Icon-5066 3.1 – New Capabilities

2nd May 2024 HF Radio Icon-5066 Military Product Announcement

Icon-5066 is our modem independant, STANAAG 5066 server. It enables users to run applications efficiently over HF Radios & Modems.

You can find out more about Icon-5066 here.

Icon-5066 Dashboard

Black Side Management

The major change in Icon-5066 3.1 is a new black side capabilities. Icon-5066 3.0 was a red side product, with a very simple black side proxy modem. In Icon-5066 3.1, the black side now includes the core Icon-5066 processes. This means that the Icon-5066 servers can be operated in three ways:

  1. As complete Icon-5066 product without any red black split.

  2. As a red side Icon-5066 product, which communicates with black side using:

    1. A data link, which will typically connect to a crypto device, which in turn connects to a modem; and

    2. GCXP (Guard Content eXchange Protocol) links which will control and monitor black side modem and ALE unit, usually through M-Guard.

  3. As a black side Proxy Modem product, which communicates with red side using GCXP and controls.

Benefits of this new architecture:

  1. More configuration managed black side, so there is less red to black communication and thus improved security.

  2. Multiple black side modems can be managed by Proxy Modem, with each Proxy Modem node paired with a red side Icon-5066 node.

  3. Split site (Rx and Tx modems) managed black side and transparent to red side.

  4. Black side monitoring Web UI for proxy modems.

  5. Web UI configuring proxy modems.

ALE Configuration

The ALE configuration introduced in Icon-5066 3.0 has been enhanced significantly:

  1. New and improved red side configuration UI.

  2. Frequency scheduling driven red side

  3. Operation over red/black boundary, with only current ALE configuration being sent red to black

  4. Split site support, so that configuration updates are sent to both Rx and Tx ALE Units.

Management UI Improvements

Some significant improvements made to the Icon-5066 configuration UI:

  1. A new “dashboard” view combining elements from various earlier views to give a clean top level view of all nodes.

  2. Introducing tabs, so that advanced configuration options are hidden from the default view

  3. Improved TLS configuration

Modem Monitoring and Web API

A new Web API has been added to monitor and control modems and Icon-5066 configuration. This has secure access controlled by a strong authentication token. The initial use of this is by Red/Black to monitor Icon-5066 modems managed by the Proxy Modem service. Red/Black 2.0 includes a number of device drivers for monitoring supported modems, including MoRaSky, as well as Icon-5066 monitoring and enable/disable control.

This API is planned to be used for configuration control by Icon-Topo.

Managed Modems

The primary use of Proxy Modem is to manage modems used and controlled by Icon-5066. Icon-5066 3.1 also supports “Managed Modems” which are monitored and controlled through the Web API but are not used by Icon-5066. This is to support modems used for other purposes, such as Voice or ACP 127 direct to modem.

Red/Black 2.0 includes a Managed Modem device to monitor and control Managed Modems.

New Modem/ALE Unit Support

The following ALE capabilities are added:

  • 2G and 3G ALE support for Collins RT-2200A Radio/Modems.

MoRaSky Enhancements

Various MoRaSky enhancements, primarily to support testing of new Icon-5066 capabilities, in particular:

  1. Enable one connection to be split over Tx and Rx modem. Needed for proxy modem testing of split site.

  2. Enable pairs of modems to be specified. Needed for split site without proxy modem.

  3. Export of configuration parameters from UI. Useful for automated testing.

Annex T Prototype

Icon-5066 3.1 includes a prototype implementation of AES crypto following STANAG 5066 Annex T. This is not suitable for production, but may be of interest for experimentation and testing.