Networking

The Trend Building a private network allows companies greater flexibility and implementation of enhanced cybersecurity, ensuring corporate digital domains remain invulnerable. A significant trend in cybersecurity is the utilization of AI against cyberattacks. While hackers innovate new techniques to breach private networks and steal valuable assets, IT teams leverage AI’s power to construct robust digital security walls.   AI systems are adept at identifying and classifying sensitive information, inspecting packets and patterns, monitoring data flows across the network, detecting anomalies, and responding to potential threats. By implementing AI in cybersecurity, critical information can be safeguarded with less IT/OT staff intervention.   Data encryption and decryption is inevitably needed during transmission across the network, but to strike a balance between crypto and computing performance is an art in itself. By incorporating the latest software-driven crypto acceleration techniques, private network sites can protect sensitive data, ensuring that proprietary information and operational data remain secure against potential breaches without hindering manufacturing operations.   In addition, OS's resilience to faults in operations or upgrades and/or booting is crucial for the entire network infrastructure, especially in the manufacturing framework, where prevention of downtime is the top priority of the facilities.   The Challenge However, implementing sound cybersecurity measures in private networks is not easy. It involves integrating sophisticated technologies and policies across different protocols and resources.   In manufacturing settings, data such as operational metrics, machine performance logs, and real-time sensor readings must be continuously monitored. This data comes in various formats and originates from multiple sources, including IoT devices, industrial control systems, and enterprise resource planning software.   Seamless connection and integration of IT/OT infrastructure with data efficiently collected, transported and cleansing is critical for enabling a smart factory, and even more so when AI training models and business intelligent applications are called upon to assist decision making.   Another challenge is the tradeoff between security measures and operational efficiency, especially in environments like smart manufacturing where uptime and performance are crucial. The implementation of software-driven crypto acceleration techniques must be optimized to ensure there is no latency or bottlenecks in the network.   NEXCOM Solution NEXCOM’s DNA 140 is a compact AI-in-a-Box network appliance, built on the newest Intel Atom® x7433RE processor (Codenamed Amston Lake) optimized for Edge computing and software-defined network. It unlocks smarter cloud-based security services, ensuring consistent policy enforcement and access control across users, devices, applications, and IoT.   DNA 140 features four 2.5GbE LAN ports to fulfill the demand for multi-media or small-to-mid business data transmission. Two ports feature PoE+ capability with up to 30W (802.3at) per port, significantly simplifying the installation and management of connected devices. By delivering both power and data over a single Ethernet cable, DNA 140 enhances flexibility, allowing devices like sensors, cameras, and access points to be easily relocated without requiring additional power source, improving overall energy efficiency and reliability in manufacturing environments.   In cybersecurity, the DNA 140, driven by Intel® technologies, including Intel® AES New Instructions, Intel® OS Guard, Intel® Boot Guard, Intel® Virtualization Technology (VT-x), Intel® Virtualization Technology for Directed I/O (VT-d), and more, to deliver advanced technology and processing capabilities for outstanding connectivity, performance, and high availability.   Intel Atom® x7433RE features software-driven Intel® QuickAssist Technology (Intel® QAT) that offers greater flexibility compared to hardware-based Intel® QAT in legacy processors. It can be easily updated, configured, and scaled according to the specific needs of the network or application without requiring physical changes to the hardware: security patches, performance enhancements, and new features can be rolled out promptly through software updates.   NEXBOOT is NEXCOM's proprietary failover mechanism with additional capabilities for OS rotation (Round Robin), OS recovery, and hardware/software diagnostics. OS failover is implemented using separate physical storage locations, including onboard eMMC and M.2 storage. DNA 140 offers two modes to choose from: Dynamic Mode, which dynamically switches to the Golden OS when the Primary OS fails, and Force Mode, which forcefully reboots to the Golden OS using a latch switch for recovery or diagnostics.   Enabling the NEXBOOT function on DNA 140 allows uninterrupted services and prevents downtime, establishing a secure foundation for operations. This value-added feature enhances the overall stability of private networks in factory settings, where accessing physical devices can be challenging, and ensures a resilient and trustworthy operational environment.   In terms of memory DNA 140 leverages a single DDR5 4800 slot, enhancing performance and efficiency. In addition, multiple expansion slots are reserved for dual 5G and single Wi-Fi modules to bring additional wireless routes for mass IoT connectivity, and a slot for AI card for better fit into smart environments.   