Using IP VPN Encryption Solutions From Crypto AG Over BGAN
Using IP VPN Encryption Solutions From Crypto AG Over BGAN
Using IP VPN Encryption Solutions From Crypto AG Over BGAN
solutions from
Crypto AG over BGAN
Version 1
3 September 2009
inmarsat.com/bgan
Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure its accuracy, Inmarsat makes no warranty or representation as to the accuracy,
completeness or fitness for purpose or use of the information. Inmarsat shall not be liable for any loss or damage of any kind, including indirect or consequential loss, arising from use of the information and all
warranties and conditions, whether express or implied by statute, common law or otherwise, are hereby excluded to the extent permitted by English law. INMARSAT is a trademark of the International Mobile
Satellite Organisation, Inmarsat LOGO is a trademark of Inmarsat (IP) Company Limited. Both trademarks are licensed to Inmarsat Global Limited. © Inmarsat Global Limited 2009. All rights reserved.
Contents
1 Overview 1
2 Typical user scenarios 1
2.1 Applications 1
2.2 Solutions 2
3 Key features 2
4 Product range 3
4.1 Common features 3
4.2 IP VPN Encryption HC-7805 4
4.3 IP VPN Encryption HC-7825 5
4.4 Crypto Mobile Client HC-7835 6
4.5 MultiCom Radio Encryption HC-2650 - 200 IP 7
4.6 Deployable SAT-Encryption all-in-one-case 8
5 Setting up 9
5.1 Setting up the IP VPN unit 9
5.2 Setting up the BGAN terminal 11
5.3 Setup of applications 11
6 Further details and support 12
1 Overview
IP VPN Encryption Solutions from Crypto AG are the preferred choice of public authorities,
ministries, diplomatic services as well as security and defence organisations, due to the security
concept based on hardware encryption and customer-specific algorithm. These solutions are used
in “satellite terminal to satellite terminal“ configurations, as well as “satellite terminal to HQ (or
another station) via land earth station” configurations.
The solution establishes a secure virtual tunnel via the BGAN link through to the ICT infrastructure
at headquarters, or to another mobile user. All transported applications such as data, VoIP, video,
images, audio/video streaming and so on are protected and cannot be read or edited by
unauthorised third parties. The authenticated user can get secure remote access to confidential
data in their own organisation over a number of connections (IP network, Ethernet, WLAN, ADSL,
UMTS network).
2.1 Applications
Messaging, Email
File Transfer (FTP)
Client/Server applications
Intranet
VoIP (voice over IP) telephony
FoIP (fax over IP)
Videoconferencing
The diagram above assumes access to the Internet via satellite. Locations may also have other
means of Internet access and use the satellite as a backup solution. Stations using the Crypto
Mobile Client can access the Internet over wireless (hotspot or via a GSM mobile phone).
2.2 Solutions
There are different models and types of BGAN terminals for different types o deployment. For all of
these scenarios, there is a corresponding IP VPN encryption solution available from Crypto AG.
Crypto AG offers also a range of compact, fully integrated solutions. They are based on the Crypto
Mobile Client HC-7835 and the Thrane & Thrane EXPLORER 500 satellite terminal
3 Key features
IP VPN Encryption from Crypto AG creates a Virtual Private Network (VPN) which has no
contact with the transport network.
IP data packets are encrypted and cannot be access by third parties, regardless of the
application in use.
IP VPN Encryption units can be integrated directly into the ICT infrastructure of a LAN.
For individuals or small office users, there are desktop units and the Crypto Mobile Client,
which can be installed directly between the end device (e.g. a laptop) and the network
connection.
Simple connectivity – no security knowledge is required, and encryption takes place
automatically in the background.
4 Product range
This section describes the IP VPN encryption products available from Crypto AG.
For headquarters we recommend the IP VPN Encryption Enterprise Version HC-7825
For smaller offices with BGAN access, we recommend the Desktop Version HC-7805
For mobile applications, we recommend the Crypto Mobile Client HC-7835.
For military requirements, we recommend the MultiCom Radio Encryption HC-2650-200
IP.
4.1 Common features
Security Management
Manual key input via user interface.
Copy/backup of key and installation data by Security Data Carrier (SDC).
Offline management by Security Management Centre and Security Data Carrier.
Online management by Security Management Centre (SMC).
Access protection
Tamper-proof design.
Password protection user level specific.
Block/unblock function.
Emergency clear.
User interfaces
Keypad
2 lines of LCD with backlight
Status LEDs
Browser-based user interface
Built-in smart card reader for reading/writing key and setup data
Diagnostic user interface
Management
Security Management Centre (SMC)
Remote Access Device (RAD) to remotely manage IT parameters
Out-of-band management via ethernet
Local management via keypad and display
or via web-based user interface
Category Details
Weight 1.5 kg
Category Details
Weight 4.2 kg
Category Details
Dimensions 116 x 70 x 25 mm
USB Memory USB Memory (4GB) with write protection, possible to boot the
notebook with an operating system (thin client
Category Details
Inmarsat Contact
customer_care@inmarsat.com
Crypto AG Contact
E-Mail: support@crypto.ch
Web site: www.crypto.ch
Crypto AG
P.O. Box 460
CH-6301 Zug
Switzerland
Tel. +41 41 749 77 22
Fax +41 41 741 22 72