SlideShare une entreprise Scribd logo

Datacryptor Ethernet Layer 2 Rel 4.5

Eugene Sushchenko
Eugene Sushchenko
1  sur  23
Télécharger pour lire hors ligne
Information Security Systems > Datacryptor® Ethernet Layer 2 Version 4.5 Multipoint / MPLS
Objectives < Provide an overview of the Datacryptor Ethernet Layer 2 Introduce the new version 4.5 and describe what it offers Describe what it does for customers and problems it solves Explain how multipoint and MPLS options work in practice Describe technical features and benefits of the product Highlight value the product offers to the end users Illustrate a representative user case and applied solution Protecting Data in Transit 1
Overview < Datacryptor Layer 2 Ethernet is a hardware encryption module that protects data in transit- where it is most vulnerable to interception and alteration Layer 2 encryption yields minimum overhead and frame expansion transit Alternative Layer 3 encryption technologies significantly expand data packets Fill up to 60% of bandwidth customer is buying from carrier – costing more money Alternative Layer 3 encryption technologies can also introduce delays Render latency-sensitive applications (voice, video, and multi-media) unusable Layer 2 Ethernet encryption allows one to secure the data without having to buy more bandwidth from carrier than what one actually need to sustain traffic flow Layer 2 Ethernet encryption only introduces minimum latencies (microsecond) Alternative Layer 3 encryption introduces sizeable latencies (milliseconds) Protecting Data in Transit Protects data and helps avoid possible devastating costs and embarrassments associated with data breaches Provide mechanism for complying with growing government and industry regulations 2 JA
Overview /2 < What does this all mean? Packet expansion resulting from encryption cost the customer money Original Unencrypted Packet Encrypted Packet IPSEC Encryption Header Payload Header Payload IPSec Overhead 100101001010 100101001010 Up to Aggregation 60% Expansion per (VoIP, Data, Multi-Media) Packet! Datacryptor save bandwidth that they would otherwise have to buy A simple analogy - protective packaging and shipping Layer 3 $$$$$$$ Protecting Data in Transit (IPSec) Oversized Crate Layer 2 $ (Ethernet) Compact Cost-Effective Box 3
What does the new product version offer? < Datacryptor Ethernet Layer 2 Ver 4.5 is a common code upgrade Expands features/functions of 100 Mbps, 1, and 10 Gbps models Introduces secure multipoint encryption feature as a license option Provides centralized automatic key generation, distribution, and fully-meshed secure connectivity up to 200 nodes in a backbone Key generation and distribution embedded in central-site encryptor Delivers maximum encrypted throughput with minimum latency Galois Counter Mode (GCM) cryptographic mode in multipoint operation provides increased security through encryption and frame authentication that facilitates protection against replay Protecting Data in Transit Multi Protocol Label Switching (MPLS)-awareness feature uses a more flexible IP-based key distribution scheme and enables units to be deployed both at the edge and within network infrastructures 4
What does the new product version offer? < No hardware changes Single Fixed Tamper Label (3) AC (Universal) and DC (-48V) Units is rack-mountable Power Options and has single AC or DC power supply and fixed RJ-45 host and network copper interfaces Models can interoperate Serial Console with 1 and 10 Gbps Fixed RJ-45 10/100BaseT Host and Network Interfaces 10/100 Mbps Ethernet Management Port models in multipoint configurations Protecting Data in Transit 5
What does the new product version offer? /2 < 1 Gbps Model: 10/100 Mbps Ethernet Dual Swappable AC (Universal) or No hardware changes Serial Console Management Port DC (-48V) Power Options Units are rack-mountable 1 and 10 Gbps unit have dual and redundant AC or DC power supplies with removable copper or optical Removable SFP Optical Interfaces SFP/XFP host and network interface modules 10 Gbps Model: 10/100 Mbps Ethernet Dual Swappable Management Port AC (Universal) or Serial Console DC (-48V) Power Options All models can interoperate in multipoint configurations Protecting Data in Transit Removable XFP Optical Interfaces 6
What does the new product version do for you? < Protects the confidentiality of sensitive data where it is most vulnerable to interception – in transit as it travels over and otherwise unprotected shared public network Secure your network against data security beaches and helps you fulfill government and industry data protection regulations Enable you to securely use more cost- 000101010 effective data transport services such as 101011001 000101101 carrier Layer 2 Ethernet and MPLS 110010101 Protecting Data in Transit services without adversely impacting operational performance 7
What problem are we solving? < Threats to data security and fulfillment of government regulations Enabling secure critical applications such as ■ Bulk data transport for disaster recovery and business continuity ■ Point-to-point wireless and microwave MAN connectivity ■ Distributed data center connectivity Providing a secure cost-effective alternative to IPSec Up to 60% overhead introduced by encryption over IP Facilitating secure and efficient use of bandwidth Protecting Data in Transit 8
Why Layer 2 encryption? < In a study by the Rochester Institute of Technology (RIT), it was determined that Layer 2 encryption technologies provide superior throughput and far lower latency than IPSec VPNs operating at Layer 3 The encryption of traffic at line speed, addition of constant minimal latency regardless of frame size, and minimal frame loss make Layer 2 encryption a highly desirable solution Enterprises that need to secure point-to- point or multipoint links are likely to achieve better encryption performance by shifting from traditional encryption Protecting Data in Transit with IPSec at Layer 3 encryption of frame payloads at Layer 2 9
Typical deployment scenarios < Secure datacenter backbone connectivity over distributed network Secure business continuity and disaster recovery multi-site connection Headquarters Protecting Data in Transit Satellite Office Data Centers Layer 2 Ethernet or MPLS Carrier Network 10
Ethernet Layer 2 products at a glance < Ethernet Layer 2 Available Models Speed Point-to-Point Multipoint 10/100 Mbps DCME-LL76x DCME-XL76x 1 Gbps DCGE-LG7Sx DCGE-XG7Sx 10 Gbps DCGE-LI7Sx DCGE-XI7Sx AES (256-bit) Transparent to line protocols Multiple modes of operation ■ Bulk ■ Tunnel ■ Clear Header (Extended LAN/VLAN NS MPLS-aware) RJ-45 interfaces (10/100M) Protecting Data in Transit Removable pluggable interfaces (1/10G) Dual/redundant power supplies (1/10G) Universal AC and -48V DC options FIPS 140-2 Level 3 Common Criteria EAL 3 11