AI Integration DNA 140 adopts a power-efficient Hailo-8 edge AI processor through a mini-PCIe slot to enable real-time, low latency, and high-efficiency AI inferencing at the Edge. To prove AI performance on DNA 140, NEXCOM runs a few versions of YOLO (You Only Look Once) computer vision models. YOLO uses PyTorch for object detection and operates at a higher inference speed, making it effective for real-time applications. YOLO acts as a good object detector to detect small objects. It is one of the fastest models among similar models and is particularly well-suited for cybersecurity IoT applications in manufacturing settings, where rapid and precise detection is crucial. Detailed test configuration is shown in TABLE I.   TABLE IDNA 140 TEST CONFIGURATION Item DNA 140 CPU Intel Atom® x7425RE, 4 cores Memory 1 x 16GB DDR5 4800 SODIMM SSD 1 x 64GB SATA III M.2 SSD Storage eMMC 32GB onboard Extension 1 x Hailo-8R (in internal mPCIe slot) Ubuntu 23.04 Kernel 6.2   YOLO model offers different versions tailored to different operational needs, and offers different level of detection speed, accuracy, and resource requirements, making them adaptable to different cybersecurity AI applications. NEXCOM has tested four YOLO versions on DNA 140:   YOLOv5s: Best for speed and low-resource environments. YOLOv5m: Balances speed and accuracy, suitable for moderate resources. YOLOv7_tiny: Optimized for ultra-fast performance with minimal resources. YOLOv7: Highest accuracy, designed for more powerful systems.   Test results are shown in TABLE II in FPS (frames per second). With a higher FPS, the AI system can quickly identify and respond to potential threats or anomalies, minimizing the risk of missed detections and ensuring continuous, effective monitoring. Additionally, higher FPS reduces latency, enabling quicker responses to detected events, which is vital in maintaining the security and operational efficiency of the system.   TABLE IIDNA 140 YOLO MODEL TEST RESULTS Model Resolution DNA 140, FPS YOLOv5s.hef 640 x 640 189.89 YOLOv5m.hef 78.47 YOLOv7_tiny.hef 186.68 YOLOv7.hef 19.17   For basic object detection tasks, an FPS of around 15-30 is considered the minimum, as it allows for reasonable accuracy in capturing movement and changes in the scene. For more demanding applications, such as real-time security monitoring or smart manufacturing, higher FPS— 60 FPS or more—is preferred to ensure that fast-moving objects are accurately detected without motion blur or lag.   With its high frame rate (189.89 FPS), YOLOv5s is ideal for continuously monitoring entry points and restricted areas in a smart factory. It can detect unauthorized personnel or vehicles in real-time, instantly alerting security teams. This rapid response is crucial for maintaining the security of sensitive production areas. Perfect for: Real-Time Object Detection.   With its lower frame rate (78.47 FPS), YOLOv5m is suitable detecting changes or anomalies in equipment behavior or positioning, which might indicate a cybersecurity threat, such as tampering, an attempt to alter machine settings remotely or introduce malware via compromised devices. Perfect for: Equipment Tampering and Anomaly Detection.   YOLOv7_tiny's high FPS (186.68 FPS) and lightweight design make it ideal for managing large-scale IoT environments in a smart factory. It can rapidly process data from numerous IoT devices, identifying any unusual patterns or unauthorized device connections. Perfect for: Mass IoT Device Surveillance.   YOLOv7, with its slowest result (19.17 FPS), is suitable for in-depth analysis of complex behaviors or detailed monitoring tasks. It can be used to detect advanced persistent threats (APTs) that require careful observation over time. Perfect for: Detailed Threat Analysis and Complex Behavior Detection.   Achieved test results proves DNA 140's ability to seamlessly integrate into various cybersecurity applications as a universal Edge device for addressing specific cybersecurity needs based on the factory's requirements. DNA 140 as an entry level desktop fits the best for low-resource cybersecurity tasks, such as object detection, access control, and IoT-related applications.   Conclusion As the cybersecurity landscape evolves, the ongoing development and integration of AI and software-driven technologies will be pivotal in maintaining robust defenses and supporting the secure growth of smart environments. However, the complexity of implementing and managing these systems requires a strategic approach, balancing performance with security and ensuring comprehensive real-time coverage.   NEXCOM’s DNA 140 deployed in private networks helps to keep digital domains secure and resilient. Its advanced AI extension capabilities offer flexibility and adaptability to smart threat detection in cybersecurity applications. Feature-rich design makes it ideal for businesses looking to integrate AI into 5G, SD-WAN, SASE, and other security applications.   DNA 140 shows exceptional performance across a variety of cybersecurity tasks, particularly those involving visual data processing and analysis, real-time monitoring, and object detection. Despite its positioning as an entry-level cybersecurity desktop, the tests have confirmed that the DNA 140 offers sufficient AI capabilities to enhance the overall security and resilience of private networks in diverse and dynamic environments.  

