XT products create an encrypted tunnel through IP networks. They create an encrypted Layer 2 tunel via Layer 3 IP networks. In it's most simple form, the XT is a "lump in the cord" between a protected LAN and an unprotected WAN.
XTs use either UDP/IP or TCP/IP for transport between units, and are compatible with other XT units as well as DCB's UT and ET products. The UT-Soft software client also works well with XT servers to provide a remote PC client.
XT series products operate in server-client pairs (or using multiple clients and servers in a system).
The XT series encrypts the path between units using AES encryption. AES is the US Government standard. 128.192, or 256 bit AES encryption are supported.
Depending upon the model, XT trusted ports are either ethernet 10/100BaseT or 10/100/1000BaseT. The WAN, or untrusted, data ports are ethernet ports running 10/100BaseT or 10/100/1000BaseT. WAN port data can be sent encrypted or unencrypted. If present, the serial port is used only for setup.
The XT tunnels operate through firewalls with only one UDP or TCP port of your choice opened. It bridges all ethernet protocols including IPX, IP, NetBEUI, VOIP, ROIP, and other proprietary protocols as well as multi-cast. The XT series is straight-forward, easy to configure and maintain. Each XT encrypts an entire location for 100s of PCs and other devices.
Units configured as a server typically have a fixed IP address. Clients may have fixed IP addresses or obtain a dynamic address. Dynamic DNS is also supported for server locations that do not have a fixed address available.
Upon power-up, the clients attempt to create a persistant connection to the configured server. If a redundant server is configured, there is automatic fail-over between the primary and redundant server with automatic recovery when the primary link is again available.
Some XT products contain a serial port may be configured as a single port terminal server. This allows the XT to interoperate with DCB's EtherPoll SCADA communications system and other encrypted XT devices. This also provides an encrypted connection for the serial data.
The UT-Soft software allows any Windows PC to become a stand-alone client without the need for client hardware. It's ideal for ad-hoc laptop and tablet connections via the untrusted network.
The XT series provides state-of-the-art straight-forward, easy to configure AES encryption security without the configuration complexity of normal VPNs.
XT series products are export controlled items regulated by the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce. Most devices are eligible for export exception ENC and may be exported to most countries. They may not be exported or shipped for re-export to restricted countries in Country Group E:1. Some models require specific export license. Read our Encryption Product Export Statement here for more specifics.
Serial Port: RS-232 port for setup or TCP/UDP serial server
Contains three “soft” Ethernet ports that may be configured as trusted or untrusted
Sustained throughput: 20 Mbps with AES 256
Approximately 3500 packets-per-second with 94 byte packets (AES 256).
Bridge/Tunnel supports 2048 MAC address table entries
Power: Native 8 to 30 VDC, 12 volt nominal, 5 watts; 120VAC power supply included, -48VDC, 125 VDC, and 240 VAC power supplies available. If passive PoE is used, 11 – 30VDC. A minimum of 18VDC is recommended for long cable runs.
LED: LAN Activity, power
LAN 1 IP address: 192.168.0.1
LAN 2 IP address: DHCP Client
LAN 3 IP address: disabled
In server mode, supports 8 simultaneous client XT, UT, ET, or UT-Soft units
Browser Management port: 443 (HTTPS)
Operational Temperature: -40 to +70C
Dimensions: 125 mm, 4.9” W x 215mm, 8.5” D x 39mm, 1.5” H (including rubber feet)
Trusted LAN and Untrusted WAN interfaces are 10/100/1000BaseT, Autosense
Contains five physical ethernet ports that may be individually configured as trusted or untrusted as one of three soft LAN ports
Maximum Sustained throughput of 20 Mbps (Varies with packet size)
Power: Native 9 to 30 VDC, 12 volt nominal, 5 watts plus PoE power requirement; 120VAC power supply included
PoE: Unit will operate from passive PoE or supply passive PoE to other devices. The unit is POE input on port Eth0 and POE out on Eth4 only. It does not support 802.3af POE.
Optional power supplies available for 24 VDC, -48 VDC, 125VDC, and 240 VAC
Server mode supports up to 8 simultaneous client XT, UT, ET, or UT-Soft units
Operational temperature : -10 to +45C
Dimensions 4.33" x 2.95" x 0.95" Weight: 6.2 ounces - 175 g
One RS-232 3-wire (Tx, Rx, Gnd) serial interface terminated in a DE-9 connector. The serial port may be used for initial configuration and also to support TCP/UDP terminal server functions. Speeds of 300 bps to 230 Kbps are supported.
