SecFlow-2/4 Main Features

thoughtlessskytopΔίκτυα και Επικοινωνίες

29 Οκτ 2013 (πριν από 3 χρόνια και 11 μήνες)

672 εμφανίσεις

SecFlow2013 Slide
1

SecFlow
Overview

SecFlow2013 Slide
2

U&T Target Market Segments

Utilities

Power

Water

Oil & Gas

Mining

Transportation

Railways

Motorways

Air Traffic
Control

Maritime

SecFlow2013 Slide
3

Power Utilities Trends

The power utilities communication needs are in
evolution phase:




Migration to Packet
in various parts of the network:


Replacement of SDH/PDH core to Ethernet/IP/MPLS


Replacement of old Substation technology to IEC 61850 based
solution which are consist of Ethernet “LAN” and packet signaling


Migration of old SCADA/RTU’s from Serial to IP based



Smart Grid


Implementation of
Demand Response

techniques for improved automation and control of the
distribution grid and deployments of Smart Meters



Growing need for
Cyber & Physical security solutions

SecFlow2013 Slide
4

Challenges Of Power Utilities
Communication Networks


Evolution in the Substation


Migration to PSN in the Substation while supporting multi services


Teleprotection connectivity over SDH and PSN


Substation Automation and Cyber security


Smart Grid


Secured backhaul solutions for Smart Meters


Growth in Bandwidth


Transitioning the operational network to PSN while maintaining
reliability, security & simplicity


Clock Synchronization over the PSN network


Product Obsolescence


old RTUs and substation
communications PDH/SDH multiplexers are out of production
and service, however, there is still a need to maintain Legacy
equipment and installed base



SecFlow2013 Slide
5

Industrial Control Systems


Industrial control systems used to
monitor and remotely control critical
industrial processes


SCADA

systems


Distributed Control Systems (DCS)


Programmable Logic Controllers (PLC)


Highly distributed


Geographically separated assets


Centralized data acquisition and
control are critical


Oil and gas pipelines


Electrical power grids


Railway transportation systems



SecFlow2013 Slide
6

SCADA System


Supervisory Control And Data Acquisition (SCADA)


An industrial
measurement and control system. SCADA elements are:


Central device


Central Master Station


Supervisory system, gathering data on the process
and sending action commands.


Remote devices


Programmable Logic Controller (
PLC
) and
Remote Terminal Unit (
RTU
)


Connecting
to sensors in the process, converting
sensor signals to digital data and sending
digital data to the supervisory system.


Intelligent Electronic Devices (
IED
)


Microprocessor based controller which
monitor and perform proactive functions.
Designed to support substation
automation functions.

SecFlow2013 Slide
7

Supervisory Control and Data Acquisition

(SCADA), System Overview

Source: http://en.wikipedia.org/wiki/File:DNP
-
overview.png



RTUs



PLCs



IEDs

SCADA communication
Protocols



Modbus



DNP3



IEC101, IEC104

SecFlow2013 Slide
8

IEC 61850


International standard for substation automation systems developed to create
an
open communication
environment


IEC 61850 provides interconnection of substation devices on high speed
Ethernet

network


IEC 61850 comprises 10 separate standards IEC 61850
-
1 through to IEC 61850
-
10


IEC 61850
-
3

Specifies general requirements for
the hardware design must support three major
requirements:


Electromagnetic Interference (EMI), immunity



Strong electromagnetic compatibility (EMC)
design to protect against EMI


Operating temperature

-
40
°

to 75
°
C



substation
environments can experience temperatures as
high as 75
°
C and as low as
-
40
°
C



SecFlow2013 Slide
9

SecFlow Portfolio Overview


SecFlow


Ruggedized SCADA
-
Aware Ethernet Switch consist on two product
families:


SecFlow
-
2


Ruggedized SCADA
-
Aware Ethernet Switch/Router


SecFlow
-
4


Modular Ruggedized SCADA
-
Aware Ethernet Switch/Router


SecFlow2013 Slide
10

SecFlow Main Features

Industrial Design


Harsh environmental


DIN
-
rail mount


IP 30


-
40
°
C to +75
°
C w/o
fans


EMI immunity


IEC 61850
-
3


IEEE 1613


EN 50121
-
4

Multiservice
Gateway


Utilize both
Ethernet ports
and Serial
interfaces


Serial Tunneling or
Service translation


IEC101 to IEC104

Integrated
Security


L
-
2/3/4 ACL


MAC/IP filtering
per port


SCADA
-
Aware
firewall


L2/L3 VPN w/
IPsec


802.1X


RADIUS/TACACS


Resiliency


Ethernet rings per
ITU
-
T G.8032


RSTP, MSTP


Cellular 2G/3G
modem uplink for
maximum service
continuation



SecFlow2013 Slide
11

SecFlow
-
2

Access and Network Interfaces

USB

DI/DO

Power

Console

FE Ports

FE 0/1
-
8
with
optional
PoE

RS 232

port 1
-

4

SIM Card

Ports 1,2

Dual
GPRS/UMTS
Modem

SFP

GbE1, GbE2

SecFlow2013 Slide
12

SecFlow
-
4

Access and Network Interfaces

Dual Power
Supplies

7 I/O slots

Service and
MNG module

SecFlow2013 Slide
13

SecFlow
-
4 Modules

Module

Description

SF4
-
M
-
4GBE

Gigabit Ethernet module with four UTP or four SFP ports

SF4
-
M
-
Serial

Serial interface module with four RS
-
232 ports

SF4
-
M
-
Service

Service module with firewall, serial tunneling, VPN
functionalities and discrete input/output interfaces

SF4
-
M
-
MNG

Central processing and management module with local
terminal and out
-
of
-
band management ports

SF4
-
PS
-
24VDC

Power supply module for 24 VDC input


SF4
-
PS
-
48VDC


Power supply module for 48 VDC input

SecFlow2013 Slide
14

SecFlow
-
2/4 v3.1

Main Features

Features

Description

Customer Benefits

SecFlow
-
2

Interfaces


Ethernet Interfaces


2
×
100/1000BaseFX


啰 to 16
×
10/100Bas敔


R敳ili敮t r敤undant n整睯rking ov敲 various WAN
infrastructures

Serial Interfaces


UP to 4
×
RS
-
232


䵵ltis敲vic攠support in a compact singl攠d敶ice

Cellular Interface


Dual SIM GPRS/UMTS cellular modem


啴iliz敳 c敬lular n整睯rk for main link


Improv敳 link r敳ili敮cy and s敲vic攠continuity using
cellular backup links

SecFlow
-
4

Interfaces


Ethernet Module

SF4
-
M
-
4GbE


4
×
100/1000BaseT, optional
PoE


4
×
100/1000BaseFX



GbE

int敲fac敳 p敲 modul攠that provid攠a maximum
of 28
GbEs

per chassis for multiple Ethernet
connections

Serial Module

SF4
-
M
-
Serial


4
×
RS
-
232


4 s敲ial int敲fac敳 for l敧acy conn散tivity 睩th up to 28
serial ports per chassis


Th攠s敲ial modul攠combin敤 睩th th攠Eth敲n整 modul攠
provides multiservice support for various applications

Central Processing
Module

SF4
-
M
-
MNG


Central processing and management module with
local terminal and out
-
of
-
band management ports


The module is supplied with the SecFlow
-
4 chassis,
providing the Layer
-
2 functionality

Service Module

SF4
-
M
-
Service

(Optional)


Service module with firewall, serial tunneling, VPN
functionalities and discrete input/output
interfaces hardware
-
ready only



Security, routing and gateway functionalities

SecFlow2013 Slide
15

SecFlow
-
2/4 v3.1

Main Features

Features

Description

Customer Benefits

Protocol Gateway



IEC
-
101
to IEC
-
104 conversion



Enables
seamless communication from the IP SCADA to
both the legacy and new RTUs, featuring a single box
for multiservice application and smooth migration to all
IP
networks


SCADA
-
Aware
Firewall


SCADA
-
aware
firewall monitors SCADA commands
using deep packet inspection to validate intended
application purpose


Supported SCADA protocols: IEC
-
104,
Modbus

and
DNP 3.0


Syslog

support for IEC 104 fir敷ell


Provides distributed network security from the
substation, enabling only authorized traffic to access
the network according to the user defined access rules

VPN Gateway with
IPSec


Layer 2 GRE VPN


Lay敲 3 multipoint GRE Dynamic 䵵ltipoint
-
VPN


Lay敲 3 IPS散 VPN


IPS散 敮cryption p敲 3DES or AES


X.509 c敲tifi敤 睩th SHA256 and SHA512 for
Phas攱/Phas攲 and AES 256 support


Secured interconnection of remote sites over public
networks, using Layer
-
2or Layer
-
3 VPN with encryption


Supports larg攠scal攠n整睯rks

QoS


Port limit


Ingr敳s policing


Strict priority


W敩ght敤 Round Robin (WRR)


