PacStar 451 Small Server Module
High performance virtualization platform in a compact, quick setup, rugged form factor
PacStar 451 Small Server Module provides a high performance virtualized appliance for hosting multiple software applications in a compact, quick setup, rugged form factor. Designed for in-theater communications, executive communications, vehicle-mount, entry or forward operating base deployments for military, Homeland Security, first responders, and commercial/enterprise users. PacStar 451 meets size, weight, and power requirements unmatched by other COTS appliances. PacStar 451 is available with a wide variety of pre-loaded, pre-secured, and pre-qualified software applications appropriate for use in the tactical communication applications.
Virtualized and Software Defined Networking, Network Services, Routing, Switching
Network and Configuration Management
VPN, TLS Encryption, PKI, Certificate Authorities
Cybersecurity: Authentication, Firewalls, IDS/IPS, Threat Analytics, SIEM, Netflow Analysis, DLP
Unified Communications Management
Unified Communications Management
Tactical Cloud Deployment and Storage
Mobile Device and Wireless Network Management
Web Servers and Application Hosting
PacStar 451 Small Server Module
Standard I/O Option / 5 GigE Port Option
Military, Homeland Security and First Responders
Commercial and Enterprise
PacStar 451 is available in a variety of configurations with Intel 4th or 5th generation Core i5/i7 and Xeon processing platforms in both dual-core and quad-core variants. Flexible I/O options let you select the right configuration for your needs. The physical package utilizes the PacStar 400-Series standard module footprint and offers the best in small size, flexible power, and environmental ruggedness.
Click on the following links to jump to more info about these PacStar 451 capabilities.
Aruba Virtual Mobility Controller
PacStar 451 with Aruba VMC is a small form factor, ruggedized network controller providing the following services:
Secure network transport with IPsec gateway services
- Network boundary production with integrated firewall, threat management and content filtering
- Aruba wireless access point and wireless intuition prevention system management
- Policy-based routing
PacStar 451 with Aruba VMC can provide one layer of encryption for VPN-based wired and wireless transport of classified information over WAN, LAN and WLAN links. Configured correctly, the unit enables classified communication over untrusted SATCOM, WiFi, Hotel and Cellular infrastructures. PacStar 451 is certified by Aruba Networks as a supported platform for the VMC.
Bivio Network TLS Protected Server
PacStar 451 with Bivio Networks TLS Protected Server is a small form factor, ruggedized general purpose Linux server providing the following services:
Common Criteria Evaluated Linux with TLS encrypting proxy
Packet acceleration for high performance cybersecurity applications
General purpose application hosting
PacStar 451 with Bivio Networks technology provides a TLS-layer encryption infrastructure suitable for terminating and proxying application layer traffic between application servers and end user applications. This encryption may be used as the inner encryption tunnel in place of IPsec providing flexibility for organizations to use NIAP certified applications with application layer encryption. This model eliminates the need to install and run dual VPN clients on EUDs, in two layer commercial encryption-based classified networks.
Cisco Virtualized Network Functions
Complementing PacStar’s line of Cisco-based hardware solutions, PacStar 451 with Cisco Virtualized Network Functions provides an array of industry-leading routing, switching, call control and cybersecurity technologies deployed and proven throughout the US Department of Defense and Enterprise customers.
PacStar 451 with Cisco Virtualized Network Functions include:
Provide Firewall and VPN services for both standalone tactical boarder protection for tactical networks, and firewall and VPN services for integrated PacStar CSfC solutions
Provide advanced cyber sensor, hunt kit, and netflow traffic analysis for both standalone cyber applications and integrated PacStar CSfC solutions
Provided unified communications and session control for availability of IP voice/video communicates at the end of the network – even when WAN connectivity is unavailable
Provide embedded and cloud routing, with Cisco’s vast array of network capabilities, in a tactical form factor
As implemented in PacStar 451, Cisco Virtualized Network Functions provide capabilities to complement other tactical solutions in the PacStar 400-series Additionally, when deployed on VMware ESXi, the appliance may be managed by administrators using PacStar IQ-Core® Software.
For more details about each Cisco Virtualized Network function, expand each section below.
The Cisco Adaptive Security Virtual Appliance is a virtualized network security solution based on the market-leading Cisco ASA 5500-X Series firewalls. It supports both traditional and next-generation software-defined network (SDN) and Cisco Application Centric Infrastructure (ACI) environments to provide policy enforcement and threat inspection across heterogeneous multisite environments.
The Adaptive Security Virtual Appliance brings full ASA firewall and VPN capabilities to virtualized environments to help safeguard traffic. Virtual-switch independent, it may be deployed in Cisco, hybrid, and non-Cisco based networks.
Cisco ASAv provides security technologies popular in us DoD tactical networks, in platform independent packages. Certified for use on classified networks, including as a VPN gateway and traffic filtering firewall for NSA-approved Commercial Solutions for Classified systems.
** Cisco ASAv is eligible to be used as a virtualized network security component in a CSfC solution. More information can be found at www.nsa.gov.
