Enable the deployment of VPNs to ensure the confidentiality, integrity and availability of information in transit.
Organisations across the public and private sectors need to protect their sensitive, high-value communications passing over insecure wide area networks. Whether safeguarding national security, financial data or intellectual property, escalating cyber-attacks vividly demonstrate the imperative for strong network security.
Ultra Electronics AEP Networks Net products enable the deployment of VPNs (virtual private networks) to ensure the confidentiality, integrity and availability of information in transit. Cryptographic standards are implemented to stringent government assurance levels whilst maintaining the flexibility necessary to operate in today’s complex networking environments. The products also facilitate the implementation and operation of cost-efficient, shared VPNs by managed service providers, fully protecting the confidentiality of each customer’s traffic and the integrity of the management functions.
Key business benefits
Net encryptors can also be integrated with the Ultra Communicate line of products for secure data transport over multi-bearer communications networks and with the Ultra Protect line of Application Access gateway products for end-to-end security enhancements.
Net encryptors are available in three models and are designed to integrate into existing networks seamlessly. The Net 20M and Net 100M are VPN gateway devices, whilst the Net Remote is designed specifically for mobile and home workers who need to access highlysensitive applications and data over the Internet. These are all supported by a sophisticated central management platform, including AEP Networks unique hardware Net CA (Certification Authority), which minimises key handling requirements and eliminates the need for any local encryptor management.
Certified by the UK Governments CAPS (CESG Assisted Products Service) up to Enhanced Grade level and approved by the EU Council to protect CONFIDENTIEL UE, the government versions of the encryptors use special algorithms to meet national policy requirements across a wide range of secure systems. For the private sector, the commercial versions combine the strength of the publicdomain AES encryption algorithm with the flexibility and ease-of-deployment expected by enterprise customers.
Network integration & management
Net encryptors in operation
Each IP packet is encrypted in its entirety, encapsulated inside a new packet (based on the IPsec ESP tunnelling protocol) and sent to the destination encryptor, which extracts and decrypts the payload before forwarding it to the appropriate host. The encryptors generate the necessary encryption keys and exchange them securely using an asymmetric key exchange protocol; they also generate their own signing keys to provide source authentication. A customer-specific CA remotely certifies the public signing keys and issues CRLs (certificate revocation lists) based on X.509 PKI standards under the control of an authorised administrator. The VPN topology is centrally defined using AEP Networks sophisticated Net Policy Manager application, with configuration information being automatically pushed out to all the encryptors. This tool also provides a full range of device management, monitoring, auditing and accounting functions.
|Net 20M||Net 100M|
|Sustained encrypted traffic throughput †||18 Mbps||160 Mbps|
|Simultaneous security associations||2,000||2,000|
|WAN||10 Mbps Ethernet||10/100 Mbps Ethernet|
|LAN||10/100 Mbps Ethernet||10/100 Mbps Ethernet|
|Temperature||Operating: 5 to 40°C / Storage: -15 to 65°C|
|Humidity||25 – 90% (non-condensing)|
|Weight||< 3kg (including power supply)|
|Power||External, universal in-line AC power supply
100 – 240V, 47 – 63 Hz, 42W maximum
|Electrical safety||EN 60950-1, UL 60950, CSA 60950
CB Certificate (IEC 60950-1)
|EMC||EN 55022 Class B, EN 55024
EN 61000-3-2, EN 61000-3-3
FCC CFR 47 Part 15 Class A
|MTBF||> 50,000 hours, based on British Telecom HRD5 standard|
† Typical full duplex values – actual throughput and latency vary with algorithm and packet size