VALIANT -104 Protocol Encryptor

COMMUNICATIONS
VCL-Xcöde: IEC 60870-5-104 Protocol Encryptor

Introduction:
Valiant's VCL-Xcöde is an integrated IEC 60870-5-104 Data
Encryption Equipment (-104 Protocol Encryptor) with extremely
advanced features that may be installed to secure and protect
RTU data in critical infrastructure such as Sub-Stations, Smart
Grid Distribution Systems, Oil and Gas Infrastructure and
Railway Signalling Networks from being compromised or
accessed by hostile elements.
Front View
The VCL-Xcöde may be installed in point-to-point or point-to-
multi-point applications in centrally managed networks Deployment Topology:
consisting of multiple edge locations to provide secure
! Point-to-Point (i.e., encrypting RTU data between two
communications between multiple RTU Terminals and their
Terminals)
corresponding IEC 60870-5-104 central server(s) located in Load
! Point-to-Multipoint (i.e. encrypting data between multiple
Dispatch Centre(s) / SCADA Management Centre(s) and Rail
RTU Terminals and the IEC 60870-5-104 server located in
Traffic Control Room(s).
Load Dispatch Centres / SCADA Management Centres and
Additionally, the VCL-Xcöde also protects the RTUs against RailTraffic Control
hostile network attacks and intrusions arising out of Denial of
Supported Data Encryption Algorithms:
Service (DoS) attacks and MitM (Man-In-the-Middle).
! 3DES, AES128, AES192, AES256 Encryption Algorithm
Access to the VCL-Xcöde is password protected with advanced
firewall capabilities that meet and exceed NERC as well as all Interfaces - Terminal:
mandatory requirements of Password Protection and Control as
! Total Number of Ethernet Interfaces : 5
provided in the GR-815-CORE-2 specifications. VCL-Xcöde can
! Four 10/100 RJ45 equipment interfaces in the
optionally be managed centrally from a RADIUS Server to
local (trusted) network
provide enhanced levels of access security and centralized
! One 10/100/1000 RJ45 network interface to the WAN
password management and control.
(untrusted) network
Applications: ! Integrated four-port Ethernet switch
! Auto MDI/X (straight or crossover Ethernet cable correction)
! Utilities: Electric generation, transmission and distribution
! USB serial port for local access and configuration
! Smart Grid Distribution Systems
! Oil & Gas production, pipelines Interfaces Server:
! Remote nodes in SCADA multi-drop networks
! Total Number of Ethernet Interfaces : 3
! Railway Signalling Infrastructure: Rail Traffic Control
! One 10/100/1000 RJ45 interface in the local (trusted)
Room(s)
network
! All distributed data networks consisting of a central server
! One 10/100/1000 RJ45 network interface to the WAN
and multiple edge locations
(untrusted) network
! One 10/100/1000 RJ45 interface for configuration and
management
! Integrated four-port Ethernet switch
! Auto MDI/X (straight or crossover Ethernet cable correction)
! USB serial port for local access and configuration
Applications Diagram:
-104 Protocol -104 Protocol
Encryptor Encryptor
Ethernet / IP IP / Ethernet Ethernet / IP
Network
Encrypted Encrypted

Unencrypted Unencrypted

-104 RTU Data RTU RTU -104 RTU Data

RTU RTU

www.valiantcom.com 1
Valiant Communications Limited VCL-2142

Firewall - Features and Capabilities: Network Support:

! Deep Packet Inspection ! IPv4 and IPv6 Routing
! Per-frame/packet authentication ! Ethernet
! Firewall ! VLAN tag preservation
! Port (Soft) - based ! MPLS tag preservation
! MAC - based ! IPv4
! IP Address - based
Monitoring and Access Control:
! IP Domain - based
! White List and Black List options ! Password Strength Monitor
! White List Exception allowed and blocks all other traffic ! Device Management and Alarm Monitoring
by default (system default mode) ! Command Line Interface – Telnet, SSH
! Black List Exception blocked and allows all other traffic ! SNMPv2 Alarm Monitoring
by default ! Alarm condition detection and reporting (traps and SNMP
! Seamless scalability alarm table)
! Infrastructure neutral ! Syslog
! Transparent to network and applications ! Audit Log
! Easy installation and management
Power:
Firewall Throughput:
! Power: 1+0 and 1+1 Redundant Power Supply Options
! ≤ 60Mbps (Compact, DIN-Rail Remote Data Encryption (1+1 Redundant Power Supply Options available in the
Terminal) 19-Inch Chassis Only)
! ≤ 60Mbps (1U, 19-Inch Rack Mountable Remote Data ! 18VDC ~ 60VDC (Terminal)
Encryption Terminal) ! 85VDC ~ 250VDC (Terminal)
! ≤ 900Mbps (2U, 19-Inch Rack Mountable Central Data ! 100~240VAC, 50/60Hz (Terminal and Server)
Encryption Server) ! Power Consumption: 9W at maximum load (Terminal)
! Power Consumption: 210W at maximum load (Server)
Firewall and Security: Environmental:
! Secure Boot ! Operational:
! Firewall Security: ! Operating Temperature: -20C to +60C (-4F to 140F)
! Inclusion Policy – Access Control based upon White List – Terminal
IP addresses, MAC address and IP Domain ! Cold Start Temperature: -10C (14F) - Terminal
! Exclusion Policy – Access Control based on Black List ! Operating Temperature: 0C to +50C (32F to 122F)
! Resistance to Denial of Service (DoS) Attack – Server
! Continuous monitoring of the TLS connection to nullify MitM ! Cold Start Temperature: 10C (50F) – Server
attacks ! Maximum Operational Humidity 95% R.H.
! Encrypted Firmware Updates (Non- condensing)
! Non-volatile Access Log with capability to "fingerprint" all
Regulatory:
successful and failed log-in attempts and keep a log of the IP
and MAC addresses of all successful and failed logins / login Emissions As per CISPR 22 / EN55022 Class A
attempts FCC Part 15 Subpart A
! SNMP trap generation, along with LED and external alarm Immunity EN55024, EN61000
indication
! Password Protection with password strength monitor EMI, EMC, Surge Withstand and other Compliances:
! RADIUS Password Authentication Terminal Equipment
! SSH (Secure Access Control) with encrypted Password
Protection EN 50081-2 EN 50082-2 IEC 60068-2-29
Maximum number of RTUs and Encrypted Data Throughput IEC 61000-4-6 IEC 60068-2-6 IEC 60068-2-2
from RTUs: (Conducted Immunity)
! Compact, DIN-Rail Remote Data Encryption Terminal, IEC 60068-2-78 IEC 60068-2-1 IEC 60068-2-14
Maximum Encrypted Data Rate, ≤ 12Mbps with AES256 CISPR 22 / EN55022 Class B
Encryption Algorithm, Up to 6 RTUs @ 2Mbps pre RTU. (Conducted Emission and Radiated Emission)
! 1U, 19-Inch Rack Mountable Remote Data Encryption
IS 9000 (Part II Sec. 1-4, Part III Sec. 1-5, Part IV, Part 14 Sec. 1-3)
Terminal, Maximum Encrypted Data Rate, ≤ 12Mbps with
AES256 Encryption Algorithm, Up to 6 RTUs @ 2Mbps pre IEC 60870-2-1 IEC 61000-4-5
RTU. IEC 61000-4-3 IEC 61000-4-8
! 2U, 19-Inch Rack Mountable Central Data Encryption Server, (Radiated Immunity)
Maximum Encrypted Data Rate, ≤ 240Mbps with AES256 IEC 61000-4-2 IEC 61000-4-10 Telcordia GR-1089
Encryption Algorithm, Up to 120 RTUs @ 2Mbps pre RTU.
IEC 61000-4-4 IEC 61000-4-11 Surge and
Power Contact

www.valiantcom.com 2
Valiant Communications Limited VCL-2142

MTBF:
! Compact DIN Rail Terminal: MTBF ≥ 215,000 hours @ 24C ambient with single 48VDC power supply
! 1U, 19-Inch Rack-mountable Terminal: MTBF ≥ 295,000 hours @ 24C ambient with dual, redundant 48VDC power supplies
! 2U, 19-Inch Rack-mountable Server: MTBF ≥ 249,000 hours @ 24C ambient with dual, redundant AC power supplies.

Physical:

! Compact DIN Rail Terminal - Height x Depth x Width: 71 mm x 172 mm x 191 mm, Weight: 1.4 Kgs
! 1U, Industrial Terminal – Height x Depth x Width: 44 mm x 250 mm x 83 mm, Weight: 1.9 Kgs
! 2U, Industrial Server – Height x Depth x Width: 88 mm x 661 mm x 482 mm, Weight: 12.7 Kgs

Ordering Information:

Product Order Code: Description Power

VCL-Xcöde-DIN VCL-2142-Xcöde-D -104 Protocol Encryptor - IEC 60870-5-104 48 VDC

Data Encryption Equipment,
Compact DIN-Rail Terminal.

VCL-Xcöde-Chassis VCL-2142-Xcöde-C IEC 60870-5-104 Data Encryption 48 VDC, 110-250 VDC,

(specify the required Equipment. 1U, 19-Inch Rack- 110-240V, 50/60Hz AC,
power supply option) mountable Terminal. 1+0 or 1+1 Redundant
Power Supply Options

VCL-Xcöde-Server VCL-2142-Xcöde-S IEC 60870-5-104 Data Encryption 110-240V, 50/60Hz AC,

(specify the required Equipment. 2U, 19-Inch Rack- 1+0 or 1+1 Redundant
power supply option) mountable Server. Power Supply Options

Technical specifications are subject to changes without notice.

All brand name and trademarks are the property of their respective owners.
Revision 1.4 – July 28, 2018

U.K. U.S.A. INDIA

Valiant Communications (UK) Ltd Valcomm Technologies Inc. Valiant Communications Limited
1, Acton Hill Mews, 4000 Ponce de Leon, Suite 470 71/1, Shivaji Marg,
310-328 Uxbridge Road, Coral Gables, FL 33146 New Delhi - 110015,
London W3 9QN, United Kingdom U.S.A. India

www.valiantcom.com 3