SlideShare a Scribd company logo

L1 DWDM Encryption - The key to protect your data

Yariv Ben-Micha
Yariv Ben-Micha

Today’s trend of increased use of virtual and cloud networks has proven to offer new cost effective opportunities for organization and data centers, but on the other hand, has opened organizations to vulnerability from sophisticated outside attackers. The need for backup, business continuity and data transport between multiple data center sites has grown. In addition, today’s enterprise networks have extended from on-premise to remote cloud virtual networks, thus forming high bandwidth optical transport network to connect between the remote sites over increasing distances . Therefore the data transport networks today are exposed to security holes previously not encountered. This situation has made traditional premise security devices insufficient for today’s needs. Transport Protection Options for remote data centers and disaster recovery connectivity as well as for cloud and virtual networks, fiber optic infrastructure has been widely used. With WDM solutions, multiple data rates can be multiplexed together and be transported across the network with ultra low latency. The fiber infrastructure also offers huge capacity, with up to 96 wavelengths of 100G transported over a single fiber. Until recently, fiber optic cable was considered more secure than other transport mediums, and virtually immune to data hacking. However, recent studies proved that even fiber can be hacked by using different methods and relatively simple tools. This raised a need for transport security measures over fiber networks as well. Just owning your own dark fiber infrastructure is no longer guarantee for data security. In order to provide secured fiber optic link, a combination of physical premise protection, secured management protocols, with encryption method and with optical power level monitoring should be used. The combined method provides the network administrator the set of tools that help to prevent, detect, isolate and counter any potential or occurring data hacking attempt. T

