Вы находитесь на странице: 1из 3

4X10G OTR WITH

ENCRYPTION MODULE
For the 6500 Packet-Optical Platform

Features and Benefits


>

 ffers low-latency 10G wire-speed


O
encryption solution for highly
secure and transparent end-to-end
communications

>

 eatures protocol-agnostic
F
encryption, offering flexibility
to support a variety of services
including Ethernet, Fibre Channel,
SONET/SDH, and OTN, scalable to
40G and 100G networks

>

 rovides enhanced security of critical


P
data via FIPS 140-2 Level 3-certified
Advanced Encryption Standards
(AES256) encryption solution

>

I ntegrates seamlessly into existing


enterprise Public Key Infrastructures
(PKIs) using X.509 certificate-based
authentication

>

 nables secure management of


E
Encryption-as-a-Service capability by
the end-user in carrier- or enterprisemanaged infrastructures via an
integrated management tool

>

 ffers a field-proven encryption


O
solution widely deployed across the
globe in finance, legal, healthcare,
military, and government networks

>

 eatures flexible protection


F
options, including round-trip delay
measurements for SLA assurance

The 4x10G Optical Transponder (OTR) with


encryption module cost-effectively delivers
a best-in-class, protocol-agnostic wirespeed encryption solution within a highcapacity, compact form factor for secure
communications of Ethernet, Fibre Channel,
and Optical Transport Network (OTN) services
Traditional encryption solutions require protocol-specific, standalone encryption
devices that consume multiple ports on the network element for inefficient
bandwidth use. Additionally, end-to-end management is complex, and key
management/authentication is cumbersome and labor-intensive. Cienas 4x10G
OTR with encryption module provides 40G of encrypted service capacity via four
distinct 10G protocol-independent encrypted line ports, so customers benefit
from simpler network designs with integrated encryption capability in any 6500
chassis variant.
4x10G OTR
with encryption

Sc

r co s
ales fo

ie
t- ef f ic

nt

ensit
high d

y tran

s por t

40G of encrypted
service capacity

Figure 1. 10G wire-speed encryption solution that scales to meet your network requirements

This encryption solution combines the density and flexibility of the existing
4x10G OTR card with Cienas proven encryption technology, deployed on platforms
that have a large global installed base. Supporting a wide range of client service
D

Datasheet

Data Center

Ethernet
OTN
SONET/SDH
Fibre Channel

Data Center
Headquarters

Figure 2. 6500 integrated protocol-agnostic encryption solution with 4x10G OTR with encryption

protocols, the 4x10G OTR with encryption can address


multiple applications among security-conscious customers,
including banking/finance, healthcare, military, and other
government sectors. Additionally, customers can deploy
differentiated services with low-latency connectivity and
several path/equipment protection options.

End-user/Security Officer Encryption


Management tool

Assured Networking for Secure Communications

managed
keys

The 4x10G OTR with encryption module is part of Cienas


Assured Networking solution, which helps customers create
trusted, reliable, and secure networks.The module offers
enhanced security with its FIPS 140-2 Level 3-certified design,
providing protection against physical tampering of the card,
with support for zeroisation. This ensures that all critical
security information is erased upon detection of any physical
tampering of the cryptographic module by setting all data
to zero, even when the card is not plugged into the shelf.
For increased protection, two distinct and independent
sets of keys are used for authentication and data encryption
functions, with a fast encryption key rotation interval of
seconds instead of minutes. The AES-256 data encryption
session keys are autonomously negotiated and rotated every
second, independently on each line port of the card, without
impacting traffic or throughput, and without user intervention.

Integrated Encryption Management


The solution includes MyCryptoTool, a dedicated and secure
encryption management tool that enables administration
of security parameters and alarms of carrier-managed or
enterprise-managed networks. This integrated user interface
securely connects to the cryptographic module of the card
and provides mutual authentication, ensuring that access is
limited to authorized security personnel.

managed
keys

Carrier or Enterprise Managed


Encrypted Service
Figure 3. MyCryptoTool for secure authentication and encryption
key management

The 4x10G OTR with encryption module fits in any 6500


chassis, so customers can select the optimal shelf size to meet
their site-specific capacity, space, and power requirements for
cost-efficient transport of encrypted services. This module
integrates a protocol-agnostic, wire-speed encryption
solution and end-user service management in a single
compact form factor to provide scalable and secure transport
of data over optical networksa solution that is capable of
carrying virtually any type of data services, including Ethernet,
Fibre Channel, SONET, SDH, and OTN.

Technical Information Section


System Requirements

The 4x10G OTR with encryption module can operate in any of the 6500-32, 6500-14,
6500-7 or 6500-2 chassis.

Port Format

Client side SFP/SFP+ supported interfaces

Line side XFP supported interfaces

OC-192/STM-64 (9.95 Gb/s)


10GbE LAN (10.31 Gb/s)
FC1200, FC800, FC400
OTU-2 (10.71 Gb/s)
OTU-2e (11.096 Gb/s)

OTU-2 (10.71 Gb/s)


OTU-2e (11.096 Gb/s)

Power Requirements

50W

Protection Options

1+1 line protection


1+1 client and equipment protection

FEC Modes

G.709 compliant RS-8 FEC, UFEC, and OFF

Environmental Characteristics
Operating Temperature

+41 F to +104 F (+5 C to +40 C );


+23 F to +131 F(-5 C to +55 C ) short term ALL EXCEPT 6500-32
+23 F to +122 F(-5 C to +50 C ) short term 6500-32 ONLY

Relative Humidity

5% to 85% (non-condensing)

Altitude

13,000 ft; 4000 m

Physical Characteristics

11.34 in (H) x 0.99 in (W) x 9.34 in (D)


288 mm (H) x 25 mm (W) x 237 mm (D)

Security Features

>

NIST-certified AES-256 encryption solution for data encryption


X.509 certificate support for authentication
> Support for Certificate Revocation List (CRL)
> Diffie-Hellman secured key negotiation
> Hitless AES-256 key rotation
> TLS-secured and mutually authenticated interface for encryption management
> Radius authentication support
> SNMPv3 support
>

Certifications

FIPS 140-2 Level 3 - Certificate #2379


FIPS 197 AES256 Certificate # 2964
> IBM GDPS
> EMC, Brocade
>
>

Ciena may from time to time make changes to the products or specifications contained herein without notice. Copyright 2015 Ciena Corporation. All rights reserved. DS267 6.2015