PacStar CSfC Solutions
PacStar’s proprietary products, technical expertise, integration, test and certification experience in deployed and fixed networking systems based on commercial-off-the-shelf (COTS) equipment provide our customers with a one-stop shop for CSfC solutions. Our CSfC solutions include:
PacStar Secure Wireless Command Post (Wi-Fi)
Small modular communications package that enables SIPR wireless and mobility for smartphones, tablets and laptops for classified networks in deployed, expeditionary and tactical environments
PacStar 400-Series Tactical Hardware and Compact Case Solutions
Modular, small form factor, CSfC-compatible, deployable, communications solutions designed for small teams, ground vehicles, air and sea applications
PacStar IQ-Core® Crypto Manager
Designed to simplify the deployment of multiple VPN-based solutions
PacStar 4501 Commander Kit
Lightweight, compact, and secure communications package that provides voice, data and video communications for combatant commanders, executives and other high-profile users
PacStar Enterprise IT Solutions
CSfC solutions for fixed installations based on COTS fixed/rack-mount equipment from PacStar partners such as Aruba, Brocade, Cisco, etc.
PacStar Secure Wireless Command Post (Wi-Fi) is a small modular communications package that enables SIPR wireless and mobility for smart phones, tablets and laptops for classified networks in deployed, expeditionary and tactical environments.
The solution architecture follows the NSA Commercial Solutions for Classified (CSfC) Campus WLAN Capability Package v2.0. It enables end user devices to utilize built-in commercial Wi-Fi on mobile devices to provide one layer of the required two-layer NSA encryption requirements. Combined with a single VPN client, end user devices are able to transmit classified information over Wi-Fi.
PacStar Secure Wireless Command Post as shown provides transport for access to a single SIPR network. The solution is configurable (with additional equipment) to provide transport for multiple classified networks (including networks of different levels of classification up to Top Secret) over a single wireless infrastructure.
The Secure Wireless Command Post (Wi-Fi) is based on PacStar 400-Series small form factor platform. PacStar 400-Series modular platform is designed to maximize capabilities with the smallest SWaP possible, and is customizable and configurable to meet other NSA CSfC capability packages including MA CP (with LTE or other radio types) and MSC CP. It can also be configured to optimally serve a wide range of team sizes, and can be customized with additional software and NFV solutions to ensure interoperability with existing customer infrastructure.
PacStar Secure Wireless Command Post is managed by PacStar IQ-Core® Crypto Manager, which simplifies system CSfC setup, configuration, certificate authority requests and VPN management.
IQ-Core Crypto Manager (CM) saves setup and configuration time, reduces errors and improves reliability of CSfC solutions. It can overcome the added complexity and training burden imposed by two laters of encryption required by the CSfC program. Based on our widely deployed IQ-Core Software, our management software provides:
An intuitive user interface making set-up and operation by non-technical personnel quick and easy to learn with significantly fewer mis-configuration errors
Powerful wizards and alerts with a common user interface across all hardware and software components automating complex and routine tasks
Interoperability with a broad range of tactical and enterprise communications hardware and systems, enabling easy, consistent operation even with upgrade and replacement of system components
Vendor agnostic remote management with the ability to monitor, change device configurations and troubleshoot from anywhere in the world
IQ-Core CM includes specific CSfC functionality to support widely deployed tactical devices, as follows:
Configuration, monitoring and management of IPsec VPN gateways, including Aruba Networks Mobility Controllers, Cisco ISR-based routers, and Cisco ASA Firewalls – including VPN setup/configuration and generation, and signing and management of encryption certificates.
Automating CSfC functions with Certificate Authorities (CA) from ISC (Information Security Corp.) and Microsoft – including wizards enabling management, signing and transmission of certificates, certificate signing requests, and more.
Select configuration management, auditing and logging functions to assist organizations in meeting CSfC requirements.
The VPN setup and certificate wizards reduce the complexity of providing the correct information to the CSfC devices by providing step-by-step wizards, insulating lightly trained users from dealing with the command line interfaces and multiple UIs from underlying devices.