Associated software applications < Element Manager (Included) Allows Customer to Securely Configure and Monitor Encryptors in Network SNMP Manager (Supports Customers’ System) Allows Customer to Monitor Encryptors in Network as Part of their Existing Enterprise Management System Certificate Manager Protecting Data in Transit (Ordered Separately) Allows Customer to Generate Own Seed Material Required for X.509 Certificates Used by Encryptors to Exchange Keys 12
How does multipoint option work? < Units can be configured to operate in point-to-point or multipoint mode In point-to-point mode Units are associated in discrete pairs-wise connections Each takes equal part in establishing agreed Key Encryption Key (KEK) Each takes equal part in establishing agreed Data Encryption Key (DEK) Datacryptor can only encrypt/decrypt traffic from a single peer In multipoint and MPLS mode KEK agreement is unchanged DEK is generated centrally by Key Management Application (KMA) KMA is embedded within central-site encryption device Protecting Data in Transit A common DEK is used by all peer units in the backbone network Any Datacryptor can securely connect to any other unit in the network Up to 200 nodes supported (1 central-site and 19 9remotes peers) Multiple keys maintained at all times to ensure uninterrupted traffic IP-based key distribution allows compatibility with wider set of commercial switching equipments used in MPLS network environments 13
How does multipoint option work? < Multipoint option provides capability for Datacryptor 100 Mbps, 1, and 10 Gbps units to operate in fully-meshed configurations Enables encryption and decryption of unicast, multicast, and broadcast traffic Ethernet Layer 2 Network Datacryptor1 KEK uses same current process (DH) Datacryptor2 and Common DEK generated by KMS and distributed to all Central KMA Platform peers DEK1 Datacryptor3 Protecting Data in Transit Router DEK1 Step 1: DH exchange generates unique KEK with each Peer encryptor Step 2: Single or multiple common DEKs generated and distributed (DEK1, Datacryptor4 DEK2, DEKx) DEK1 Management Application Platform DatacryptorX 14
How does multipoint option work? < The KMA KMA application software generates, stores, and distributes key material to all peer encryption units in the network Application runs on a standard Datacryptor 100 Mbps, 1, or 10 Gbps unit which also performs the function of central-site encryptor KMA is initially programmed with the Media Access Control (MAC) address of each of the peer Datacryptor units in the network Peer units in network also programmed with MAC address of KMA unit when commissioned In multipoint/MPLS mode, IP-based key management is used instead of the MAC addressing used for point-to-point and non-MPLS multipoint modes Configuration of KMA and peers done through the Thales’ Element Manager Protecting Data in Transit (EM) Front Panel Viewer (FPV) application FPV enables security manager to set general parameters for multipoint operation including peer MAC addresses and common key generation and distribution parameters such as frequency of KEKs and DEK lifetime settings 15
Features and benefits < Feature Models with Benefit Feature New to this Release! 100M 1G 10G Multipoint capability across all platforms Feature now available in all three Ethernet models enabling any of these to interoperate in fully meshed Layer 2/MPLS environments. Key material generated and distributed by application embedded with designated central site encryptor. GCM cryptography in multipoint modes Provides increased security through frame authentication and replay protection. Allows out-of-sequence packets to be properly processed through the encryptor when the unit is operating in multipoint mode. MPLS-awareness feature in multipoint Enable encryptors to properly secure data payloads mode without hiding MPLS tags required for routing frames through network infrastructure. IP-based key management in Feature supplements MAC addressing used for point-to- Protecting Data in Transit multipoint/MPLS mode point and non-MPLS multipoint modes. Capability allows compatibility with a wider set of commercial switching equipments used in MPLS network environments. Expanded number of peers Increase the number of available peer connections that any one unit can achieve in a multipoint configuration to 200 simultaneous connections. 16
Value to end user < Robust encryption of data in transit - where it is most vulnerable - with minimum operational impact Increased security through encryption and frame authentication Saves up to 60% in bandwidth utilization and resulting data transport costs Easy installation into existing networks, quickly securing them and saving you money Helps you comply with new government and industry data security regulations Protects data confidentiality and integrity - so even if intercepted, security cannot be breached Protecting Data in Transit 17
Representative user case-customer requirements < Customer is data center operator connecting remote customer sites Example shows 18 data centers connected to central site (can be up to 199) Each site must also securely connect with each other for actualization Connection between sites use Layer 2 Ethernet MPLS carrier service in a combination of speeds (100 Mbps, 1, and 10 Gbps) Protecting Data in Transit 18
Representative user case-customer architecture < Site 1 Site 2 Site 3 Data Centers Site 4 Site 5 Shared Switched Vulnerability Site 6 Vulnerability Ethernet Layer 2 Site 7 Central Site or MPLS Carrier Site 8 Network Site 9 Site 10 Site 11 Site 12 Site 13 Protecting Data in Transit Sensitive data flow over more distributed connections Site 14 Increased exposure over vulnerable open environment Site 15 Site 16 Site 17 Site 18 19
Representative user case-secured network < Site 1 Primary and spare Site 2 Site 3 Data Centers Site 4 Site 5 Site 6 Shared Switched x8 Central Site Site 7 Ethernet Layer 2 Site 8 or MPLS Carrier Site 9 Network Element Manager Site 10 and Certificate Manager Site 11 x5 Site 12 Site 13 Protecting Data in Transit Site 14 Uses Datacryptor 10 Gbps Ethernet Layer 2 Multipoint encryptor as concentrator Uses Datacryptor 100 Mbps, 1, and 10 Gbps Multipoint units at remote sites Site 15 Any site can also connect securely with any other sites x5 Site 16 All connections secured with AES-256 encryption Site 17 Site 18 20
Use Case – Thales Solution < Primary equipment Quantity (8) 100 Mbps units Quantity (5) 1 Gbps units + SFP modules Quantity (6) 10 Gbps units + XFP modules Quantity (1) CM Quantity (1) EM/FPV (no cost) Spares Quantity (1) 10 Gbps unit + XFP modules Installation Protecting Data in Transit Training Maintenance options 21
Protecting Data in Transit 22 Thank You ! Questions <

