktop device
· Dimensions:
o Frontal Width 156 mm.
o Maximum Height 46 mm
o Minimum Height 32 mm
o Depth 152 mm.
· Device Weight 489 g aprox.
· Package dimensions:
o Frontal Width 270 mm.
o Height 105 mm.
o Depth 250 mm.
· Battery:
o Code: BLLI063448+pc.
o Description: Ion Lithium Battery 3.7V
o Voltage: 3.7V
o Capacity: 900mAh
o Dimensions: 6.3 x 34.0 x 48.0 mm (depth x length x

height)
o Weight: 30g
EP2703830ZZ01 16/06/09
ED2 118/119
9.2. DEVICE PROTECTIONS
· The system access is protected with the PUK secret code (from
6 to 16 characters). As an additional protection mechanism
against brute force exploration of its value, the device is
deactivated for an hour after 6 wrong PUK insertion attempts.
This situation repeats with another blocking hour if there is
another wrong PUK attempt. And the same again with
successive wrong PUK attempts.
· The EP43 device has an internal zeroization contact so that if

the EP43 is tried to be opened, this detector activates and leads
the EP43 to a TAMPER situation. To recover the device form
this TAMPER situation, the PUK code must be known. The
same effect has the activation of the zeroization button (R
button), when this button is pressed, the EP43 gets into a
TAMPER situation.
· The detection of inconsistencies in the signatures or integrity

and authenticity violations in critical system elements leads the
EP43 to TAMPER situations.
· Temperature oscillations over or under the defined thresholds

lead the EP43 to TAMPER situations.
· The encryption of hard disk partitions with different keys is

permitted.
· Association between EP43 and PC.
· Association between EP43 and SD.
EP2703830ZZ01 16/06/09
ED2 119/119

Nps 5 D66

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Nps 5 D66

Загружено:

Авторское право:

Доступные форматы

ALL RIGHTS RESERVED. IT’S NOT ALLOW ANY REPRODUCTION OF THIS DOCUMENT WITHOUT WRITTEN AGREEMENT OF EPICOM,S.

MODIFICATION PREPARED REMARK OF

N/P = DO NOT PROCEED

1.2. APPLICATION AREA ......................................................................................................... 8

2. APPLICABLE DOCUMENTS AND REGULATIONS .................................................... 9

2.1. GENERAL REFERENCES.................................................................................................. 9

2.2. SPECIFIC REFERENCES .................................................................................................. 9

3. SYSTEM DESCRIPTION ............................................................................................ 10

3.1. DESCRIPTION OF THE EP43 DEVICE .............................................................................12

3.2. EP43 MESSAGES.............................................................................................................14

3.3. PC DESCRIPTION ............................................................................................................18

3.4. SD’S GENERATION CENTRE...........................................................................................19

3.5. USER TYPES....................................................................................................................21

4.1. UNPACKING .....................................................................................................................25

4.2. CONNECTION ..................................................................................................................26

4.3. MANAGEMENT BASIC RULES.........................................................................................27

4.3.1. First Installation .............................................................................................................27

4.3.1.1. Previous steps in the PC ...........................................................................................28

4.3.1.2. EP43 – SD Association .............................................................................................29

4.3.1.3. EP43-PC Association. Installation Procedure.............................................................31

4.3.1.4. Initial Authentication ..................................................................................................34

5.1.1. Hardware Inconsistencies ..............................................................................................43

5.2. SYSTEM CONTROL AND ADMINISTRATION OPERATIONS...........................................45

5.2.1. Add Machine (virtual machine).......................................................................................46

5.2.2. Resources Management ................................................................................................48

5.2.2.1. Memory Management................................................................................................48

5.2.2.2. Network Management ...............................................................................................52

5.2.3. User Management .........................................................................................................68

5.2.6. Authenticate/Unauthenticate User..................................................................................83

5.2.7. Turn Off .........................................................................................................................84

5.3. VIRTUAL MACHINE OPERATION.....................................................................................85

5.3.1. Machine Information ......................................................................................................87

5.3.2. Start Machine ................................................................................................................87

5.3.3. Stop Machine ................................................................................................................88

5.3.4. Pause Machine..............................................................................................................88

5.3.5. Machine Configuration...................................................................................................88

5.3.5.1. General Configuration ...............................................................................................89

5.3.5.2. Removable Devices ..................................................................................................92

5.3.6. Delete Machine..............................................................................................................95

5.3.7. In and out the virtual machines ......................................................................................96

6. ADMINISTRATION USER OPERATIONS .................................................................. 96

6.2. RESTORE CONFIGURATION DEFAULT SETTINGS........................................................98

6.3. SYSTEM VERSION UPDATE..........................................................................................100

6.3.1. Firmware and Software update ....................................................................................101

6.3.2. EP43 Firmware update (only firmware) ........................................................................104

6.3.3. EP830E Software update (only software) .....................................................................107

6.4. TAMPER RECOVERY.....................................................................................................108

6.5. CORRECT EP43-PC DISASSOCIATION.........................................................................109

7. PERMISSIONS ......................................................................................................... 110

7.2. RELATION AMONG PERMISSIONS AND DESCRIPTION ..............................................111

8. FUNTIONALITY INFORMATION .............................................................................. 115

8.2. CD/DVD MANAGEMENT.................................................................................................115

8.2.3. Multisession CDs.........................................................................................................116

8.3. MISCELLANEOUS ..........................................................................................................116

8.4. PC MODELS ...................................................................................................................116

8.5. USB STORAGE DEVICES MANAGEMENT.....................................................................117

9. TECHNICAL SPECIFICATIONS............................................................................... 118

9.1. PHYSICAL FEATURES ...................................................................................................118

9.2. DEVICE PROTECTIONS.................................................................................................119

Figure 1 – System Architecture.........................................................................................................11

Figure 9 – Display after the start up sequence ..................................................................................33

Figure 52 – Saving Events into the SD .............................................................................................82