Pelena-E
COMSEC COMPLEX
Specification:
- IP Network Encryptor О371-Е(РЕ)
- Key Management Unit О372-Е
- Centralized Management Software (CMS)
B371-Е(РЕ) is IP Inline Network encryptor (INE). B371-Е(РЕ) protects at the midrange security levels in accordance with Government and Military requirements. B371-Е(РЕ) is specifically designed to support IP/Ethernet operating over standard commer-cial networks (Internet, IP MPLS etc.) and pro-vides inline encryption of IP protocol by cable, satellite, and cellular (3G, 4G) communication channels. B371-Е(РЕ) is applicable for stationary (B371-Е) and mobile (B371-РЕ) objects.
Key Management Unit О372-Е provides generation, storage and distribution of key data.
Centralized Management Software provides centralized remote configuration, control and monitoring for all Tritel's encryptors.
- Functionality
- func
End-to-end encrypting of IP-network traffic
Traffic encrypting is performed on local network perimeter. Cryptographic processing in online mode provides "transparent" operation of data processing network applications, IP-telephony, video conference communication.
Virtual channels of encrypted communication
During exchange of encrypted information, the virtual channels of communication means are created in accordance with the diagram given by complex administrator.
Link redundancy
For each communication direction some virtual channels can be defined with different routes, which provides automatic backup paths if an active link fails
Key Management
Key Management ensures centralized preparation and distribution of key data. В364-Е includes hardware random number generator (FIPS 140-2 compliance) which is used to create random cryptographic keys. The distribution is provided by methods of automatic online transmit through encrypted network and manual keys input.
Hardware crypto module
Cryptographic functions are performed by specialized chips with duplexing option which provides high transmitting capacity and encrypting reliability.
Channels loading balancer
Virtual channels can be combined in groups to balance the load and to increase the transmitting capacity of network nodes.
Equipment redundancy
The equipment can be duplicated for “hot” standby and the transmitting capacity trunking.
Monitoring and control
Monitoring and control of the equipment can be performed either locally or remotely via Centralized Management Software. CMS is available for PC Windows 2000, XP, 7 and enables to control operational modes of the equipment, change configuration parameters, view statistic information, logs of events in encrypted communication network. The protection against unauthorized access to equipment control is provided by two-factor authentication.
- Technical characteristics
- teh
Platform
RISC
Freescale Power QUICC II™
Operating System
RTOS
TritelOS™
Protocols
IP v.4
RFC 791, RFC 826, RFC 1042, RFC 1812
IP Multicast
RFC 3171
DHCP client
RFC 2131
HSRP
RFC 2281
COMSEC Characteristics
Encryption mode
packet, end-to-end
Cryptographic algorithm
DSTU GOST 28147:2009, hardware implementation
IP Throughput
up to 70 Mb/s
Interoperability
B271-Е(РЕ)
Communication schemes:
Full mesh
Circular
Link oriented
Mixed
Management
Vt100 terminal, СMS
Physical Interfaces
1 port 100 Base-FX, ММ, RJ-45
Red Data Interface
1 port 100 Base-FX, ММ, RJ-45
Black Data Interface
RS-232, RJ-45
Control terminal
ISO-7816-2, 3
Key fill
Power
B371-Е, B364-Е
up to 40 Watt 170-240 V, 50-60 Hz
Safety
ІEC 60950:1999, DSTU 4113-2001
EMI/EMC
EMI/TEMPEST approved, ІEC 61000:2007, DSTU СISPR 22:2007, DSTU СISPR 24:2008
Environmental
Operational temperature
B371-Е, B364-Е
up 0° С to 60° С
Storage temperature
up -35° С to 80° С
Humidity
up to 95% (non-condensing 25°С)
Design
1U, 19-inch rack-mount
Dimensions
482 х 257 х 51 mm (W х L х H)
Weight
3,8 kg
- Application diagram
- instr
- Documentation
- lic