Technology
1 of 6
Download to read offline
Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Secured Encrypted 1G to 40G DWDM Transport Solutions oday’s trend of increased use of virtual and cloud networks has proven to offer new cost effective opportunities for organization and data centers, but on the other hand, has opened organizations to vulnerability from sophisticated outside attackers. The need for backup, business continuity and data transport between multiple data center sites has grown. In addition, today’s enterprise networks have extended from on-premise to remote cloud virtual networks, thus forming high bandwidth optical transport network to connect between the remote sites over increasing distances . Therefore the data transport networks today are exposed to security holes previously not encountered. This situation has made traditional premise security devices insufficient for today’s needs. Data link encryption In today’s world, data encryption methods previously used only by military and intelligence services are now the relevant viable data protection solution, not only to banks and financial institutions but also to all forms of data transfer across platforms. Management traffic protection Using encryption methods for data transfer is not enough. Data transfer encryption does not provide protection against attacks on the management traffic. Such attacks can cause damage and outage of the entire infrastructure. Thus the use of secured management protocols such as SNMPv3, SSH (Secured Shell), HTTPS (Secured HTTP) and firewalls has also become mandatory. Optical fiber link detection Another essential protection aspect is the security of the optical link. The purpose of the optical link security is providing the IT administrators tools to identify tapping of the optical fiber by detection of unexplained link power degradation. Transport Protection Options For remote data centers and disaster recovery connectivity as well as for cloud and virtual networks, fiber optic infrastructure has been widely used. With WDM solutions, multiple data rates can be multiplexed together and be transported across the network with ultra low latency. The fiber infrastructure also offers huge capacity, with up to 96 wavelengths of 100G transported over a single fiber. Until recently, fiber optic cable was considered more secure than other transport mediums, and virtually immune to data hacking. However, recent studies proved that even fiber can be hacked by using different methods and relatively simple tools. This raised a need for transport security measures over fiber networks as well. Just owning your own dark fiber infrastructure is no longer guarantee for data security. In order to provide secured fiber optic link, a combination of physical premise protection, secured management protocols, with encryption method and with optical power level monitoring should be used. The combined method provides the network administrator the set of tools that help to prevent, detect, isolate and counter any potential or occurring data hacking attempt. T
Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com PacketLight’s Solution PacketLight’s innovative cryptography solution, PL-1000TE Crypto, offers high security level for the fiber infrastructure by combining cryptographic protection at the layer-1 of the service data flow, firewall, secured management protocols, password protected role based user authentication, and optical link power level monitoring. PL-1000TE Crypto ensures three major concerns of optical link security:  Confidentiality - preventing disclosure of information to unauthorized parties  Data integrity - ensuring that the data has not been altered  Authentication - validating that both parties involved are indeed who they claim to be PacketLight’s encryption is transparent to the traffic without any degradation to the DWDM link performance or to the QoS of transferred data providing full end-to-end transparency of service data and clock with a low latency of less than 20usec for 10GbE. With PacketLight’s layer -1 encryption solution, there is no need for any changes to existing layer-2 and layer-3 switches and routers in the network. The solution is agnostic to the Layer-2/3 equipment vendor and type. Thus, it is easy to deploy in any environment with minimal cost and time. Illustration 1: Encryption Mechanism PL-1000TE Crypto The PL-1000TE Crypto has 8 independent encryption machines and key exchange so each service is isolated and encrypted independently of the others. Each transponder can perform GCM-AES-256 Encryption to the client signal, supporting full bandwidth of 1GbE, 10GbE, 4G FC, 8G FC, 10G FC, 16G FC services. In addition, the user can configure four 10GbE transponders as a single 40GbE service. The user can flexibly activate the encryption/decryption functionality for specific transponders and selected wavelengths.
Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Illustration 2: PL-1000TE Crypto connecting to multiple services The bit rate of the encrypted services is compatible with the bit rate of standard signals. For example, the bit rate of encrypted 10GbE, 8G FC and 4G FC is the same as 10GbE bit rate. Thus, these encrypted services can be mapped over OTN (Optical Transport Network) networks with standard OTU2e (10G). For example, each 10G encrypted signal can be transported over 10G OTU2e wavelength using the PL-1000TN, or up to 10 encrypted signals can be multiplexed into a single 100G OTN uplink by PacketLight’s muxponder devices PL-1000GM or PL-1000GT. The cryptographic module of the PL-1000TE Crypto is compliant with NIST FIPS 140-2 standards and NSA Suite B requirements. For protection of the management traffic, PacketLight’s DWDM equipment supports a built-in firewall with every unit. The firewall provides protection for PacketLight’s device from attacks targeted against the management port by letting the user to maintain a white list of managers that can access the device and to specify the list of blocked/allowed management protocols. In addition, PacketLight’s device supports SNMPv3, SSH and HTTPS protocols for secured management traffic. For protection of the optical fiber, PacketLight’s DWDM equipment provides advanced fiber monitoring capabilities that allow monitoring of the attenuation levels between two sites in real time and provide system alerts in case of significant optical power degradation. Malicious fiber tapping attempts are one of the reasons that cause degradation in the fiber attenuation. With these alerts, such tapping can be quickly identified and remedied.
Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Applications and Usability PacketLight’s Layer-1 encryption solution is agnostic to the application layer and the SAN and LAN equipment used, which makes the solution externally cost effective and simple to deploy. PacketLight’s solution can even be integrated with existing WDM infrastructure and encrypted wavelengths can be added at any time with no impact on the existing applications. Below are a few examples in which PacketLight’s Encryption technology can be utilized and provide value added solution and services for different segments: Building private secured optical network for regulation compliance Financial Institutes The awareness of the need for data security is growing among all the financial institutes due to the high sensitivity of financial data and transactional flow between data centers. In several countries, such as Germany, there are legislations which require the data over the fiber between data centers to be encrypted. The typical encrypted interfaces are the 1G/10G/40G Ethernet and 4/8/10/16G Fibre Channel protocols used for data and storage transport. Utilities The security awareness has particularly increased for the utility companies where data security compromise can have a wide spread effect that can hurt country wide infrastructure and may have huge ramifications. Malicious hacking attack on utility company’s data can shut down essential services such as electricity, water, and transportation. Thus, the utility company network must be encrypted keeping it inaccessible for tapping or modification. Illustration 3: Point-to-point connectivity with PL-1000TE Crypto
Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Cloud and data center affordable Encryption solution One of the major challenges for cloud and data center service providers is the link security, since the enterprise’s most vital information is sent between locations typically over fiber. In most cases, there is a core router located at the main data center site and through it different streams of services and end users are carried. The need for full throughput encryption of the connections between the core routers of the data centers is obvious. PacketLight’s product offers cost effective, transparent, high security solution for such service providers. Offering of Encrypted Wavelength service by service providers over OTN networks Service providers are operating in an extremely competitive market. Offering value added services to distinguish themselves among the other service providers is one of the essential challenges for their business. Encrypted wavelength is one of the value added services that can be offered in a cost effective way with PacketLight’s most compact high bandwidth DWDM CPE solutions with guaranteed short term ROI for the equipment. The encryption is enabled or disabled per each interface independently and is applied transparently to the client as a part of the DWDM service. The encryption supports the most common FC and Ethernet signals and is configured flexibly by the user to the type and service rate. The same box is used for transparent DWDM managed service and encrypted solution, so the encrypted WL service is a “no brainer” addition to the service provider’s offerings. The encryption can be either configured by the cryptographic officer of the end enterprise or by the service provider as different level of permissions are supported for the encryption functionality. PacketLight encryption solutions can connect with OTU2 and OTU4 to the carrier backbone infrastructure without any need to change or upgrade it. Using the PL-1000TE Crypto as the encryption device feeding the PL-1000TN for 10G OTU2 or the PL-1000GM/GT as the Muxponder solution to 100G OTU4 enables provision of encryption over any existing OTN network infrastructure.
Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Illustration 4: Ring connectivity with PL-1000TE Crypto For more information visit our website at www.packetlight.com Or contact us via e-mail: info@packetlight.com About PacketLight Networks, Ltd. PacketLight Networks offers a suite of Leading 1U CWDM/DWDM and OTN based solutions, for transport of data, storage, voice and video applications, over dark fiber and WDM networks, featuring high quality, reliability and performance at affordable prices. Our products are distinguished with low power consumption ideal for CLE (Customer Located Equipment) allowing maximum flexibility as well as ease of maintenance and operation and providing real Pay-as-you-grow architecture. PacketLight customers are carriers, service providers, data centers, IT integrators and enterprises who are active in meeting the demands for metro Ethernet, business continuity, Triple Play solutions and enterprise data sharing applications. For product and reseller information, Please contact info@packetlight.com