Recommandé

Pay Shield9000 Vs Hsm8000 Compet V7
Pay Shield9000 Vs Hsm8000 Compet V7Pay Shield9000 Vs Hsm8000 Compet V7
Pay Shield9000 Vs Hsm8000 Compet V7Eugene Sushchenko
 
Understanding senetas layer 2 encryption
Understanding senetas layer 2 encryptionUnderstanding senetas layer 2 encryption
Understanding senetas layer 2 encryptionSenetas
 
Payment Hsm Payshield9000
Payment Hsm Payshield9000Payment Hsm Payshield9000
Payment Hsm Payshield9000Eugene Sushchenko
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic TrainingMd. Budrul Hasan Bhuiyan
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSafeNet
 
14 key management & exchange
14 key management & exchange14 key management & exchange
14 key management & exchangedrewz lin
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
Centros de contacto: las demandas y requerimientos del mercado
Centros de contacto: las demandas y requerimientos del mercadoCentros de contacto: las demandas y requerimientos del mercado
Centros de contacto: las demandas y requerimientos del mercadoMundo Contact
 

Recommandé

Pay Shield9000 Vs Hsm8000 Compet V7
Pay Shield9000 Vs Hsm8000 Compet V7Pay Shield9000 Vs Hsm8000 Compet V7
Pay Shield9000 Vs Hsm8000 Compet V7Eugene Sushchenko
 
Understanding senetas layer 2 encryption
Understanding senetas layer 2 encryptionUnderstanding senetas layer 2 encryption
Understanding senetas layer 2 encryptionSenetas
 
Payment Hsm Payshield9000
Payment Hsm Payshield9000Payment Hsm Payshield9000
Payment Hsm Payshield9000Eugene Sushchenko
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic TrainingMd. Budrul Hasan Bhuiyan
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSafeNet
 
14 key management & exchange
14 key management & exchange14 key management & exchange
14 key management & exchangedrewz lin
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
Centros de contacto: las demandas y requerimientos del mercado
Centros de contacto: las demandas y requerimientos del mercadoCentros de contacto: las demandas y requerimientos del mercado
Centros de contacto: las demandas y requerimientos del mercadoMundo Contact
 
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...Emulex Corporation
 
Avaya AMTELCO Infinity Operator Console integration notes
Avaya AMTELCO Infinity Operator Console integration notesAvaya AMTELCO Infinity Operator Console integration notes
Avaya AMTELCO Infinity Operator Console integration notesAMTELCO
 
從INTEL技術談網路卡
從INTEL技術談網路卡從INTEL技術談網路卡
從INTEL技術談網路卡zman
 
CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...
CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...
CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...Erol TOKALACOGLU
 
E zcall all_spec_sheets
E zcall all_spec_sheetsE zcall all_spec_sheets
E zcall all_spec_sheetsQBsoft Solutions
 
Dedicated Server Hosting
Dedicated Server HostingDedicated Server Hosting
Dedicated Server Hostingwebhostingguy
 
Acp series 2.0 data sheet
Acp series 2.0 data sheetAcp series 2.0 data sheet
Acp series 2.0 data sheetScott Shelton
 
Alvarion BreezeMAX (quantumwimax.com)
Alvarion BreezeMAX (quantumwimax.com)Alvarion BreezeMAX (quantumwimax.com)
Alvarion BreezeMAX (quantumwimax.com)Ari Zoldan
 
