Optical Encryption Services

Layer-1, FIPS-Certified Encryption-as-a-Service,
for the Ultimate in Security and Efficient Management.

Lightower’s Optical Encryption service utilizes revolutionary technology to offer Federal Information Processing Standard (FIPS)-certified encryption of in-flight data from end-point to end-point. Operating at Layer 1, the Physical Layer, means the encryption is data agnostic, while at the same time it maximizes network throughput by eliminating encryption headers utilized at higher layers like Ethernet or Internet Protocol. Since Lightower offers Optical Encryption as a service, there is no need to purchase, deploy, and manage equipment.  Finally, end users maintain total control over the most important parts, their own security parameters and security keys.

Encryption Security

Encryption of in-flight data should be a cornerstone of every organization’s security strategy. Lightower’s Optical Encryption service is an easy to implement, always on encryption solution for infrastructure needs from 10 Gbps to 100 Gbps. By encrypting at the optical level, all data is protected in-flight no matter what application or device generated the data. Since encryption is done at the optical level, throughput is maximized and latency is optimized.

Lightower’s service offers NIST-compliant AES-256 encryption that is FIPS 140-2 and FIPS 197 certified.  For a complete list of technical specs, features, and certification, see the back of this document.

 

Learn more about Lightower Optical Encryption Services:

Easy. Affordable. Secure. Full Control.

Lightower’s Optical Encryption service offers many benefits when compared to stand-alone encryption solutions.

  • Easy to Deploy
    As a managed service, Lightower will design, deploy, and manage all of the equipment for the solution, from end-point to end-point.
  • Reduced Costs
    With no equipment to purchase, deploy, and manage, CapEx and OpEx are drastically reduced for each encrypted circuit.
  • Stand-Alone or Upgraded Service
    Lightower Optical Encryption can be ordered as a new service or existing wavelength or managed private optical network services can be upgraded.
  • Industry-Leading Security
    Lightower’s encryption service offers industry-leading security for in-flight data from end-point to end-point. For a complete list of specs and features, see the Technical Specs tab.
  • Customer Control
    Customers maintain complete control of their security protocols and security keys. A dedicated management tool offers full control to the customer’s Security Officer for comprehensive management of all security parameters.

Lightower’s Optical Encryption service offers one of the most comprehensive list of security features available today.

  • NIST Compliant AES-256 encryption
  • Elliptic Curve Cryptography (ECC) algorithms
  • Diffie-Hellman secured key negotiation (including Elliptic Curve)
  • 509 certificate support for authentication
  • Easily integrates into enterprise Public Key Infrastructures (PKIs) using x.509 certificated-base authentication
  • Support for Certificate Revocation List (CRL)
  • Hitless AES-256 key rotation every second
  • TLS-secured and mutually authenticated interface for encryption management
  • Integrates into existing Public Key Infrastructures (PKIs) using x.509 certificate-based authentication
  • Radius authentication support
  • SNMPv3 Support
  • Elliptical Curve certificates

 

Technical Specifications

Solution Description
Bandwidth Options &
Handoff Protocols
Encryption Service over Wavelength
• 10 Gbps: 10 GigE, FC800, FC1200, OC-192, OC-192c
Encryption Service over Managed Private Optical Network
• 10 Gbps: 10 GigE, FC800, FC1200, OC-192, OC-192c
• 40 Gbps: 40 GigE, OC-768
• 100 Gbps: 100 GigE
Protocols Protected Lightower Optical Encryption is protocol agnostic, encrypting all payload data, at all packet and frame sizes, at full line rate. The service protects all major transport protocols, including: Ethernet, IP, SONET, Fiber Channel, Video Transport, and OTN.
Availability Availability specs depend on the design of the network delivering the encryption service. Options are available for route diversity with failover, to ensure the highest availability possible.

Security Certifications

Service Certifciations
Encryption Service over Wavelength (10 Gbps) • FIPS 140-2 Level 3
• FIPS 197 – AES-256
• IBM GDPS
• EMC
• Brocade
Encryption Service over Managed Private Optical Network
(10 Gbps, 40 Gbps, 100 Gbps)
• FIPS 140-2 Level 2
• FIPS 197 – AES-256
• IBM GDPS
• EMC
• Brocade

Customer Quote

"We recognize that data center operations rely on the most elite network infrastructure for connectivity to enable and support critical business communications. By connecting our key data centers...Digital Realty is able to provide our customers with a unique and diverse option for critical high-bandwidth applications."

Andrew Schaap

Vice President, Sales at Digital Realty