Recommended

Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsADVA
 
Transforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportTransforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportADVA
 
ADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS DemoADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS DemoADVA
 
ADVA ConnectGuard™
ADVA ConnectGuard™ADVA ConnectGuard™
ADVA ConnectGuard™ADVA
 
Introducing the ADVA MicroMux™
Introducing the ADVA MicroMux™Introducing the ADVA MicroMux™
Introducing the ADVA MicroMux™ADVA
 
Introducing the Future of Data Center Interconnect Networks
Introducing the Future of Data Center Interconnect NetworksIntroducing the Future of Data Center Interconnect Networks
Introducing the Future of Data Center Interconnect NetworksADVA
 
FSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNFSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNADVA
 
Michigan Collaboration Summit - Washtenaw Community College
Michigan Collaboration Summit - Washtenaw Community CollegeMichigan Collaboration Summit - Washtenaw Community College
Michigan Collaboration Summit - Washtenaw Community CollegeADVA
 

Recommended

Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsADVA
 
Transforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportTransforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportADVA
 
ADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS DemoADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS DemoADVA
 
ADVA ConnectGuard™
ADVA ConnectGuard™ADVA ConnectGuard™
ADVA ConnectGuard™ADVA
 
Introducing the ADVA MicroMux™
Introducing the ADVA MicroMux™Introducing the ADVA MicroMux™
Introducing the ADVA MicroMux™ADVA
 
Introducing the Future of Data Center Interconnect Networks
Introducing the Future of Data Center Interconnect NetworksIntroducing the Future of Data Center Interconnect Networks
Introducing the Future of Data Center Interconnect NetworksADVA
 
FSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNFSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNADVA
 
Michigan Collaboration Summit - Washtenaw Community College
Michigan Collaboration Summit - Washtenaw Community CollegeMichigan Collaboration Summit - Washtenaw Community College
Michigan Collaboration Summit - Washtenaw Community CollegeADVA
 
Secure, High Performance Transport Networks Based on WDM Technology
Secure, High Performance Transport Networks Based on WDM TechnologySecure, High Performance Transport Networks Based on WDM Technology
Secure, High Performance Transport Networks Based on WDM TechnologyADVA
 
Forget the Layers: NFV Is About Dynamism
Forget the Layers: NFV Is About DynamismForget the Layers: NFV Is About Dynamism
Forget the Layers: NFV Is About DynamismADVA
 
How Does SDN Fit into the Data Centre?
How Does SDN Fit into the Data Centre?How Does SDN Fit into the Data Centre?
How Does SDN Fit into the Data Centre?ADVA
 
The New NFV Powerhouse
The New NFV Powerhouse The New NFV Powerhouse
The New NFV Powerhouse ADVA
 
