Call a Specialist Today! 800-886-5369

Ultra Electronics Net IPsec VPN Encryptor
Manage a deployment of Ultra Encrypt Net and Net Remote encryptors

 

Overview:

The Ultra Electronics AEP Net Management System (NMS) is used to manage a deployment of Ultra Encrypt Net and Net Remote encryptors. It comprises three elements that together allow network managers to maintain a high-assurance Cryptographic Network Operations Centre (CNOC), supporting key pair certification for enrolling units, and on demand real time ‘over the air re-keying' (OTAR) and certificate revocation.

Net CA

Hardware Security Module (HSM) that functions as the Certification Authority to provide a standalone Public Key Infrastructure (PKI) for the network, creating X.509 certificate policies for encryptor authentication and Cryptographic Community of Interest (CCOI) management, and enabling assured device ‘kill’ via issuance of Certificate Revocation Lists (CRLs) in the event of encryptor removal or compromise.

Net Policy Manager

A software application running on a standard PC that provides the graphical user interface for global, group and element level encryptor configuration, including enrolment, VPN topology definition, resilience administration, accounting, centralised audit retrival, troublshooting and device ‘stun’.

Net Management Encryptor

A Net 20M encryptor that is configured to act as a management encryptor, to authenticate and encrypt all management communications as well as protecting the CNOC.

Business Benefits

  • High-assurance CNOC management solution designed to minimise operating costs and maximise availability.
  • Rapid system deployment, global policy and key updates
  • Minimises ordering, storage, handling and transportation of sensitive key material
  • Eliminates the need for annual site visits to re-key equipment
  • Provides assured and effective compromise management
  • Highly scaleable to meet current and future policy and growth
  • Intuitive graphical interface, reducing risk of misconfiguration
  • Supports high-availability and Disaster Recovery (DR) configurations
  • Enables service providers to operate multiple customer networks from a single CNOC
  • Effective key management

Security Features

  • Government-certified solution up to UK/EU CONFIDENTIAL
  • Centralised, PKI-enforced policy and key management
  • On demand over the air keying and re-keying under CNOC control
  • Policy based device ‘stun’ and cryptographically assured CRL-based ‘kill’ to manage device trust level changes
  • Data separation using policy-based routing and/or assured CCOIs
  • Cryptographically separated management traffic
  • Administrator and operator role based separation
  • Automated and on-demand NMS state backup, audit collection and device health checking (with troubleshooting tools)
  • Non-critical to encryption service availability
  • Alternate NMS option provides disaster recovery CNOC to maximise business continuity

Ultra Encrypt Net Certification Authority (CA):

Overview

The Net CA (Certification Authority) is a special-purpose HSM (hardware security module) that provides high-assurance digital signing and key storage mechanisms to support the centralised, PKI-based key management capability of the Ultra Electronics AEP Net encryption solution. It is designed to minimise the manual handling of private cryptographic keys and, importantly, eliminates the need for any key handling at the remote encryptors.

Painless Key Management

Controlled via a simple, PC-based GUI (graphical user interface), Net CA enables CNOC (cryptographic network operations centre) staff to process key updates quickly and simply, enabling even the largest encryption systems to be centrally re-keyed in a matter of minutes. It also allows certificates to be revoked from the management centre, which means a lost or stolen encryptor can be rapidly and securely isolated from the network, without the requirement for a full system re-key that is incumbent on competing systems.

Images

Net CA

Features & Benefits

Business Benefits

  • Protects top-level cryptographic keys
  • Supports over-the-air re-keying (OTAR)
  • Enables closed user groups
  • Provides certificate revocation capability
  • Supports backup device for resilience
  • Certified for UK/EU government use

Security Features

  • Dedicated application specific hardware platform with special-purpose embedded firmware
  • High quality, hardware random number generator
  • Continuous self-monitoring of cryptographic functions
  • Sophisticated tamper protection
  • Secure auditing and accounting functions
  • Supports High Availability Net CA configurations that eliminate single points of HSM failure

Ultra Encrypt Net 20-100M Encryptor:

Overview

Net encryptors are available in three models and are designed to integrate into existing networks seamlessly.

