Security by Efficiency: Our products use a very efficient implementation of the encryption and therefore use the network resources better than traditional products.

Solutions

With the current releases 3.3 and 3.4 of the atmedia Network Encryption product line, all Ethernet access speeds from 10 mbps up to 100 gbps are being supported in point-to-point and multi-point operation.

Point-to-Point connections

The standard scenario is the secure linkage of two sites via a fibre link, MPLS, Managed Ethernet or any IP connection. Redundancy will be optimal if the scenario is duplicated and realized with two independent network providers.

Point-to-Multipoint connections

In the case of multiple branch offices having to be connected to a central site, the point-to-multipoint scenario can be used. The offices can exchange data with the headquarters and optionally with each other. The access speed and the appropriate encryption device of each site can be freely chosen among 10M, 100M, 1G, 10G, 40G and 100G. The availability of a site can be easily improved by duplicating the relating branch connection. The WAN technology can be Ethernet, MPLS or IP.

Multi-point networking

If many sites have to communicate with each other in a flat hierarchy over a layer 2 or layer 3 WAN, a real multi-point solution would make sense. From the view of a customer, when using a layer 2 WAN, this network scenario looks like a large distributed LAN where all devices can see each other at layer 2. Like in the point-to-point and in the point-to-multipoint scenarios, the encryption does not have any impact on the network functionality, allowing all services including multicast and broadcast applications to continue to work.

Storage Interconnection

Beside the Ethernet and IP encryption, atmedia devices also support the encryption of storage networks. The combination of the SDH encryptors with TDM multiplexors or the use of external Storage over IP systems allow the encryption of FibreChannel, Ficon or Escon links between data centres.

Our encryption product line

The atmedia encryption devices are available in three different hardware variants. The encryptors support 19″ rack mount and are equipped with redundant, dual input power supplies, making them carrier grade equipment. All atmedia encryptors are certified by the “Bundesamt für Sicherheit in der Informationstechnik” (BSI) for the classification levels VS-NfD, EU Restrint und NATO restricted.

Due to the use of the AES Galois Counter encryption mode (AES-GCM), the atmedia encryptors provide full protection regarding data confidentiality, data manipulation (integrity) and data replay threats. This high class of protection has been available by IPSec devices only up to now. In addition to the data plane, even the control plane is protected by hardware based AES-GCM which make the device resistant against active attacks like Distributed Denial of Service.

The optional atmedia Traffic Flow Security mode can be used in point-to-point operation over any WAN technology. TFS offers a full protection against analysis of the user traffic and prevents data loss by side channels.

Another unique product feature is the seamless support of Ethernet broadcast and multicast applications. This allows the efficient and secure implementation of Voice, Video, Terminal and Storage services in a WAN environment.

The Ethernet multi-point encryption solution allows a simplification of the WAN infrastructure, resulting in significant lower costs. Network services with different requirements can be concentrated over a single secure network access. In addition, the support of MPLS and IPV6 offers a protection of investments.