Powerful end-to-end encryption for Ethernet private lines
R&S®SITLine ETH protects against spionage and manipulation without decreasing throughput.
R&S®SITLine ETH protects against spionage and manipulation without decreasing throughput.
 
                 
                  In today's hard-fought markets, competitive advantages depend upon fast and highly focused communications.
Video conferences and private cloud applications are commonly used to share business‑critical information, ensuring an organization's ability to respond quickly.
This can be a particular challenge for companies that are spread across different geographical locations.
A high-performance communications infrastructure is needed to manage the growing volume of information at all locations.
The transmitted data must be protected against eavesdropping and manipulation by unauthorized third parties. Powerful end-to-end encryption that does not negatively impact network performance is required. The encryption concept has to be seamlessly integrated into the existing WAN infrastructure while facilitating the desired security management, throughput and availability.
Finally, it must fit into today's tight IT budgets.
Ethernet private lines are a powerful yet cost-effective technology for integrating distributed locations into the backbone at speeds of 100 Mbit/s, 1 Gbit/s or even 10 Gbit/s. Huge distances can be covered with minimal latency, as if the subsidiaries were connected directly to the central switch. This has obvious benefits for users as well as administrators: private cloud applications can be cost-effectively supported from a central location and accessed in realtime. Tap-proof video conferences with excellent voice and picture quality motivate employees and ensure acceptance of the technology. Even backup scenarios that are highly sensitive to bandwidth and latency issues are easy to implement.
R&S®SITLine ETH encrypts complete Ethernet private lines or individual VLANs without any noticeable degradation in transmission performance. The R&S®SITLine ETH generates the random keys required for AES 256 encryption.
The random number generator has been certified in accordance with Common Criteria evaluation assurance level EAL4+. Additional certificate-based authentication of the R&S®SITLine ETH devices effectively prevents "man‑in‑the-middle" attacks. R&S®SITLine ETH has been tested and approved by Germany's Federal Office for Information Security (BSI).
R&S®SITLine ETH is the world's only encryption device with up to four Ethernet lines in a single rack height unit. It supports optical and electrical Ethernet interfaces, which helps to optimize procurement and operating costs, especially in heterogeneous networks. For administration purposes, R&S®SITLine ETH has a separate management port that can be accessed via an existing LAN or a dedicated management VLAN. This makes it possible to outsource network management of the devices to a service provider while retaining complete control of the security configuration.
The reference installation below shows a high-performance, high-availability, highly secure network connecting company sites in Berlin, Munich and Stuttgart. A ring topology network with Ethernet private lines is used to provide redundancy. If one of the lines fails, data transmission is automatically switched over to the alternative route. Implementation is based on a dynamic routing protocol such as OSPF or BGP with layer 3 switches (e.g. Cisco Catalyst 3850) to prevent unintended redundant loops.
The R&S®SITLine ETH encrypts and authenticates the network traffic without any noticeable impact on the data transmission. Device management is limited to the Ethernet settings and retrieval of statistics, which the operator handles via SNMP. The R&S®SITScope online security management system generates device certificates and delivers them to the R&S®SITLine ETH devices. Data encryption and authentication are handled automatically without further configuration.