PacStar is a leading developer of deployable hardware including CSfC components that provide secure network access with a minimum of SWaP. Each of the modules is roughly 5 inches x 7 inches x 1.6 inches, weighs between two to three pounds, runs on AC or DC power, and has a large environmental envelope extensively MIL-STD tested – and thus is ideal for deployed communications.
Based on Cisco ESR 5915, Cisco ESS 2020, Aruba VMC and other networking technologies from leading providers, providing CSfC-compliant encryption capabilities
Includes Intel Core i5/i7 and XEON servers hosting a wide array of cybersecurity software required for CSfC compliance
Integrated power supplies that run on tactical radio batteries, wide range DC input and worldwide AC input
Snap-together design enables quick expansion with other PacStar 400-series products and quick reconfiguration of modules and chassis
Continuous runtime with hot swappable batteries
Extensively MIL-STD 810G environmentally tested for temperature, shock, and vibration and more
Typical module weight: 2.5 lbs.
Typical module dimensions: 5.3” x 7.1” x 1.6”
Module choices: 441 (router), 442 (switch), 451 (server), 455 (hyper-convergence) 461 (RoIP), 462 (analog voice) and more
Regulated 12 V DC output supports powering other accessories
PacStar 4501 is a lightweight, compact, and secure communications package that provides voice, data and video communications for combatant commanders, executives and other high-profile users. The highly integrated package includes everything needed to quickly establish classified communications, including networking, encryption, wireless transport, and even an IP voice handset – all pre-wired and available at the push of a button.
The system includes two independent, NSA-certified Cisco-based IPSec VPN gateways (Cisco 5915 ESR and Cisco ASA 5506), providing two layers of commercial encryption. The system comprises built-in Cradlepoint Wi-Fi/Cellular router, Cobham Thrane IP Handset, and integrated battery/UPS and charger, providing an all-in-one, convenient solution.
The package is optimized for use with NSA Commercial Solutions for Classified (“CSfC”) networks, or may also be used with HAIPE devices providing access to classified and unclassified DoD networks. PacStar 4501 is optionally managed by PacStar IQ-Core® Software, which simplifies system setup, network management and protects the system from mis-configuration by operators.
PacStar, as a leading provider of integrated, on-base, fixed infrastructure LAN/WLAN solutions, has developed extensive testing and integration expertise in relevant networking and communications technologies, leveraging our long history working with many industry-leading networking OEMs and vendors including Cisco, Brocade, Aruba Networks, and Riverbed.
PacStar is a leading provider of LAN equipment through our Enterprise IT Solutions division, offering CSfC approved products from manufacturers, including:
Aruba (a Hewlett Packard Enterprise Company)
Information Security Corp. (ISC)
Palo Alto Networks
PacStar is also working with additional major networking companies to develop unannounced CSfC solutions. Contact us for quotes on solutions that meet your needs.
Putting It All Together
Because of the modularity and flexibility of PacStar products, we can deliver many CSfC configurations, depending on your use cases, size of team, and other requirements. Configurations can include systems to meet the CSfC MSC CP, Campus WLAN CP, and Mobile Access CP. Just one example configuration is shown below.
The below configuration uses the Campus WLAN Capability Package v2.0. This is ideal for high bandwidth, wireless, command post applications.
This configuration includes:
PacStar 451 with Aruba VMC (Virtual Mobility Controller), used to manage the local Wi-Fi networks. This device establishes the second (outside) layer of Wi-Fi encryption for deployed network and remote users, which is essential to meeting CSfC requirements. It also provides WIDS capabilities.
Aruba access points for networking, which provide WLAN radio services – the Wi-Fi access point.
Laptop-based Wi-Fi drivers and OS encryption terminating the Wi-Fi security layer.
Cisco VPN client running on wireless user laptops. This VPN client terminates at the Cisco 5915 (or other) VPN GW (Gateway) on the RED network.
Additional PacStar 451 servers used to host a variety of required CSfC equipment including SIEM (Splunk), Authorization Server (Aruba Clearpass), Certificate Authority (ISC or Microsoft), Firewalls (Palo Alto), and WIDS controller (Airwave).
Laptops running IQ-Core Crypto Manager are included for management/configuration and provisioning.
Diagram 1. Campus WLAN Capability Package 2.0