Ds nsa series_us_10_april10
Ds nsa series_us_10_april10Ds nsa series_us_10_april10
Ds nsa series_us_10_april10Yustinus Malawau
 
Ds tz series_us_10_april10
Ds tz series_us_10_april10Ds tz series_us_10_april10
Ds tz series_us_10_april10Yustinus Malawau
 
Nx9500 spec-sheet-1211
Nx9500 spec-sheet-1211Nx9500 spec-sheet-1211
Nx9500 spec-sheet-1211Advantec Distribution
 
Time Recording Redefined B Web 93 00
Time Recording Redefined B Web 93 00Time Recording Redefined B Web 93 00
Time Recording Redefined B Web 93 00KabaAustraliaAWM
 
20121105 acme packet diameter rev4 (mt)
20121105 acme packet diameter rev4 (mt)20121105 acme packet diameter rev4 (mt)
20121105 acme packet diameter rev4 (mt)Rafael Junquera
 
Introduction to Diameter: The Evolution of Signaling
Introduction to Diameter: The Evolution of SignalingIntroduction to Diameter: The Evolution of Signaling
Introduction to Diameter: The Evolution of SignalingPT
 
Switch
SwitchSwitch
Switch1 2d
 
D link dcs-6113 brochure
D link dcs-6113 brochureD link dcs-6113 brochure
D link dcs-6113 brochureEUROMARITS, La Solution Pro Pour Tous
 
ALOE Transit SBC rev.1 Brochure
ALOE Transit SBC rev.1 BrochureALOE Transit SBC rev.1 Brochure
ALOE Transit SBC rev.1 BrochureALOE Systems, Inc.
 
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...mentoresd
 
Juniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveJuniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveSamuel Liu
 
Comp tia n+_session_10
Comp tia n+_session_10Comp tia n+_session_10
Comp tia n+_session_10Niit Care
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Transport Solutions
Transport SolutionsTransport Solutions
Transport SolutionsCisco Service Provider
 

Contenu connexe

Tendances

An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...Emulex Corporation
 
Avaya AMTELCO Infinity Operator Console integration notes
Avaya AMTELCO Infinity Operator Console integration notesAvaya AMTELCO Infinity Operator Console integration notes
Avaya AMTELCO Infinity Operator Console integration notesAMTELCO
 
從INTEL技術談網路卡
從INTEL技術談網路卡從INTEL技術談網路卡
從INTEL技術談網路卡zman
 
CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...
CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...
CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...Erol TOKALACOGLU
 
Dedicated Server Hosting
Dedicated Server HostingDedicated Server Hosting
Dedicated Server Hostingwebhostingguy
 
Acp series 2.0 data sheet
Acp series 2.0 data sheetAcp series 2.0 data sheet
Acp series 2.0 data sheetScott Shelton
 
Alvarion BreezeMAX (quantumwimax.com)
Alvarion BreezeMAX (quantumwimax.com)Alvarion BreezeMAX (quantumwimax.com)
Alvarion BreezeMAX (quantumwimax.com)Ari Zoldan
 
Ds nsa series_us_10_april10
Ds nsa series_us_10_april10Ds nsa series_us_10_april10
Ds nsa series_us_10_april10Yustinus Malawau
 
Ds tz series_us_10_april10
Ds tz series_us_10_april10Ds tz series_us_10_april10
Ds tz series_us_10_april10Yustinus Malawau
 
Time Recording Redefined B Web 93 00
Time Recording Redefined B Web 93 00Time Recording Redefined B Web 93 00
Time Recording Redefined B Web 93 00KabaAustraliaAWM
 
20121105 acme packet diameter rev4 (mt)
20121105 acme packet diameter rev4 (mt)20121105 acme packet diameter rev4 (mt)
20121105 acme packet diameter rev4 (mt)Rafael Junquera
 
Introduction to Diameter: The Evolution of Signaling
Introduction to Diameter: The Evolution of SignalingIntroduction to Diameter: The Evolution of Signaling
Introduction to Diameter: The Evolution of SignalingPT
 
Switch
SwitchSwitch
Switch1 2d
 
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...mentoresd
 
Juniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveJuniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveSamuel Liu
 
Comp tia n+_session_10
Comp tia n+_session_10Comp tia n+_session_10
Comp tia n+_session_10Niit Care
 

Tendances (20)

An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
 
Avaya AMTELCO Infinity Operator Console integration notes
Avaya AMTELCO Infinity Operator Console integration notesAvaya AMTELCO Infinity Operator Console integration notes
Avaya AMTELCO Infinity Operator Console integration notes
 
從INTEL技術談網路卡
從INTEL技術談網路卡從INTEL技術談網路卡
從INTEL技術談網路卡
 
CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...
CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...
CRENNO Technologies Network Consultancy &amp; Session Border Controller Solut...
 
