Networking

Blog

• 

  2024/12/17

  Blogs

  NEXCOM

  AI Integration for Enhanced Private Network Protection

  The Trend Building a private network allows companies greater flexibility and implementation of enhanced cybersecurity, ensuring corporate digital domains remain invulnerable. A significant trend in cybersecurity is the utilization of AI against cyberattacks. While hackers innovate new techniques to breach private networks and steal valuable assets, IT teams leverage AI’s power to construct robust digital security walls.   AI systems are adept at identifying and classifying sensitive information, inspecting packets and patterns, monitoring data flows across the network, detecting anomalies, and responding to potential threats. By implementing AI in cybersecurity, critical information can be safeguarded with less IT/OT staff intervention.   Data encryption and decryption is inevitably needed during transmission across the network, but to strike a balance between crypto and computing performance is an art in itself. By incorporating the latest software-driven crypto acceleration techniques, private network sites can protect sensitive data, ensuring that proprietary information and operational data remain secure against potential breaches without hindering manufacturing operations.   In addition, OS's resilience to faults in operations or upgrades and/or booting is crucial for the entire network infrastructure, especially in the manufacturing framework, where prevention of downtime is the top priority of the facilities.   The Challenge However, implementing sound cybersecurity measures in private networks is not easy. It involves integrating sophisticated technologies and policies across different protocols and resources.   In manufacturing settings, data such as operational metrics, machine performance logs, and real-time sensor readings must be continuously monitored. This data comes in various formats and originates from multiple sources, including IoT devices, industrial control systems, and enterprise resource planning software.   Seamless connection and integration of IT/OT infrastructure with data efficiently collected, transported and cleansing is critical for enabling a smart factory, and even more so when AI training models and business intelligent applications are called upon to assist decision making.   Another challenge is the tradeoff between security measures and operational efficiency, especially in environments like smart manufacturing where uptime and performance are crucial. The implementation of software-driven crypto acceleration techniques must be optimized to ensure there is no latency or bottlenecks in the network.   NEXCOM Solution NEXCOM’s DNA 140 is a compact AI-in-a-Box network appliance, built on the newest Intel Atom® x7433RE processor (Codenamed Amston Lake) optimized for Edge computing and software-defined network. It unlocks smarter cloud-based security services, ensuring consistent policy enforcement and access control across users, devices, applications, and IoT.   DNA 140 features four 2.5GbE LAN ports to fulfill the demand for multi-media or small-to-mid business data transmission. Two ports feature PoE+ capability with up to 30W (802.3at) per port, significantly simplifying the installation and management of connected devices. By delivering both power and data over a single Ethernet cable, DNA 140 enhances flexibility, allowing devices like sensors, cameras, and access points to be easily relocated without requiring additional power source, improving overall energy efficiency and reliability in manufacturing environments.   In cybersecurity, the DNA 140, driven by Intel® technologies, including Intel® AES New Instructions, Intel® OS Guard, Intel® Boot Guard, Intel® Virtualization Technology (VT-x), Intel® Virtualization Technology for Directed I/O (VT-d), and more, to deliver advanced technology and processing capabilities for outstanding connectivity, performance, and high availability.   Intel Atom® x7433RE features software-driven Intel® QuickAssist Technology (Intel® QAT) that offers greater flexibility compared to hardware-based Intel® QAT in legacy processors. It can be easily updated, configured, and scaled according to the specific needs of the network or application without requiring physical changes to the hardware: security patches, performance enhancements, and new features can be rolled out promptly through software updates.   NEXBOOT is NEXCOM's proprietary failover mechanism with additional capabilities for OS rotation (Round Robin), OS recovery, and hardware/software diagnostics. OS failover is implemented using separate physical storage locations, including onboard eMMC and M.2 storage. DNA 140 offers two modes to choose from: Dynamic Mode, which dynamically switches to the Golden OS when the Primary OS fails, and Force Mode, which forcefully reboots to the Golden OS using a latch switch for recovery or diagnostics.   Enabling the NEXBOOT function on DNA 140 allows uninterrupted services and prevents downtime, establishing a secure foundation for operations. This value-added feature enhances the overall stability of private networks in factory settings, where accessing physical devices can be challenging, and ensures a resilient and trustworthy operational environment.   In terms of memory DNA 140 leverages a single DDR5 4800 slot, enhancing performance and efficiency. In addition, multiple expansion slots are reserved for dual 5G and single Wi-Fi modules to bring additional wireless routes for mass IoT connectivity, and a slot for AI card for better fit into smart environments.   