The Trend Global pandemic has a long-lasting effect on society, as it has changed the way we communicate in a substantial scale. When people can’t travel around and meet face to face, the surge in demand for connectivity, wired or wireless, fixed or mobile, become vital in our daily new norm. 5G broadband comes just in time to accommodate the huge volume of data traffic over IT networks. 5G FWA technology is an alternative way to provide broadband with wireless connectivity. FWA does not just replace traditional wired connections, which needs longer time as well as greater investments in cable infrastructure, it also features all of key 5G’s advantages: high bandwidth, high reliability, and low latency.   Greater bandwidth means more people can have con-calls, host webinars, or even watch Netflix or YouTube without interruption, meaning, no more running around checking on the signal bars on your devices. Lower latency enables us to receive information as close to real-time speed as possible, thus, more critical tasks could be carried over to online mode.   As always and inevitably, operators and enterprise professionals are constantly on the lookout for alternatives. Alternatives that are able to bring them the most effective deployment with best budget appliances, coping with the dynamics of fast-changing IT infrastructures we are facing right now.   The Challenge Traditional CPE does not easily meet 5G network requirement with SDN/NFV features. For services and capabilities based on conventional CPEs are typically through fixed-function proprietary boxes installed on customer premises. Complex to manage, expensive to upgrade, constrained with vendor-specific configurations, these purpose-built hardware are increasing liabilities in a dynamic context where being adaptive and flexible is everything.   uCPE (Universal Customer Premises Equipment) allows network platform suppliers and system integrators to deploy managed services using software driven and virtual network functions, quickly and efficiently. A Software-Defined Networking (SDN) uses a SDN controller to manage interactions between applications and network devices, meaning that all devices are contained in a centralized hub and communications between network devices and network applications are processed abstractly. One of the major advantages of SDN is it enhances network visibility in multi-domain locations and helps network administrators identify as well as eliminate any network blind spots. On the other hand, NFV(Network Function Virtualization) reduces dependency on dedicated infrastructure. A wide range of virtualized network functions such as routers, firewalls and encryptions that used to be performed on dedicated hardware can be deployed as software on top of virtualized servers.   Thus, universal CPE is integrating individual CPEs, such as firewall, router and wireless gateway, into one whitebox, running multiple VNFs. Whereas, when compared with purpose-built appliance, merely offer greater control and flexibility up to a point of connectivity the IT infrastructure allows.   To make things worse, IT infrastructure can be drastically different among urban, suburban, and rural settings within one country, not to mention a whole globe. While IT professionals enjoy the cost saving and efficiency provided by the uCPE, they are now having hard times tackling the ‘generation gap’ which currently exists in cellular networks while providing internet-based services.   NEXCOM Solution NEXCOM’s latest uCPE, DTA 1164W, is based on Intel Atom® processor C3000 Refresh (Codename: Denverton-R), Network SoC featuring a maximum of 16 GB of DDR4 ECC memory, M.2 SATA 2242 Key M 8GB SSD, supporting six 1GbE RJ45 copper ports and two 1GbE SFP+ fiber ports. Front Ethernet I/O can be optioned for eight RJ45 copper ports instead. Other optional features include 4G LTE or 5G (sub 6G) module through M.2 3042/3051 interfaces, mini-PCIe slots for Wi-Fi 5 & Wi-Fi 6, PoE supporting up to 30W (802.11at) with 72W 54V PoE power adaptor. An option for fanless design based on the same housing is also available for acoustic and/or low maintenance requirement. Futhermore, a TPM 2.0 module can be ordered separately to further boost the resilience against cyberattacks.   NEXCOM’s DTA 1164W has integrated Data Packet Development Kit (DPDK) to optimize processor utilization and network throughput. Through bypassing the OS kernel and hypervisor kernel space, DPDK can significantly improve packet forwarding speed as well as, throughput performance.   Intel® QuickAssist Technology (Intel® QAT) and Intel® Virtualization Technology (VT-x) further enhance the security requirements, which are much needed by IT/OT professionals for secured connectivity and smart manufacturing. DTA 1164W is designed with multiple processor core-count to run virtualization applications in a software-defined network supporting a rich set of open source software and multiple network protocol stacks.   