E zcall all_spec_sheets
E zcall all_spec_sheetsE zcall all_spec_sheets
E zcall all_spec_sheets
 
Dedicated Server Hosting
Dedicated Server HostingDedicated Server Hosting
Dedicated Server Hosting
 
Acp series 2.0 data sheet
Acp series 2.0 data sheetAcp series 2.0 data sheet
Acp series 2.0 data sheet
 
Alvarion BreezeMAX (quantumwimax.com)
Alvarion BreezeMAX (quantumwimax.com)Alvarion BreezeMAX (quantumwimax.com)
Alvarion BreezeMAX (quantumwimax.com)
 
Ds nsa series_us_10_april10
Ds nsa series_us_10_april10Ds nsa series_us_10_april10
Ds nsa series_us_10_april10
 
Ds tz series_us_10_april10
Ds tz series_us_10_april10Ds tz series_us_10_april10
Ds tz series_us_10_april10
 
Nx9500 spec-sheet-1211
Nx9500 spec-sheet-1211Nx9500 spec-sheet-1211
Nx9500 spec-sheet-1211
 
Time Recording Redefined B Web 93 00
Time Recording Redefined B Web 93 00Time Recording Redefined B Web 93 00
Time Recording Redefined B Web 93 00
 
20121105 acme packet diameter rev4 (mt)
20121105 acme packet diameter rev4 (mt)20121105 acme packet diameter rev4 (mt)
20121105 acme packet diameter rev4 (mt)
 
Introduction to Diameter: The Evolution of Signaling
Introduction to Diameter: The Evolution of SignalingIntroduction to Diameter: The Evolution of Signaling
Introduction to Diameter: The Evolution of Signaling
 
Switch
SwitchSwitch
Switch
 
D link dcs-6113 brochure
D link dcs-6113 brochureD link dcs-6113 brochure
D link dcs-6113 brochure
 
ALOE Transit SBC rev.1 Brochure
ALOE Transit SBC rev.1 BrochureALOE Transit SBC rev.1 Brochure
ALOE Transit SBC rev.1 Brochure
 
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...
 
Juniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveJuniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep Dive
 
Comp tia n+_session_10
Comp tia n+_session_10Comp tia n+_session_10
Comp tia n+_session_10
 

En vedette

Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
ADVA ConnectGuard™
ADVA ConnectGuard™ADVA ConnectGuard™
ADVA ConnectGuard™ADVA
 
OFC 2014: Impact of Traffic and Network on OTN Switching Benefits
OFC 2014: Impact of Traffic and Network on OTN Switching BenefitsOFC 2014: Impact of Traffic and Network on OTN Switching Benefits
OFC 2014: Impact of Traffic and Network on OTN Switching BenefitsInfinera
 
Introduction to Optical Backbone Networks
Introduction to Optical Backbone NetworksIntroduction to Optical Backbone Networks
Introduction to Optical Backbone NetworksAnuradha Udunuwara
 
Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsADVA
 
dwdm
dwdm dwdm
dwdmg d
 
DWDM Presentation
DWDM PresentationDWDM Presentation
DWDM Presentationayodejieasy
 
OTN for Beginners
OTN for BeginnersOTN for Beginners
OTN for BeginnersMapYourTech
 

En vedette (14)

Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigation
 
Transport Solutions
Transport SolutionsTransport Solutions
Transport Solutions
 
ADVA ConnectGuard™
ADVA ConnectGuard™ADVA ConnectGuard™
ADVA ConnectGuard™
 
OFC 2014: Impact of Traffic and Network on OTN Switching Benefits
OFC 2014: Impact of Traffic and Network on OTN Switching BenefitsOFC 2014: Impact of Traffic and Network on OTN Switching Benefits
OFC 2014: Impact of Traffic and Network on OTN Switching Benefits
 
Guide otn ang
Guide otn angGuide otn ang
Guide otn ang
 
Next Generation OTN
Next Generation OTNNext Generation OTN
Next Generation OTN
 
Introduction to Optical Backbone Networks
Introduction to Optical Backbone NetworksIntroduction to Optical Backbone Networks
Introduction to Optical Backbone Networks
 
Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport Systems
 
Optical Transport Network
Optical Transport NetworkOptical Transport Network
Optical Transport Network
 
dwdm
dwdm dwdm
dwdm
 
WDM Basics
WDM BasicsWDM Basics
WDM Basics
 
DWDM Presentation
DWDM PresentationDWDM Presentation
DWDM Presentation
 
WDM principles
WDM principlesWDM principles
WDM principles
 
OTN for Beginners
OTN for BeginnersOTN for Beginners
OTN for Beginners
 

Similaire à Datacryptor Ethernet Layer 2 Rel 4.5

Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase
 
Megaplex nerc-cip-compliance
Megaplex nerc-cip-complianceMegaplex nerc-cip-compliance
Megaplex nerc-cip-complianceNir Cohen
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Paul Stevens
 
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreAdvanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreinside-BigData.com
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...Alexander Kravchenko
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET Journal
 
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...IEEEMEMTECHSTUDENTPROJECTS
 
Endüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriEndüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriElmarkPlusTurkiye
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
Access Point Wireless Router With Power Over Ethernet (Po E) Open Source
Access Point Wireless Router With Power Over Ethernet (Po E) Open SourceAccess Point Wireless Router With Power Over Ethernet (Po E) Open Source
Access Point Wireless Router With Power Over Ethernet (Po E) Open SourceIonela
 
Advancements in Network Infrastructure: Replication, Expansion, and Security ...
Advancements in Network Infrastructure: Replication, Expansion, and Security ...Advancements in Network Infrastructure: Replication, Expansion, and Security ...
Advancements in Network Infrastructure: Replication, Expansion, and Security ...IRJET Journal
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centersscarisbrick
 