  • Net 20M IPsec VPN gateway device
  • Net 100M IPsec VPN gateway device
  • Net Remote is designed specifically for mobile and home workers who need to access highly-sensitive applications and data over the Internet.

These are all supported by a sophisticated central management platform, including AEP's unique hardware Net CA (Certification Authority), which minimises key handling requirements and eliminates the need for any local encryptor management.

Network integration & management

  • 10/100 Mbps auto-negotiating Ethernet interfaces
  • ESP tunnel mode encrypted packet format
  • QoS (quality of service) marker pass-through
  • Up to 2,000 simultaneous IPsec security associations
  • Supports data, voice and video traffic, with negligible impact on throughput and under 4 μs latency
  • Triple-redundancy mode for high-availability applications
  • Acts as a router on the private network and a host on the public network
  • Supports static routes and host-side NAT
  • In-band SNMP data tables and traps
  • Over-the-air re-keying (OTAR)

Net encryptors can also be integrated with the Ultra Communicate line of products for secure data transport over multi-bearer communications networks.

Images

Ultra Encrypt Net 20-100M Encryptor

Features & Benefits

Business Benefits

  • Defends against cyber espionage
  • Secures DSL/MPLS/BGAN services
  • Facilitates compliance with security mandates
  • Protects integrity of control systems
  • Eliminates costly dedicated circuits

Security Features

  • Applications specific, dedicated hardware platform with special-purpose embedded firmware
  • FPGA-based hardware encryption for enhanced security, performance and flexibility
  • Choice of algorithms to suit government or commercial use
  • Certified for reverse tunnelling applications
  • Employs a proprietary, hardened version of the IPsec protocol
  • PKI-based key management and compromise control
  • Secure, in-band device management, cryptographically isolated from user traffic
  • Support for cryptographically-separated COIs (communities of interest)
  • Drops all non-authenticated traffic arriving from the public network
  • High-quality, hardware random number generator
  • Continuous self-monitoring of cryptographic functions
  • Sophisticated tamper protection
  • Secure auditing and accounting functions
  • NPM ACCSEC for government handling purposes, without the need for a CIK (crypto ignition)

Ultra Encrypt Net Remote Encryptor

Overview

Net Remote is designed specifically for mobile and home workers who need to access highly-sensitive applications and data over the Internet.

Images

Ultra Encrypt Net Remote Encryptor

Features & Benefits

Business Benefits

  • Enables secure remote access
  • Safeguards data confidentiality and integrity
  • Facilitates compliance with security mandates
  • Insulates client devices from internet threats
  • Maintains network perimeter security

Security Features

  • Dedicated hardware platform with special-purpose embedded firmware
  • FPGA-based hardware encryption for enhanced security, performance and flexibility
  • Choice of algorithms to suit government or commercial use
  • Employs a proprietary, hardened version of the IPsec protocol
  • PKI-based key management and compromise control
  • Secure, in-band device management, cryptographically isolated from user traffic
  • Support for cryptographically-separated COIs (communities of interest)
  • Firewalls all non-authenticated traffic arriving from the public network
  • High-quality, hardware random number generator
  • Continuous self-monitoring of cryptographic functions
  • Sophisticated tamper protection
  • Secure auditing and accounting functions
  • No special storage requirements, as no key material is retained when disconnected or switched off
  • Certified to UK CAPS Enhanced Grade & Baseline Grade standards
  • Approved by the EU Council for CONFIDENTIEL UE

Documentation:

Download the Net Management System Datasheet (PDF).

Download the Net CA Datasheet (PDF).

Download the Net 20-100M Datasheet (PDF).

Download the Net Remote Datasheet (PDF).