The performance of DTA 1164W was tested in both Non-Standalone (NSA) and Standalone (SA) 5G environments. Non-Standalone (NSA) 5G is the architecture where 5G services are provided without an end-to-end 5G network, but rely on some previous generation (4G LTE) infrastructure. While in Standalone Architecture, devices connect directly to the 5G core network, and do not depend on the 4G network infrastructure.   Upload and download speed test in NSA environment was run by one of The Taiwanese biggest mobile provider Chunghwa Telecom. Test configuration and all of the settings are collected into Table 1, whereas, test topology are shown on Figure 1. Running a signal from DTA 1164W with Speed test (CLI) goes through wireless connection, sending/achieving data to/from Chunghwa NSA Base Station. The maximum speed perfomance of DTA 1164W in Non-Standalone 5G architecture is 149.79 Mbps for uploading and 763.32 Mbps for downloading (Table 3), which meets general requirements for 5G data transmission.     TABLE I5G NSA TEST CONFIGURATION Items Description System DTA 1164W CPU C3436L Memory 8 GB (Transcend) OS Ubuntu 18.04.5 LTS 5.4.53 BIOS G157T004 Sub 6G Module Thales MV31-W Sub 6G Driver Linux-image-5.4.53_dfa1163-1.1.1_amd64.deb Sub 6G Module FW T99W175.F0.0.0.5.7.GC.004 1 Test Tool Speed test (CLI) 1.0.0.2 Test Server Chunghwa Mobile - Taipei(id = 18445)     Figure 1. 5G NSA test topology     SA speed performance test was run by O’Prueba Technology Inc., a spin-off from the reputed Networking Benchmarking Lab (NBL) at National Chiao Tung University (NCTU) in Taiwan, by the use of Amari Callbox and iPerf tool. Amari Callbox is a 5G core network simulator used for functional and performance tests. Whereas, iPerf is an open-source tool designed to test network bandwidth between two network nodes. iPerf allows the generation of TCP and UDP traffic/load between two hosts and can be used for quick measurements of the maximum network throughput between a server (DTA 1164W) and a client (Amari Callbox). For test configuration please refer to Table 2.   TABLE II5G SA TEST CONFIGURATION Items Description System DTA 1164W CPU C3436L Memory 8 GB (Transcend) OS Ubuntu 18.04.5 LTS 5.4.53 BIOS 5.13 (G157T006) Sub 6G Module Thales MV31-W Sub 6G Driver T99W175.F0.1.0.0.8.PN.001 Sub 6G Module FW T99W175.F0.0.0.5.7.GC.004 1 Test Tool iPerf Version: 2.0.10 Test Server AMARI Callbox     Testing topology is shown on the Figure 2. Signal from DTA 1164W with iPerf server tool running goes through wireless connection to send/achieve data to/from Amarisoft Callbox, which imitates 5G base station with UPF for package forwarding (IP, TCP UDP) to iPerf client for analysis. Results for DTA 1164W in SA 5G environment are 32Mbps for uploading and 498Mbps for downloading (Table 3), which are just referential numbers and are not defined as top limits.     Figure 2. 5G SA test topology       Attained results confirm that DTA 1164W is ready to be deployed in both 5G NSA and SA networks, making it a perfect choice for the evolving from NSA to SA, a long run uCPE for small and medium businesses.     TABLE IIIDTA 1164W SPEED PERFORMANCE RESULTS FOR NSA AND SA 5G ENVIRONMENT Items Upload Download NSA (Chunghwa Telecom Base Station) 149 Mbps 763 Mbps SA (O’Prueba) 32 Mbps 498 Mbps   Conclusion NEXCOM DTA 1164W is designed to offer a rich set of optional features, allowing IT professionals to deploy the boxes across a wide range of deployment scenarios and use cases, including 5G public and private networks.   The Intel Atom® processor C3000R series brings key Intel technology for uCPE. This power-efficient SoC is ideal to be used in a variety of light scale-out workloads that require high density and high I/O integration, covering almost all networking use such as, routers, switches, storage, to security appliances.   Another factor that is rapidly transforming the technology landscape is network edge. With more compute power shifted from central offices (COs) to the SDN- and NFV-enabled architecture, uCPE is the becoming the new focal point to support necessary service delivery, like streaming video, at a sustainable cost. Deploying units enabling services at the edge helps lower load of core networks and enhance experiences of the end user.   DTA 1164W delivers excellent performance per watt and PoE functionality. Wi-Fi 5/6 and 4G LTE/5G together support the agility for multiple connectivity making it easy to meet all requirements of the 5G Era. Its hardware-enhanced security, and flexible cloud access connections meet today’s applications such as smart city, the Industrial Internet of Things and smart manufacturing. NEXCOM’s DTA 1164W is a good solution with the agility for multiple connectivity, high expandability, helping users create a securely connected workplace as well as exploring the possibilities in the 5G era.  