Amplification, ROADM and Optical Networking activities at CPqD
Amplification, ROADM and Optical Networking activities at CPqDAmplification, ROADM and Optical Networking activities at CPqD
Amplification, ROADM and Optical Networking activities at CPqDCPqD
 
Optimizing Data Center WANs with SDN and Underlay Networking
Optimizing Data Center WANs with SDN and Underlay NetworkingOptimizing Data Center WANs with SDN and Underlay Networking
Optimizing Data Center WANs with SDN and Underlay NetworkingInfinera
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical NetworksADVA
 
In-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceIn-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceADVA
 
ROADM Technologies for Flexible - Tbitsec Optical Networks
ROADM Technologies for Flexible - Tbitsec Optical NetworksROADM Technologies for Flexible - Tbitsec Optical Networks
ROADM Technologies for Flexible - Tbitsec Optical NetworksCPqD
 
optics ppt
optics pptoptics ppt
optics pptVijaykumar Kulkarni
 
Introducing One Network Edge
Introducing One Network EdgeIntroducing One Network Edge
Introducing One Network EdgeADVA
 
N-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-Select
N-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-SelectN-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-Select
N-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-SelectADVA
 
Pragmatic Approaches for Sync Delivery in Finance Markets
Pragmatic Approaches for Sync Delivery in Finance MarketsPragmatic Approaches for Sync Delivery in Finance Markets
Pragmatic Approaches for Sync Delivery in Finance MarketsADVA
 
Introduction to Optical Backbone Networks
Introduction to Optical Backbone NetworksIntroduction to Optical Backbone Networks
Introduction to Optical Backbone NetworksAnuradha Udunuwara
 
NETCONF Call Home
NETCONF Call Home NETCONF Call Home
NETCONF Call Home ADVA
 
WDM Basics
WDM BasicsWDM Basics
WDM BasicsTarig Elamin
 
Wavelength division multiplexing
Wavelength division multiplexingWavelength division multiplexing
Wavelength division multiplexingMuhammad Uzair Rasheed
 
DWDM Presentation
DWDM PresentationDWDM Presentation
DWDM Presentationayodejieasy
 
WDM principles
WDM principlesWDM principles
WDM principlesAnuradha Udunuwara
 
EANTC Test Report: ADVA FSP 150 ProVMe
EANTC Test Report: ADVA FSP 150 ProVMeEANTC Test Report: ADVA FSP 150 ProVMe
EANTC Test Report: ADVA FSP 150 ProVMeADVA
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

More Related Content

Viewers also liked

Secure, High Performance Transport Networks Based on WDM Technology
Secure, High Performance Transport Networks Based on WDM TechnologySecure, High Performance Transport Networks Based on WDM Technology
Secure, High Performance Transport Networks Based on WDM TechnologyADVA
 
Forget the Layers: NFV Is About Dynamism
Forget the Layers: NFV Is About DynamismForget the Layers: NFV Is About Dynamism
Forget the Layers: NFV Is About DynamismADVA
 
How Does SDN Fit into the Data Centre?
How Does SDN Fit into the Data Centre?How Does SDN Fit into the Data Centre?
How Does SDN Fit into the Data Centre?ADVA
 
The New NFV Powerhouse
The New NFV Powerhouse The New NFV Powerhouse
The New NFV Powerhouse ADVA
 
Amplification, ROADM and Optical Networking activities at CPqD
Amplification, ROADM and Optical Networking activities at CPqDAmplification, ROADM and Optical Networking activities at CPqD
Amplification, ROADM and Optical Networking activities at CPqDCPqD
 
Optimizing Data Center WANs with SDN and Underlay Networking
Optimizing Data Center WANs with SDN and Underlay NetworkingOptimizing Data Center WANs with SDN and Underlay Networking
Optimizing Data Center WANs with SDN and Underlay NetworkingInfinera
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical NetworksADVA
 
In-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceIn-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceADVA
 
ROADM Technologies for Flexible - Tbitsec Optical Networks
ROADM Technologies for Flexible - Tbitsec Optical NetworksROADM Technologies for Flexible - Tbitsec Optical Networks
ROADM Technologies for Flexible - Tbitsec Optical NetworksCPqD
 
Introducing One Network Edge
Introducing One Network EdgeIntroducing One Network Edge
Introducing One Network EdgeADVA
 
N-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-Select
N-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-SelectN-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-Select
N-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-SelectADVA
 