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...IRJET Journal
 
2014 IEEE JAVA NETWORKING PROJECT Secure and efficient data transmission for ...
2014 IEEE JAVA NETWORKING PROJECT Secure and efficient data transmission for ...2014 IEEE JAVA NETWORKING PROJECT Secure and efficient data transmission for ...
2014 IEEE JAVA NETWORKING PROJECT Secure and efficient data transmission for ...IEEEFINALSEMSTUDENTSPROJECTS
 

Similaire à Datacryptor Ethernet Layer 2 Rel 4.5 (20)

Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server Brochure
 
Megaplex nerc-cip-compliance
Megaplex nerc-cip-complianceMegaplex nerc-cip-compliance
Megaplex nerc-cip-compliance
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
 
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreAdvanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
 
World Connect Training
World Connect TrainingWorld Connect Training
World Connect Training
 
Cdma Security
Cdma SecurityCdma Security
Cdma Security
 
Atomf ov
Atomf ovAtomf ov
Atomf ov
 
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...
 
V P N
V P NV P N
V P N
 
Cyberoam cr25wing
Cyberoam cr25wingCyberoam cr25wing
Cyberoam cr25wing
 
Endüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriEndüstriyel Router Çözümleri
Endüstriyel Router Çözümleri
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
Access Point Wireless Router With Power Over Ethernet (Po E) Open Source
Access Point Wireless Router With Power Over Ethernet (Po E) Open SourceAccess Point Wireless Router With Power Over Ethernet (Po E) Open Source
Access Point Wireless Router With Power Over Ethernet (Po E) Open Source
 
Advancements in Network Infrastructure: Replication, Expansion, and Security ...
Advancements in Network Infrastructure: Replication, Expansion, and Security ...Advancements in Network Infrastructure: Replication, Expansion, and Security ...
Advancements in Network Infrastructure: Replication, Expansion, and Security ...
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
 
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
 
2014 IEEE JAVA NETWORKING PROJECT Secure and efficient data transmission for ...
2014 IEEE JAVA NETWORKING PROJECT Secure and efficient data transmission for ...2014 IEEE JAVA NETWORKING PROJECT Secure and efficient data transmission for ...
2014 IEEE JAVA NETWORKING PROJECT Secure and efficient data transmission for ...
 

Plus de Eugene Sushchenko

Plus de Eugene Sushchenko (6)

Psg Ru
Psg RuPsg Ru
Psg Ru
 
Protectserver External Ru
Protectserver External RuProtectserver External Ru
Protectserver External Ru
 
Secure File Exchange.Ru
Secure File Exchange.RuSecure File Exchange.Ru
Secure File Exchange.Ru
 
Key Factory.Ru
Key Factory.RuKey Factory.Ru
Key Factory.Ru
 
Secure Messaging.Ru
Secure Messaging.RuSecure Messaging.Ru
Secure Messaging.Ru
 
Virtual Private Networks.Ru
Virtual Private Networks.RuVirtual Private Networks.Ru
Virtual Private Networks.Ru
 

