Black•Tube RS530 CEP
Converts RS530 serial data connections into AES encrypted IP packets
Black•Tube RS530 CEP
Converts RS530 serial data connections into AES encrypted IP packets
- Encrypted RS530 Over IP -
- Dual LAN Interfaces -
- Assured Delivery Protocol -
- CEP Management -
SIZE
9" (L) x 7.3” (W) x 1.50” (H)
Overview
Leverage Existing Bulk Data Encryption for Data over IP
The Black•Tube CEP RS530, whose synchronous serial interfaces are configurable as DCE or DTE, provides for the leveraging of existing synchronous serial bulk rate encryptors such as; KIV-7, KIV-7M, KIV-19, OMNI, and KG-84. The Black•Tube CEP RS530 encapsulates synchronous serial data from Data Terminal or Communication Equipment into IP packets. These IP packets are sent to a remote Black•Tube CEP RS530 where the serial data is de-encapsulated and synchronously clocked into the remote Data Equipment. The IP connection provides for the transparent interconnection of Synchronous Serial Data Equipment via LANs, WANs, MANs, Satellite and Wireless Ethernet. Configured Data rates from 2.4 Kilobits per second to 2.048 Megabits per second.
Layer 1
In Layer 1 operating mode every bit is encapsulated into an IP packet. The size and frequency of the IP packets can be setIn Layer 1 operating mode every bit is encapsulated into an IP packet. The size and frequency of the IP packets can be setwith data rates from 75 bits to 2.048 Megabits per second. Latency minimization is accomplished with FIFO sizing for the lowdata rate settings. A configured number of incoming packets are buffered in order to compensate for the packet delivery jitterintroduced by the Ethernet network. The size of this buffer is configured to accommodate the peak amount of jitter.
Asynchronous Over IP
HDLC Over IP
Assured Delivery Protocol
Three LAN Interfaces
All Black•Tube CEP RS530 models ship with three10/100BaseT Ethernet LAN ports. The Ethernet interfaces provide for:
• Management interface on MLAN
• The Dual LAN Data Plane ports can be configured for:
- Connections over 2 Asymmetrical bandwidth links
- Protector Option for Redundant Packet Paths with Constant or Switch Over Criteria
Applications
Flexible Synchronous Serial Data Extension Over IP
The Black•Tube CEP RS530, whose serial interfaces are configurable as DCE or DTE, facilitates the transport of bulk dataacross a combination of IP and WAN infrastructures. The Black•Tube CEP RS530's flexibility supports internetworking acrossvaried LAN/WAN/MAN/Satellite networks. The size and frequency of the IP packets can be set with data bit rates from 76bits per second to 16 million bits per second. Latency minimization is accomplished with multidimensional adaptive clockconfigurations.
Typical Applications:
- RS530 LAN to LAN interconnect
- Secure Video TeleConferencing
- Field Command Centers
- Secure Wireless Bridge connections
Black•Tube CEP RS530 for Type 1 Encrypted Data Over Internet Protocol
Defense and other Government agencies and Contractors face an ever-increasing need to establish Type 1 secure data communications links. These organizations often have access to flexible IP services such as Intranets, LANs, Metropolitan-Area Networks, WANs, or Wireless Ethernet. The Engage Black•Tube CEP RS530 allows users to leverage existing Bulk Data Encryption Modules for use over IP/Ethernet connections. Encrypted Data over IP with the Black•Tube CEP RS530 is a veryeconomical solution that leverages a proven installed base.
Encrypted Bulk Data-over-IP utilizing the Black•Tube CEP RS530 is an economical "Purpose Built" proven solution that leverages aninstalled base of high-performance INFOSEC devices. Approved Data Encryptors include:
• KIV-7 • KIV-19 • OMNI • KG-84
Flexible DCE to DTE Synchronous Serial Data Extensions over IP
Black•Tube CEP Management
Management Module
Black•Tube CEP isolates management and data plane func-tionality with the use of two separate processor modules. Management processor access is limited to encrypted ses-sions via SSH, or SNMPv3, that employ AES 256 bit keys and sophisticated NIST passwords. These sessions may be estab-lished after authentication via TACACS+ or Radius.
The independent Linux based management plane of the Black•Tube CEP ensures Critical Infrastructure Data is iso-lated from management network access. The Management Module uses internal serial ports to connect to the Data Planeprocessor.
Administration and User Logs are available with Syslog.
CEP security features include:
• Administrative policies for adding, removing, disabling andrenaming authorized users; limiting user access to assignedcommands; and enabling only desired port numbers.
• User authentication directly to the Black•Tube CEP or in conjunction with TACACS+ or RADIUS servers
• RSA SecureID support for two factor trusted compliance.
• An SSH command interface encrypting management traffic
with powerful 256 bit symmetric keys and NIST based pass-words.
NERC Critical Infrastructure Protection Compliance
The Black•Tube CEP installations achieve NERC CIP compliance with a combination of internal and external functions.
Internally the Management Module software has the sophistication to implement comprehensive policies and privileges for administrator and user accounts. Administrator policy includes removal, disabling or renaming.
Interoperability with external functions such as Syslog, Network Timing Protocol, TACACS+ and Radius with its support for RSA SecureID delivers trusted compliance.
Electronic Security Perimeter
The Black•Tube CEP in combination with industry standard services meets the Electronic Security Perimeter's NERC CIP-005 specifications. In addition Control Plane isolation from the Data plane provides a higher level of security for the Cyber Assets.