The Trend As the 5G networks continue to make headway, high bandwidth has finally come to the point where demands for FWA are surging on a large scale. With a growing number of users enjoying the 5G experiences on their phones, and bandwidth shared among family members is beyond satisfactory, conventional fixed-line Internet connectivity has obviously lost its appeal for households. Now the same is happening to the small and medium-sized businesses (SMBs).   Fixed Wireless Access (FWA) offers an alternative access to 5G service with undeniable advantages over traditional fixed-line access. Replacing the wired connection with wireless, FWA promises shorter time in deployment and less investment in cable infrastructure, together with greater bandwidth, higher reliability and lower latency. Higher bandwidth also means more users online and available services simultaneously, which was only possible through fixed line broadband in the past for better user experiences, such as video conferences, webinars, etc.   The Challenge uCPE (Universal Customer Premises Equipment) allows service providers and system integrators to deploy virtual network functions (VNF) and services quickly and effectively. It means the hardware platform offers a shared computing resource pool for various network functions to work, virtually, and in orchestration. Different VNF calls for different resources in the pool. The lack of a certain hardware resource will inevitably impact a certain VNF on its performance or efficiency. This explains why we cannot expect 5G network services to comply with requirements if uCPEs with 5G network capabilities are not deployed in the first place.   uCPEs built for 4G network support may come up short when put to 5G applications. Take 5G network capabilities as an example, it refers not only to how well an uCPE could manage the traffic, but also how well it could work together with other devices on 5G communications. Also, to accommodate the ever growing traffic load and virtualized services, efficient management of CPU resources should also be among the performance metrics of uCPEs for effective 5G connectivity.   NEXCOM Solution Rising to the challenge, NEXCOM has launched a new generation of uCPEs, the nexCPE™ series. Incorporating multiple hardware resources into a system, nexCPE™ offers a more comprehensive resource pool for optimal virtual network functions. And the first model in the series, DFA 1163, is specially designed for SMB applications. It is a compact system that blends easily into literally any contexts while delivering uncompromised performance. Powered by an Intel Atom® C3000 processor (Codename: Denverton-R), DFA 1163 has ample 64GB DDR4 ECC memory for disposal and Intel® QAT (Intel® QuickAssist Technology) managing resource allocation for optimal virtual network functions.   In terms of flexibility and network capabilities, DFA 1163 Series offer 3 hardware design variations with different core count (4 or 8 cores). All SKUs support Wi-Fi 5 and 6, 4G LTE and 5G FR1 wireless connectivity, with additional support of 5G FR2, or so-called mmWAVE, for DFA 1163M. The 5G module offers FWA benefits while Wi-Fi 6 connects a variety of devices in the office seamlessly. DFA 1163 is also equipped with various interfaces for wired connections, including up to 12 copper ports with optional Power-over-Ethernet support to enable devices such as a webcam, wireless AP, or 5G modem.   An integrated managed switch with eight 1GbE RJ45 ports is the prominent feature of DFA 1163. This switch effectively offloads CPU from packet processing, allowing DFA 1163 to spare additional computing resources to more essential virtual functions.   Conclusion DFA 1163 is a perfect uCPE choice for service providers and enterprise professionals. On top of optimizing infrastructure investment, staying ahead of the rapid changing IT landscape and being able to adapt is critical. Targeting the SMB contexts, DFA 1163 is built with the latest technologies to maximize the resource pool for virtual network deployment, empowering IT professionals to execute extensive application scenarios and use cases, including 5G public and private networks. This is an ambitious challenge, and DFA 1163 delivers beautifully.       DFA 1163 Desktop Professional uCPE for Wireless Broadband Applicationsw/ Intel Atom® Processor C3000R Desktop low power system Intel Atom® C3558R/3758R SoC 12 x RJ45 ports (with optional PoE+ support) 1 x 10GbE SFP+ port 1 x 1GbE SFP port Supports Wi-Fi 6 Supports 4G LTE and 5G FR1 SA/NSA modes Supports 5G FR2 NSA mode (DFA 1163M only) Supports TSN (DFA 1163M only)    