Datacryptor Ethernet Layer 2 Rel 4.5

  • 1. Information Security Systems > Datacryptor® Ethernet Layer 2 Version 4.5 Multipoint / MPLS
  • 2. Objectives < Provide an overview of the Datacryptor Ethernet Layer 2 Introduce the new version 4.5 and describe what it offers Describe what it does for customers and problems it solves Explain how multipoint and MPLS options work in practice Describe technical features and benefits of the product Highlight value the product offers to the end users Illustrate a representative user case and applied solution Protecting Data in Transit 1
  • 3. Overview < Datacryptor Layer 2 Ethernet is a hardware encryption module that protects data in transit- where it is most vulnerable to interception and alteration Layer 2 encryption yields minimum overhead and frame expansion transit Alternative Layer 3 encryption technologies significantly expand data packets Fill up to 60% of bandwidth customer is buying from carrier – costing more money Alternative Layer 3 encryption technologies can also introduce delays Render latency-sensitive applications (voice, video, and multi-media) unusable Layer 2 Ethernet encryption allows one to secure the data without having to buy more bandwidth from carrier than what one actually need to sustain traffic flow Layer 2 Ethernet encryption only introduces minimum latencies (microsecond) Alternative Layer 3 encryption introduces sizeable latencies (milliseconds) Protecting Data in Transit Protects data and helps avoid possible devastating costs and embarrassments associated with data breaches Provide mechanism for complying with growing government and industry regulations 2 JA
  • 4. Overview /2 < What does this all mean? Packet expansion resulting from encryption cost the customer money Original Unencrypted Packet Encrypted Packet IPSEC Encryption Header Payload Header Payload IPSec Overhead 100101001010 100101001010 Up to Aggregation 60% Expansion per (VoIP, Data, Multi-Media) Packet! Datacryptor save bandwidth that they would otherwise have to buy A simple analogy - protective packaging and shipping Layer 3 $$$$$$$ Protecting Data in Transit (IPSec) Oversized Crate Layer 2 $ (Ethernet) Compact Cost-Effective Box 3
  • 5. What does the new product version offer? < Datacryptor Ethernet Layer 2 Ver 4.5 is a common code upgrade Expands features/functions of 100 Mbps, 1, and 10 Gbps models Introduces secure multipoint encryption feature as a license option Provides centralized automatic key generation, distribution, and fully-meshed secure connectivity up to 200 nodes in a backbone Key generation and distribution embedded in central-site encryptor Delivers maximum encrypted throughput with minimum latency Galois Counter Mode (GCM) cryptographic mode in multipoint operation provides increased security through encryption and frame authentication that facilitates protection against replay Protecting Data in Transit Multi Protocol Label Switching (MPLS)-awareness feature uses a more flexible IP-based key distribution scheme and enables units to be deployed both at the edge and within network infrastructures 4
  • 6. What does the new product version offer? < No hardware changes Single Fixed Tamper Label (3) AC (Universal) and DC (-48V) Units is rack-mountable Power Options and has single AC or DC power supply and fixed RJ-45 host and network copper interfaces Models can interoperate Serial Console with 1 and 10 Gbps Fixed RJ-45 10/100BaseT Host and Network Interfaces 10/100 Mbps Ethernet Management Port models in multipoint configurations Protecting Data in Transit 5
  • 7. What does the new product version offer? /2 < 1 Gbps Model: 10/100 Mbps Ethernet Dual Swappable AC (Universal) or No hardware changes Serial Console Management Port DC (-48V) Power Options Units are rack-mountable 1 and 10 Gbps unit have dual and redundant AC or DC power supplies with removable copper or optical Removable SFP Optical Interfaces SFP/XFP host and network interface modules 10 Gbps Model: 10/100 Mbps Ethernet Dual Swappable Management Port AC (Universal) or Serial Console DC (-48V) Power Options All models can interoperate in multipoint configurations Protecting Data in Transit Removable XFP Optical Interfaces 6
  • 8. What does the new product version do for you? < Protects the confidentiality of sensitive data where it is most vulnerable to interception – in transit as it travels over and otherwise unprotected shared public network Secure your network against data security beaches and helps you fulfill government and industry data protection regulations Enable you to securely use more cost- 000101010 effective data transport services such as 101011001 000101101 carrier Layer 2 Ethernet and MPLS 110010101 Protecting Data in Transit services without adversely impacting operational performance 7
  • 9. What problem are we solving? < Threats to data security and fulfillment of government regulations Enabling secure critical applications such as ■ Bulk data transport for disaster recovery and business continuity ■ Point-to-point wireless and microwave MAN connectivity ■ Distributed data center connectivity Providing a secure cost-effective alternative to IPSec Up to 60% overhead introduced by encryption over IP Facilitating secure and efficient use of bandwidth Protecting Data in Transit 8
  • 10. Why Layer 2 encryption? < In a study by the Rochester Institute of Technology (RIT), it was determined that Layer 2 encryption technologies provide superior throughput and far lower latency than IPSec VPNs operating at Layer 3 The encryption of traffic at line speed, addition of constant minimal latency regardless of frame size, and minimal frame loss make Layer 2 encryption a highly desirable solution Enterprises that need to secure point-to- point or multipoint links are likely to achieve better encryption performance by shifting from traditional encryption Protecting Data in Transit with IPSec at Layer 3 encryption of frame payloads at Layer 2 9
  • 11. Typical deployment scenarios < Secure datacenter backbone connectivity over distributed network Secure business continuity and disaster recovery multi-site connection Headquarters Protecting Data in Transit Satellite Office Data Centers Layer 2 Ethernet or MPLS Carrier Network 10
  • 12. Ethernet Layer 2 products at a glance < Ethernet Layer 2 Available Models Speed Point-to-Point Multipoint 10/100 Mbps DCME-LL76x DCME-XL76x 1 Gbps DCGE-LG7Sx DCGE-XG7Sx 10 Gbps DCGE-LI7Sx DCGE-XI7Sx AES (256-bit) Transparent to line protocols Multiple modes of operation ■ Bulk ■ Tunnel ■ Clear Header (Extended LAN/VLAN NS MPLS-aware) RJ-45 interfaces (10/100M) Protecting Data in Transit Removable pluggable interfaces (1/10G) Dual/redundant power supplies (1/10G) Universal AC and -48V DC options FIPS 140-2 Level 3 Common Criteria EAL 3 11
