Converts RS530 serial data connections into AES encrypted IP packets
Flexible Serial Data Extensions over Packet Switch Networks
Overview & Applications
The Black•Tube CEP RS530 converts RS530 serial data connections into AES encrypted IP packets that extend the circuit overThe Black•Tube CEP RS530 converts RS530 serial data connections into AES encrypted IP packets that extend the circuit oververy cost effective Ethernet based LAN/WAN/MAN wired and wireless networks. The Black•Tube CEP RS530 encapsulatesAsynchronous, Synchronous and HDLC serial data into IP packets. The Black•Tube CEP RS530, which is available with oneto four RS530 interfaces software configurable as DCE or DTE, facilitates the interconnection of Serial Data Over IP betweenSerial Bulk Encryptors (KG-84/KIV7/OMNI), Data Terminals, Data Acquisition Systems, WAN Routers and Bridges....
Layer 1
In Layer 1 operating mode every bit is encapsulated into an IP packet. The size and frequency of the IP packets can be setIn Layer 1 operating mode every bit is encapsulated into an IP packet. The size and frequency of the IP packets can be setwith data rates from 75 bits to 2.048 Megabits per second. Latency minimization is accomplished with FIFO sizing for the lowdata rate settings. A configured number of incoming packets are buffered in order to compensate for the packet delivery jitterintroduced by the Ethernet network. The size of this buffer is configured to accommodate the peak amount of jitter.
Asynchronous Over IP
Asynchronous characters from the RS530 interface with 5 to 8 data bits, baud rates from 1.2 to 38.4 kilobits, 1 or 2 stop bitsAsynchronous characters from the RS530 interface with 5 to 8 data bits, baud rates from 1.2 to 38.4 kilobits, 1 or 2 stop bitsthat are with or without parity are efficiently encapsulated into IP packets. The encapsulation supports block mode transfersto minimize the bandwidth required. Additionally the latency is controlled by setting the Tube Bytes per packet.
HDLC Over IP
In Layer 2 operating mode HDLC Data frames, such as those used by Wide Area Networking protocols PPP and Frame RelayIn Layer 2 operating mode HDLC Data frames, such as those used by Wide Area Networking protocols PPP and Frame Relayor proprietary Data Links, are transported within IP packets as HDLC over IP. The latency introduced is dependent upon theclocking rate and the HDLC frame size. Minimum latency is obtained by maximizing the clock rate and minimizing the MTU.HDLC Over IP frames are directly sent out the Serial interface since Clock synchronization is not required. WAN securityprovisioning, such as firewalling, is maintained.
Assured Delivery Protocol
| Three LAN Interfaces All Black•Tube CEP RS530 models ship with three10/100BaseT Ethernet LAN ports. The Ethernet interfaces provide for:
|
Applications
Black•Tube CEP RS530 Applications
Flexible Synchronous Serial Data Extension Over IP
The Black•Tube CEP RS530, whose serial interfaces are configurable as DCE or DTE, facilitates the transport of bulk dataacross a combination of IP and WAN infrastructures. The Black•Tube CEP RS530's flexibility supports internetworking acrossvaried LAN/WAN/MAN/Satellite networks. The size and frequency of the IP packets can be set with data bit rates from 76bits per second to 16 million bits per second. Latency minimization is accomplished with multidimensional adaptive clockconfigurations.
| Typical Applications |
| - RS530 LAN to LAN interconnect - Secure Video TeleConferencing - Field Command Centers ⁻ Secure Wireless Bridge connections |
Black•Tube CEP RS530 for Type 1 Encrypted Data Over Internet Protocol |
Defense and other Government agencies and Contractors face an ever-increasing need to establish Type 1 secure data communications links. These organizations often have access to flexible IP services such as Intranets, LANs, Metropolitan-Area Networks, WANs, or Wireless Ethernet. The Engage Black•Tube CEP RS530 allows users to leverage existing Bulk Data Encryption Modules for use over IP/Ethernet connections. Encrypted Data over IP with the Black•Tube CEP RS530 is a veryeconomical solution that leverages a proven installed base.
