8/3/2019 Wire Speed Encryption Solution
http://slidepdf.com/reader/full/wire-speed-encryption-solution 1/3
WIRE-SPEED ENCRYPTION SOLUTIONAssured Networking for Secure Communications
Data Security: The Growing Concern
Whether supporting time-critical nancial transactions, sensitive healthcare record
storage, secure military communications, or simply wireless voice connections, today’s IT
inrastructure is asked to do more than ever in an environment o increasing threats.
According to a recent Ponemon Research survey1, current IT trends—including
outsourcing, Web 2.0, open source applications, and cloud computing—challenge
service providers’ ability to protect inormation, as shown in Figure 1.
IT managers and CIOs have reacted to this challenge with an array o techniques
intended to lock down critical IT inrastructure such as servers, databases, routers, and
switches by managing user access and credentialing. Eventually, secure communications
will be necessary beyond the walls o the data center, traversing a larger, potentially
worldwide network—even the highly vulnerable Internet itsel. Sophisticated encryption
techniques can camoufage trac so it cannot be read or manipulated, and can even
disguise the act that there is trac fowing at all.
Encryption Technology
By encrypting data as it leaves the security o the private cloud, managers can ensure
data is protected rom unauthorized discovery as it traverses the network. Given the
distributed nature o today’s leading-edge applications (such as sensor-based data
gathering), the need or secure and reliable transmission acilities is ever-increasing.
Application NoteA
Benefts
> Provides standards-based,bulk encryption or low-latency,highly secure, end-to-endcommunications
> Oers wire-speed (10 Mb/s to10 Gb/s) trac encryption inmanaged wavelength andprivate networks
> Features protocol-agnosticencryption oering fexibility to
support a variety o transporttypes: 10GE LAN/WAN, 8/10G FC,PSIFB, OC-192, STM-64, andOTU-2, scalable to 100G
> Supports bulk encryption o individual tributaries to orm adouble encryption structure
> Simplies enterprise-wideoperations and ongoingmaintenance o encryption keysand perormance monitoring usingNetwork Security Dashboard (NSD)key management application
> Oers a eld-proven solutionwidely deployed in nance,legal, healthcare andgovernment networks
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Cyber Crime
Mobility
Cloud Computing
Virtualization
Cyber Terrorism
Web 2.0
Open Source Apps
Data Breach
Unstructured Data
Outsourcing
Threats to the Ability to Protect Information
% of Respondents
5%
9%
14%
14%
25%
26%
28%
33%
42%69%
Figure 1. IT managers see mounting threats to data security
1 Ponemon, Larry. "Cyber Security Mega Trends." Ponemon Research Nov 18, 2009. http://bit.ly/aqnAii (accessed Jun 9, 201 0).
8/3/2019 Wire Speed Encryption Solution
http://slidepdf.com/reader/full/wire-speed-encryption-solution 2/3
Since its earliest days, a scholarly interest in cryptography has
been cultivated in raried intelligence and academic circles,
rendering it a daunting topic or most data center managers.
Ciena oers a suite o transmission products that combine high
levels o security with ease o operation and administration that
represent a viable and cost-eective solution or virtually all
government agency applications.
Ciena’s integrated wire-speed encryption solution allows or
secure and ully managed service delivery. The solution uses
the Advanced Encryption Standards (AES 256) algorithm,
which is one o the allowable encryption schemes or U.S.
government data classied as SECRET, or key management.
Deploying Encryption
The traditional operational model or deploying encryption
solutions is cumbersome and costly, as shown in Figure 2.
Individual trac streams require individual encryption devicesoten specic to the protocol involved, which in turn consume
multiple ports on the MAN/WAN
network element. Whether the
connection is supplied by a carrier
managed service or an enterprise-wide
network, bandwidth is used ineciently
and end-to-end management is
complex. Furthermore, encryption key
management is cumbersome and
labor-intensive.