Outsmart emerging threats with industry-leading machine learning and behavioral modeling. Know who is on the network and what they are doing using telemetry from your network infrastructure. Detect advanced threats and respond to them quickly.
Detect attacks that get past perimeter defenses. Detect malicious patterns in encrypted traffic. No decryption is needed with our Encrypted Traffic Analytics technology and multilayer machine learning.
Quickly detect zero-day malware, insider threats like command-and-control communications and data exfiltration, advanced persistent threats, and other sophisticated attacks. Store telemetry data for long periods. Use advanced analytics to conduct better investigations.
Assists programs in meeting NSA-required netflow collection and monitoring requirements in NSA Commercial Solutions for Classified – Mobile Access Capability Package systems.
Cisco Unified Communications Manager provides reliable, secure, scalable and manageable call control and session management. Enables teams to communicate simply with a unified communication solution featuring IP telephony, high definition video, unified messaging, instant messaging and presence, plus much more.
With broad support for industry standards, a wide range of gateways, and a broad ecosystem of third-party integrations and solutions plus partners, organizations can implement rich collaboration with anyone, anywhere and embed collaboration in mission critical applications.
Support for the latest authentication, encryption, and communication protocols, and compliance with key industry certifications, secures data and communications globally for customers including those in financial services, manufacturing, healthcare, retail and government.
Extensively deployed and certified for use on DoD tactical networks, Cisco UCM provides local session control – ensuring local voice/video communications are available even when WAN links are down.
The Cisco 5921 Embedded Services Router (ESR) is designed to operate on small, low-power, Linux-based platforms. It helps integration partners extend the use of Cisco IOS into extremely mobile and portable communications systems. It also provides highly secure data, voice, and video communications to stationary and mobile network nodes across wired and wireless links.
- High performance
- Security to protect the network and data transmitted over the network
- Remote voice services with Cisco Unified Communications Manager Express (CME)
- Streaming multicast video support
It also integrates sophisticated networking capabilities, such as quality of service (QoS), to help ensure the most important data gets through when links are degraded.
The Cisco 5921 Embedded Service Router can be deployed in mission-critical mobile communications to take advantage of Cisco Mobile Ready Net capabilities that provide:
- Transparent access of mission-critical voice, video, or data information
- Infrastructure-less networking, reaching beyond the range of a fixed network
- Radio-aware routing, immediately recognizing and reacting to changes in neighbor status
- Self-forming networks, offering immediate connection with no required preconfiguration of peers, and eliminating the need for connectivity to the centralized network
Cisco ESR 5921 provides the same functionality as the hardware-based ESR 5915 – ensuring full interoperability and feature compatibility with the hardware ESR – but in a virtualized form factor. Cisco ESR 5921 can be used in NSA Commercial Solutions for Classified solutions as a client VPN.
The CSR 1000V Series serves as a secure single-tenant router in a multitenant, shared-resource public cloud environment. It provides end-to-end managed connectivity.
Gain complete independence, regardless of the infrastructure that your enterprise or data center network uses. The CSR 1000V Series works with VMware ESXi, Red Hat KVM, Citrix Xen, Microsoft Hyper-V and Azure, and Amazon Web Services.
Deploy a complete, hypervisor-isolated, multiservice secure instance for each tenant. Secure features include IPsec VPNs and built-in zone-based firewalls, among others.
Scale beyond the limitations of IEEE 802.1q VLAN tagging by building a VXLAN network or extending Layer 3 routing deeper into the cloud environment.
Cisco Digital Network Architecture (DNA) is the industry’s first network with the ability to find threats in encrypted traffic. ETA is now available on more platforms, including ASR 1000, ISR 1000, ISR 4000, and CSR 1000v Series routers.
PacStar 451 with Fidelis Elevate provides automated detection and response in a compact, quick setup, rugged form factor, ideal for meeting demanding size, weight, power and reliability requirements for military tactical cyber defensive operations, including pre-positioned cyber sensors and deployable “hunt mission” kits. The system can fill gaps in tactical network cybersecurity, and address three primary DoD challenges: tactical networks frequently are poorly secured; cybersecurity technologies are too large and expensive to deploy; and there is a lack of trained cyber specialists rapidly available in the field.
Multi-purpose, automated cybersecurity detection, response and prevention system providing IPS, DLP, Malware detection and determination, analytics, compromise intelligence and forensics across the threat lifecycle
Insider Threat, Data Exfiltration and Data Leakage Prevention
Detection, response and prevention of Advanced Cyber Threats including Advanced Persistent Threats, External Adversary Infiltration & Malware
High speed network security analytics from session as well as packet based inspection. Indexed storage of long term, rich network session metadata
Ability to apply new threat feed intelligence automatically against historical network session metadata to generate new alerts for past events based on receipt of new / actionable threat intelligence
Palo Alto NG Firewall VM
PacStar 451 with Palo Alto NG Firewall VM brings the power of Next Generation firewalls to the tactical network edge.