AI Integration DNA 140 adopts a power-efficient Hailo-8 edge AI processor through a mini-PCIe slot to enable real-time, low latency, and high-efficiency AI inferencing at the Edge. To prove AI performance on DNA 140, NEXCOM runs a few versions of YOLO (You Only Look Once) computer vision models. YOLO uses PyTorch for object detection and operates at a higher inference speed, making it effective for real-time applications. YOLO acts as a good object detector to detect small objects. It is one of the fastest models among similar models and is particularly well-suited for cybersecurity IoT applications in manufacturing settings, where rapid and precise detection is crucial. Detailed test configuration is shown in TABLE I.   TABLE IDNA 140 TEST CONFIGURATION Item DNA 140 CPU Intel Atom® x7425RE, 4 cores Memory 1 x 16GB DDR5 4800 SODIMM SSD 1 x 64GB SATA III M.2 SSD Storage eMMC 32GB onboard Extension 1 x Hailo-8R (in internal mPCIe slot) Ubuntu 23.04 Kernel 6.2   YOLO model offers different versions tailored to different operational needs, and offers different level of detection speed, accuracy, and resource requirements, making them adaptable to different cybersecurity AI applications. NEXCOM has tested four YOLO versions on DNA 140:   YOLOv5s: Best for speed and low-resource environments. YOLOv5m: Balances speed and accuracy, suitable for moderate resources. YOLOv7_tiny: Optimized for ultra-fast performance with minimal resources. YOLOv7: Highest accuracy, designed for more powerful systems.   Test results are shown in TABLE II in FPS (frames per second). With a higher FPS, the AI system can quickly identify and respond to potential threats or anomalies, minimizing the risk of missed detections and ensuring continuous, effective monitoring. Additionally, higher FPS reduces latency, enabling quicker responses to detected events, which is vital in maintaining the security and operational efficiency of the system.   TABLE IIDNA 140 YOLO MODEL TEST RESULTS Model Resolution DNA 140, FPS YOLOv5s.hef 640 x 640 189.89 YOLOv5m.hef 78.47 YOLOv7_tiny.hef 186.68 YOLOv7.hef 19.17   For basic object detection tasks, an FPS of around 15-30 is considered the minimum, as it allows for reasonable accuracy in capturing movement and changes in the scene. For more demanding applications, such as real-time security monitoring or smart manufacturing, higher FPS— 60 FPS or more—is preferred to ensure that fast-moving objects are accurately detected without motion blur or lag.   With its high frame rate (189.89 FPS), YOLOv5s is ideal for continuously monitoring entry points and restricted areas in a smart factory. It can detect unauthorized personnel or vehicles in real-time, instantly alerting security teams. This rapid response is crucial for maintaining the security of sensitive production areas. Perfect for: Real-Time Object Detection.   With its lower frame rate (78.47 FPS), YOLOv5m is suitable detecting changes or anomalies in equipment behavior or positioning, which might indicate a cybersecurity threat, such as tampering, an attempt to alter machine settings remotely or introduce malware via compromised devices. Perfect for: Equipment Tampering and Anomaly Detection.   YOLOv7_tiny's high FPS (186.68 FPS) and lightweight design make it ideal for managing large-scale IoT environments in a smart factory. It can rapidly process data from numerous IoT devices, identifying any unusual patterns or unauthorized device connections. Perfect for: Mass IoT Device Surveillance.   YOLOv7, with its slowest result (19.17 FPS), is suitable for in-depth analysis of complex behaviors or detailed monitoring tasks. It can be used to detect advanced persistent threats (APTs) that require careful observation over time. Perfect for: Detailed Threat Analysis and Complex Behavior Detection.   Achieved test results proves DNA 140's ability to seamlessly integrate into various cybersecurity applications as a universal Edge device for addressing specific cybersecurity needs based on the factory's requirements. DNA 140 as an entry level desktop fits the best for low-resource cybersecurity tasks, such as object detection, access control, and IoT-related applications.   Conclusion As the cybersecurity landscape evolves, the ongoing development and integration of AI and software-driven technologies will be pivotal in maintaining robust defenses and supporting the secure growth of smart environments. However, the complexity of implementing and managing these systems requires a strategic approach, balancing performance with security and ensuring comprehensive real-time coverage.   NEXCOM’s DNA 140 deployed in private networks helps to keep digital domains secure and resilient. Its advanced AI extension capabilities offer flexibility and adaptability to smart threat detection in cybersecurity applications. Feature-rich design makes it ideal for businesses looking to integrate AI into 5G, SD-WAN, SASE, and other security applications.   DNA 140 shows exceptional performance across a variety of cybersecurity tasks, particularly those involving visual data processing and analysis, real-time monitoring, and object detection. Despite its positioning as an entry-level cybersecurity desktop, the tests have confirmed that the DNA 140 offers sufficient AI capabilities to enhance the overall security and resilience of private networks in diverse and dynamic environments.  
• 