The Trend 5G technology has been launched at an astounding pace and is continuously accelerating in its development, enhancing the functionality and performance of FWA (Fixed Wireless Access) application. Initially, FWA was a means to replace economically unviable wired networks for last-mile connectivity in rural and remote areas. Empowered by 5G and benefiting from increased bandwidth, complete connectivity, and rapid, flexible deployment, FWA has branched out further into various vertical markets. This recent advancement in 5G FWA technology has set up an arena for players from all over the world to compete for substantial business opportunities.   According to a June 2023 report by Ericsson, it is projected that by 2028, there will be over two hundred million 5G FWA users, constituting 17% of fixed network connections. The report also notes that there are already over 100 telecommunications companies worldwide offering 5G FWA application services. In the context of global efforts to bridge the digital divide, 5G FWA has become a crucial component in achieving nationwide broadband connectivity.   Currently, the primary application of 5G FWA is in public network scenarios where wireless transmission is used to reach the last mile. However, with the completion of the 3GPP Release 17 standardization, 5G applications are becoming more comprehensive. In addition to the fundamental functions of 5G, such as eMBB (Enhanced Mobile Broadband) in both FR1 and FR2 frequency ranges, URLLC (Ultra-Reliable Low Latency Communication), and mMTC (massive Machine Type Communication), advanced features like 5G network slicing, 5G TSN (Time-Sensitive Networking), 5G security, and NTN (non-terrestrial networks) enable 5G FWA technology to be used as 5G private network in various settings. These settings include smart factories, smart manufacturing, smart cities, and intelligent transportation (5G-V2X), etc.   The Challenge The widespread adoption of 5G FWA across various sectors and situations underscores the importance of comprehending the unique requirements of each application in order to identify the most suitable equipment.   For service providers currently evaluating different options, it's advisable to take into account the following factors: the reliability of equipment for managing traffic, meeting critical low-latency demands, the necessity for mobility and outdoor wide-area connectivity, and a comprehensive, future-proof solution that caters to both present and future requirements.   For different field applications, 5G FWA can essentially be categorized into four attribute grades: Consumer Grade, Enterprise Grade, Industrial Grade, and Telecom Grade. Different grades of 5G FWA focus on different features and functions, allowing various usage scenarios to better showcase the advantages of 5G FWA. The following TABLE I illustrates the characteristics of different grades of 5G FWA.   TABLE I5G FWA GRADES AND THEIR ATTRIBUTES AttributeGrade Bandwidth Performance Computing (AI) Latency Reliability Slicing Security PoE LAN IP Code Consumer ★ ★★ ★ ★★★ ★ ★ ★ ★ ★ - Enterprise ★★ ★★★ ★★★★★ ★★★ ★★★★★ ★★ ★★★★★ ★★★★★ ★★ - Industrial ★★★★★★ ★★★ ★★★★★ ★ ★★★ ★★★ ★★★ ★★★★★ ★★★ IP5xIP6x Telecom ★★★★★ ★★★ ★★★★★ ★★★ ★★★ ★★★ ★★★ ★★ ★★★ IP6x Requirements: Low ★/Middle ★★/High ★★★   Consumer Grade Deployment location: homes, suburban areas, islands Deployment type: indoor Purpose: 5G wireless transmission to replace wired transmission Benefits: increased bandwidth, fast deployment, reduced cost of laying wires Network environment: private and public Applications: MHN (mobile hotspot network), AP (access point)   Enterprise Grade Deployment location: office, bank, shopping mall, campus Deployment type: indoor Purpose: optimized user experiences and services Benefits: increased bandwidth, high performance, latency, and stability Network environment: private and public Applications: WIPS, SASE, MHN   Industrial Grade Deployment location: factory, smart cities, healthcare, sports event video streaming Deployment type: indoor, semi-outdoor and outdoor Purpose: optimized network bandwidth and performance, ultra-low latency, Quality of Service (QoS Benefits: stability and increased security Network environment: private Applications: Network Slicing, PoE Control, Firewall, IoT Gateway   Telecom Grade Deployment location: utility pole, smart traffic lights and control Deployment type: indoor, semi-outdoor and outdoor Purpose: consistent and stable network performance Benefits: stability and increased security Network environment: indoor, semi-outdoor and outdoor Applications: 5G Network Slicing, Network-in-a-box, 5G-V2X   Solution Realizing the downsides of too many alternatives on the market and customers’ confusion, NEXCOM provides clarity by tailoring its products to cater to diverse application grades and settings for 5G FWA applications, suitable for deployment in both private and public networks. NEXCOM's range of 5G FWA appliances includes a selection of desktop units and 1U servers, categorized according to CPU performance and offering various wireless and wired connectivity options.   NEXCOM's desktop uCPEs are designed with both RISC and x86 architectures and are available either as a complete solution package with network OS or as white-box options for companies with own software research and development resources.   