Egr敳s traffic shaping


Higher and lower priority traffic separation into 8
queues for prioritizing the user traffic and allowing
mission critical applications to be served first

SecFlow2013 Slide
16

SecFlow
-
2/4 v3.1

Main Features

Features

Description

Customer Benefits

Ethernet OAM


Single
-
segment

(link) OAM according to IEEE
802.3
-
2005 (formerly
802.3ah)


End
-

-
敮d

conn散tivity OAM bas敤 on IEEE 802


End
-

-
敮d

s敲vic攠and p敲formanc攠monitoring
bas敤 on ITU
-
T

Y.1731.


Guaranteed SLA (Service level Agreement) of
contracted services


Standard Ethernet OAM for easy interoperability 睩th
3rd party equipment


Monitors net睯rk faults, performs measurements and
gathers statistics

Jumbo Frames


SecFlow
-
2

Supports 9K bytes
jumbo
frames



S散Flow
-
4

Supports 12K byt敳 jumbo fram敳


Improves efficiency and increases performance in
GbE

net睯rks

Ethernet Ring
Protection


Ethernet ring protection switching per G.8032v2


RSTP (Rapid Spanning Tree Protocol) and MSTP
(Multiple Spanning Tree Protocol) per IEEE 802.1D


Link resiliency for high survivability and service
continuity



-
ms failure detection and s睩tchover to the
alternate link 睩thout service interruption

Link Aggregation


Link aggregation per 802.3ad with configurable
LACP


Up to 8 LAGs


Up to 8 ports in LAG


Provides increased bandwidth and high availability
links


LACP ensures smooth and steady traffic flo眠by
automating the configuration and maintenance of
aggregated links

Terminal Server
and Serial
Tunneling


Embedded terminal server


Transpar敮t s敲ial tunn敬ing


Connects multiple devices 睩th serial interfaces over IP


Provides point
-

-
point or point
-

-
multipoint
transparent serial tunneling

PoE


Configurable
PoE

(enable/disable and force mode)


30W max per port


Max 120W p敲 d敶ic攠for 48 VDC po睥r supply or
220 VAC


Max 80W p敲 d敶ic攠for 24V DC po睥r supply


Easily feeds third party equipment or peripheral
devices such as IP cameras, using power over Ethernet


SecFlow
-
2/4
can feed RAD’s Airmux outdoor device
eliminating the need for an Airmux indoor unit

SecFlow2013 Slide
17

SecFlow
-
2/4 v3.1

Main Features

Features

Description

Customer Benefits

Access Control List


Access control lists according to Layer
-
2,
-
3 and
-
4
criteria


Enhanc敤 ACL m散hanism to filt敲 us敲 traffic
according to vari整y of traffic crit敲ia


B整t敲
s散urity
and control on
authoriz敤 traffic

Network
Management


SNMP:
V1,V2,V3 (V3 only in SecFlow
-
2)


RADvi敷



S散Flo眠N整睯rk 䵡nag敲


SSH: V2.0


CLI


RADI啓,

TACACS


TFTP Cli敮t


Syslog
, SNTP


S散Flow
-
2 can b攠manag敤 by a vari整y of
manag敭敮t tools including: CLI, WEB int敲fac攠and
RADview

SNMP
-
based management system


S散Flow
-
2 can also b攠manag敤 by S散Flo眠N整睯rk
Manager, integrated in the
RADview

EMS server, to
provide an end
-
to
-
end management system

Switching


Auto Crossing


Autonegotiation

per IEEE 802.3ab


Port
-
based Network Access Control (PNAC) per
IEEE 802.1x


䵁C list


VLAN s敧r敧ation tagging p敲 IEEE 802.1q , 4K
VLANs


Multicast Groups


IG䵐 snooping v1,v2,v3


䵁C limiting p敲 port


LLDP, DHCP client, DHCP
relay, option 82


Set of Layer
-
2 features for traffic management and
security

SecFlow2013 Slide
18

SecFlow
-
2/4 Main Features

Features

Description

Customer Benefits

Timing



Local
time settings


NTP v2


PTP transpar敮t clock p敲 1588v2




Fl數ibl攠
clock distribution and n整睯rk synchronization
bas敤 on diff敲敮t clock sourc敳

Routing


IPv4


Static routing


OSPF v2, v3


RIPv2


A single
-
box solution that provid敳 both Lay敲
-

features and Layer
-
3 routing capabilities

Diagnostics



Count敲s
and statistics p敲 port


LED diagnostics: main s睩tching units (Alarm |Run
| Eth敲n整)


