Icon-5066 is a modem-independent STANAG 5066 server. It enables applications to work efficiently over HF Modems/Radios and allows multiple applications to work simultaneously.

Icon-5066 will connect to one or two HF modems, either through a Crypto box or directly, and provides a single interface to an HF network, which can be shared by multiple applications.

The diagram below shows how Icon-5066 is deployed in conjunction with an HF network and two peers, which may use Icon-5066 or another product compliant to STANAG 5066. STANAG 5066 provides a link layer optimized for HF Radio and described in the whitepaper [STANAG 5066: The Standard for Data Applications over HF Radio].

Applications connect to Icon-5066 using the STANAG 5066 SIS (Subnet Interface Service) protocol. Each application uses one of 16 SAP IDs (Service Access Point Identifier).


Icon-5066 runs as several processes on Windows or Linux, as shown in the diagram below:

  1. Icon-5066 Distributed Data Service (DDSD) provides orchestration of the Icon-5066 service and monitoring management capabilities. DDSD runs as a Windows or Linux service. Management is via Web Browser connecting to this service using OAuth authentication. DDSD manages and controls all of the nodes on the core service.
  2. The Icon-5066 Core service comprises one or more independent Icon-5066 nodes controlled by DDSD. Each of these nodes implements the STANAG 5066 protocols and connects to a modem. This enables multiple STANAG 5066 services to be conveniently run on a single server.

Each Icon-5066 node can have one or more drivers configured that support a variety of capabilities. These drivers are implemented in the Lua scripting language. This has a number of advantages:

  • It enables Isode to offer a selection of drivers to address different configuration requirements.
  • It allows Isode customers and partners to easily develop custom drivers to meet specific needs.

The main drivers in Icon-5066 are:

  • Modem Driver. This is the most likely driver that Isode customers will provide, in order to support additional modem types.
  • Rate Change Driver. This controls selection of transmission parameters when changing speed.
  • Transmission Control. This controls choice of a number of modes of operation:
    • Half-Duplex
    • Full-duplex
    • Broadcast
    • CSMA (Carrier Sense Multiple Access)
    • WTRP (Wireless Token Ring Protocol)
    • ALE 1:1 (Use of Automatic Link Establishment to control access to a single peer at a time)
  • ALE Configuration: two drivers support ALE configuration

Key Features

Full Duplex & Broadcast

The most common form of HF communication is Half-duplex, where transmission direction alternates. This is often used for reliable (ARQ) transmission between a pair of nodes where each node alternately transmits and receives. Icon-5066 supports two additional modes of STANAG 5066 compliant communication:

  1. Broadcast. Where a node continuously sends non-ARQ traffic and never receives any data. This will typically be used at fixed frequency from a transmit-only site.
  2. Full-duplex. Simultaneous transmission and reception on two separate frequencies. Full-duplex gives significant performance benefits, but can only be used in configurations where sufficient separation can be achieved between transmit and receive sites. Icon 5066 provides two modes of full-duplex operation; Single modem (where the modem is operating in full-duplex) and Two modems, independently configured, where one is used for Transmit and the other for Receive.

Data Rate Selection

Data Rate selection is the choice made before transmission of parameters affecting the transmission; in particular speed and interleaver. This is a critical choice for optimizing performance and Quality of Service for the data being handled. Icon-5066 offers a choice of drivers for different rate selection (in addition to customer rate change drivers):

  • Fixed: A simple fixed setting for use when fixed parameters are desired or where it is not possible to change them dynamically.
  • Signal to Noise Ratio (SNR): This is the best option for most deployments. This uses the mechanisms specified in STANAG 5066 Ed4 to enable sender selection of best parameters for either latency or throughput.
  • Frame Error Rate (FER). Useful when SNR information is not available from the modem. This optimizes for throughput using the "Trinder/Gillespie" algorithm.

Multi-Node Networks: CSMA

Icon-5066 supports multi-node HF networks operating over a single HF Channel following STANAG 5066 Annex K, providing CSMA (Carrier Sense Multiple Access) using jitter. The basic CSMA specification in Annex K is appropriate for networks with large numbers of nodes sharing a single HF frequency.

“Slotted Option for STANAG 5066 Annex K” (Specified in STANAG 5066 STANAG Ed4) provides a more efficient and robust option for networks with a small number of nodes, by use of a configured transmission slot for each node. This also enables:

  • Operation with single CAS-1 soft link, which is important for interoperability and some traffic patterns.
  • Operation with multiple CAS-1 soft links, which improves sharing the HF channel and reduces soft link setup overhead.

Multi-Node Networks: WTRP

Icon-5066 also supports multi-node HF networks operating over a single HF Channel following STANAG 5066 Annex L, Wireless Token Ring Protocol (WTRP). This provides an efficient and fair way of sharing a channel between nodes. It is particularly useful in conjunction with surface wave to support naval task groups. Further information is provided in [Wireless Token Ring Protocol].


Icon-5066 provides support for ALE (Automatic Link Establishment) by use of ALE drivers following the procedures specified in STANAG 5066 Ed4. Icon-5066 enables use of 2G ALE, 3G ALE and 4G ALE from different vendors. Icon-5066 configures ALE by mapping peer STANAG 5066 addresses to ALE. Supported ALE units are listed with modems.