Pragmatic Approaches for Sync Delivery in Finance Markets
Pragmatic Approaches for Sync Delivery in Finance MarketsPragmatic Approaches for Sync Delivery in Finance Markets
Pragmatic Approaches for Sync Delivery in Finance MarketsADVA
 
Introduction to Optical Backbone Networks
Introduction to Optical Backbone NetworksIntroduction to Optical Backbone Networks
Introduction to Optical Backbone NetworksAnuradha Udunuwara
 
NETCONF Call Home
NETCONF Call Home NETCONF Call Home
NETCONF Call Home ADVA
 
DWDM Presentation
DWDM PresentationDWDM Presentation
DWDM Presentationayodejieasy
 
EANTC Test Report: ADVA FSP 150 ProVMe
EANTC Test Report: ADVA FSP 150 ProVMeEANTC Test Report: ADVA FSP 150 ProVMe
EANTC Test Report: ADVA FSP 150 ProVMeADVA
 

Viewers also liked (20)

Secure, High Performance Transport Networks Based on WDM Technology
Secure, High Performance Transport Networks Based on WDM TechnologySecure, High Performance Transport Networks Based on WDM Technology
Secure, High Performance Transport Networks Based on WDM Technology
 
Forget the Layers: NFV Is About Dynamism
Forget the Layers: NFV Is About DynamismForget the Layers: NFV Is About Dynamism
Forget the Layers: NFV Is About Dynamism
 
How Does SDN Fit into the Data Centre?
How Does SDN Fit into the Data Centre?How Does SDN Fit into the Data Centre?
How Does SDN Fit into the Data Centre?
 
The New NFV Powerhouse
The New NFV Powerhouse The New NFV Powerhouse
The New NFV Powerhouse
 
Amplification, ROADM and Optical Networking activities at CPqD
Amplification, ROADM and Optical Networking activities at CPqDAmplification, ROADM and Optical Networking activities at CPqD
Amplification, ROADM and Optical Networking activities at CPqD
 
Optimizing Data Center WANs with SDN and Underlay Networking
Optimizing Data Center WANs with SDN and Underlay NetworkingOptimizing Data Center WANs with SDN and Underlay Networking
Optimizing Data Center WANs with SDN and Underlay Networking
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
 
In-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceIn-Service Monitoring of PTP Performance
In-Service Monitoring of PTP Performance
 
ROADM Technologies for Flexible - Tbitsec Optical Networks
ROADM Technologies for Flexible - Tbitsec Optical NetworksROADM Technologies for Flexible - Tbitsec Optical Networks
ROADM Technologies for Flexible - Tbitsec Optical Networks
 
optics ppt
optics pptoptics ppt
optics ppt
 
Introducing One Network Edge
Introducing One Network EdgeIntroducing One Network Edge
Introducing One Network Edge
 
N-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-Select
N-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-SelectN-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-Select
N-degree ROADM Architecture Comparison: Broadcast-and-Select vs Route-and-Select
 
Pragmatic Approaches for Sync Delivery in Finance Markets
Pragmatic Approaches for Sync Delivery in Finance MarketsPragmatic Approaches for Sync Delivery in Finance Markets
Pragmatic Approaches for Sync Delivery in Finance Markets
 
Introduction to Optical Backbone Networks
Introduction to Optical Backbone NetworksIntroduction to Optical Backbone Networks
Introduction to Optical Backbone Networks
 
NETCONF Call Home
NETCONF Call Home NETCONF Call Home
NETCONF Call Home
 
WDM Basics
WDM BasicsWDM Basics
WDM Basics
 
Wavelength division multiplexing
Wavelength division multiplexingWavelength division multiplexing
Wavelength division multiplexing
 
DWDM Presentation
DWDM PresentationDWDM Presentation
DWDM Presentation
 
WDM principles
WDM principlesWDM principles
WDM principles
 
EANTC Test Report: ADVA FSP 150 ProVMe
EANTC Test Report: ADVA FSP 150 ProVMeEANTC Test Report: ADVA FSP 150 ProVMe
EANTC Test Report: ADVA FSP 150 ProVMe
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

