Please Fill Out Form

to Request Document

Required Fields*

Secure Management for Cryptographic Infrastructure

Reliable hardware security needs 24/7 attention. The resource pool necessary for this becomes a pain point for enterprises. The travel costs alone are a huge expense. Many administrators and key officers traditionally visit each server, often spread between geographically dispersed data centers. With the Guardian Series 3, these administrators need not travel to every unique device for configurations and more—only to a single Guardian server.

Alerting, Monitoring, and Intelligent Load Distribution

The Guardian introduces mission-critical visibility to your core cryptographic infrastructure with monitoring and alerting tools. The Guardian automatically conducts diagnostic monitoring of vital system parameters, throughput rates, and error messages of connected client devices. This enables forwarding of real-time notifications and alerts available via SMTP, SNMP, and SMS, ensuring that systems administrators have the tools needed to know the health and status of the infrastructure at all times. Should an alert prompt mission-critical action, an appropriate chain of response can easily be developed.

For electronic payment environments where debit transactions are processed, one of the unique features of the Guardian is its ability to monitor when exhaustive PIN attacks may be occurring and to alert network administrators should such an attack occur. Along with monitoring and alerting capabilities, the Guardian also offers full system redundancy, which detects if managed devices become unavailable and automatically redistributes transaction loads to available backup hardware with zero downtime. These features will assist in your system running smoothly and efficiently.

Stack of Guardian Series 3

Active–Active Redundancy

With the Guardian, organizations are capable of creating a scalable, redundant environment for managing multiple client Futurex devices within several cohesive groups that operate faster and more effectively than a standalone device. This grouping also provides fault tolerance for the individual Futurex devices. For example, if one unit fails or must be taken offline, the other units automatically absorb the transaction load, preventing system unavailability or downtime.

Maintaining a data encryption infrastructure with multiple active Guardian load balancing and monitoring devices provides added efficiency as well as protection against full data center outages. These units synchronize automatically, providing direct load balancing for their own dependent Futurex devices and redundant failover for devices belonging to other Guardian units.

Streamlines Operation and Ensures Compliance

Performing firmware updates and log audits typically take days for organizations with multiple cryptographic devices spread across multiple data centers, but these tasks can now be accomplished from one centrally located Guardian.

With the Guardian, a number of compliance requirements can be fulfilled from a central location:

  • “Push” update functionality sends and installs firmware on managed devices
  • Authenticated system logs for all connected devices are stored in a central repository
  • Add and fully configure new client devices, including loading the Master File Key without ever setting foot in a remote data center
  •  Web-based remote management capabilities, simplifying use and enabling deployment of lights-out data centers

Secure Management Platform

  • Centralized management, configuration, log auditing, and key loading for Futurex devices
  • User-defined grouping system, simplifying the process of managing multiple environments or regions collectively within the Guardian
  • “Push” notifications for distributing and installing firmware updates on managed devices, saving your company time, travel, and expenses

Ease of Use

  • Robust and versatile Graphical User Interface (GUI) for user-friendly, easy-to-understand operation
  • Seamless addition process for new Futurex client devices, with automatic replication of existing keys, certificates, and settings
  • Drag-and-drop functionality to move encryption devices between groups, enabling rapid modification of resource allocation

Customized Notification and Alerting

  • Simple Mail Transport Protocol (SMTP) and Short Message Service (SMS) allows administrators to be notified by e-mail or mobile phone should any technical issues with the Guardian or a client device arise
  • Simple Network Message Protocol (SNMP) and syslog functionality transmit log and error messages to a central network monitoring tool
  • Advanced log filters can be enabled and disabled as needed for purposes of development, troubleshooting, and auditing
  • User-definable alerting parameters, allowing for tiered or priority-based notifications
  • Exhaustive PIN attack monitoring with customizable notification thresholds for organizations processing debit transactions

Intelligent Load Distribution and Automated Failover

  • Should a managed device fail or become unavailable, the Guardian will redistribute the transaction load to the remaining available devices in the group and re-add the device when connectivity has been restored
  • Automatic synchronization of keys, certificates, and device information among client devices
  • Prevents loss of functionality in the event of a disaster or device failure

Nth Degree Scalability

  • Processing capacity and additional client devices can be added without any system downtime
  • PKI-secured interface between the Guardian and client devices allows complete configuration, including Master File Key loading, to take place without ever visiting a remote data center

Regulatory Compliance

  • Group-specific function blocking restricts host access to unneeded commands
  • Centralized firmware updating simplifies the process of keeping client devices up-to-date
  • Audit logs for all client devices may be accessed from a centralized location by users with log access permissions, minimizing travel and time requirements
  • Permission-based user authentication system provides the means to restrict users to job-specific functionalities within the Guardian and connected client devices

Reporting and Audit Logging

  • Consolidate data logs from all client devices within the Guardian, simplifying the process of conducting internal and external audits
  • Logs for client devices are stored within the Guardian itself and can also be sent to external servers via SNMP and syslog

Remote Access via the Excrypt Touch

  • For organizations needing remote access to the Guardian, the Excrypt Touch remote access device is available:
  • FIPS 140-2 Level 3-compliant, touch screen-based tablet device with full Wi-Fi and Ethernet connectivity
  • Full access to all Guardian and client device management functionality

Advanced Hardware Features

  • Integrated smart card and CompactFlash readers
  • Dual, redundant, hot-swappable power supplies
  • Dual, redundant Ethernet ports

Dimensions and Weight

  • Weight: 36 lbs (16.3 kg)
  • Width: 19 inches (48.3 cm)
  • Height: 2U - 3.5 inches (8.9 cm)
  • Depth: 18.5 inches (47 cm)

Industry Compliance Standards

  • FIPS 140-2 Level 3 Compliant 
  • ANSI X9.24 Part 1 and Part 2—TR-39
  • Payment Card Industry Data Security Standard (PCI DSS)
  • RoHS
  • FCC Part 15 - Class B

Operating Conditions

  • Power requirements: 100 – 240 VAC 50/60 Hz. 225 Watts
  • Operating temperature: -40° to 140°F (-40° to 60°C)
  • Storage temperature: -40° to 140°F (-40° to 60°C)
  • Operating relative humidity: 20% to 80% non-condensing
  • Storage relative humidity: 5% to 95% non-condensing

External Hardware Requirements

  • Keyboard: Standard USB
  • Mouse: Standard USB
  • Video: SVGA 1024x768 at 75Hz refresh
  • Optional: Excrypt Touch remote access device for hardware-secured configuration and management from remote locations

Guardian Series 3 Unit Includes

  • Guardian application CD
  • Guardian documentation CD
  • User guide
  • Mounting brackets
  • Two sets of two SCD barrel keys
  • Cables

Alerting and Notification Formats

  • Simple Mail Transfer Protocol (SMTP)
  • Simple Network Management Protocol (SNMP)
  • Short Message Service (SMS)
  • Syslog

Centralized Management Capabilities

  • Master File Key loading
  • User and permissions administration
  • Log management and audit reporting
  • Firmware distribution and installation
  • Synchronization of keys, certificates, and configuration settings across multiple client devices

Hardware Redundancy

  • Dual, redundant, hot-swappable power supplies
  • Dual, redundant Ethernet ports