Integrated Network Gateways Securing Maritime Communications

Integrated Network Gateways Securing Maritime Communications

Background

Since the emergence of globalization, maritime activities have dramatically increased and become diversified. In fact, maritime traffic has been busier than ever, contributed by diverse maritime activities, such as shipping cargos, fishing boats, coastal patrols and even leisure cruise ships traveling across multiple seas. Therefore, the demand for secure and resilient communications has been urged for the connectivity and security for both crews and passengers. In fact, the next-generation network system must integrate all the protocols, including satellite, VSAT, terrestrial, telephone, microwave, radio frequency and 4G/LTE, to establish communications aboard, as well as between land and sea.

Requirements

A World’s leading maritime solution provider of remote communications and IT services came to Lanner and co-developed a secure and scalable network system, which integrates global VSAT, L-band, Fleet Xpress, 4G LTE, Wi-Fi, MSS and multiple VPN services with simplified management to meet today’s demands for maritime communications. The joint solution is required to include the following:

• High-availability (HA)

Resilient communications at sea is critical for maritime activities for both security and connectivity aspects. Therefore, high-availability is a must for communication gateway appliance to ensure undisrupted service and operation.

• Lights Out Management / IPMI

In order to assure High-Availability of communication system, LOM (Lights-out Management) is a required setting that allows maintenance and repair to be executed even when the system is off or malfunctioned. Lanner Lights Out Management (LOM) is an optional card that you can use with Lanner appliances. You can remotely control Lanner appliances using a dedicated management channel. Lights Out Management also works when the appliance is turned off or not responding. Since it is an out-of-band (OOB) operation, remote management is thus simplified.

• Security Acceleration

Maritime communication is sometimes sensitive and thus VPN connection is necessary. Therefore, security acceleration for maritime VPN connection is among top priority. For optimal performance, hardware-assisted crypto acceleration mechanism like Intel QuicAssist is the preferred option for secure VPN applications, since a hardware based design offers performance boost for the entire architecture.

• Redundant Design

Systems installed aboard vessels must be able to run constantly to ensure the communications are always available. Redundant Design is key for 24/7 real-time operation.

• Rugged Fanless Hardware

Due to space constraints as there are many existing instruments inside the vessels, it would be time-consuming to have fans to be replaced. Rugged fanless hardware designs are optimal for the vessels, to reduce maintenance efforts and device failure.

• System Boot Security

Communication systems routing sensitive data require security algorithm during the booting stage to prevent potential intrusions or system tampering. A comprehensive boot security shall cover both hardware and firmware domains, such as Secure Boot and Boot Guard, or other resilient hardware security validation algorithms in the market.

• TPM 2.0

TPM (Trusted Platform Module) is internationally recognized MCU-based crypto-processor integrated in hardware platforms to provide cryptographic keys. TPM 2.0 was released in by TCG (Trusted Computing Group) leveraging existing specifications with errata corrections. A TPM-integrated hardware platform is capable of security features such as generating cryptographic keys, data encryption and hardware-rooted protection. Indeed, TPM 2.0 is a hardware rooted security, providing more comprehensive protection than software-only programs.

• Remote Management

Remote management is critical for maritime communication systems to perform monitoring, diagnostics and troubleshooting from a remote location. All these tasks no longer require personnel to sit in front of the systems 24/7, and the diagnostics, system updates and troubleshooting can be carried through remote management interface like IPMI.

Lanner Solutions

The maritime communication requires a rugged, redundant and compact design appliance to be installed aboard. The FW-7525 built with RoHS compliant parts and manufacturing processes is embedded with an ultra-low power Intel® Atom™ C2000 SoC. Empowered by the Intel® Atom™ C2000, FW-7525 offers low power consumption for data processing and Intel QuickAssist crypto acceleration for secure VPN connection and secure acceleration. Other hardware functions include WAN ports for VSAT/FX, FBB/Iridium Backup and 3G/4G/LTE/WiFi, LAN ports for business use including corporate services (Email and PMS), crew communication (prepaid services) and custom use (M2M services).

For 1U rackmount form factor, Lanner’s NCA-5710 fits the bill. NCA-5710 is powered by Intel®’s Xeon® Processor Scalable Family and Intel® C627 or C621 chipset, features optimized computing performance and virtualization capacity with dual CPU sockets. Other functional hardware designs include 4x NIC module slots, redundant PSU and six modular cooling fans, dedicate IPMI port and up to 384GB DDR4 system memory. NCA-5710 comes with fully supported failover and redundancy mechanism for hardware parts like swappable fans and redundant PSU, eliminating the planned and unplanned downtime to maintain a 24/7 real-time maritime communication. In addition, NCA-5710 comes with TPM 2.0 as optional hardware security.

In order to add confidence in security, both FW-7525 and NCA-5710 support IPMI remote management and maintenance as well as security boot algorithms including Secure Boot and Boot Guard.

About Lanner

Lanner is a leading OEM with more than 30 Years of experience designing, building and manufacturing embedded and network computing hardware. From x86 rackmount systems to wide-operating temperature rugged industrial hardware, our appliances cover a diverse set of popular and niche applications.

© 2024 Lanner Canada LTD. All rights reserved.

Featured Appliances


FW-7525

Fanless Desktop x86 Network Platform for vCPE, SD-WAN and Network Edge
 


NCA-5710

1U Rackmount Network Appliance for Network Traffic Management and Virtualized Network Security