BlackGate RS232
Secure SCADA Gateway
BlackGate RS232
Secure SCADA Gateway
- Secure TCP to Serial Gateway -
- Payload Data Security -
- Modbus RTU/ASCII/ROC and DNP3 SCADA protocols are transparently supported -
- AES Encrypted Packetized SCADA Data-
SIZE
12" (L) x 5.5” (W) x 1.50” (H)
Overview
SCADA Serial TCP Gateway
The Black•Gate RS232 is a secure TCP to Serial Gateway, with an integrated Bell RS232 modem, that interconnects Ethernet TCP/IP SCADA Master Controllers to the serial SCADA interface of Remote Terminal Units.
Pipeline operators and Utilities deploy the Black•Gate RS232 to facilitate SCADA communications to PLC, RTU's, Flow Computers, or Gas Analyzers over IP/MPLS Ethernet based wired or wireless networks. Modbus RTU/ASCII/ROC and DNP3 SCADA protocols are transparently supported.
The Black•Gate utilizes industrial grade hardware components and state of the art secure software.
Black•Gate Security
The Black•Gate is designed for highly secure transport and management of SCADA traffic. In fact, the “Black” in the product name is derived from NSA nomenclature for securing classified information. The critical nature of SCADA networks, along with the increasing frequency of cyber attacks, makes protecting these networks paramount.
The BlackGate meets these security challenges with advanced cryptography and security capabilities for both payload data and the management plane.
Payload Data Security
- The BlackGate boots up ready to establish a secure IPSec VPN tunnel
- The PKI cryptographic process, along with Public Key Certificates, ensures Authentication
- AES 256 bit keys are supported for highly secure data encryption.
Management Security
- Management access is limited to encrypted sessions via TLS, SSH and SNMPv3;
- AES 256 bit keys & sophisticated NIST password technology keep management data secure
Black•Gate NERC Redundancy
NERC -CIP mandates control center redundancy. RTUs must be accessible from, and be able to connect to, backup control centers.
Black•Gate continuously monitors connectivity to the active control center and automatically switches to the active backup control center.
• NERC mandates for control center redundancy
• Preserves investment in RTU & Central ⁻⁻ SCADA
• Control Center redundancy with IP flexibility
• Supports up to four redundant control centers
• Redundant and diverse connectivity
NERC Redundant and Diverse Connectivity
Black•Gate Management
Black•Gate management access is limited to encrypted sessions via TLS, SSH, or SNMPv3, that employ AES 256 bit keys and sophisticated NIST approved passwords. These sessions may be established after authentication via TACACS+ or Radius. Administration and User Logs are available with Syslog. Black•Gate management access is limited to encrypted sessions via TLS, SSH, or SNMPv3, that employ AES 256 bit keys and sophisticated NIST approved passwords. These sessions may be established after authentication via TACACS+ or Radius. Administration and User Logs are available with Syslog.
Secure Boot, a combination of hardware and firmware, is employed to ensure that the only code executing on the Black•Gate is trusted by Engage.Secure Boot, a combination of hardware and firmware, is employed to ensure that the only code executing on the Black•Gate is trusted by Engage.The signature of each piece of boot software, including firmware drivers, the operating system and applications is validated. Code Signing must be done for upgrades to be implemented.
NERC CIP Compliance
The Black•Gate installations achieve NERC CIP compliance with a combination of internal and external functions.
The Management interface has the sophistication to implement comprehensive policies and privileges for administrator and user accounts.
Administrator policy includes removal, disabling or renaming.Interoperability with external functions such as Syslog, Network Timing Protocol, TACACS+ and Radius with its support for RSA SecureID delivers trusted compliance.
Black•Gate Product Options
Cellular Modem Option
In order to provide wireless connectivity the Black•Gate supports USB LTE/4G/3G Modems with external Antenna connections that are approved for operation on AT&T, Verizon, Sprint and T-Mobile networks.
LAN Protector Option
The LAN Protector supports connectivity to a secondary independent LAN interface.
Serial Redundancy Switch Option
The Black•Gate has a serial redundancy option that splices into RS232 DCE to DTE connection.Serial Over IP connection provide an independent connection that can be used as a backup or a reversible migration path.
Specifications
LAN Network Interface
• Two 10/100 and optional 1000 Ethernet: Copper Optional SFP
• Auto negotiation or Configurable Speed and Duplex
LAN Network Protocols Supported
• IP, TCP, UDP, ICMP, Telnet, DHCP, DDNS, SSH
• Network Time Protocol - NTP
RS232 Interfaces
• 1-4 RS232 interface (DB25 & DB9) (Specify number of ports needed when ordering)
• Asynchronous: 75 to 230400 bits per second
Protocols Supported:
• DNP3-TCP/IP, ModBus-TCP/IP; ASCII; ROC
SCADA Encryption Algorithm
• AES 256-bit• AES 256-bit
• Fully Automatic key management
Quality of Service Support
• IP Type of Service (TOS) CLI configured
• IP Type of Service (TOS) CLI configured• 802.1p/q mac level prioritization
Regulatory
• CE
• Safety -IEC60950
• EMC - CFR 47 Part 15 Sub Part B:2002, EN55022: 1994+A1&A2, EN55024, ICES-003 1997, CISPR 22 Level A
• Telecom TBR12, TBR13
Management
• Secure Socket Shell - SSH V2 Session Encryption
• Console Port for Out of Band Management
• SNMPv3 Public and Private MIB with configurable traps
• Syslog with NTP Time Stamping
• Authentication, Authorization & Accounting
-TACACS+, RADIUS, 2 Factor Authentication
Dimensions
• 12" (L) x 5.5 ” (W) x 1.50” (H)
Environmental
• 0° to 132° F (-10° to 50°C) operating
• 90% operating humidity (non-condensing)
• Optional Extended Temperature (-40°C to 70°C)
Rear Panel/Power
• 12-30 VDC, 1.0A.
• Screw Locking Connector
• 100/240 VAC 50/60 Hz International Adapter
• Optional -48V 0.25 Amp
• Hot Standby with 2nd Power Module and Redundant power Options
Ordering Information
Part No.
Description
GW-007-RS232-0x*
BlackGate RS232, SCADA Serial TCP Gateway
2 10/100/1000 Ethernet: Copper &/or SFP
RS232 Interfaces:
• 1-4 RS232 interfaces (DB25 & DB9)
• Asynchronous: 75 to 230400 bits per second
*Note: x = Specified # of RS232 Ports (1 to 4)
Base Options
Base Options
EXT
Extended Temperature -40C to 70C
RED
Redundant SCADA Controller Option
Power Supply Options
Power Supply Options
094-2418
90-220 VAC Universal International/Domestic Adapter
094-2418-R
DUAL REDUNDANT, 90-220 VAC Adapter
094-N48V
Internal Power Module, -48 VDC Screw Terminals
094-N48V-02
DUAL REDUNDANT, -48 VDC Screw Terminals
094-1500
WIREDC Option, +24 VDC Screw Terminals
094-WIREDC-R
DUAL REDUNDANT, +24VDC
Rack Mount Options
Rack Mount Options
095-1000
Rack Mount Kit - for single 7" products (Fits both 19" and 23" racks)
095-2000
2 unit 19" x 1RU Rack Mount Kit for 7" products
095-3000-RTANG
Right Angle Wall Mount Bracket Kit