  2024/12/17

  Blogs

  NEXCOM

  Explore All Possibilities In the 5G Era with NEXCOM’s DTA 1164W

  The Trend Global pandemic has a long-lasting effect on society, as it has changed the way we communicate in a substantial scale. When people can’t travel around and meet face to face, the surge in demand for connectivity, wired or wireless, fixed or mobile, become vital in our daily new norm. 5G broadband comes just in time to accommodate the huge volume of data traffic over IT networks. 5G FWA technology is an alternative way to provide broadband with wireless connectivity. FWA does not just replace traditional wired connections, which needs longer time as well as greater investments in cable infrastructure, it also features all of key 5G’s advantages: high bandwidth, high reliability, and low latency.   Greater bandwidth means more people can have con-calls, host webinars, or even watch Netflix or YouTube without interruption, meaning, no more running around checking on the signal bars on your devices. Lower latency enables us to receive information as close to real-time speed as possible, thus, more critical tasks could be carried over to online mode.   As always and inevitably, operators and enterprise professionals are constantly on the lookout for alternatives. Alternatives that are able to bring them the most effective deployment with best budget appliances, coping with the dynamics of fast-changing IT infrastructures we are facing right now.   The Challenge Traditional CPE does not easily meet 5G network requirement with SDN/NFV features. For services and capabilities based on conventional CPEs are typically through fixed-function proprietary boxes installed on customer premises. Complex to manage, expensive to upgrade, constrained with vendor-specific configurations, these purpose-built hardware are increasing liabilities in a dynamic context where being adaptive and flexible is everything.   uCPE (Universal Customer Premises Equipment) allows network platform suppliers and system integrators to deploy managed services using software driven and virtual network functions, quickly and efficiently. A Software-Defined Networking (SDN) uses a SDN controller to manage interactions between applications and network devices, meaning that all devices are contained in a centralized hub and communications between network devices and network applications are processed abstractly. One of the major advantages of SDN is it enhances network visibility in multi-domain locations and helps network administrators identify as well as eliminate any network blind spots. On the other hand, NFV(Network Function Virtualization) reduces dependency on dedicated infrastructure. A wide range of virtualized network functions such as routers, firewalls and encryptions that used to be performed on dedicated hardware can be deployed as software on top of virtualized servers.   Thus, universal CPE is integrating individual CPEs, such as firewall, router and wireless gateway, into one whitebox, running multiple VNFs. Whereas, when compared with purpose-built appliance, merely offer greater control and flexibility up to a point of connectivity the IT infrastructure allows.   To make things worse, IT infrastructure can be drastically different among urban, suburban, and rural settings within one country, not to mention a whole globe. While IT professionals enjoy the cost saving and efficiency provided by the uCPE, they are now having hard times tackling the ‘generation gap’ which currently exists in cellular networks while providing internet-based services.   NEXCOM Solution NEXCOM’s latest uCPE, DTA 1164W, is based on Intel Atom® processor C3000 Refresh (Codename: Denverton-R), Network SoC featuring a maximum of 16 GB of DDR4 ECC memory, M.2 SATA 2242 Key M 8GB SSD, supporting six 1GbE RJ45 copper ports and two 1GbE SFP+ fiber ports. Front Ethernet I/O can be optioned for eight RJ45 copper ports instead. Other optional features include 4G LTE or 5G (sub 6G) module through M.2 3042/3051 interfaces, mini-PCIe slots for Wi-Fi 5 & Wi-Fi 6, PoE supporting up to 30W (802.11at) with 72W 54V PoE power adaptor. An option for fanless design based on the same housing is also available for acoustic and/or low maintenance requirement. Futhermore, a TPM 2.0 module can be ordered separately to further boost the resilience against cyberattacks.   NEXCOM’s DTA 1164W has integrated Data Packet Development Kit (DPDK) to optimize processor utilization and network throughput. Through bypassing the OS kernel and hypervisor kernel space, DPDK can significantly improve packet forwarding speed as well as, throughput performance.   Intel® QuickAssist Technology (Intel® QAT) and Intel® Virtualization Technology (VT-x) further enhance the security requirements, which are much needed by IT/OT professionals for secured connectivity and smart manufacturing. DTA 1164W is designed with multiple processor core-count to run virtualization applications in a software-defined network supporting a rich set of open source software and multiple network protocol stacks.   