The entry-level appliance in the desktop 5G FWA lineup is the Arm-based uCPE - DTA 1376. This device is equipped with an NXP ® Layerscape® 4 cores processor that incorporates DPAA (data path acceleration architecture) to deliver a comprehensive set of networking accelerations, effectively integrating all facets of packet processing. DTA 1376 features seven 1GbE copper ports for Ethernet connectivity and offers optional support for 5G FR1 and Wi-Fi connectivity.   The mainstream appliance in the desktop 5G FWA lineup is Intel-based uCPE – DTA 1164W Series. Powered by Intel Atom® C3436L 4 core CPU and featuring a maximum of 16 GB of DDR4 ECC memory, M.2 SATA 2242 Key M 8GB SSD, it supports six 1GbE RJ45 copper ports, two 1Gb ports , Wi-Fi 6 and PoE, capable of providingup to 30W (802.11at) with a 72W 54V PoE power adaptor.   The Intel-based uCPE – DFA 1163 Series stands out as the highest-performing unit among the 5G FWA desktop uCPE lineup. It is equipped with an Intel Atom® C3558R/C3758R processor, boasting 4 or 8 cores respectively. This professional uCPE integrates a 10GbE SFP+ fiber LAN port for upstream data transmission to back-end Ethernet switches and onward to central servers. It also features copper ports with varying link speeds, including two 2.5GbE RJ45 ports and eight 1GbE Ethernet switch ports, enabling Ethernet services for IoT devices, such as VLAN and QoS. In terms of wireless connectivity, the DFA 1163M/Q SKUs stand out FWA product line with its support not only for Wi-Fi and 5G FR1 but also for 5G FR2 (mmWave).   The industrial grade DIN rail for 5G FWA applications - ISA 141 – is designed for deployments in relatively harsh environments. Powered by Intel’s quad-core Atom® processor, it is a compact, fanless appliance equipped with three 1GbE copper ports for network connectivity with one fiber combo port. The compact DIN rail design allows ISA 141 to be easily embedded in existing network infrastructure; while the out-of-band (OOB) management function enables IT personnel to maintain the devices remotely, guaranteeing consistent, high-performance operation. Its exceptional feature set includes dual Wi-Fi and dual 5G for concurrent connectivity and wireless load balancing, ensuring highly adaptable and advanced wireless connectivity.   The performance of each 5G FWA uCPE was tested through the Transmission Control Protocol (TCP) standard. The tests were performed at the NEXCOM office through Amari Callbox, 3GPP compliant eNB/gNB and EPC/5GC. The topology is shown in Figure 1.   Figure 1. 5G FR1 NSA/SA Test Topology   In 5G FR2 NSA mode, NEXCOM uCPE boxes underwent testing with a 3CC configuration, whereas 5G FR1 SA and NSA utilized the maximum Callbox capacity of 4CC. In this context, 3CC and 4CC denote the number of aggregated carriers employed for testing, dictated by test equipment configuration and network requirements. The outcomes are integral to understanding the uCPEs' performance under realistic and demanding conditions.   The test primarily emphasized download capabilities, allocating an average of 70% of Amari Callbox resources for this purpose. Meanwhile, approximately 20% were reserved for upstream tasks, and the remaining 10% were allocated for other functions. The achieved results for each 5G FWA uCPE were standardized and are presented in Mbps in TABLE II.   TABLE II5G FWA PRODUCT PORTFOLIO, UPLINK AND DOWNLINK SPEED TEST RESULTS and GRADE MAPPING     In the 5G FR1 testing, the four DUTs utilize 5G modules sourced from diverse manufacturers. While the 5G FR2 NSA DUTs leverage two specific 5G modules: the X55 and X62. The X55 module provides compatibility with 3GPP Release 15, while the X62 module - an entry-level solution - supports 3GPP Release 16 with an exceptional cost-performance ratio. For a more in-depth understanding of each uCPE box's testing configuration and results, kindly request further information from NEXCOM representatives.   Overall tests prove that each of the tested appliances is ready for 5G FWA deployments in both SA (Stand Alone) and NSA (Non Stand Alone), i.e. public and private network environments.   Conclusion 5G FWA uCPE applications are boundless: from enabling real-time data processing for smart cities to ensuring mission-critical communications in industrial settings, and from revolutionizing healthcare with telemedicine solutions to providing seamless connectivity in remote areas. The impact of 5G FWA uCPE ensures reliable, low-latency, and high-bandwidth connections, and penetrates across diverse sectors, driving innovation and progress.   NEXCOM provides a diverse 5G FWA uCPE range tailored for various sectors and use cases. Each appliance comes with predefined features and expandable space, allowing customers to select additional options for a customized uCPE that suits their requirements. To make it simple, NEXCOM’s 5G FWA uCPE is also integrated with a light-weighted network OS for easy setting & control, enabling customers to concentrate on their applications without worrying about complex networking configurations.