LED diagnostics: application int敲fac敳 (C敬lular |
S敲ial )


Ping


Trac攠route


Port mirroring


R䵏N





Provid敳
數e敮siv攠diagnostic tools to assist op敲ators
in fault monitoring

SecFlow2013 Slide
19

Legacy Migration


Integrated serial interfaces in switches with 3 operational modes


Tunneling
between serial segments


Byte / Bit
-
stream


Multipoint support


Service
-
aware security for serial tunnels


Gateway
connecting serial devices to matching Ethernet devices


Currently supports IEC
-
101 to IEC
-
104


Terminal Server
connecting a computer to serial devices

RS
-
232/RS
-
485 link

Ethernet link

Serial Tunnel

Gateway service

SecFlow 2

SecFlow 2

SecFlow 2

SecFlow 2

SecFlow2013 Slide
20

Protocol Gateway

IEC
-
101 to IEC
-
104 conversion using protocol gateway functionality

IEC 104

UDP/IP

SSH (T. Server)

Seri al Master 1

Remote Site
B

Central Site

PSN

Seri al Master 2

SCADA

RS
-
232

RS
-
232

RS
-
232

RS
-
232

RS
-
232

Consol e

V.Com

port

IEC104

LAN

IEC 101

Remote Site
A

IEC 104

IEC 101
RTU

SecFlow 4

SecFlow 2

SecFlow 2

SecFlow2013 Slide
21

Cyber Security Threats to Utilities


Distributed SCADA IPS Deployment


Role
-
based validation of SCADA
commands


Deployment at each end
-
point


Used for both IP & Serial devices

Attack

vector


Control
-
Center malware


Field
-
site breach


Man
-
in
-
the
-
Middle


Remote maintenance

Security Measure


Service
-
aware firewall


Distributed firewalls


Encryption


Secure
remote access

SecFlow2013 Slide
22

SecFlow 4

Distributed Firewall

SCADA
-
aware firewall for
Modbus

and IEC 101/104

IEC 104

UDP/IP

SSH (T. Server)

104 Cl i ent

Modbus

Cl i ent

Remote Site
B

Central Site

PSN

SCADA

IEC 101

ID 11

Remote Site
A

Modbus

NMS

Modbus

Modbus

RTUs

Modbus

ASDU1

ASDU2

ASDU3

IEC 101

IEC 101

ID 12

ID 13

Modbus

RTU

Modbus

RTU

Modbus

RTU

SecFlow 2

SecFlow 2

SecFlow2013 Slide
23

Security Features


802.1X



IEEE Standard for port
-
based Network
Access Control (PNAC), authentication and
protection against
DoS

attacks


Access Control List



Traffic filtering according to
layer 2/3/4 criteria


RADIUS

and
TACACS+

based centralized user
authentication and authorization


L2/L3 VPN
, using IPSEC encryption


User policy for traffic type, IKE, AES or 3DES
encryption, dynamic key


Secure Telnet access, using
SSH


SCADA firewall

per port (
Modbus
, IEC
-
104, DNP3.0)




SecFlow2013 Slide
24

Integrated Defense
-
in
-
Depth

Tool
-
Set


Advanced security measures integrated in the switch using
a dedicated service
-
engine


Enable easy deployment of an extensive defense
-
in
-
depth
solution


SecFlow2013 Slide
25

Multi
-
Service Transport


Utility networks do not have 100% fiber connectivity


SecFlow switches support alternative transport infrastructures


GPRS/UMTS


Cellular coverage with 2 operators


Radio links using RAD’s Airmux wireless solution


SHDSL


Private copper lines
*


Used with integrated security mechanisms


Private ETH

Network

Private ETH

Network

Internet

SecFlow 2

SecFlow 2

*roadmap

SecFlow2013 Slide
26

Resilient Cellular Connection to
Remote Sites


GPRS/UMTS support


Link resiliency using 2 SIM cards with continuous check of operator link quality


Multiple remote spokes connecting to Hub over encrypted IPSec tunnels


NHRP used for dynamic IP address resolution assigned to cellular spokes


L2 VPN using transparent GRE tunnels over IPSec


L3 VPN using DMVPN

WAN

FO |
Cellular

LAN

SecFlow2013 Slide
27

Applications

SecFlow2013 Slide
28

Smart
-
Grid Distribution Network


Modern secondary sub
-
station requiring:


Encrypted tunnels when using a public network


Firewall for uplink protocols (IEC
104
, IEC
61850
,
Modbus
)


Gateway for serial IEDs

SecFlow switch
integrates all the functions

“New intelligent MV
-
LV* transformation centres with metering, power
monitoring and capacity automation”

RTU

Power

Monitoring

Meters

Concentrator

Secondary Sub
-
Station

Network

(
Secondary

Sub
-
Stations)

Cel l ular

Antenna

Automation

Control Center

Metering

Data Center

SecFlow 2

Smart

Meters

*Medium Voltage/Low Voltage

SecFlow2013 Slide
29

Migration to IP
-
based SCADA at
Sub
-
stations


Connectivity of sub
-
station devices to new IP
-
based SCADA


Per
-
site firewall for industrial automation protocols


Secure terminal server for maintenance sessions


Encrypted tunnels when using wireless links


Serial to ETH protocol gateway

Control Center

Sub
-
Station

RS
-
232

IEC
-
101

ETH

IED

IP SCADA

LAN Management

RTU

Ring

Sub
-
Station

Sub
-
Station

SecFlow2013 Slide
30

Connecting the Sub
-
station LANs


Current Status

Network Limitations


SCADA direct access to S.S. IEDs


Field technician access to:


Other sub
-
stations


Central storage


Facility RTU


Remote technician access to RTUs and
IEDs in all S.Ss


Data
-
sharing between S.Ss

Need a unified sub
-
station LAN with secure inter
-
site

connectivity

SDH/Packet

Network

Sub
-
Station

Control Center

Sub
-
station IEDs

SCADA

Storage

Sub
-
station

RTU

Field

Technician

Remote

Technician

Internet

Facility

RTU

SecFlow2013 Slide
31

SecFlow 4

Connecting the Sub
-
station LANs


Future Evolution

Use a secure switch connecting
the LAN devices to the backbone


Network segmentation using
VLANs/Subnets


App
-
aware firewall per
-
device


Secure remote access


Serial
-
to
-
ETH protocol gateway

SDH/Packet

Network

Sub
-
Station

Control Center

Field

Technician

Remote

Technician

Internet

Sub
-
station IEDs

Sub
-
stat.

RTU

Facility

RTU

SCADA

Storage

SecFlow2013 Slide
32

Metro Subway Control Network


Metro subway control applications require communication with smart
devices in each station


Ethernet access switches connected to IP/MPLS backbone using VLANs as
service ID


Mixture of Ethernet, Serial & Discrete devices with secure access using a
distributed
ModBus

firewall


Secure mobile access from trains to control center using distributed device
authentication methods

IP/MPLS

Backbone

Control Center

Metering

Data Center

RTU

IED

SecFlow switches build a secure subway network

SecFlow2013 Slide
33

Smart/Safe City

End Points Communication


Compact Industrial switch
for Smart/Safe
-
city cabinets


Ethernet with
PoE


Serial and discrete I/O ports for simple automation devices


Diverse means of communication:


Integrated dual
-
SIM cellular modem


Fiber Optic with protected Ring Support (G.8032)


SHDSL*


Integrated security mechanisms


IPSec VPN


SCADA firewall

P2P & P2MP

Radio

FO

Dual 2G/3G

Communi cati ons

WiFi
*

Tamper
Switch

RS
-
232

ETH
PoE

ETH

Dry

Contact

Display Board

SecFlow 2

*roadmap

PSN

SecFlow2013 Slide
34

ETH Ring

ETH Ring

Case Study of a Highway Security
Infrastructure


Italy
Autostarda

ETH

Ring

1588
Clock


Central Site

Ring
1

Ring
6

Ring
7

Ring
12

RS
-
232
/
485

Remote Site


Traffic Control

Security
Cameras

Tetra Base

Stations

Message Boards

PoE

1588
clock
sync

QoS

RS
-
232
/
485

Remote Site


Traffic Control

Security
Cameras

Tetra Base

Stations

Message Boards

PoE

1588
clock
sync

QoS

SecFlow2013 Slide
35

Ordering Options SecFlow
-
2


Two ordering options:


Advanced mode



SecFlow
-
2
is provided with security features,
routing, switching and gateway functionalities.