L1 DWDM Encryption - The key to protect your data

  • 1. Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Secured Encrypted 1G to 40G DWDM Transport Solutions oday’s trend of increased use of virtual and cloud networks has proven to offer new cost effective opportunities for organization and data centers, but on the other hand, has opened organizations to vulnerability from sophisticated outside attackers. The need for backup, business continuity and data transport between multiple data center sites has grown. In addition, today’s enterprise networks have extended from on-premise to remote cloud virtual networks, thus forming high bandwidth optical transport network to connect between the remote sites over increasing distances . Therefore the data transport networks today are exposed to security holes previously not encountered. This situation has made traditional premise security devices insufficient for today’s needs. Data link encryption In today’s world, data encryption methods previously used only by military and intelligence services are now the relevant viable data protection solution, not only to banks and financial institutions but also to all forms of data transfer across platforms. Management traffic protection Using encryption methods for data transfer is not enough. Data transfer encryption does not provide protection against attacks on the management traffic. Such attacks can cause damage and outage of the entire infrastructure. Thus the use of secured management protocols such as SNMPv3, SSH (Secured Shell), HTTPS (Secured HTTP) and firewalls has also become mandatory. Optical fiber link detection Another essential protection aspect is the security of the optical link. The purpose of the optical link security is providing the IT administrators tools to identify tapping of the optical fiber by detection of unexplained link power degradation. Transport Protection Options For remote data centers and disaster recovery connectivity as well as for cloud and virtual networks, fiber optic infrastructure has been widely used. With WDM solutions, multiple data rates can be multiplexed together and be transported across the network with ultra low latency. The fiber infrastructure also offers huge capacity, with up to 96 wavelengths of 100G transported over a single fiber. Until recently, fiber optic cable was considered more secure than other transport mediums, and virtually immune to data hacking. However, recent studies proved that even fiber can be hacked by using different methods and relatively simple tools. This raised a need for transport security measures over fiber networks as well. Just owning your own dark fiber infrastructure is no longer guarantee for data security. In order to provide secured fiber optic link, a combination of physical premise protection, secured management protocols, with encryption method and with optical power level monitoring should be used. The combined method provides the network administrator the set of tools that help to prevent, detect, isolate and counter any potential or occurring data hacking attempt. T
  • 2. Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com PacketLight’s Solution PacketLight’s innovative cryptography solution, PL-1000TE Crypto, offers high security level for the fiber infrastructure by combining cryptographic protection at the layer-1 of the service data flow, firewall, secured management protocols, password protected role based user authentication, and optical link power level monitoring. PL-1000TE Crypto ensures three major concerns of optical link security:  Confidentiality - preventing disclosure of information to unauthorized parties  Data integrity - ensuring that the data has not been altered  Authentication - validating that both parties involved are indeed who they claim to be PacketLight’s encryption is transparent to the traffic without any degradation to the DWDM link performance or to the QoS of transferred data providing full end-to-end transparency of service data and clock with a low latency of less than 20usec for 10GbE. With PacketLight’s layer -1 encryption solution, there is no need for any changes to existing layer-2 and layer-3 switches and routers in the network. The solution is agnostic to the Layer-2/3 equipment vendor and type. Thus, it is easy to deploy in any environment with minimal cost and time. Illustration 1: Encryption Mechanism PL-1000TE Crypto The PL-1000TE Crypto has 8 independent encryption machines and key exchange so each service is isolated and encrypted independently of the others. Each transponder can perform GCM-AES-256 Encryption to the client signal, supporting full bandwidth of 1GbE, 10GbE, 4G FC, 8G FC, 10G FC, 16G FC services. In addition, the user can configure four 10GbE transponders as a single 40GbE service. The user can flexibly activate the encryption/decryption functionality for specific transponders and selected wavelengths.
  • 3. Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Illustration 2: PL-1000TE Crypto connecting to multiple services The bit rate of the encrypted services is compatible with the bit rate of standard signals. For example, the bit rate of encrypted 10GbE, 8G FC and 4G FC is the same as 10GbE bit rate. Thus, these encrypted services can be mapped over OTN (Optical Transport Network) networks with standard OTU2e (10G). For example, each 10G encrypted signal can be transported over 10G OTU2e wavelength using the PL-1000TN, or up to 10 encrypted signals can be multiplexed into a single 100G OTN uplink by PacketLight’s muxponder devices PL-1000GM or PL-1000GT. The cryptographic module of the PL-1000TE Crypto is compliant with NIST FIPS 140-2 standards and NSA Suite B requirements. For protection of the management traffic, PacketLight’s DWDM equipment supports a built-in firewall with every unit. The firewall provides protection for PacketLight’s device from attacks targeted against the management port by letting the user to maintain a white list of managers that can access the device and to specify the list of blocked/allowed management protocols. In addition, PacketLight’s device supports SNMPv3, SSH and HTTPS protocols for secured management traffic. For protection of the optical fiber, PacketLight’s DWDM equipment provides advanced fiber monitoring capabilities that allow monitoring of the attenuation levels between two sites in real time and provide system alerts in case of significant optical power degradation. Malicious fiber tapping attempts are one of the reasons that cause degradation in the fiber attenuation. With these alerts, such tapping can be quickly identified and remedied.