  • 13. Associated software applications < Element Manager (Included) Allows Customer to Securely Configure and Monitor Encryptors in Network SNMP Manager (Supports Customers’ System) Allows Customer to Monitor Encryptors in Network as Part of their Existing Enterprise Management System Certificate Manager Protecting Data in Transit (Ordered Separately) Allows Customer to Generate Own Seed Material Required for X.509 Certificates Used by Encryptors to Exchange Keys 12
  • 14. How does multipoint option work? < Units can be configured to operate in point-to-point or multipoint mode In point-to-point mode Units are associated in discrete pairs-wise connections Each takes equal part in establishing agreed Key Encryption Key (KEK) Each takes equal part in establishing agreed Data Encryption Key (DEK) Datacryptor can only encrypt/decrypt traffic from a single peer In multipoint and MPLS mode KEK agreement is unchanged DEK is generated centrally by Key Management Application (KMA) KMA is embedded within central-site encryption device Protecting Data in Transit A common DEK is used by all peer units in the backbone network Any Datacryptor can securely connect to any other unit in the network Up to 200 nodes supported (1 central-site and 19 9remotes peers) Multiple keys maintained at all times to ensure uninterrupted traffic IP-based key distribution allows compatibility with wider set of commercial switching equipments used in MPLS network environments 13
  • 15. How does multipoint option work? < Multipoint option provides capability for Datacryptor 100 Mbps, 1, and 10 Gbps units to operate in fully-meshed configurations Enables encryption and decryption of unicast, multicast, and broadcast traffic Ethernet Layer 2 Network Datacryptor1 KEK uses same current process (DH) Datacryptor2 and Common DEK generated by KMS and distributed to all Central KMA Platform peers DEK1 Datacryptor3 Protecting Data in Transit Router DEK1 Step 1: DH exchange generates unique KEK with each Peer encryptor Step 2: Single or multiple common DEKs generated and distributed (DEK1, Datacryptor4 DEK2, DEKx) DEK1 Management Application Platform DatacryptorX 14
  • 16. How does multipoint option work? < The KMA KMA application software generates, stores, and distributes key material to all peer encryption units in the network Application runs on a standard Datacryptor 100 Mbps, 1, or 10 Gbps unit which also performs the function of central-site encryptor KMA is initially programmed with the Media Access Control (MAC) address of each of the peer Datacryptor units in the network Peer units in network also programmed with MAC address of KMA unit when commissioned In multipoint/MPLS mode, IP-based key management is used instead of the MAC addressing used for point-to-point and non-MPLS multipoint modes Configuration of KMA and peers done through the Thales’ Element Manager Protecting Data in Transit (EM) Front Panel Viewer (FPV) application FPV enables security manager to set general parameters for multipoint operation including peer MAC addresses and common key generation and distribution parameters such as frequency of KEKs and DEK lifetime settings 15
  • 17. Features and benefits < Feature Models with Benefit Feature New to this Release! 100M 1G 10G Multipoint capability across all platforms Feature now available in all three Ethernet models enabling any of these to interoperate in fully meshed Layer 2/MPLS environments. Key material generated and distributed by application embedded with designated central site encryptor. GCM cryptography in multipoint modes Provides increased security through frame authentication and replay protection. Allows out-of-sequence packets to be properly processed through the encryptor when the unit is operating in multipoint mode. MPLS-awareness feature in multipoint Enable encryptors to properly secure data payloads mode without hiding MPLS tags required for routing frames through network infrastructure. IP-based key management in Feature supplements MAC addressing used for point-to- Protecting Data in Transit multipoint/MPLS mode point and non-MPLS multipoint modes. Capability allows compatibility with a wider set of commercial switching equipments used in MPLS network environments. Expanded number of peers Increase the number of available peer connections that any one unit can achieve in a multipoint configuration to 200 simultaneous connections. 16
  • 18. Value to end user < Robust encryption of data in transit - where it is most vulnerable - with minimum operational impact Increased security through encryption and frame authentication Saves up to 60% in bandwidth utilization and resulting data transport costs Easy installation into existing networks, quickly securing them and saving you money Helps you comply with new government and industry data security regulations Protects data confidentiality and integrity - so even if intercepted, security cannot be breached Protecting Data in Transit 17
  • 19. Representative user case-customer requirements < Customer is data center operator connecting remote customer sites Example shows 18 data centers connected to central site (can be up to 199) Each site must also securely connect with each other for actualization Connection between sites use Layer 2 Ethernet MPLS carrier service in a combination of speeds (100 Mbps, 1, and 10 Gbps) Protecting Data in Transit 18
  • 20. Representative user case-customer architecture < Site 1 Site 2 Site 3 Data Centers Site 4 Site 5 Shared Switched Vulnerability Site 6 Vulnerability Ethernet Layer 2 Site 7 Central Site or MPLS Carrier Site 8 Network Site 9 Site 10 Site 11 Site 12 Site 13 Protecting Data in Transit Sensitive data flow over more distributed connections Site 14 Increased exposure over vulnerable open environment Site 15 Site 16 Site 17 Site 18 19
  • 21. Representative user case-secured network < Site 1 Primary and spare Site 2 Site 3 Data Centers Site 4 Site 5 Site 6 Shared Switched x8 Central Site Site 7 Ethernet Layer 2 Site 8 or MPLS Carrier Site 9 Network Element Manager Site 10 and Certificate Manager Site 11 x5 Site 12 Site 13 Protecting Data in Transit Site 14 Uses Datacryptor 10 Gbps Ethernet Layer 2 Multipoint encryptor as concentrator Uses Datacryptor 100 Mbps, 1, and 10 Gbps Multipoint units at remote sites Site 15 Any site can also connect securely with any other sites x5 Site 16 All connections secured with AES-256 encryption Site 17 Site 18 20
  • 22. Use Case – Thales Solution < Primary equipment Quantity (8) 100 Mbps units Quantity (5) 1 Gbps units + SFP modules Quantity (6) 10 Gbps units + XFP modules Quantity (1) CM Quantity (1) EM/FPV (no cost) Spares Quantity (1) 10 Gbps unit + XFP modules Installation Protecting Data in Transit Training Maintenance options 21
  • 23. Protecting Data in Transit 22 Thank You ! Questions <