Encrypted Bulk Data-over-IP utilizing the Black•Tube CEP RS530 is an economical "Purpose Built" proven solution that leverages aninstalled base of high-performance INFOSEC devices. Approved Data Encryptors include:
| • KIV-7 • KIV-19 • OMNI • KG-84 |
Flexible DCE to DTE Synchronous Serial Data Extensions over IP |
| Black•Tube CEP Management |
| Management Module | CEP security features include: | |
Black•Tube CEP isolates management and data plane func-tionality with the use of two separate processor modules. Management processor access is limited to encrypted ses-sions via SSH, or SNMPv3, that employ AES 256 bit keys and sophisticated NIST passwords. These sessions may be estab-lished after authentication via TACACS+ or Radius.
Administration and User Logs are available with Syslog. | • Administrative policies for adding, removing, disabling andrenaming authorized users; limiting user access to assignedcommands; and enabling only desired port numbers. • User authentication directly to the Black•Tube CEP or in conjunction with TACACS+ or RADIUS servers • RSA SecureID support for two factor trusted compliance. • An SSH command interface encrypting management traffic |
NERC Critical Infrastructure Protection Compliance |
The Black•Tube CEP installations achieve NERC CIP compliance with a combination of internal and external functions.
Internally the Management Module software has the sophistication to implement comprehensive policies and privileges for administrator and user accounts. Administrator policy includes removal, disabling or renaming.
Interoperability with external functions such as Syslog, Network Timing Protocol, TACACS+ and Radius with its support for RSA SecureID delivers trusted compliance.
Electronic Security Perimeter | CIP-005 Requirement | IPTube CEP Solution |
|
R2.2 - Enable only needed ports R2.4 - Strong Technical Controls R3.2 - Unauthorized Access R5.3 - Access Logging |
• Each Port may be enabled or disabled • RSA's SecureID two-factor Authentication • Alert messages via Syslog or TACACS+ • Syslog of Access and Command interactions |
System Security Management | CIP-007 Requirement | IPTube CEP Solution |
Access control is Authenticated, Authorized and Accounted for with Radius or TACACS+. Security Patches managed proactively. | R2.1-3 - Ports and Services R3 - Security Patch Management R5.3 - Secure Passwords R6.4 - Security Status Logs |
• Kernel and application upgrade alerts • Require minimum length, strength, frequency • Syslog and AAA via TACACS+ |
Technical Specifications
Black•Tube CEP RS530 Technical Specifications
| ||
LAN Network Interface:
RS530 Over IP Protocol:
| Management:
| |
How To Order
Black•Tube CEP RS530
Ordering Information
Black•Tube CEP RS530 Optional Features
Protection: Option Pro
The protector option utilizes the second LAN interface as a redundant path for the interconnection of the IP encapsulated RS530 data. The extension of the RS530 has a fault tolerant link that is configured to always on, or with switch over criteria.
| Alternator Load Balancing OPTION -ALT |
| The Alternator option alternatively sends the IP packetized SER RS530 data on LAN 1 and LAN 2. The Alternator option enables the packetized SER RS530 data to be split over two IP WAN connections such as xDSL. |
How to Order – Black•Tube CEP RS530 | ||
| Part No. | Description | Notes |
| CEP-007-2530-0x | Black•Tube CEP RS530 | Specify # of RS530 Ports Enabled (1 to 3) |
| CH-CEP-007-2530-0x | Chassis Slot Card: Black•Tube CEP RS530 | Specify # of RS530 Ports Enabled (1 to 3) |
| Base Option | Specify as suffix | |
| -EXT | Extended Temperature | -40C to 70C |
| -PRO | Protector Option | Fault Tolerant Network Interconnect |
| -Y | Serial Redundancy | Serial Interface hardware redundancy |
| Power Options | Specify as suffix | Hot Standby Configuration 2nd Power Suffix |
| -DCMOD | Power Supply Module 12/26 VDC ADP CON | Ships with Universal Adapter 90/240 50/60 |
| -WIREDC | Power Supply Module 12/26 VDC Screw Term | |
| -N48VDC | Power Supply Module Negative 48 Volt DC | Isolated Negative 48 Volt Power |
| Rack Mount Option | Specify as suffix | |
| -RACKMNT | 19" Wide Rack Mount Brackets | Enclosure Nut Serts Installed |
Wall Mount Option | ||
| -WALLMNT | Right Angle Wall Mount Brackets | Enclosure Nut Serts Installed |