Basic mode



SecFlow
2
is provided with switching and gateway
functionality only. Limited ordering options and cannot upgraded to
advanced mode


Mode

PN

Description

Basic

SF2/B/AC/2GE8UTP/
PoE

AC power supply, 2
×
GbE SFP ports, 8
×
10/100BaseT ports,
PoE

on 8 UTP
ports

SF2/B/48VDC/2GE8UTP/
PoE

48 VDC power supply, 2
×
GbE SFP ports, 8
×
10/100BaseT ports,
PoE

on 8
UTP ports

Advanced

SF2/S/48VDC/2GE8UTP

48 VDC power supply, 2
×
GbE SFP ports, 8
×
10/100BaseT UTP ports

SF2/S/AC/2GE8UTP/
PoE

AC power supply, 2
×
GbE SFP ports, 8
×
10/100BaseT ports,
PoE

on 8 UTP
ports

SF2/S/AC/2GE8UTP/PoE4AM

AC power supply, 2
×
GbE SFP ports, 8
×
10/100BaseT ports,
PoE

on 4 UTP
ports for Airmux products

SF2/S/48VDC/2GE16UTP

48 VDC power supply, 2
×
GbE SFP ports, 16
×
10/100BaseT UTP ports

SF2/S/48VDC/2GE8UTP8SFP

48 VDC power supply, 2
×
GbE SFP ports, 8
×
10/100BaseT UTP ports, 8
×
100 FX SFP

SecFlow2013 Slide
36

Ordering Options SecFlow
-
2

PN

Description

Chassis

SF4/48VDCR

SecFlow
-
4 chassis, central processing and management module, dual 48 VDC power
Supply

SF4/24VDCR

SecFlow
-
4 chassis, central processing and management module, dual 24 VDC power
Supply

Modules

SF4
-
M
-
4GBE
-
U

SecFlow
-
4 module with four 10/100/1000BasteT UTP Ethernet ports

SF4
-
M
-
4GBE
-
POE

SecFlow
-
4 module with four 10/100/1000BasteT UTP Ethernet ports and 30W
PoE

SF4
-
M
-
4GBE
-
S

SecFlow
-
4 module with four 10/100/1000BasteFx SFP Ethernet ports

SF4
-
M
-
4RS232

SecFlow
-
4 module with four RS
-
232 serial ports

SF4
-
PS
-
24VDC

24 VDC power supply

SF4
-
PS
-
48VDC

48 VDC power supply

SecFlow
2013
Slide
37

Management

RADview
-
EMS is a unified carrier
-
class management platform for RAD devices using a
variety of access channels as SNMPv1/3, HTTP/S, TFTP and Telnet/SSH. In
addition, it features third
-
party device monitoring capabilities

SecFlow
2013
Slide
38

Management, Benefits & Features


Turnkey system including hardware and software!


Fully compliant with TMN standards


Client/server architecture with multi
-
user support


Interoperable with third
-
party NMS and leading OSS systems


IBM Tivoli’s
Netcool
®/
OMNIbus
™ plug
-
in


Minimize integrations costs associated with new NE

Benefits


Ensures device health and congestion control


Topology maps and network inventory


Advanced FCAPS functionality


Software & configuration management


Business continuity
-

High
-
Availability and Disaster Recovery


Handover between operators

Key features

SecFlow
2013
Slide
39

RADview
-
EMS advanced FCAPS


Detects and isolates faults in network devices, initiates remedial actions and
distributes alarm messages to other management entities in the network.

Fault management


Enables operators to configure, install and distribute software to all devices across the
network. In addition, the system tracks version changes and maintains software
configuration history

Configuration management


Manages individual and group user accounts and passwords, generating network
usage reports to monitor user activities.

Accounting management


Supports real
-
time monitoring of
QoS

and
CoS
, producing real
-
time and periodic
statistics. The statistics collector compresses data to minimize bandwidth use for
management traffic and exports CSV files to OSS or third
-
party management systems

Performance management


Allows network administrators

to track user activities and control the access to
network resources with a choice of security features

Security management

SecFlow
2013
Slide
40

Device Management


SNMP v1, v2, v3 (v3
only in SF
-
2)


CLI


WEB


SNTP


RADIUS


TACACS


TFTP


Syslog



SecFlow
-
2
/
4

Device
Management

SecFlow2013 Slide
41

RADview




SecFlow Network Manager


SecFlow Network Manager is an End
-
to
-
End network
management of the SecFlow devices featuring:


Automatic discovery of SecFlow network switches


Network topology management


End
-
to
-
end service provisioning


Security rules configuration


Aggregated network fault monitoring


Network performance analysis


Operator authorization levels


SecFlow2013 Slide
42

www.rad.com

Thank You

For Your

Attention