Вы находитесь на странице: 1из 3


For the 6500 Packet-Optical Platform

Features and Benefits


 ffers low-latency 10G wire-speed

encryption solution for highly
secure and transparent end-to-end


 eatures protocol-agnostic
encryption, offering flexibility
to support a variety of services
including Ethernet, Fibre Channel,
SONET/SDH, and OTN, scalable to
40G and 100G networks


 rovides enhanced security of critical

data via FIPS 140-2 Level 3-certified
Advanced Encryption Standards
(AES256) encryption solution


I ntegrates seamlessly into existing

enterprise Public Key Infrastructures
(PKIs) using X.509 certificate-based


 nables secure management of

Encryption-as-a-Service capability by
the end-user in carrier- or enterprisemanaged infrastructures via an
integrated management tool


 ffers a field-proven encryption

solution widely deployed across the
globe in finance, legal, healthcare,
military, and government networks


 eatures flexible protection

options, including round-trip delay
measurements for SLA assurance

The 4x10G Optical Transponder (OTR) with

encryption module cost-effectively delivers
a best-in-class, protocol-agnostic wirespeed encryption solution within a highcapacity, compact form factor for secure
communications of Ethernet, Fibre Channel,
and Optical Transport Network (OTN) services
Traditional encryption solutions require protocol-specific, standalone encryption
devices that consume multiple ports on the network element for inefficient
bandwidth use. Additionally, end-to-end management is complex, and key
management/authentication is cumbersome and labor-intensive. Cienas 4x10G
OTR with encryption module provides 40G of encrypted service capacity via four
distinct 10G protocol-independent encrypted line ports, so customers benefit
from simpler network designs with integrated encryption capability in any 6500
chassis variant.
4x10G OTR
with encryption


r co s
ales fo

t- ef f ic


high d

y tran

s por t

40G of encrypted
service capacity

Figure 1. 10G wire-speed encryption solution that scales to meet your network requirements

This encryption solution combines the density and flexibility of the existing
4x10G OTR card with Cienas proven encryption technology, deployed on platforms
that have a large global installed base. Supporting a wide range of client service


Data Center

Fibre Channel

Data Center

Figure 2. 6500 integrated protocol-agnostic encryption solution with 4x10G OTR with encryption

protocols, the 4x10G OTR with encryption can address

multiple applications among security-conscious customers,
including banking/finance, healthcare, military, and other
government sectors. Additionally, customers can deploy
differentiated services with low-latency connectivity and
several path/equipment protection options.

End-user/Security Officer Encryption

Management tool

Assured Networking for Secure Communications


The 4x10G OTR with encryption module is part of Cienas

Assured Networking solution, which helps customers create
trusted, reliable, and secure networks.The module offers
enhanced security with its FIPS 140-2 Level 3-certified design,
providing protection against physical tampering of the card,
with support for zeroisation. This ensures that all critical
security information is erased upon detection of any physical
tampering of the cryptographic module by setting all data
to zero, even when the card is not plugged into the shelf.
For increased protection, two distinct and independent
sets of keys are used for authentication and data encryption
functions, with a fast encryption key rotation interval of
seconds instead of minutes. The AES-256 data encryption
session keys are autonomously negotiated and rotated every
second, independently on each line port of the card, without
impacting traffic or throughput, and without user intervention.

Integrated Encryption Management

The solution includes MyCryptoTool, a dedicated and secure
encryption management tool that enables administration
of security parameters and alarms of carrier-managed or
enterprise-managed networks. This integrated user interface
securely connects to the cryptographic module of the card
and provides mutual authentication, ensuring that access is
limited to authorized security personnel.


Carrier or Enterprise Managed

Encrypted Service
Figure 3. MyCryptoTool for secure authentication and encryption
key management

The 4x10G OTR with encryption module fits in any 6500

chassis, so customers can select the optimal shelf size to meet
their site-specific capacity, space, and power requirements for
cost-efficient transport of encrypted services. This module
integrates a protocol-agnostic, wire-speed encryption
solution and end-user service management in a single
compact form factor to provide scalable and secure transport
of data over optical networksa solution that is capable of
carrying virtually any type of data services, including Ethernet,
Fibre Channel, SONET, SDH, and OTN.

Technical Information Section

System Requirements

The 4x10G OTR with encryption module can operate in any of the 6500-32, 6500-14,
6500-7 or 6500-2 chassis.

Port Format

Client side SFP/SFP+ supported interfaces

Line side XFP supported interfaces

OC-192/STM-64 (9.95 Gb/s)

10GbE LAN (10.31 Gb/s)
FC1200, FC800, FC400
OTU-2 (10.71 Gb/s)
OTU-2e (11.096 Gb/s)

OTU-2 (10.71 Gb/s)

OTU-2e (11.096 Gb/s)

Power Requirements


Protection Options

1+1 line protection

1+1 client and equipment protection

FEC Modes

G.709 compliant RS-8 FEC, UFEC, and OFF

Environmental Characteristics
Operating Temperature

+41 F to +104 F (+5 C to +40 C );

+23 F to +131 F(-5 C to +55 C ) short term ALL EXCEPT 6500-32
+23 F to +122 F(-5 C to +50 C ) short term 6500-32 ONLY

Relative Humidity

5% to 85% (non-condensing)


13,000 ft; 4000 m

Physical Characteristics

11.34 in (H) x 0.99 in (W) x 9.34 in (D)

288 mm (H) x 25 mm (W) x 237 mm (D)

Security Features


NIST-certified AES-256 encryption solution for data encryption

X.509 certificate support for authentication
> Support for Certificate Revocation List (CRL)
> Diffie-Hellman secured key negotiation
> Hitless AES-256 key rotation
> TLS-secured and mutually authenticated interface for encryption management
> Radius authentication support
> SNMPv3 support


FIPS 140-2 Level 3 - Certificate #2379

FIPS 197 AES256 Certificate # 2964
> EMC, Brocade

Ciena may from time to time make changes to the products or specifications contained herein without notice. Copyright 2015 Ciena Corporation. All rights reserved. DS267 6.2015