  • 4. Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Applications and Usability PacketLight’s Layer-1 encryption solution is agnostic to the application layer and the SAN and LAN equipment used, which makes the solution externally cost effective and simple to deploy. PacketLight’s solution can even be integrated with existing WDM infrastructure and encrypted wavelengths can be added at any time with no impact on the existing applications. Below are a few examples in which PacketLight’s Encryption technology can be utilized and provide value added solution and services for different segments: Building private secured optical network for regulation compliance Financial Institutes The awareness of the need for data security is growing among all the financial institutes due to the high sensitivity of financial data and transactional flow between data centers. In several countries, such as Germany, there are legislations which require the data over the fiber between data centers to be encrypted. The typical encrypted interfaces are the 1G/10G/40G Ethernet and 4/8/10/16G Fibre Channel protocols used for data and storage transport. Utilities The security awareness has particularly increased for the utility companies where data security compromise can have a wide spread effect that can hurt country wide infrastructure and may have huge ramifications. Malicious hacking attack on utility company’s data can shut down essential services such as electricity, water, and transportation. Thus, the utility company network must be encrypted keeping it inaccessible for tapping or modification. Illustration 3: Point-to-point connectivity with PL-1000TE Crypto
  • 5. Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Cloud and data center affordable Encryption solution One of the major challenges for cloud and data center service providers is the link security, since the enterprise’s most vital information is sent between locations typically over fiber. In most cases, there is a core router located at the main data center site and through it different streams of services and end users are carried. The need for full throughput encryption of the connections between the core routers of the data centers is obvious. PacketLight’s product offers cost effective, transparent, high security solution for such service providers. Offering of Encrypted Wavelength service by service providers over OTN networks Service providers are operating in an extremely competitive market. Offering value added services to distinguish themselves among the other service providers is one of the essential challenges for their business. Encrypted wavelength is one of the value added services that can be offered in a cost effective way with PacketLight’s most compact high bandwidth DWDM CPE solutions with guaranteed short term ROI for the equipment. The encryption is enabled or disabled per each interface independently and is applied transparently to the client as a part of the DWDM service. The encryption supports the most common FC and Ethernet signals and is configured flexibly by the user to the type and service rate. The same box is used for transparent DWDM managed service and encrypted solution, so the encrypted WL service is a “no brainer” addition to the service provider’s offerings. The encryption can be either configured by the cryptographic officer of the end enterprise or by the service provider as different level of permissions are supported for the encryption functionality. PacketLight encryption solutions can connect with OTU2 and OTU4 to the carrier backbone infrastructure without any need to change or upgrade it. Using the PL-1000TE Crypto as the encryption device feeding the PL-1000TN for 10G OTU2 or the PL-1000GM/GT as the Muxponder solution to 100G OTU4 enables provision of encryption over any existing OTN network infrastructure.
  • 6. Solution Overview © 2015 PacketLight Networks, All rights reserved. This document is PacketLight Public Information. www.packetlight.com Illustration 4: Ring connectivity with PL-1000TE Crypto For more information visit our website at www.packetlight.com Or contact us via e-mail: info@packetlight.com About PacketLight Networks, Ltd. PacketLight Networks offers a suite of Leading 1U CWDM/DWDM and OTN based solutions, for transport of data, storage, voice and video applications, over dark fiber and WDM networks, featuring high quality, reliability and performance at affordable prices. Our products are distinguished with low power consumption ideal for CLE (Customer Located Equipment) allowing maximum flexibility as well as ease of maintenance and operation and providing real Pay-as-you-grow architecture. PacketLight customers are carriers, service providers, data centers, IT integrators and enterprises who are active in meeting the demands for metro Ethernet, business continuity, Triple Play solutions and enterprise data sharing applications. For product and reseller information, Please contact info@packetlight.com