Icon-5066 includes ALE Management capabilities to enable configuration of multiple nodes participating in an HF Network. This is described here.

Modem Support

Icon-5066 can be configured with either one modem or two (one for transmission, one for reception). Communication with each modem uses two independent channels; Data, which is mandatory, and Control. Control is optional and will use protocol specific to the chosen modem. Most modems can be used fixed speed without control.

Icon-5066 supports STANAG 4415, STANAG 4285, STANAG 4539 and STANAG 5069 (Wideband HF) waveforms.

Modem Data Support

Icon-5066 supports the following four modem data communication options. These can be used with or without modem control. Use without modem control allows support of any HF modem as fixed speed.

  • Synchronous Serial: Required by STANAG 5066 Annex D and used operationally to communicate with Crypto devices, Icon-5066 support the Microgate family of cards and SyncLink USB device.  Current support is on Windows, with Linux support planned.
  • Asynchronous Serial: Icon-5066 supports Async Serial on Windows using Windows COM ports and Linux TTY. Async serial is not useful with common Crypto boxes, as they encrypt to stop bits, and so this does not follow the standard. However, it can often be useful for operation without Crypto, as many modems provide an Async Serial interface.
  • TCP using MIL-STD-188-110D Appendix A: Defines a TCP protocol to communicate data to a modem.  This is a very useful option for operation without Crypto. It is supported by the Collins family of modems.
  • Raw TCP. This is a simpler TCP approach which is useful for some setups. It is supported by RapidM RM10.

Supported Modems & ALE Units

Icon-5066 currently supports control for the following RapidM, Thales and Collins modems:

  • RapidM RM6
  • RapidM RM8 with 2G and 3G ALE
  • RapidM RM10 with 2G, 3g and 4G ALE
  • Collins Q9600
  • Collins Q9604
  • Collins HSM 2050
  • Collins RT-4800
  • Collins RT-2200A with 4G ALE
  • Thales TRC1774 with 2G and 3G ALE
  • Leonardo Data/Voice Modem (P/N AA8808625200 and P/N AA8808619500 single and four channel configuration)

SNR Monitoring

Icon-5066 provides a mode to monitor a modem and report SNR using a simple protocol. This is a general purpose capability, useful to support the FAB service provided by M-Switch to support BRASS deployments.

Crypto Bypass

Icon-5066 will usually be deployed with a Crypto in the data path between Icon-5066 and the modem. This is the only connectivity needed for fixed speed operation without ALE.

For ALE and variable speed on the supported modems, Icon-5066 needs a control connection to the modem. This is commonly referred to as Crypto Bypass. For some deployments, a direct connection can be made, where accreditation allows.

Commonly, it is required to use boundary devices to control flow of data between red (Icon-5066) and black (modem). Icon-5066, which is primarily a red-side product, offers a Proxy Modem component which runs on black side.  The Proxy Modem supports control of the same modems and ALE units as Icon-5066 core. 

Modem Control communicates with red side using a pair of XML Guards supporting the Guard Content eXchange Protocol (GCXP) acting as application level data diodes. Isode’s M-Guard product is recommended for use with Icon-5066 to achieve this.

Management and Monitoring

Icon-5066 is configured and monitored using a web interface. The configuration interface allows for the creation of new Icon-5066 nodes, setting of detailed parameters and the selection/configuration of drivers.

Web monitoring is provided for all of the configured nodes and includes information on:

  • Modem status (Transmit/Receive/Idle)
  • Current (or most recently used) modem parameters, including speed, interleaver and bandwidth (for STANAG 5069 WBHF)
  • Frame Error Rate for received transmissions
  • SNR measured on reception
  • STANAG 5066 send and receive transmissions with progress bar
  • Status of CAS-1 links established for ARQ communication including link and break attempts.
  • ALE status, including setup time, negotiated frequency and negotiated bandwidth for 4G ALE.
  • UI display of connected applications with status information.
  • Overall system health status (red/green/amber).
  • Link utilization.
  • ARQ Window Monitoring
  • Enable/Disable of individual nodes

Red/Black Drivers

Icon-5066 provides two Red/Black drivers to support HF Communication chain monitoring and management using Isode's Red/Black product.

  1. Modem Driver for all supported modems. This enables modem monitoring and control using Red/Black.
  2. Icon-5066 driver to allow monitoring and control of Icon-5066 nodes. This allows enable/disable of nodes, to facilitate communications chain reconfiguration.

Simulation Test Tools

Isode provides two test tools and an HF Network Simluator with Icon-5066 to assist partners in testing Icon-5066 deployments. Details available here.


Management access to the Icon-5066 services is controlled using OAuth.

TLS (Transport layer security) provides protection for:

  • HTTPS Web Access to DSSD.
  • TLS Support for GCXP to support Modem Proxy (Crypto bypass) across a Red/Black boundary.

Icon-5066 provides Web UI support for creating and managing identities and certificates associated with TLS

STANAG 5066 Conformance

Icon-5066 conformance to STANAG 5066 is set out here.

Application Support

Icon-5066 supports a number of applications that work over STANAG 5066, set out here.