Ciena’s solution allows several architectural
approaches using either ring or point-to-point
topologies in protected or unprotected
congurations. One such approach is shown
in Figure 3. Such fexibility allows deployments
that minimize the number o network elements
while still adhering to the highest security
standards. This solution is oered on various
platorms to provide secure transport o data
over optical networks:
Optical Metro 5130 – or WAN optimized
branch-oce/data-center interconnect o
FC/Ethernet over a variety o networks
Optical Metro 5100/5200 w/OTR 10G QUAD circuit pack– best-
in-class, protocol-agnostic data encryption or private network or
operator-managed networks
Optical Metro 565 – standalone CPE unit or multi-protocol,
multi-rate encryption with tunable transponder-based ports
Together, these products are capable o carrying 8/10G, FC,
PSIFB , 10GE LAN/WAN, OC-192/STM-64 and OTU-2 services.
Line mapping into SONET, SDH or OTN makes the solution
compatible or seamless deployment in both new and existing
network inrastructures.
This solution is compatible and interoperates with Ciena’s
metro WDM solutions, including the fagship Optical
Multiservice Edge 6500 and CN 4200® FlexSelect® Advanced
Services Platorm, allowing or seamless management and
access to a common set o services and unctions. The reach o
the solution and the fexibility aorded by this plug-and-play
approach make or a cost-eective end-to-end inrastructurecapable o secure and reliable multiservice connectivity.
2
Data Center
Office Site
FC1200
10GE
PSIFB
FC120010GE
PSIFB
FC800
10GE
MAN/WAN
Headquarters
FC800
10GE
Data Center
MAN/WAN
OTN/SONET/SDH
Headquarters
FC1200
10GE
PSIFB
FC800
10GE
FC800
10GE
FC1200
10GE
PSIFB
Office Site
Figure 2. Traditional, protocol-specifc encryption deployed in a multiservice network
Figure 3. Example o Ciena’s protocol-independent encryption solution deployed over aSONET/SDH/OTN inrastructure
8/3/2019 Wire Speed Encryption Solution
http://slidepdf.com/reader/full/wire-speed-encryption-solution 3/3
Encryption as a Service
Ciena’s wire-speed encryption solution allows
service providers to oer Encryption as a
Service to business and other security-conscious
customers. Oering this service allows service
providers to:
> Create new revenue streams and gain a
competitive edge. Inonetics Researchestimates the market or security Sotware as a
Service was up 70 percent in 2009, to $9.4B
> Leverage existing customer relationships to
increase revenue and gain a competitive edge
> Intercept the market shit rom ATM,
SONET/SDH, and Frame link encryption
circuits to Ethernet
> Increase customer retention and loyalty
> Attract new customers (increase the addressable
market) in key verticals such as nance, military,
government, and education
Encryption Key Management
Partitioning encryption key management rom transport
management allows added fexibility in either an operator-
or enterprise-maintained inrastructure. In either case, it is
important that the “owner” o the data—the end-user—
maintain close control o the encryption keys, issuing new
keys as needed while remaining aware o any security alarms
and logs on an end-to-end basis.
In the event the encrypted service is purchased rom a service
provider, the provider will manage the links, their provisioning,
administration, and perormance monitoring just as in any
other service—but will not have control o the key distribution
or maintenance. This is made possible by Ciena’s Network
Security Dashboard (NSD) application which allows such
distributed management o the network on a remote or local
basis. The tool’s command set is limited to encryption
unctions and carried out using IPSec or secure
communications between any o the other platorms.
Depending on the organization’s security policies, key
distribution can be carried out manually or automatically
over secure, encrypted tunnels established by the NSD
tool or that purpose.
Ciena may rom time to time make changes to the products or specications contained herein without notice.
© 2010 Ciena Corporation. All rights reserved. AN070 9.2010
Specialists in unlockingnetwork potential to help youchange the way you compete.
1201 Winterson Road
Linthicum, MD 21090
1.800.207.3714 (US and Canada)
1.410.865.8671 (outside US and Canada)
+44.20.7012.5555 (international)
www.ciena.com
Encrypted Service
Encrypted Service
HostedWeb Portal
OR