Communicate in Confidence ®

Call TCC Sales at +1-978-287-6229

KEYNET Optical Manager

Trusted Key and Device Management
for DSD 72B-SP SONET/SDH Encryption

The advanced KEYNET Optical Manager centrally and simply configures and manages a global network of TCC's DSD 72B-SP interoperable SONET/SDH encryption appliances. With an intuitive user interface and automated polling of alarms and logs, a network expert is not needed for trusted key and device management.

Request a Quote



Product Data Sheet




  • Easy to use, centralized management platform
  • Automated key and device management requires little human interaction
  • Hardware-based security vault protects highly critical keys
  • Multiple layers of protection
  • User-authenticated device configuration and deployment for traceability
  • Simple provisioning and management of security policies
  • Intuitive user-friendly interface
  • Network expert not needed to manage network security




Centralized Management

TCC's DSD 72B-SP and DSD 72A-SP (STM) SONET/SDH encryption family are centrally deployed, configured and managed by TCC's advanced online KEYNET Optical Manager for network encryption and secure communications. Multiple layers of protection secure keys at every point in their life cycle without human intervention.

DSD 72B-SP Optical Encryption

The DSD 72B-SP SONET/SDH interoperable encryption family is available in rugged industrial, military and industrial variants. It provides strategic-level path encryption and secure communications of voice, data and video transmitted over fiber optic networks. Protocol agnostic and with automated KEYNET key and device management, DSD 72B-SP SONET/SDH encryption is a cost-effective, secure communications solution for global mission-critical networks.

Device and Key Management

KEYNET provides user-authenticated, role-based secure device management, as well as path configuration and monitoring that supports network policies (blocked, plain, secure). With an intuitive user interface and automated polls, alarms and logs, a network expert is not needed for trusted key and device management of a large network.

KEYNET provides end-user control over secret key generation functions and ensures that all virtual container (VC) data is processed in the assigned mode (secured, plain, blocked, unequipped, etc.). It also ensures that changes to VC endpoints (container re-routings) are efficiently managed. KEYNET's auditing of individual DSD 72B-SP SONET/SDH encrytion devices allows role-based, authenticated users to confirm the configuration of all DSD 72B-SP SONET/SDH encryption devices, perform remote diagnostics, and manage each device’s moment-to-moment virtual, logical connections.

Multiple Layers of Protection

KEYNET: SONET/SDH encryption management screenshot

KEYNET: SONET/SDH encryption management screenshot

KEYNET Optical Manager is comprised of an MS Windows® 7 based 19" rack mounted computer and an attached TCC Security Vault. The Security Vault communicates with its server via a dedicated Ethernet connection. The computer hosts the KEYNET server application (KSA) service. A KEYNET Local Client (KLC) application is also hosted on the computer, and communicates with the embedded KSA service. Using the KLC, the user logs onto and authenticates with the KSA. The server also securely communicates with each fielded DSD 72B-SP SONET/SDH encryptor over an IP network (e.g., the Internet, or private IP data network). KEYNET Lite-Optical is available for small networks.







SONET/SDH Encryption KEYNET Management Features

Key Management Functionality

  • Scheduled key updates
    Assigned optical paths
  • Whenever required (on-demand)
    Reassignment of fiber segments
    Reroute of Virtual Containers (VCs)
    Restoration due to fiber outages

Device Management Functionality

  • Dynamically reassign VCs
  • Set security levels of individual VCs
    Cipher / Block / Plain / Forced Plain
    Unassigned / Unequipped
  • Monitor critical functions
    Per user-defined polling intervals
    Retrieve security events (audits)
    Monitor device logistical status
    Record asynchronous events / traps
  • Health of virtual containers
    Section and path overhead data
  • Inter-device communications links
    Set path overhead IDCL channel(s)

High-Level Security
Data Encryption Algorithm: AES-256

  • Trusted secret key infrastructure
  • All keys encrypted by Security Vault
  • All management messages to / from KEYNET are encrypted
  • All security relevant activities logged
  • Logs retrieved by KEYNET
  • Tamper-resistant enclosure; keys erased when enclosure is opened

Encrypted and Authenticated Key and Device Management

KEYNET Optical Manager Specifications

Support Network Topology        KEYNET messages sent over IP data network (e.g., Internet)
– AES-256 encrypted device management messaging
via SNMP (IPv4) MIB messages

– AES-256 encrypted key management messaging
via ANSI-defined Key Service Messages (KSMs)

Management of Two Independent
Network Interfaces
       External network interface to each DSD 72B-SP device
– Internet Protocol (IP) over Ethernet physical layer

Security Vault interface (Server PC to Security Vault)
– Dedicated IP over Ethernet interface

KEYNET Device Management        Remote polling of each DSD 72B-SP Device
– Retrieves up-to-date device status information
– Retrieves audit reports (Security; Operations; Logistics)

KEYNET Key Management        Initial Master Key Encrypting Key (MKEK) generation
Manual MKEK distribution (to each DSD 72B-SP)
Electronic distribution of required keys to each DSD 72B-SP
– PKEK / PMAK pairs
AES-256 MKEK-encrypted key distribution messages

KEYNET Network Management        Virtual Container configurations (network topology set-up)
Virtual Container rerouting (performed on-demand)
– Sends PKEK / PMAK key pairs prior to rerout execution

KEYNET Power        100VAC to 240VAC / 50Hz or 60Hz
Optional Uninterruptible Power Supply (Recommended)

KEYNET Server Personal Computer:        19" Rack Mountable

TUV logo Quality
TCC is dedicated to quality products and services. TCC is ISO 9001 certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality systems in design/development, production, installation and servicing.