Background
With the continuously growing demand for consumer electronic applications, creating increased data transfers from emails, video conferencing, and remote applications, often utilizing unprotected public networks, makes productivity application tools vulnerable to attacks. The increasing number of network security breaches, increasing adoption of cloud technologies, the trend of network automation, and 5G networks, makes protecting network transmitted data imperative, further increasing the demand to improve network security.
Network encryption (HSM, Hardware Security Module) is a process of encoding sensitive data such as passwords, credentials, and files, providing access to users only with the correct password or security key. This requirement for data security is driving organizations, businesses, and service providers to adopt a more stringent hardware encryption system. Only through high-assurance network data encryption can organizations be assured their sensitive data will remain secure while transmitted across data networks and links. The hardware encryption technology comes with easy security deployment to enable simple-to-implement data protection strategies.
Requirements
A US-based leading enterprise security professional in data encryption came to Lanner to co-develop a quantum-safe protection network appliance. The hardware platform needed to meet the following requirements:
- Intel® QAT (Quick Assisted Technology)
Intel® QAT supports encrypting/decrypting for applications such as Transport Layer Security (TLS) or IP Security (IPSec), supporting common ciphers and modes and authentications, as well as public-key cryptography and pseudorandom functions.The network appliance with Intel Skylake processor with native QAT, offering 20G, 40G and 100Gbps network encryption performance.
- Redundant Power Supply
To ensure 24/7 non-stop network operation, redundant power supply (RPS) plays a critical role to ensure high-availability. The platform must support high availability design, including hot-swappable cooling fans, and redundant power supplies.
- Multiple Networking I/O Ports
The network uses two types of transmission medium: optical and traditional transmission mediums. Traditionally, transmissions are performed through coaxial cable, twisted pair cable, and radio waves/microwaves optical. Fiber optics offer numerous benefits, including extensive bandwidth, reduced noise and interference, and high security of data in transit. Organizations are looking to transition to optical transmission through fiber optics owing to a growing demand for high-speed data transfer with enhanced security. Therefore, the network platform requires multiple network I/O ports, including both GbE RJ45 and SFP+ ports.
- IPMI Out-of-Band Management
IPMI provides system administrators with a standardized interface and protocol to manage and monitor computing platforms. Due to its messaging and hardware-based nature, IPMI works independently from the operating system, so system administrators can remotely manage and monitor computing platform status through Out-of-Band Management.
Solution
Network encryption HSM protects data from intruders and makes sure that only the intended recipient can decode and access the information, making it the most effective way to ensure data security.
Lanner’s NCA-4025 features 8,12 or 16-core Intel® Xeon® D-2100 processors, 8x GbE RJ45, 4x SFP+ and Intel® QuickAssist Technology (by SKU) for improved network performance, delivering significant performance enhancement in running multiple virtual network functions VNFs and encryption algorithms in SD-WAN. The network appliance has the hardware ability to enable a defense-in-depth approach for data protection plans and stronger cybersecurity.