Transcript
R&S®SITLine ETH100 R&S®SITLine ETH1G Ethernet Encryptor Specifications Line interfaces, management interfaces and device protection ®
Each R&S SITLine ETH is equipped with two identical interface modules (private/A and public/X). The device operates quasitransparently; each port on the private interface module is internally fixed/aligned to the port on the public interface module to create a ® protected line. Each R&S SITLine ETH requires optical and/or electrical transceivers, which are part of the standard delivery.
Local LC display
Device protection Security zones
connector type cable type distance ports A1/X1
up to 100 m short range, approx. 550 m long range, approx. 3 km
e.g. Finisar FCLF-8520-3 e.g. JDSU JSH-21S3AB3 e.g. FTLF1319P1BTL
for security and network management communications for initialization, local configuration and firmware update black/white background lighting line 1 line 2 line 3 line 4
built-in RJ-45 (patch cable not included)
interface module removed front panel removed device opening recognition
You act. We protect. Encryption and IT security by Rohde & Schwarz SIT.
electrical SFP transceiver for 10/100/1000BaseT, hot swappable RJ-45 (patch cable not included) STP Cat 5 up to 100 m optical or electrical SFP transceiver, hot swappable
USB smartcard: device token or update token (optional) product type device name configuration of interface ports time, error codes, temperatures detection also in power off status; configurable response (information only or erasure) detection also in power off status; immediately erases security parameter incl. device certificate; requires reinitialization
Data Sheet | 08.01
®
R&S SITLine ETH1G 1 × 1 Gbit/s optical, electrical or optical/electrical line (cross media connect) Supported SFP transceiver (optional) 10/100/1000BaseT 1000BaseSX, multimode, 850 nm 1000BaseLX, single-mode, 1310 nm Management interfaces SMS, NMS
ports A1 to A4/X1 to X4
Secure Communications
Line interfaces ® R&S SITLine ETH100 4 × 100 Mbit/s electrical line
Version 08.01, January 2015
Security functions und cryptographic parameters Authentication and key agreement Device certificates Authentication algorithm
®
Certificate placement
generated offline by R&S SITScope
Key agreement for symmetrical encryption Data encryption and integrity protection Algorithm and key length standard customized
X.509 created and signed by ® R&S SITScope security management elliptic curves (ANSI X9.62) with a key length of 257 bit (comparable to RSA with approx. 3200 bit), SHA-256 smart card technology (device token); device certificate is renewed online by the security management system Diffie-Hellman for elliptic curves (ECKAS-DH) with a key length of 257 bit AES with 256 bit other standard or customer-specific symmetrical algorithms possible
Keys Master key life time
configurable, min. 6 h, max. 7 days, rekey without affecting existing communications Session key life time includes derivate keys for data encryption min. 1 minute, max. 7 days, rekey and integrity without affecting existing communications Encryption mode CFB (zero overhead; for Ethernet line operating modes EPL and EVPL) Transport, tunnel, bulk CFB-interleaved (cipher feedback): • frames are cryptographically concatenated • identical frames are encrypted with different results Integrity protection algorithm GMAC (Galois MAC) using AES integrity check length selectable from 4 byte to 16 byte to optimize overhead security ratio integrity area payload mandatory, optionally selectable VLAN tag and MAC address field Encryption mode GCM (for Ethernet LAN operating modes EP-LAN and EVP-LAN) Multipoint GCM (Galois/counter mode): • frames are cryptographically independent • identical frames are encrypted with different results • includes countermeasures against replay attacks Integrity protection algorithm included with GCM integrity check length selectable from 8 byte to 16 byte to optimize overhead security ratio integrity area payload mandatory, optionally selectable VLAN tag and MAC address field Network operating modes Ethernet line (E-Line) Ethernet private line (EPL) • EPL assignment by port • one secure connection per ® R&S SITLine ETH port • VLAN transparent operation Ethernet virtual private line (EVPL) • EVPL assignment by VLAN ID • up to 4000 secure VLAN connections ® per R&S SITLine ETH Ethernet LAN (E-LAN), Ethernet private LAN (EP-LAN) • E-LAN assignment by port Ethernet Tree (E-Tree) • one secure E-LAN with up to 4000 partner devices • VLAN transparent operation Ethernet virtual private LAN (EVP-LAN) • E-LAN assignment by VLAN ID • up to 4000 secure VLAN networks with up to 4000 partner devices
2
®
®
Rohde & Schwarz R&S SITLine ETH100/R&S SITLine ETH1G Ethernet Encryptor
Version 08.01, January 2015
General data Performance and reliability Throughput
Latency Mean time between failure (MTBF)
CFB, full duplex, transport GCM, full duplex 64 byte frames, 1 Gigabit Ethernet, store-and-forward in line with SN 29500-2005-1, fixed installation, +55 °C ambient temperature; permanent operation
Installation Rack format Dimensions
W×H×D
Rackmounting
default mounting bracket (19", 1 HU)
Required cable bending space for rackmounting Weight of device
front (from front edge) back (from back edge) device only
Shipping Shipping weight
Package dimensions
incl. packing, accessories, manuals W×H×D
Power supply and ventilation AC/DC supply Fuse Current consumption (at 230 V) Electric power Heat loss Battery Air flow Fans
in line with IEC 127-T2.0H maximum average average calculated
seen from front of device air exhaust to back panel air intake from left side air exhaust to right side Climatic conditions and mechanical resistance Temperature operating temperature range permissible temperature range storage temperature range Humidity Air pressure transport operation Vibration sinusoidal
100 % of line rate for all frames 88 % of line rate for 64 byte frames 99 % of line rate for 1518 byte frames 6 μs 46 000 h to 47 000 h, depending on number of Ethernet ports
19", 1 HU 438 mm × 44 mm × 596 mm (17.2 in × 1.7 in × 23.5 in) use mounting material (brackets, rails) for your specific rack model 65 mm (2.6 in) 45 mm (1.8 in) max. 7.6 kg (16.8 lb) max. 18.5 kg (40.0 lb)
705 mm × 295 mm × 625 mm (27.8 in × 11.6 in × 24.6 in) 110 V to 240 V AC (50 Hz/60 Hz), redundant, hot swappable 250 V 0.29 A 0.25 A 55 W 188 BTU/h 1 × 3.0 V lithium button cell left to right and back 1 main fan (ball bearing) 5 fans (ball bearing) 3 fans (ball bearing) +5 °C to +50 °C 0 °C to +55 °C –20 °C to +70 °C up to 90 % rel. humidity, noncondensing 566 hPa (equivalent to 4500 m) 795 hPa (equivalent to 2000 m) 5 Hz to 150 Hz
®
®
R&S SITLine ETH1G (top) with transceiver for two optical 1 Gigabit Ethernet interfaces. R&S SITLine ETH100 (bottom) with transceiver for eight electrical Fast Ethernet interfaces.