The performance of DTA 1164W was tested in both Non-Standalone (NSA) and Standalone (SA) 5G environments. Non-Standalone (NSA) 5G is the architecture where 5G services are provided without an end-to-end 5G network, but rely on some previous generation (4G LTE) infrastructure. While in Standalone Architecture, devices connect directly to the 5G core network, and do not depend on the 4G network infrastructure.   Upload and download speed test in NSA environment was run by one of The Taiwanese biggest mobile provider Chunghwa Telecom. Test configuration and all of the settings are collected into Table 1, whereas, test topology are shown on Figure 1. Running a signal from DTA 1164W with Speed test (CLI) goes through wireless connection, sending/achieving data to/from Chunghwa NSA Base Station. The maximum speed perfomance of DTA 1164W in Non-Standalone 5G architecture is 149.79 Mbps for uploading and 763.32 Mbps for downloading (Table 3), which meets general requirements for 5G data transmission.     TABLE I5G NSA TEST CONFIGURATION Items Description System DTA 1164W CPU C3436L Memory 8 GB (Transcend) OS Ubuntu 18.04.5 LTS 5.4.53 BIOS G157T004 Sub 6G Module Thales MV31-W Sub 6G Driver Linux-image-5.4.53_dfa1163-1.1.1_amd64.deb Sub 6G Module FW T99W175.F0.0.0.5.7.GC.004 1 Test Tool Speed test (CLI) 1.0.0.2 Test Server Chunghwa Mobile - Taipei(id = 18445)     Figure 1. 5G NSA test topology     SA speed performance test was run by O’Prueba Technology Inc., a spin-off from the reputed Networking Benchmarking Lab (NBL) at National Chiao Tung University (NCTU) in Taiwan, by the use of Amari Callbox and iPerf tool. Amari Callbox is a 5G core network simulator used for functional and performance tests. Whereas, iPerf is an open-source tool designed to test network bandwidth between two network nodes. iPerf allows the generation of TCP and UDP traffic/load between two hosts and can be used for quick measurements of the maximum network throughput between a server (DTA 1164W) and a client (Amari Callbox). For test configuration please refer to Table 2.   TABLE II5G SA TEST CONFIGURATION Items Description System DTA 1164W CPU C3436L Memory 8 GB (Transcend) OS Ubuntu 18.04.5 LTS 5.4.53 BIOS 5.13 (G157T006) Sub 6G Module Thales MV31-W Sub 6G Driver T99W175.F0.1.0.0.8.PN.001 Sub 6G Module FW T99W175.F0.0.0.5.7.GC.004 1 Test Tool iPerf Version: 2.0.10 Test Server AMARI Callbox     Testing topology is shown on the Figure 2. Signal from DTA 1164W with iPerf server tool running goes through wireless connection to send/achieve data to/from Amarisoft Callbox, which imitates 5G base station with UPF for package forwarding (IP, TCP UDP) to iPerf client for analysis. Results for DTA 1164W in SA 5G environment are 32Mbps for uploading and 498Mbps for downloading (Table 3), which are just referential numbers and are not defined as top limits.     Figure 2. 5G SA test topology       Attained results confirm that DTA 1164W is ready to be deployed in both 5G NSA and SA networks, making it a perfect choice for the evolving from NSA to SA, a long run uCPE for small and medium businesses.     TABLE IIIDTA 1164W SPEED PERFORMANCE RESULTS FOR NSA AND SA 5G ENVIRONMENT Items Upload Download NSA (Chunghwa Telecom Base Station) 149 Mbps 763 Mbps SA (O’Prueba) 32 Mbps 498 Mbps   Conclusion NEXCOM DTA 1164W is designed to offer a rich set of optional features, allowing IT professionals to deploy the boxes across a wide range of deployment scenarios and use cases, including 5G public and private networks.   The Intel Atom® processor C3000R series brings key Intel technology for uCPE. This power-efficient SoC is ideal to be used in a variety of light scale-out workloads that require high density and high I/O integration, covering almost all networking use such as, routers, switches, storage, to security appliances.   Another factor that is rapidly transforming the technology landscape is network edge. With more compute power shifted from central offices (COs) to the SDN- and NFV-enabled architecture, uCPE is the becoming the new focal point to support necessary service delivery, like streaming video, at a sustainable cost. Deploying units enabling services at the edge helps lower load of core networks and enhance experiences of the end user.   DTA 1164W delivers excellent performance per watt and PoE functionality. Wi-Fi 5/6 and 4G LTE/5G together support the agility for multiple connectivity making it easy to meet all requirements of the 5G Era. Its hardware-enhanced security, and flexible cloud access connections meet today’s applications such as smart city, the Industrial Internet of Things and smart manufacturing. NEXCOM’s DTA 1164W is a good solution with the agility for multiple connectivity, high expandability, helping users create a securely connected workplace as well as exploring the possibilities in the 5G era.  
• 

