DIRAC Server
The DIRAC server provides the following hardware and software components:
• The Quantis USB device, delivering the quantum random numbers required for the Master Keys.
• The Master Key Manager, distributing the Master Keys generated by the Quantis USB device to the Crypto Engines which are used as MPLS tunnel endpoints for a bidirectional label switched path (LSP).
Master Keys can be renewed on request by the DIRAC user.
• The MPLS manager, maintaining a database with all deployed SENC1 Crypto Engines and MPLS segments and tunnel endpoints.
The MPLS manager communicates with the FOXMAN-UN via a REST (Representational State Transfer) interface over HTTPS.
The MPLS manager communicates with the SENC1 Functional Units via an encrypted GRPC protocol. GRPC encryption is done using a private certificate. Exchanging the public certificates establishes trust.
The MPLS manager forwards the crypto configuration for the MPLS tunnels from the FOXMAN-UN to the involved SENC1 Crypto Engines:
− Involved Crypto Engine endpoints;
− MPLS labels to be used in outgoing and incoming direction;
− Crypto Profile to be applied (encrypt/discard/bypass, authentication);
− Master Key to be used for the Session Key encryption;
− Session Key renewal rate.
Please note:
The configuration of the Layer 2 protocol packet encryption (PTP and ESMC) is preferably done with the FOXMAN-UN ESM.
• The DNMS manager, maintaining a database with all deployed SENC1 Functional Units with their identifier and IP address. The DNMS database is populated by the dirac user.
The DNMS manager monitors the status of the SENC1 management channel.
• The DNMS agent, providing the DIRAC server fault management and the logging of DIRAC server events.