Palo Alto Networks next-generation firewalls are architected to safely enable applications and prevent modern threats. Palo Alto’s technology approach identifies all network traffic based on applications, users, content and devices, and lets organizations express policies in the form of easy-to-understand security rules.
Palo Alto next-generation firewall classifies all traffic, including encrypted traffic, based on application, application function, user and content. Organizations can create comprehensive, precise security policies, resulting in safe enablement of applications. This lets only authorized users run sanctioned applications, greatly reducing the surface area of cyber attacks across the organization.
The combination of Content-ID™ and WildFire™ provides protection from known and unknown threats. Content-ID limits unauthorized data transfer and detects and blocks a wide range of threats. WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs) through static and dynamic analysis in a scalable, virtual environment, and automatically disseminates updated protections globally in near-real time.
Perspecta Labs Secure IO Gateway
PacStar 451 with Perspecta Labs (formerly known as Vencore Labs) SecureIO gateway is a small form factor, ruggedized application protocol gateway, a part of a complete TLS-based encryption solution providing:
Application layer consolidation of application traffic, suitable for insertion into TLS tunnels
Multicast support – enabling multicast applications to tunnel inside IPsec encrypted links
Termination of communications from Android devices running Perspecta Labs SecureIO Client – a Common Criteria evaluated TLS encryption client
PacStar 451 with Perspecta Labs SecureIO simplifies the secure deployment of pre-existing and new applications on Android devices that are configured for use in commercial classified solutions. Android devices used in these solutions are typically limited to the use of only those applications that have been Common Criteria approved for providing TLS encryption of all communication. Common Criteria approval of apps is an expensive and time-consuming process and can require significant modification to the application by the developer. The SecureIO application provides a Common Criteria Evaluated TLS encryption service to other applications, so that those applications don’t have to obtain a separate approval, and can be installed on the end-user device and used on classified networks.
Riverbed Virtual Steelhead
PacStar 451 with Riverbed Virtual Steelhead provides industry-leading WAN optimization deployed and proven throughout the US Department of Defense and Enterprise customers. Riverbed Virtual SteelHead delivers built-in security and accelerated performance across the entire network – as if the applications were performing locally.
PacStar 451 with Riverbed Virtual Steelhead providing the following services:
- WAN optimization for improved application performance and more efficient utilization of WAN bandwidth
- IT control with quality of service (QoS), path selection and secure transport features
- Increased visibility with end-user monitoring for all optimized traffic on premises and optimized web and SaaS applications
- Dynamic selection of the best application path based on network availability
- Reduced latency with integrated video-ready web caching
As implemented in PacStar 451, Riverbed Virtual Steelhead provides acceleration to complement tactical solutions such as the PacStar 400-series other existing tactical solutions. Additionally, when deployed on VMware ESXi, the appliance may be managed by untrained administrators using PacStar IQ-Core® Software.
REDCOM® Sigma® Core 2.0.1
Sigma Core is REDCOM’s flagship unified communications (UC) and call control software platform that delivers powerful capabilities highly relevant to the government and military, including a robust URI-based call routing engine with full support for AS-SIP. Integrated with PacStar 451, the software can function as a stand-alone Local Session Controller (LSC) or as an adjunct to an existing Enterprise Session Controller (ESC) to deliver advanced voice services such as transcoding and conferencing for red and black networks. The combination of PacStar 400-Series and REDCOM Sigma Core provides dramatically improved capabilities for tactical, expeditionary, and mobile organizations including:
Ability to extend voice, chat/XMPP, video conferencing, and unified messaging to the edge of defense networks
Ability to interoperate with existing and legacy voice and UC systems, including with coalition partners
Conduct communications that need security – utilizing defense-grade, certified encryption of signaling, payload, and authentication and management protocols
Ability to physically integrate with existing PacStar 400-Series based deployments, taking advantage of the modular and flexible PacStar 400-Series platform
Sonus SBC SWe and VX SWe
PacStar 451 with Sonus SBC SWe and VX SWe can instantly add secure and reliable local communication capabilities at the tactical edge.
PacStar 451 with Sonus SBC SWe* and VX SWe can provide the following services:
Local SIP registration for SIP phones and SIP clients
323 to SIP transcoding
Support for AS-SIP and MLPP
Support for v.150 relay
Session and Media Encryption
DDoS/Rogue RTP Protection
PacStar 451 with Sonus SBC SWe and VX SWe enables tactical customers to add secure, vendor agnostic Unified Communications capabilities to their tactical network. The Sonus solution can give customers the capability to locally register any SIP based phone or SIP client, as well as provide seamless connect any IP based radio to the SIP/UC infrastructure. Beyond that, all communications would be optimized over tactical networks, thus reducing bandwidth and supporting more class in limited bandwidth environments.
*JITC certification pending
Download the technical datasheet:
PacStar systems, including this product, may be covered by one or more of the following US patents: #8,654,749, #7,817,589, #8,270,325, #9,160,619 #9,225,102. Additional patent(s) pending. See www.pacstar.com/patents for details.