SecFlow-2 Ruggedized SCADA-Aware Ethernet Switch/Router
SecFlow-2 Ruggedized SCADA-Aware Ethernet Switch/Router key points:
Compact ruggedized Ethernet switch/router, deployed in harsh industrial environments with up to 16×10/100BaseT and 2×100/1000BaseFX ports
with optional PoE
Advanced security package, including SCADA-aware firewall per port, IEEE 802.1X port-based Network Access Control, L-2/3/4 ACL for incoming
traffic and L-2/3 VPN with IPsec
Integrated RS-232 serial interface with protocol gateway and tunneling functionality for easy migration of legacy services to IP Ethernet switching, IP
routing with integrated VPN and link protection per ITU-T G.8032 with optional cellular 2G/3G modem uplink for maximum service continuation
Wide range of AC or DC power input options
Description of the RAD SecFlow-2
SecFlow-2 from RAD is a ruggedized Ethernet switch / router with a unique built-in packet processing SCADA-aware engine to fit the mission-critical
industrial applications. SecFlow-2 supports two Gigabit Ethernet, up to 16 Fast Ethernet and serial ports for legacy services. The SecFlow-2 switch is
designed for installation under harsh environmental conditions. It features DIN-rail mount, IP30 protection level, wide temperature operating range (-
40°C to +75°C) without fans, EMI immunity (IEC61850-3, IEEE1613 and EN50121-4) etc.
MULTI-SERVICE GATEWAY WITH SECFLOW-2
SecFlow-2 utilizes Ethernet ports for new IEC 61850 compliance IEDs for automation and tele-protection applications in
substations. Additionally, SecFlow-2 is equipped with serial interfaces for connectivity of legacy RTUs with new IP-based IEDs. SecFlow-2 gateway
converts legacy IEC-101 protocol to IP-based IEC-104, enabling seamless communication from the IP SCADA to both the old and new RTUs. This
provides a single box solution for multi-service applications and smooth migration to all- IP networks.
RAD SecFlow-2 MARKET SEGMENTS AND APPLICATIONS
SecFlow-2 addresses the following markets:
Utility installations (electricity, water, gas and oil)
Intelligent transportation (highway, railway)
Manufacturing facilities (chemical, food industry)
Military and defense applications (HLS, safe city).
SecFlow-2 supports an integrated firewall per port, providing a network-based distributed security designed especially for
SCADA applications. The SecFlow-2 monitors SCADA commands, using deep packet inspection, to validate if they fit the
intended application purpose. Additionally, the SecFlow-2 features a VPN gateway with two operation modes:
• Inter-site connectivity, using IPSec tunnels
• Remote user access, using SSH.
Inter-site VPN based on GRE tunnels over an IPSec encrypted link ensures L2/L3 transparent connection of the Ethernet networks sites.
For remote access, the switch uses a SSHencrypted tunnel, with user authentication and specific access authorizations.
ETHERNET QUALITY OF SERVICE
Flexible QoS techniques ensure differentiated service delivery end-to-end.
SecFlow-2 utilizes the following traffic management methods: strict priority,
Weighted Round Robin (WRR), ingress policing and egress traffic shaping.
OAM OF SecFlow-2
SecFlow-2 provides these types of Ethernet OAM:
• Single-segment (link) OAM according to IEEE 802.3-2005 (formerly 802.3ah) for remote management and fault indication
• End-to-end connectivity OAM based on IEEE 802.1ag to monitor Ethernet services proactively and guarantee that customers receive the
• End-to-end service and performance monitoring based on ITU-T Y.1731.
Fault monitoring and end-to-end performance measurement.
RAD SecFlow-2 RESILIENCY
SecFlow-2 supports Ethernet rings according to the ITU-T G.8032 standard, for fast failure detection and switchover regardless of the scale of the
Traditional resiliency protocols such as RSTP (Rapid Spanning Tree Protocol) and MSTP (Multiple Spanning Tree Protocol) per IEEE 802.1D are
Link aggregation is performed according to IEEE 802.3ad with LACP allowing aggregation of point-to-point links operating at the same data rate. This
enables the switches to take advantage of increased bandwidth.
INTEROPERABILITY of RAD SecFlow-2
SecFlow-2 is compatible with SecFlow-4. In addition, it operates with RAD’s Airmux broadband wireless radios, providing PoE
feeding to the Airmux outdoor units (see Ordering).
The SecFlow-2 can be managed via RADview, RAD’s carrier-class NMS for Windows and Unix, and SecFlow Network Manager that provides end-to
-end management for SecFlow devices.
SecFlow-2 also supports a variety of access protocols, including CLI, Telnet, Web, SNMPv3 and TFTP.
RECOMMENDED CONFIGURATIONS for RAD SecFlow-2
Secured SCADA-Aware Options Ethernet features, gateway, security and routing package
SF2/S/AC/2GE8UTP/PoE AC power supply, 2×GbE SFP ports, 8×10/100BaseT ports, PoE on 8 UTP ports
SF2/S/AC/2GE8UTP/PoE4AM AC power supply, 2×GbE SFP ports, 8×10/100BaseT ports, PoE on 4 UTP ports for Airmux products
SF2/S/48VDC/2GE16UTP 48 VDC power supply, 2×GbE SFP ports, 16×10/100BaseT UTP ports
SF2/S/48VDC/2GE8UTP8SFP 48 VDC power supply, 2×GbE SFP ports, 8×10/100BaseT UTP ports, 8 ×100 FX SFP ports
SF2/S/48VDC/2GE8UTP 48 VDC power supply, 2×GbE SFP ports, 8×10/100BaseT UTP ports
SF2/S/24VDC/2GE8UTP/RS232/CEL 24 VDC power supply, 2×GbE SFP ports, 8×10/100BaseT UTP ports, 4×RS-232 ports, dual SIM
GPRS/UMTS cellular modem
SF2/S/48VDC/2GE8UTP/RS232/CEL/EW 48 VDC power supply, 2×GbE SFP ports,8×10/100BaseT UTP ports, 4×RS-232 ports,
dual SIM GPRS/UMTS cellular modem, 5 years extended warranty
Ethernet features and gateway functionality only
SF2/B/AC/2GE8UTP/PoE AC power supply, 2×GbE SFP ports, 8×10/100BaseT ports, PoE on 8 UTP ports
SF2/B/48VDC/2GE8UTP/PoE 48 VDC power supply, 2×GbE SFP ports, 8×10/100BaseT ports, PoE on 8 UTP ports
Product data sheet for the SecFlow-2 (pdf)