®
®
Rohde & Schwarz R&S SITLine ETH100/R&S SITLine ETH1G Ethernet Encryptor
3
Ordering information ®
The R&S SITLine ETH is a flexible and modular device. The following information refers to configuration examples. Please contact your local sales partner or system integrator for help and details. Designation Type ® R&S SITLine ETH100 for 1 ×, 2 × or 4 × Fast Ethernet, rack format (19"), 1 HU, incl. 1 device token, incl. transceivers ® Ethernet Encryptor, 1 line, 100 Mbit/s R&S SITLine ETH100-110 ® Ethernet Encryptor, 2 lines, 100 Mbit/s R&S SITLine ETH100-210 ® Ethernet Encryptor, 4 lines, 100 Mbit/s R&S SITLine ETH100-410 ® R&S SITLine ETH1G for 1 × 1 Gigabit Ethernet (optical and electrical), rack format (19"), 1 HU, incl. 1 device token, incl. transceivers ® Ethernet Encryptor, 1 line, 1 Gbit/s R&S SITLine ETH1G-110 ® ® Accessories of R&S SITLine ETH100/R&S SITLine ETH1G Electrical SFP transceiver (10/100/1000BaseT) for ® ® R&S SITLine ETH100 and R&S SITLine ETH1G ® Optical SFP transceiver (1000BaseSX) for R&S SITLine ETH1G ® Optical SFP transceiver (1000BaseLX) for R&S SITLine ETH1G Device token, USB/smart card ® R&S SITScope security management system ® R&S SITScope-Set Set, consisting of software and tools on CD (server and client ® software, R&S SITLine Admin), 3 root tokens, 4 user tokens, 1 USB smart card reader, 1 dongle smart card reader, 1 USB cable (type A to B) ® ® R&S SITScope-Set preinstalled on server hardware, R&S SITScope-Appliance ® license for up to 8 R&S SITLine ETH devices (small) ® ® R&S SITScope-Set preinstalled on server hardware R&S SITScope-Appliance ® Accessories of R&S SITScope Root token, ID1 smart card with break-out SIM User token, ID1 smart card Omnikey CardMan 3121 USB smart card reader Omnikey CardMan 6121 dongle smart card reader
Order No.
5401.7004K11 5401.7004K12 5401.7004K13
5401.6820K11 5401.8198.00 4055.6412.00 3591.5840.00 5410.0650.04 5410.8400.53
5410.8400.12 5410.8400.13 5401.0650.06 5401.0650.07 6131.2191.00 3584.1442.00
Service and support options Service options 8x5 Hotline Service incl. firmware/software maintenance 24x5 Hotline Service incl. firmware/software maintenance Extended Warranty, one year Extended Warranty, two years
®
R&S SIT H08 ® R&S SIT H24 ® R&S SIT WE1 ® R&S SIT WE2 ®
Please contact your local Rohde & Schwarz sales office.
®
Hotline support including firmware/software maintenance (R&S SIT H08, R&S SIT H24) The hotline service is provided at standard fixed network call charge rates (no special rate call or premium rate number). Except on regional and statutory holidays, the telephone support is available at the following times: • •
®
R&S SIT H08: during working hours, Monday to Friday between 9 a.m. and 5 p.m. (CET) ® R&S SIT H24: 24 hours from Monday to Friday (CET) ®
®
Firmware/software maintenance for the R&S SITLine ETH and the R&S SITScope includes bug fixing and updates. ®
®
Extended warranty for one or two years (R&S SIT WE1, R&S SIT WE2) Repairs carried out during the contract term are free of charge (excluding defects caused by incorrect operation or handling and force majeure). Wear-and-tear parts such as tokens are not included.
Rohde & Schwarz SIT GmbH Am Studio 3 12489 Berlin, Germany Phone: +49 30 658 84 223 Fax: +49 30 658 84 183
[email protected] www.sit.rohde-schwarz.com
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG Trade names are trademarks of the owners | Subject to change PD 5214.0724.22 | Version 08.01 | January 2015 (ch) R&S®SITLine ETH100/R&S®SITLine ETH1G Ethernet Encryptor © 2015 Rohde & Schwarz GmbH & Co. KG | 81671 Munich, Germany
