8/3/2019 Wire Speed Encryption Solution

http://slidepdf.com/reader/full/wire-speed-encryption-solution 1/3

WIRE-SPEED ENCRYPTION SOLUTIONAssured Networking for Secure Communications

Data Security: The Growing Concern

Whether supporting time-critical nancial transactions, sensitive healthcare record

storage, secure military communications, or simply wireless voice connections, today’s IT

inrastructure is asked to do more than ever in an environment o increasing threats.

According to a recent Ponemon Research survey1, current IT trends—including

outsourcing, Web 2.0, open source applications, and cloud computing—challenge

service providers’ ability to protect inormation, as shown in Figure 1.

IT managers and CIOs have reacted to this challenge with an array o techniques

intended to lock down critical IT inrastructure such as servers, databases, routers, and

switches by managing user access and credentialing. Eventually, secure communications

will be necessary beyond the walls o the data center, traversing a larger, potentially

worldwide network—even the highly vulnerable Internet itsel. Sophisticated encryption

techniques can camoufage trac so it cannot be read or manipulated, and can even

disguise the act that there is trac fowing at all.

Encryption Technology

By encrypting data as it leaves the security o the private cloud, managers can ensure

data is protected rom unauthorized discovery as it traverses the network. Given the

distributed nature o today’s leading-edge applications (such as sensor-based data

gathering), the need or secure and reliable transmission acilities is ever-increasing.

Application NoteA

Benefts

> Provides standards-based,bulk encryption or low-latency,highly secure, end-to-endcommunications

> Oers wire-speed (10 Mb/s to10 Gb/s) trac encryption inmanaged wavelength andprivate networks

> Features protocol-agnosticencryption oering fexibility to

support a variety o transporttypes: 10GE LAN/WAN, 8/10G FC,PSIFB, OC-192, STM-64, andOTU-2, scalable to 100G

> Supports bulk encryption o individual tributaries to orm adouble encryption structure

> Simplies enterprise-wideoperations and ongoingmaintenance o encryption keysand perormance monitoring usingNetwork Security Dashboard (NSD)key management application

> Oers a eld-proven solutionwidely deployed in nance,legal, healthcare andgovernment networks

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Cyber Crime

Mobility

Cloud Computing

 Virtualization

Cyber Terrorism

Web 2.0

Open Source Apps

Data Breach

Unstructured Data

Outsourcing

Threats to the Ability to Protect Information

% of Respondents

5%

9%

14%

14%

25%

26%

28%

33%

42%69%

Figure 1. IT managers see mounting threats to data security 

1 Ponemon, Larry. "Cyber Security Mega Trends." Ponemon Research Nov 18, 2009. http://bit.ly/aqnAii (accessed Jun 9, 201 0).

8/3/2019 Wire Speed Encryption Solution

http://slidepdf.com/reader/full/wire-speed-encryption-solution 2/3

Since its earliest days, a scholarly interest in cryptography has

been cultivated in raried intelligence and academic circles,

rendering it a daunting topic or most data center managers.

Ciena oers a suite o transmission products that combine high

levels o security with ease o operation and administration that

represent a viable and cost-eective solution or virtually all

government agency applications.

Ciena’s integrated wire-speed encryption solution allows or

secure and ully managed service delivery. The solution uses

the Advanced Encryption Standards (AES 256) algorithm,

which is one o the allowable encryption schemes or U.S.

government data classied as SECRET, or key management.

Deploying Encryption

The traditional operational model or deploying encryption

solutions is cumbersome and costly, as shown in Figure 2.

Individual trac streams require individual encryption devicesoten specic to the protocol involved, which in turn consume

multiple ports on the MAN/WAN

network element. Whether the

connection is supplied by a carrier

managed service or an enterprise-wide

network, bandwidth is used ineciently

and end-to-end management is

complex. Furthermore, encryption key

management is cumbersome and

labor-intensive.

