Any business today will rely heavily on WAN (Wide Area Network) technologies to conduct their daily operations, where they see the ready availability of online communications as a natural medium for exchanging information such as e-mail, text messaging, B2B and point-of sale transactions. In addition to these services the medium is now being used for the distribution and management of remote video surveillance, access control, building management, alarm monitoring, process control and other similar services that were historically designed to operate on a closed (private) system.
Manufacturers are rapidly developing products, applications and algorithms that utilize the evolving Internet infrastructure with the objective of providing seamless integration of security, surveillance, monitoring and communication functions. To accomplish this, companies have had to rely heavily on the expertise and experience of the IT profession to help engineer cost effective transmission solutions using existing hardware technologies and applying various network protocols to accommodate them.
To implement these Internet based solutions requires a specialist level of IT knowledge, to ensure communication paths are configured correctly and that data is not compromised or accessed by non invited third parties.
Developed by KBC Networks, ThruLinkTM addresses the need for secure, encrypted transmission paths through both public and private networks. Developed initially to offer enhanced capabilities and security of surveillance video over IP, ThruLinkTM provides plug and play tunneling capabilities through LAN (Local Area Network) and WAN environments. Essentially, ThruLinkTM provides a "pipe within a pipe" to segregate and isolate its encrypted traffic from all other network communications.
This paper aims to introduce ThruLinkTM and describe its unique benefits and characteristics.
Electronic Security in the IT World
The convergence of security applications and the IP environment have created several challenges that need to be addressed by system planners, operators and users. Unlike closed circuit systems for video, building management, alarms and access control of the past, today's integrated systems demand access and operation from multiple diverse locations utilizing public and private networks as the preferred choice of transmission. The data to be transmitted may consist of video, data, audio, contact closure, telephony, Ethernet traffic or a combination of any of these signal types. The links generally follow one of the following models:
In this scenario a link is established between two nodes, either across campus, across town, or even across a country.
A central node operates as a control center or hub requiring remote individual connections to multiple remote locations.
Several control locations may require access to several remote locations, either same or different.
Obstacles Facing Transmission Networks
1. Video transmission across the Internet
Due to the high bandwidth requirements of uncompressed video, various algorithms have been widely adopted in an attempt to limit and control the bandwidth requirements per video stream. MPEG-4 and H.264 are the most popular algorithms in use today, and the typical CCTV security application calls for providing both multicast streams allowing a single camera to be viewed from multiple sites, or unicast streams that provide a point-to-point connection for the purpose of recording video, video playback, or static viewing. The typical video stream requires between 2-8Mb of bandwidth depending on the performance required at the receive end.
2. Creating a separate network inside an existing network In order to provide secure and autonomous data paths, many applications rely on leased lines to segment their data and make available as much bandwidth as possible.
Setting up and maintaining leased lines is very costly, so an alternative is to set up VPN tunnels to try and isolate traffic from concurrent transmission of other data across the network. The problem with this approach is that data frames from different sources need to be queued for an orderly transmission down the line and reassembled at their respective destinations. In the event packets are lost or corrupted, additional bandwidth is used up for the resend request. In the case of UDP video transmission, there are no requests for resending of lost packets, but the likelihood of slow network connection due to high traffic or limited bandwidth will result in lost packets of data and noise evident in the video image.
3. Secure network traffic
Security personnel and IT personnel each have valid concerns regarding the integrity
and security of their transmitted data including:
- Latency
- Quality of service
- Transmission path optimization
- Maintaining integrity of transmitted data
- Dependable and predictable uptime
The Internet is a non-secure medium that is widely accessible by the public worldwide.
The challenge is to provide consistent, secure and dependable connections across the Internet at a minimum cost.
4. Reduce network complexity
The establishment of secure networks requires implementation of several vendors' services, varying equipment and service providers, regular maintenance and updates, prevention of uninvited intrusion, and an ever evolving knowledge of existing and newly implemented protocols, restrictions, policies and regulations.
Why ThruLinkTM instead of broadband VPN solutions?
Broadband is a cost-effective alternative for higher speed bandwidth compared to constrained frame relays and leased line solutions. It offers inter-branch connectivity, cost advantages over T1/E1 lines, backups for frame relay and MPLS, and replaces usage-based ISDN connections. Broadband Internet access is relatively easy to deploy for a single location, but today's diverse security applications require the added security offered by broadband VPNs (Virtual Private Networks). However, there are many factors that make VPNs complex and costly to implement such as equipment maintenance, technology diversity, handling multiple access providers and their respective contracts, solving security threats, and integrating broadband with other access technologies. Implementation of VPNs requires an in-depth knowledge of network topologies, equipment, routing protocols and more. Companies have found designing and deploying VPN solutions to be very time consuming and cost prohibitive and looking at various "help" sites online, it's clear that VPN configuration is a bit more complicated than most companies are willing to accept.
With the commercial pressures typical in the security and surveillance industry, a way of offering rapidly deployable and self managed solutions is needed.
A Simple Solution to Complex Transmission Problems
ThruLinkTM is a tunneling appliance designed to address the need for rapid deployment, minimal setup, maintenance free operation, and robust security and integrity of transmitted data. Offered in both a Standard and High Capacity configuration, ThruLinkTM affords plug and play portal implementation for point-to-point, star and mesh topologies while avoiding the need for complicated configuration and setting routines common to most VPN applications. Implementation basically consists of the following steps:
Install ThruLinkTM interfaces at the transmit and receive locations.
- ThruLinkTM is preset at the factory with source and destination addressing. A serial console allows the installer to quickly configure the units or reset a lost password.
- A primary server IP address needs to be set. This gives ThruLinkTM its far end location. A secondary server IP address can also be provided to offer a fallback position in the event of the primary server location becoming corrupted.
- A web-based GUI allows network monitoring, basic ping and traceroute functionality.
• ThruLinkTM automatically establishes a secure, encrypted tunnel without interrupting the host network or requiring any changes to existing network configurations.
Benefits:
- ThruLinkTM auto-negotiates best routing and records preferred routing tables.
- ThruLinkTM applies AES-128 and optional Blowfish-128 encryption to all TCP/IP protocols regardless of traffic type.
- ThruLinkTM performs from behind firewalls, NAT devices, and through nearly any conceivable type of network configuration.
- ThruLinkTM will not affect TTL, UPnP, VLAN information, broadcast, unicast,multicast or any other traffic.
ThruLinkTM Applications
1. SC client to SC client
2. Multiple SC clients to one SC server node
3. HC client to HC server
4. Multiple HC clients to one HC server
5. Multiple SC and HC clients to HC server(s)
Summary
ThruLinkTM effectively and efficiently provides plug-and-play tunneling capabilities across private and public networks, minimizing hands-on setup and configuration.
Because elaborate third party security solutions and IT resources are not required for deployment, ThruLinkTM significantly reduces the cost of implementing secure and reliable LAN and WAN communications links.
