Maintaining the PNA in a Secured Environment (Incl. ECal Modules)
In many cases it is imperative that the PNA be used in a secured environment. Generally these secured environments
will not allow any test equipment to leave the area unless it can be proven that all devices capable of maintaining
memory have been thoroughly erased. This, in conjunction with the Windows operating system, presents some difficulties
when the PNA must be transported to a non-secure environment such as a repair/calibration facility. This document
describes the types of memory used in the PNA and describes a method to maintain security under these conditions.
Please note that much of this information is dependent upon the CPU board used in your PNA.
Note: The terms PNA, PNA-L and PNA-X all refer to the overall PNA family. The PNA-L and PNA-X refer to specific models, but for the purposes of this document, all are part of the PNA family. Some features only refer to the newer PNA models and those are denoted by the term NEWER. These are the units with the larger 10.4-inch display or the even newer 12.1-inch displays (on the B models). This document applies to the entire PNA family of analyzers including, but not limited to, all model variations of E835xA, E836xA/B/C, N522xA/B, N5230A/C, N5231A/B-N5239A/B, N524xA/B, and N526xA/B.
Note: There are several references to floppy disks below. Only the oldest PNAs have a floppy drive. For backup purposes use a USB pen drive instead.
There are no batteries in the PNA other than the one used to power the clock chip on the CPU board. This is a typical button-type Lithium battery; #2335 for older PNAs (266 or 500MHz), or #2032 for newer PNAs.
Types of Memory
The PNA has several types of memory.
Because it is virtually impossible to completely and selectively erase all user data on a Windows-based hard drive without also destroying the operating system, the best method for maintaining security when the PNA must be removed from a secure area is to replace the hard drive with a "non-secure" hard drive. i.e. a drive that has never had any sensitive data placed on it. This allows the PNA to still function properly in non-secured areas or for use when servicing. All PNAs except for the E8356A/57A/58A and early PNA-X units have an easily accessible hard drive on the rear panel (view picture for non-PNA-X models). The early PNA-X units with a 1.6GHz CPU are a bit more difficult to access; requiring the removal of about 20 screws. Newer PNA-X units (as of ~Sept 2009) and all newer PNA models introduced after 2011 have an easily removable hard drive tray on the rear of the CPU assembly (see picture). This document does not detail the step-by-step instructions of how to remove the hard drive (see service manual for this); instead, it documents the general steps needed to maintain security. This document assumes that this spare hard drive is on hand.
Keysight has available a relatively inexpensive, pre-configured hard drive for the PNA which must be purchased in order for this security method to work. Because there are multiple different CPU boards and different mounting methods, the proper part number must be ordered. Complete information regarding part numbers is available on our HDD part number page.
As shipped from the factory, all PNAs have very little unique information stored on the hard drive. This allows one hard drive to function on most any PNA assuming it has the appropriate type of CPU. However, on older instruments there are a few small instrument-specific files that contain some factory correction data. This is NOT applicable to newer PNAs (all PNAs with the 10.4-inch or larger display.) For specified performance, these must be copied to whichever hard drive is being used. These files all begin with mxcalfiles_ and are located in the directory: C:\Program Files\Agilent\Network Analyzer. There may be several of these files, all of them about 10kB in size. Whenever a new PNA is received, these files should be backed up to a floppy disk or pen drive; and don't forget to label the disk with the model/serial number. This will save you the trouble of performing service adjustment routines if the hard drive should ever fail in the future.
These steps should be followed to maintain security:
A Quick Note Regarding Yearly Calibrations
Newer PNAs with the 10.4 inch or larger display have all calibration data stored in internal non-volatile memory; nothing is stored on the hard drive. This means that when the unsecured PNA is then transferred to the secure area, nothing else needs to be done. Simply remove the unsecure hard drive and replace it with the secured drive. You are then good to go; the latest calibration will still be in effect. Again, this only applies to PNAs with the larger screen; older PNA will need the mxcalfiles transferred.
DSS Security Issues
Many military users and contracters in the US need to follow DSS guidelines for PC based systems. Since the PNA falls into that category, it will be subject to these regulations. If all DSS changes are made to the PNA, the PNA application will not run. We have found that only one change needs to be undone. Follow the below steps. The DSS regulations do allow for some exceptions, so this will have to be one of them.
Another possible DSS security concern may be the generation of several security priviledge failures (all are error #577) in the Windows Security Audit listing. As of mid 2010, all PNAs will have these errors that occur whenever the PNA reboots. The error is benign and can be ignored, subject to DSS approval. It is due to the PNA application enumerating the user interface devices (specifically, the front panel controller.) If the user doesn't make both changes below, then the API that the PNA uses will cause a 577 warning to be recorded in the security event log.
The complete solution involves two steps: Newer firmware is required and another Group Policy setting needs to be changed. As of 2011, all PNAs have incorporated this group policy setting as shipped. For older units, make the changes below. The firmware needed is A.07.50.63 or above for older PNAs, and A.09.22.12 or above for XP based newer PNAs. Here are the steps to change the Group Policy Settings for the 577 errors:
Some security routines that attempt to modify Windows settings may be hard-coded to assume the use of
C:\Windows as the Windows directory. All PNAs with Windows 2000 or XP have
always used the Windows 2000 convention of installing Windows in the WINNT directory. This can cause problems with
security software if the author assumed that all systems use C:\Windows. Any software like this SHOULD have
used the Windows environment variable name of %WINDIR% which will, for any XP PNA, always return "C:\WINNT".
Firmware that has been updated on the unsecured hard drive during servicing can usually be copied to a memory media and used to update the secured hard drive. The recommended method is to use a USB pen drive (a.k.a. Flash drives) to copy the firmware upgrade file. This firmware installation file usually resides on the D:\Upgrades\Firmware directory. If not, the latest version can always be obtained via our Firmware Update page.
Any account names and passwords that have been created on either hard drive will not be available on the other drive unless they are manually installed; generally, this is a security advantage.
The use of another hard drive may generate a new Network ID (Computer Name) for the PNA upon initial boot up. If this is not desired, the Network ID should be changed immediately after boot-up. See your system's administrator for complete information.
It has been suggested that USB may pose a security risk, mainly due to the proliferation of USB pen drives that are very small and can store many GB of data. There are ways to prevent the operation of these devices without affecting the USB mouse or keyboard. Contact Keysight for more information, or download this USB Security Word document for details.
As shipped, the PNA may have a back-up administrator account that is designed to be used by Keysight service personnel. This also comes in handy when a user forgets their password. Any high security location will probably want to delete this account. However, if the administrator password is then forgotten, the entire C:\ partition may have to be re-imaged in order to make the system accesible again.
ECal modules (N469xx, 8509xx, etc) have either 1 or 8MB of Flash memory depending upon when shipped or when last serviced.
Some portion of this memory is reserved for factory calibration data and this cannot be erased without destroying the
functionality of the module. ECal modules may contain sensitive user data if an ECal characterization has ever been
performed. To erase this data, two ECal Data Wipe Utilities have been developed which will destroy all user data per
US DoD 5220.22-M. Note: The latest versions of ECal Wipe will also display the total memory installed.
ECAL Letter of Volatility
This ECAL Letter of Volatility is a PDF document that covers most ECAL modules. Download this PDF document.
PNA Letter of Volatility
This Letter of Volatility PDF document covers all newer PNAs; those with the 10.4 inch or larger display.
Download this pdf document.
Additional information for many Keysight products can be found on our Instrument Security page.
Last Updated: Aug 29, 2017