CIP-005 Requirement & IP•Tube CEP Solutions
R2.1 - Deny Access by Default
Solution: Accounts must be created to allow access
R2.2 - Enable only needed ports
Solution: Each Port may be enabled or disabled
R2.4 - Strong Technical Controls
Solution: RSA's SecureID two-factor Authentication
R3.2 - Unauthorized Access
Solution: Alert messages via Syslog or TACACS+
R5.3 - Access Logging
Solution: Syslog of Access and Command interactions
CIP-005 Requirement
IP•Tube CEP Solution
R2.1 - Deny Access by Default
Accounts must be created to allow access
R2.2 - Enable only needed ports
Each Port may be enabled or disabled
R2.4 - Strong Technical Controls
RSA's SecureID two-factor Authentication
R3.2 - Unauthorized Access
Alert messages via Syslog or TACACS+
R5.3 - Access Logging
Syslog of Access and Command interactions
System Security Management
Access control is Authenticated, Authorized and Accounted for with TACACS+.
Security Patches managed proactively.
CIP-007 Requirement
IP•Tube CEP Solution
R2.1-3 - Ports and Services
Unused Serial Ports and Services are disabled
R3 - Security Patch Management
Kernel and application upgrade alerts
R5.3 - Secure Passwords
Require minimum length, strength, frequencyRequire minimum length, strength, frequency
R6.4 - Security Status Logs
Syslog and AAA via TACACS+
CIP-007 Requirement & IP•Tube CEP Solutions
R2.1-3 - Ports and Services
Solution: Unused Serial Ports and Services are disabled
R3 - Security Patch Management
Solution: Kernel and application upgrade alerts
R5.3 - Secure Passwords
Solution: Require minimum length, strength, frequencyRequire minimum length, strength, frequency
R6.4 - Security Status Logs
Solution: Syslog and AAA via TACACS+
Specifications
LAN Network Interface
- LAN1/LAN2: Two Data Plane 10/100 Base T
- MLAN: Control Plane 10/100 Base T
LAN Network Protocols Supported
- IP, TCP, UDP, ICMP, Telnet, DHCP, DDNS, SSH
- Network Time Protocol - NTP
RS530 Interfaces
- 1-4 Sync/HDLC, DCE/DTE RS530: 1 to 2 DB25M; a DB60F connector supports 1 to 2 RS530s with DB25M adaptor cables
RS530 Interface Clocking
75 bits to 2.048 megabits per seconds
Nx75,Nx1.2K,Nx56K,Nx64K; Max N = 32
Internal, External and Adaptive
RS530 Over IP Protocol
- TDM Over IP
- Circuit Extension Services Over IP
- HDLC Over IP
WAN Protocols Supported
- HDLC, SDLC, PPP, Frame Relay
Management
- Secure Socket Shell - SSH V2 - Session Encryption
- Centralized Authentication, Authorization and Accounting
- TACACS+, RADIUS, Two Factor Authentication
- Syslog with NTP Time Stamping
- Console Port for Out of Band Management
- SNMP V3 Public and Private MIB support with configured traps
Quality of Service Support
- IP Type of Service (TOS) CLI configured
- IANA Registered UDP Port 3175
- 802.1p/q mac level prioritization
Regulatory
CE
Safety -IEC60950
EMC - CFR 47 Part 15 Sub Part B: 2002, EN55022:1994 + A1&A2, EN55024, ICES-003 1997, CISPR 22 Level A
Dimensions
- Dimensions: 9" (L) x 7.3” (W) x 1.50” (H)
Power
- 12-30 VDC, 1.0A.
- Screw Locking Connector
- Universal Adapter 100/240 VAC 50/60 Hz
- Optional -48V 0.25 Amp
- Hot Standby
Environmental
- 0° to 132° F (-10° to 50°C) operating temperature
- Up to 90% operating humidity (non-condensing)
- Optional Extended Temperature Range available
Ordering Information
Chassis Slot Card: Black•Tube CEP RS530
Rack Mount & Power Supply Options:
Part No.
Description
CEP-007-2530-0x*
Black•Tube CEP RS530, *Note: x = Number of specified RS530 ports enabled (1 to 3)
CH-CEP-007-2530-0x*
Chassis Slot Card: Black•Tube CEP RS530, *Note: x = Number of specified RS530 ports enabled (1 to 3)
Optional Features
Optional Features
Y
Serial Redundancy, Complete hardware redundancy
EXT
Extended Temperature, -40C to 70C
PRO
Protector Option, Fault Tolerant Network Interconnect. The protector option utilizes the second LAN interface as a redundant path for the interconnection of the IP encapsulated data. The extension of the IP-Tube has a fault tolerant link that is configured to always on, or with switch over criteria. Learn more.
Power Supply Options
Power Supply Options
094-2418
90-220 VAC Universal International/Domestic Adapter
094-2418-R
DUAL REDUNDANT, 90-220 VAC Adapter
094-N48V
Internal Power Module, -48 VDC Screw Terminals
094-N48V-02
DUAL REDUNDANT, -48 VDC Screw Terminals
094-1500
WIREDC Option, +24 VDC Screw Terminals
094-WIREDC-R
DUAL REDUNDANT, +24VDC
Rack Mount Options
Rack Mount Option
095-1000
Rack Mount Kit - for single 7" products (Fits both 19" and 23" racks)
095-2000
2 unit 19" x 1RU Rack Mount Kit for 7" products
095-3000-RTANG
Right Angle Wall Mount Bracket Kit