The XT family products create an encrypted tunnel which passes Ethernet packets
between two trusted LAN segments. All ethernet protocols are bridged between the
units. The XT operates in conjunction with other XT, ET, UT units and UT-Soft. One unit is
required for each location. Multiple client units may be connected to the same host
unit, and a client may be connected to multiple host units (daisy-chained operation). A host unit may be configured to block client-unit to client-unit connections, or to allow them. All XT series units are compatible.
The following application notes were written for the UT and ET series products. The concepts and many operational details are identical to those of the XT products.
This application note guides the new XT-3305 user from opening the boxes to having a working encrypted tunnel between two XT-3305 units on a test bench. Step-by-step instructions make it quick and painless to learn the configuration process.
If it didn't go well and doesn't immediately work, this guide offers some troubleshooting hints. Most people won't need this, but it's here if you do.
All DCB ethenet encryptors operate similarly, with differences being in the protocols, capabilities, and authentication methods. Since the topology is comparable for all of them, we show application notes for all these products together.
Some of our encryption products are export controlled items and are regulated by the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce. Some are classified as mass market encryption devices and may not be exported or shipped for re-export to restricted countries in Country Group E:1. They are exportable to most other countries. Read our Encryption Product Export Statement here for more specifics.
Radio installers rely on DCB tunnel products to implement secure networks for mission critical applications. DCB Encryptors (XT, UT, and ET roducts) enable IP dispatching across multiple networks. They remove the multi-cast problem faced in many IP network installations so are frequently used along with Telex, Motorola, Kenwood, Harris, Zetron, AVTEC, and other two-way radio consoles. This document describes some of those techniques with examples we've seen at PSAPs and other dispatch centers.
Our encrypted tunnel appliances provides a LAN -to- LAN encrypted tunnel between locations. It employs a layer three (UDP/IP or TCP/IP) connection between two or more tunnel devices to create a secure, AES encrypted tunnel. For export purposes, the Some models are considered a Mass Market Encryption Device by the Department of State Bureau of Industrial Security and are export limited.
This product line meets HIPPA and most government standards for non-classified data transfer. However, it is not NIST FIPS 140-2 approved. For a FIPS 140 approved product, the (more expensive) FT line of encryption appliances is required. This note discusses the security implications of using our encrypted tunnels.
Users have come to rely on DCB tunnel products to implement secure networks for mission critical applications in which downtime must be kept to a minimum. Thus it is not unusual for customers to ask questions about techniques that may be applied to make the tunnel network more robust. This document describes some of those techniques with examples.
This application note guides the new XT-3306 user from opening the boxes to having a working encrypted tunnel between two XT-3306 units on a test bench. Step-by-step instructions make it quick and painless to learn the configuration process. One difference between the XT and the UT/ET families is that the XT allows the selection of TCP and UDP protocols for the tunnel path.
This application note guides the new UT-3302 user from opening the boxes to having a working encrypted tunnel between two UT-3302 units on a test bench. Step-by-step instructions make it quick and painless to learn the configuration process.
Discusses applying the UT products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The UT supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks. The UT-SOFT software client allows any PC to be a securely connected node on a remote network
This Motorola produced MIP 5000 VoIP Radio Console VPN Solution Guide features a virtual private network (VPN) solution that has been tested with MIP 5000 VoIP Radio Console. The VPN solution uses a pair of encrypted Ethernet bridges to provide a secure Ethernet tunnel between the dispatch center and a remote MIP 5000 console. The secure Ethernet tunnel supports a remote console operator receiving audio from and transmitting audio to radio channels and other MIP 5000 consoles using AES encryption.
This short application note summarizes the options and requirements for directly connecting the untrusted interface of UT encrypted tunnels to the Internet. Yes, the UT tunnels may be safely living on the wild side of your firewalls and if properly configured appear to be a "black hole" to your adversaries!
Using the UT for Remote Management Applications Since the UT along with UT-Soft enables a remote workstation to have a virtual presence on a remote LAN segment, it's quite useful for network monitoring and analysis, similar to a RMON without the headaches. Download an application note that discusses using UT-Soft and our UT servers for remote LAN network montoring.
Discusses applying the ET products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The ET supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks.