Maintaining the PNA in a Secured Environment (Incl. ECal Modules)

In many cases it is imperative that the PNA be used in a secured environment. Generally these secured environments will not allow any test equipment to leave the area unless it can be proven that all devices capable of maintaining memory have been thoroughly erased. This, in conjunction with the Windows operating system, presents some difficulties when the PNA must be transported to a non-secure environment such as a repair/calibration facility. This document describes the types of memory used in the PNA and describes a method to maintain security under these conditions. Please note that some of this information is dependent upon the CPU board used in your PNA. For purposes of this document, these are divided into "266MHz CPU", "500MHz CPU", "1.1GHz CPU", "1.6GHz CPU" and "2.0GHz CPU". Look here to determine your CPU type. All PNAs shipped from about March 2002 to about April 2006 have the 500MHz CPU board. Since then, all PNAs except the PNA-X family, should have the 1.1GHz CPU. The PNA-X family (N524xA and N5264A) generally shipped with 1.6 GHz CPU board up until about Sept 2009 when all switched to a 2.0GHz CPU board. These two CPUs are both easily removable and are somewhat similar, but the 2.0GHz CPU has an easily removable hard drive whereas the older 1.6GHz CPU had the hard drive enclosed within the CPU assembly.

Note: The terms PNA, PNA-L and PNA-X all refer to the overall PNA family. The PNA-L and PNA-X refer to specific models, but for the purposes of this document, all are part of the PNA family. Some features only refer to the PNA-X models and those are denoted by the term PNA-X. This document applies to the entire PNA family of analyzers including, but not limited to, all model variations of E835xA, E836xA/B/C, N522xA, N523xA/C, N524xA, N526xA.

Note: There are several references to floppy disks below. Newer PNAs do not have a floppy drive. For backup purposes use a USB pen drive instead.

There are no batteries in the PNA other than the one used to power the clock chip on the CPU board. This is a typical button-type Lithium battery; #2335 for older PNAs (266 or 500MHz), or #2032 for newer PNAs.

The PNA has several types of memory.

• All PNAs have from 64MB to 2GB of SDRAM in one or two SODIMMs or DIMMs, but this is volatile memory and it loses its memory as soon as the PNA is shut down or hibernated. This is not a security concern.
• The main non-volatile device is, of course, the hard drive. Before April of 2004, this was a 10GB 2.5inch hard drive. From 2004 until 2009, all units had a 40 GB hard drive with XP as the operating system. Starting in mid 2009, the hard drive changed to 80 GB and will probably change again as hard drive capacity increases and older drives become obsolete. The hard drive is a security concern.
• The 500MHz CPU boards have a Compact Flash header which could contain non-volatile Compact Flash memory, however, none were installed at the time of shipment. This was for possible future uses, but has never been implemented. The presence of any compact flash card is not dealt with in this document.
• Each major board assembly, other than the CPU, may have one, two, or three serial EEPROM devices. These devices hold only 512 bytes each and are not user accessible. These contain information related to the installed hardware, such as board serial number, options, correction constants, offsets, DAC values, etc. This data is required to make the PNA functional. This data can be changed only by factory personnel or by calibration labs when performing adjustments. No user data is stored in these locations!
• Models N524xA/N526xA (PNA-X) have a 2MB Flash chip on the TestSet Motherboard that contains more extensive calibration data, DAC settings, correction constants, etc. It can only be accessed via the adjustment routines which limits the type of data that can be stored. The contents of this memory is not user accessible. In addition, the format of this memory is unusual, proprietary, and contains a checksum to ensure nothing can change without following the proper adjustment procedure. This data is required to make the PNA functional. Because this memory is not user accessible, this is generally not considered a security concern.

Because it is virtually impossible to completely and selectively erase all user data on a Windows-based hard drive without also destroying the operating system, the best method for maintaining security when the PNA must be removed from a secure area is to replace the hard drive with a "non-secure" hard drive. i.e. a drive that has never had any sensitive data placed on it. This allows the PNA to still function properly in non-secured areas or for use when servicing. All PNAs except for the E8356A/57A/58A and earlier PNA-X units have an easily accessible hard drive on the rear panel (view picture). The older PNA-X units are a bit more difficult to access; requiring the removal of about 20 screws. Newer PNA-X units (as of ~Sept 2009) have an easily removable hard drive tray. This document does not detail the step-by-step instructions of how to remove the hard drive (see service manual for this); instead, it documents the general steps needed to maintain security. This document assumes that this spare hard drive is on hand.

Agilent has available a relatively inexpensive, pre-configured hard drive for the PNA which must be purchased in order for this security method to work. Because there are multiple different CPU boards and different mounting methods, the proper part number must be ordered. See below for partial information. Complete information regarding part numbers is available on our HDD part number page.

• For any 2.0GHz PNA-X model (N524xA, N5264A) Order hard drive assembly part number N5242-60044. This contains the HDD already mounted to the plug-in tray. Since the mxcalfiles are not stored on the hard drive (or CPU), there is no need to back them up as is needed for most other PNA models.
  
• For any 1.6GHz PNA-X model (N5241A/42A) Order CPU assembly part number N5242-60037. The entire CPU assembly is recommended for quick swapping purposes. The PNA-X has the hard drive located within the CPU assembly. Replacing the hard drive inside the CPU assembly requires the removal of multiple screws which is not recommended. Since the mxcalfiles are not stored on the hard drive (or CPU) , there is no need to back them up as is needed for most other PNA models.
  
• For any PNA except E8356A/7A/8A If it has a 500MHz CPU, then order model number N8980A; otherwise it will have a 1.1GHz CPU which requires model number N8981A. This can be ordered at any time, and can be specified with the purchase of the PNA. It comes with mounting tray and complete operating system. It does not include the mxcal files for your specific instrument! (see below)
  
• For E8356A/7A/8A PNAs with a 500 MHz CPU board. Also order N8980A. If you have a 1.1GHz CPU, then order N8981A. It will come with a mounting tray, but the mounting tray will not be needed. It does not include the mxcal files for your specific instrument! (see below)
• For E8356A/7A/8A PNAs with a 266MHz CPU board. Order E8356-60076. This is just a hard drive with the operating system on it. It does not include mxcal files for your specific instrument! (see below)

As shipped from the factory, all PNAs have very little unique information stored on the hard drive. This allows one hard drive to function on most any PNA assuming it has the appropriate type of CPU. However, there are a few small instrument-specific files that contain some factory correction data. This is not applicable to the PNA-X family (N524xA/N526xA). For specified performance, these must be copied to whichever hard drive is being used. These files all begin with   mxcalfiles_ and are located in the directory: C:\Program Files\Agilent\Network Analyzer. There may be several of these files, all of them about 10kB in size. Whenever a new PNA is received, these files should be backed up to a floppy disk or pen drive; and don't forget to label the disk with the model/serial number. This will save you the trouble of performing service adjustment routines if the hard drive should ever fail in the future.

These steps should be followed to maintain security:

1. Whenever a new PNA is received, or if this step has not yet been done, copy any files that begin with mxcalfiles_ to a floppy disk or pen drive. This disk should be maintained in a non-secure area. (Not applicable to PNA-X family!)
2. Purchase the appropriate spare hard drive and keep it with the above floppy disk/pen drive. Clearly mark this hard drive as "Unsecured!"
In the event the secure PNA needs to be used elsewhere, or, if it needs servicing:
• Remove the secure hard drive (label it as secured if desired) and keep it in the secured area.
• Remove the PNA from the secured area and install the "unsecured" hard drive.
• If not previously done, copy the mxcalfiles from the floppy disk/pen drive to the directory listed above. (Not applicable to PNA-X family)
The PNA can now be used elsewhere or sent for servicing without fear of leaking any sensitive information.

1. If the PNA was sent out for servicing, you should first check to see if any of the mxcalfiles have been updated (check the last-modified date.) If so, these updated files should be copied to a floppy disk/pen drive so that they can be updated on the secured hard drive.
2. Remove the unsecured hard drive, transport the PNA to the secured area, and replace the hard drive with the secured version
3. If the mxcalfiles have changed, copy all new files saved to the floppy disk to the directory listed above.
4. Also, if the PNA was sent out for servicing, it might have had its firmware updated; see below for more information about this.

DSS Security Issues
Many military users and contracters in the US need to follow DSS guidelines for PC based systems. Since the PNA falls into that category, it will be subject to these regulations. If all DSS changes are made to the PNA, the PNA application will not run. We have found that only one change needs to be undone. Follow the below steps. The DSS regulations do allow for some exceptions, so this will have to be one of them.

1. Click on Start->Run
2. Type in Gpedit.msc
3. Local Computer Policy->Computer Configuration->Window Settings->Security Settings->Local Policies->User Rights Assignment
4. Double click on "Impersonate a client after authentication"
5. Click "Add user or group"
6. Type "Service"
7. Click OK
8. Close the group policy editor
9. Reboot the PNA

Firmware that has been updated on the unsecured hard drive during servicing can usually be copied to a memory media and used to update the secured hard drive. The recommended method is to use a USB pen drive (a.k.a. Flash drives) to copy the firmware upgrade file. This firmware installation file usually resides on the D:\Upgrades\Firmware directory. If not, the latest version can always be obtained via our Firmware Update page.

Any account names and passwords that have been created on either hard drive will not be available on the other drive unless they are manually installed; generally, this is a security advantage.

The use of another hard drive may generate a new Network ID (Computer Name) for the PNA upon initial boot up. If this is not desired, the Network ID should be changed immediately after boot-up. See your system's administrator for complete information.

It has been suggested that USB may pose a security risk, mainly due to the proliferation of USB pen drives that are very small and can store many GB of data. There are ways to prevent the operation of these devices without affecting the USB mouse or keyboard. Contact Agilent for more information, or download this USB Security Word document for details.

As shipped, the PNA has a back-up administrator account that is designed to be used by Agilent service personnel. This also comes in handy when a user forgets their password. The password for this account is unique to each instrument and is encrypted based upon the serial number. This security is sufficient for non-critical usage, but any high security location will probably want to delete this account. However, if the administrator password is then forgotten, the entire C:\ partition may have to be re-imaged in order to make the unit accesible again.

ECal modules have either 1 or 8MB of Flash memory depending upon when shipped or when last serviced. Some portion of this memory is reserved for factory calibration data and this cannot be erased without destroying the functionality of the module. ECal modules may contain sensitive user data if an ECal characterization has ever been performed. To erase this data, two ECal Data Wipe Utilities have been developed which will destroy all user data per US DoD 5220.22-M. Note: The latest versions of ECal Wipe will also display the total memory installed.
The first utility can only be run on the PNA and requires firmware revision A.03.50 or above. Usually, this program is already installed on the PNA under the Service directory, however the linked version here may be newer.   Download this self extracting utility which contains both the program and instructions. Place it in any convenient directory on the PNA and execute it.
The second utility can be run on either a PC or the ENA (w/Firmware 9.2 or greater.) After the clear/sanitize/recall, the ECal needs to be unplugged/plugged again to reflect the ECal characterization status on the ENA firmware. Download this installation utility.

Additional information for many Agilent products can be found on our Instrument Security Application Note. (pdf)