Q: Can I connect multiple bridges to a single site in Switch Deck?
A: Yes, but it’s important that if you do this both bridges are tied to the same PACS (e.g. two different panels running on a single Lenel system). You cannot have two bridges on a single site connected to different PACS.
Q: Given the bridge is an Ubuntu device, how are patches and security updates done?
A: The OS, kernel and default Ubuntu packages are automatically updated on a weekly basis (Sunday nights) with the latest stable 18.04 LTS release from Canonical. In the event of upgrade failure, the OS automatically rolls back to a previously working version. A future OS update to 20.04 LTS is planned but we have not committed to a timeline for this
Q: How will patches/updates to Z9 be delivered to the bridge?
A: Updates to the Z9 PACS snap can be issued by partners/owners from Switch Deck via the micro-site to which the Switch Bridge is claimed
Q: I noticed on the bridge there are standard ports like HDMI and USB. That means I can plug in a keyboard and mouse. What measures are taken to prevent someone from obtaining access that way?
A: These ports are disabled at the hardware level
Q: There is a console port on the bridge. What measures are taken to prevent someone from obtaining access that way?
A: The two Switch Bridges we just shipped are provided with an 'open' build in that there is a console available that can be logged into for ease of diagnostics during beta periods and for internal development. Production Switch Bridges do not have this capability (no console, no root login, no SSH, etc) to maximize security
Q: Has the Bridge itself been penetration tested at all?
A: No. The only exposed inbound port is the inbound traffic to the PACS-facing software snap. This snap has minimal AppArmor-based permissions and has been thoroughly tested by Z9. For these reasons, we feel confident not pursuing penetration testing of the Switch Bridge
Q: Is the OS/Data encrypted?
A: Not yet - this feature is in our backlog. Specifically, Ubuntu Core 20.04LTS offers this feature natively (using the onboard TPM for secure key storage). Our intentions are to leverage this when ready from Canonical
Q: Where is the auto-generated password for a bridge located for communication between a Lenel Comm Server and the Bridge?
A: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Z9 Security\PACS Drivers\OnGuard\ConnectionPasskey (Note: the “Z9 Security” reference will be changing to “Switch Tech”)