Please Fill Out Form

to Request Document

Required Fields*

Secure Management for Cryptographic Infrastructure

Ensuring a secure and reliable infrastructure requires constant attention and adaptation to ever-changing throughput rates, emerging compliance mandates, and expanding functional requirements. Typically, management of these solutions requires multiple administrators and key officers to regularly visit each cryptographic device, often spread between geographically dispersed data centers. With the Guardian9000, the difficulty of these management tasks can be greatly reduced or even eliminated altogether.

Alerting, Monitoring, and Intelligent Load Distribution

Using the Guardian9000, multiple Futurex solutions can be centrally and easily configured, managed, and monitored. The Guardian9000 automatically conducts diagnostic monitoring of the vital system parameters, throughput rates, and error messages of connected client devices. Real-time alerts and notifications are available via SMTP, SNMP, and SMS, which ensure that systems administrators and central network monitoring tools are able to constantly watch infrastructure health and status as well as receive proactive alerts in critical situations.

For electronic payment environments where debit transactions are processed, one of the unique features of the Guardian9000 is its ability to monitor when exhaustive PIN attacks may be occurring and to alert network administrators should such an attack occur. Along with monitoring and alerting capabilities, the Guardian also offers full system redundancy, which detects if managed devices become unavailable and automatically redistributes transaction loads to available backup hardware with zero downtime. These features will assist in your system running smoothly and efficiently. 

Active–Active Redundancy

With the Guardian9000, organizations are capable of creating a scalable, redundant environment for managing multiple client Futurex devices within several cohesive groups that operate faster and more effectively than a standalone device. This grouping also provides fault tolerance for the individual Futurex devices. For example, if one unit fails or must be taken offline, the other units automatically absorb the transaction load, preventing system unavailability or downtime.

Maintaining a data encryption infrastructure with multiple active Guardian9000 load balancing and monitoring devices provides added efficiency as well as protection against full data center outages. These units synchronize automatically, providing direct load balancing for their own dependent Futurex devices and redundant failover for devices belonging to other Guardian9000 units.

Streamlines Operation and Ensures Compliance

Performing firmware updates and log audits typically take days for organizations with multiple cryptographic devices spread across multiple data centers, but these tasks can now be accomplished from one centrally located Guardian9000.

With the Guardian9000, a number of compliance requirements can be fulfilled from a central location:

  • “Push” update functionality sends and installs firmware on managed devices
  • Authenticated system logs for all connected devices are stored in a central repository
  • Add and fully configure new client devices, including loading the Master File Key without ever setting foot in a remote data center

Secure Management Platform

  • Centralized management, configuration, log auditing, and key loading for Futurex devices
  • User-defined grouping system, simplifying the process of managing multiple environments or regions collectively within the Guardian9000
  • “Push” notifications for distributing and installing firmware updates on managed devices, saving your company time, travel, and expenses

Ease of Use

  • Robust and versatile Graphical User Interface (GUI) for user-friendly, easy-to-understand operation
  • Seamless addition process for new Futurex client devices, with automatic replication of existing keys, certificates, and settings
  • Drag-and-drop functionality to move encryption devices between groups, enabling rapid modification of resource allocation

Customized Notification and Alerting

  • Simple Mail Transport Protocol (SMTP) and Short Message Service (SMS) allows administrators to be notified by e-mail or mobile phone should any technical issues with the Guardian9000 or a client device arise
  • Simple Network Message Protocol (SNMP) and syslog functionality transmit log and error messages to a central network monitoring tool
  • Advanced log filters can be enabled and disabled as needed for purposes of development, troubleshooting, and auditing
  • User-definable alerting parameters, allowing for tiered or priority-based notifications
  • Exhaustive PIN attack monitoring with customizable notification thresholds for organizations processing debit transactions

Intelligent Load Distribution and Automated Failover

  • Should a managed device fail or become unavailable, the Guardian9000 will redistribute the transaction load to the remaining available devices in the group and re-add the device when connectivity has been restored
  • Automatic synchronization of keys, certificates, and device information among client devices
  • Prevents loss of functionality in the event of a disaster or device failure

Nth Degree Scalability

  • Processing capacity and additional client devices can be added without any system downtime
  • PKI-secured interface between the Guardian9000 and client devices allows complete configuration, including Master File Key loading, to take place without ever visiting a remote data center

Regulatory Compliance

  • Group-specific function blocking restricts host access to unneeded commands
  • Centralized firmware updating simplifies the process of keeping client devices up-to-date
  • Audit logs for all client devices may be accessed from a centralized location by users with log access permissions, minimizing travel and time requirements
  • Permission-based user authentication system provides the means to restrict users to job-specific functionalities within the Guardian9000 and connected client devices

Reporting and Audit Logging

  • Consolidate data logs from all client devices within the Guardian9000, simplifying the process of conducting internal and external audits
  • Logs for client devices are stored within the Guardian9000 itself and can also be sent to external servers via SNMP and syslog

Remote Access via the Excrypt Touch

  • For organizations needing remote access to the Guardian9000, the Excrypt Touch remote access device is available:
  • FIPS 140-2 Level 3-validated, touch screen-based tablet device with full Wi-Fi and Ethernet connectivity
  • Full access to all Guardian9000 and client device management functionality

Advanced Hardware Features

  • Integrated smart card and CompactFlash readers
  • Dual, redundant, hot-swappable power supplies
  • Dual, redundant Ethernet ports

Dimensions and Weight

  • Weight: 40.5 lbs (18.4 kg)
  • Width: 19 inches (48.3 cm)
  • Height: 2U - 3.47 inches (8.81 cm)
  • Depth: 22.3 inches (56.7 cm)

Industry Compliance Standards

  • FIPS 140-2 Level 3
  • ANSI X9.24 Part 1 and Part 2—TR-39
  • Payment Card Industry Data Security Standard (PCI DSS)
  • RoHS
  • FCC Part 15 - Class B

Operating Conditions

  • Power requirements: 100 - 240 VAC 50/60 Hz. 225 Watts
  • Operating temperature: 50° to 95°F (10° to 35°C)
  • Storage temperature: 41° to 149°F (5° to 65°C)
  • Operating relative humidity: 20% to 80% non-condensing
  • Storage relative humidity: 5% to 95% non-condensing

External Hardware Requirements

  • Keyboard: Standard USB
  • Mouse: Standard USB
  • Video: SVGA 1024x768 at 75Hz refresh
  • Optional: Excrypt Touch remote access device for hardware-secured configuration and management from remote locations

Guardian9000 Unit Includes

  • Guardian9000 application CD
  • Guardian9000 documentation CD
  • User guide
  • Mounting brackets
  • Two sets of two SCD barrel keys
  • Cables

Alerting and Notification Formats

  • Simple Mail Transfer Protocol (SMTP)
  • Simple Network Management Protocol (SNMP)
  • Short Message Service (SMS)
  • Syslog

Centralized Management Capabilities

  • Master File Key loading
  • User and permissions administration
  • Log management and audit reporting
  • Firmware distribution and installation
  • Synchronization of keys, certificates, and configuration settings across multiple client devices

Hardware Redundancy

  • Dual, redundant, hot-swappable power supplies
  • Dual, redundant Ethernet ports