  2024/12/17

  Blogs

  NEXCOM

  DFA 1163 An One-Stop Solution for All 5G Needs

  The Trend As the 5G networks continue to make headway, high bandwidth has finally come to the point where demands for FWA are surging on a large scale. With a growing number of users enjoying the 5G experiences on their phones, and bandwidth shared among family members is beyond satisfactory, conventional fixed-line Internet connectivity has obviously lost its appeal for households. Now the same is happening to the small and medium-sized businesses (SMBs).   Fixed Wireless Access (FWA) offers an alternative access to 5G service with undeniable advantages over traditional fixed-line access. Replacing the wired connection with wireless, FWA promises shorter time in deployment and less investment in cable infrastructure, together with greater bandwidth, higher reliability and lower latency. Higher bandwidth also means more users online and available services simultaneously, which was only possible through fixed line broadband in the past for better user experiences, such as video conferences, webinars, etc.   The Challenge uCPE (Universal Customer Premises Equipment) allows service providers and system integrators to deploy virtual network functions (VNF) and services quickly and effectively. It means the hardware platform offers a shared computing resource pool for various network functions to work, virtually, and in orchestration. Different VNF calls for different resources in the pool. The lack of a certain hardware resource will inevitably impact a certain VNF on its performance or efficiency. This explains why we cannot expect 5G network services to comply with requirements if uCPEs with 5G network capabilities are not deployed in the first place.   uCPEs built for 4G network support may come up short when put to 5G applications. Take 5G network capabilities as an example, it refers not only to how well an uCPE could manage the traffic, but also how well it could work together with other devices on 5G communications. Also, to accommodate the ever growing traffic load and virtualized services, efficient management of CPU resources should also be among the performance metrics of uCPEs for effective 5G connectivity.   NEXCOM Solution Rising to the challenge, NEXCOM has launched a new generation of uCPEs, the nexCPE™ series. Incorporating multiple hardware resources into a system, nexCPE™ offers a more comprehensive resource pool for optimal virtual network functions. And the first model in the series, DFA 1163, is specially designed for SMB applications. It is a compact system that blends easily into literally any contexts while delivering uncompromised performance. Powered by an Intel Atom® C3000 processor (Codename: Denverton-R), DFA 1163 has ample 64GB DDR4 ECC memory for disposal and Intel® QAT (Intel® QuickAssist Technology) managing resource allocation for optimal virtual network functions.   In terms of flexibility and network capabilities, DFA 1163 Series offer 3 hardware design variations with different core count (4 or 8 cores). All SKUs support Wi-Fi 5 and 6, 4G LTE and 5G FR1 wireless connectivity, with additional support of 5G FR2, or so-called mmWAVE, for DFA 1163M. The 5G module offers FWA benefits while Wi-Fi 6 connects a variety of devices in the office seamlessly. DFA 1163 is also equipped with various interfaces for wired connections, including up to 12 copper ports with optional Power-over-Ethernet support to enable devices such as a webcam, wireless AP, or 5G modem.   An integrated managed switch with eight 1GbE RJ45 ports is the prominent feature of DFA 1163. This switch effectively offloads CPU from packet processing, allowing DFA 1163 to spare additional computing resources to more essential virtual functions.   Conclusion DFA 1163 is a perfect uCPE choice for service providers and enterprise professionals. On top of optimizing infrastructure investment, staying ahead of the rapid changing IT landscape and being able to adapt is critical. Targeting the SMB contexts, DFA 1163 is built with the latest technologies to maximize the resource pool for virtual network deployment, empowering IT professionals to execute extensive application scenarios and use cases, including 5G public and private networks. This is an ambitious challenge, and DFA 1163 delivers beautifully.       DFA 1163 Desktop Professional uCPE for Wireless Broadband Applicationsw/ Intel Atom® Processor C3000R Desktop low power system Intel Atom® C3558R/3758R SoC 12 x RJ45 ports (with optional PoE+ support) 1 x 10GbE SFP+ port 1 x 1GbE SFP port Supports Wi-Fi 6 Supports 4G LTE and 5G FR1 SA/NSA modes Supports 5G FR2 NSA mode (DFA 1163M only) Supports TSN (DFA 1163M only)