Ciena’s solution allows several architectural

approaches using either ring or point-to-point

topologies in protected or unprotected

congurations. One such approach is shown

in Figure 3. Such fexibility allows deployments

that minimize the number o network elements

while still adhering to the highest security

standards. This solution is oered on various

platorms to provide secure transport o data

over optical networks:

Optical Metro 5130 – or WAN optimized

branch-oce/data-center interconnect o 

FC/Ethernet over a variety o networks

Optical Metro 5100/5200 w/OTR 10G QUAD circuit pack– best-

in-class, protocol-agnostic data encryption or private network or

operator-managed networks

 Optical Metro 565 – standalone CPE unit or multi-protocol,

multi-rate encryption with tunable transponder-based ports

Together, these products are capable o carrying 8/10G, FC,

PSIFB , 10GE LAN/WAN, OC-192/STM-64 and OTU-2 services.

Line mapping into SONET, SDH or OTN makes the solution

compatible or seamless deployment in both new and existing

network inrastructures.

This solution is compatible and interoperates with Ciena’s

metro WDM solutions, including the fagship Optical

Multiservice Edge 6500 and CN 4200® FlexSelect® Advanced

Services Platorm, allowing or seamless management and

access to a common set o services and unctions. The reach o 

the solution and the fexibility aorded by this plug-and-play

approach make or a cost-eective end-to-end inrastructurecapable o secure and reliable multiservice connectivity.

2

Data Center

Office Site

FC1200

10GE

PSIFB

FC120010GE

PSIFB

FC800

10GE

MAN/WAN

Headquarters

FC800

10GE

Data Center

MAN/WAN

OTN/SONET/SDH

Headquarters

FC1200

10GE

PSIFB

FC800

10GE

FC800

10GE

FC1200

10GE

PSIFB

Office Site

Figure 2. Traditional, protocol-specifc encryption deployed in a multiservice network 

Figure 3. Example o Ciena’s protocol-independent encryption solution deployed over aSONET/SDH/OTN inrastructure

8/3/2019 Wire Speed Encryption Solution

http://slidepdf.com/reader/full/wire-speed-encryption-solution 3/3

Encryption as a Service

Ciena’s wire-speed encryption solution allows

service providers to oer Encryption as a

Service to business and other security-conscious

customers. Oering this service allows service

providers to:

> Create new revenue streams and gain a

competitive edge. Inonetics Researchestimates the market or security Sotware as a

Service was up 70 percent in 2009, to $9.4B

> Leverage existing customer relationships to

increase revenue and gain a competitive edge

> Intercept the market shit rom ATM,

SONET/SDH, and Frame link encryption

circuits to Ethernet

> Increase customer retention and loyalty

> Attract new customers (increase the addressable

market) in key verticals such as nance, military,

government, and education

Encryption Key Management

Partitioning encryption key management rom transport

management allows added fexibility in either an operator-

or enterprise-maintained inrastructure. In either case, it is

important that the “owner” o the data—the end-user—

maintain close control o the encryption keys, issuing new

keys as needed while remaining aware o any security alarms

and logs on an end-to-end basis.

In the event the encrypted service is purchased rom a service

provider, the provider will manage the links, their provisioning,

administration, and perormance monitoring just as in any

other service—but will not have control o the key distribution

or maintenance. This is made possible by Ciena’s Network

Security Dashboard (NSD) application which allows such

distributed management o the network on a remote or local

basis. The tool’s command set is limited to encryption

unctions and carried out using IPSec or secure

communications between any o the other platorms.

Depending on the organization’s security policies, key

distribution can be carried out manually or automatically

over secure, encrypted tunnels established by the NSD

tool or that purpose.

Ciena may rom time to time make changes to the products or specications contained herein without notice.

© 2010 Ciena Corporation. All rights reserved. AN070 9.2010

Specialists in unlockingnetwork potential to help youchange the way you compete.

1201 Winterson Road

Linthicum, MD 21090

1.800.207.3714 (US and Canada)

1.410.865.8671 (outside US and Canada)

+44.20.7012.5555 (international)

www.ciena.com

Encrypted Service

Encrypted Service

HostedWeb Portal

OR