The Trend The world goes digital. This statement is no news anymore but a way of life. We are seeing big data generated every second online in exponential volume and speed. According to the forecast, just in a few years from now the total volume of information will be more than doubled: from 75 zettabytes (ZB) in 2021 to 175ZB in 2025[1].   Gadgets of personal use (cell phones, laptops, PCs) are hitting a record high for their storage and memory capacity, together with more cloud services available on the market. The same growing demand has been seen in the commercial sector as well, as evidenced by hybrid clouds of different scales which are being built by enterprises and institutional organizations large and small, either on their own or commissioned by service providers.   Data continuously evolve with technology. Pure analog has given way to digital signals decades ago. To transport its sheer volume nowadays is in itself a formidable task, and critical data must be shielded with another layer of security during transport. Cyber security, therefore, becomes an indispensable part before data reach the final destination, even more so nowadays when daily activities go online.   The Challenge How to integrate a new solution into an existing legacy network infrastructure has always been a big headache for IT professionals. A painless upgrade is ideal but not always realistic. More often than not, partial downtime is necessary. As a result, organizations have only one question on their plate: whether they are ready to move further aligned with the latest tendencies or to step aside.   For those who want to stay rock-solid, it is important to find the appliance that can enable more effective and secure network management. By effectiveness here, fast transfer, analysis, store a bigger quantity of data are meant. And with proper network management tools, enhanced network security and accessibility can be provided.   NEXCOM Solution NEXCOM proudly introduces a new appliance to enhance its cyber security product line – NSA 5190. It is a new generation 1U rackmount appliance with the newest Intel® Core™ processor and the latest PCIe 4.0 interface. NSA 5190 is a modular, flexible network solution, which will ideally fit into SD-WAN, web monitoring, load balancing, and network virtualization deployments.   12th Gen Intel® Core™ processor (former code-named, Alder Lake S) brings additional computing power to proceed with bigger volumes and heavier workloads. It became possible due to a combination of performance- and efficient-cores in a single CPU, or P cores and E cores respectively[2]. The hybrid architecture achieves higher performance with less power consumption. The CPU also offers large caches to store data so that requests for data can be carried out faster.   Another important capability to highlight is the Intel® 600 series chipset that brings additional expansion options and value-added features. Several examples include, integrated MAC, Intel® Rapid Storage Technology, Intel® Trusted Execution Technology, and more.   Intel® Rapid Storage Technology provides enhanced data protection and expandability. Regardless of the system operating with one or multiple hard drives, users can experience the benefits of both enhanced performance and lower power consumption. Moreover, under the condition that more than one drive is used, additional protection against data loss in the event of hard drive failure is available.   Besides new capabilities brought by the processor, when compared with previous generation appliances of the same product line there is a key advantage in memory speed and capacity. NSA 5190 supports four DDR4 2666/3200 DIMM, with a maximum memory of 128GB, which is twice its predecessor.   NSA 5190 also features an upgrade in the LAN connector interface from PCIe 3.0 to PCIe 4.0. The greatest advantage of PCIe 4 over PCIe 3 is in its speed, it doubles the per-lane bandwidth to 2 gigabytes per second and is backward and forward compatible. By adopting dedicated LAN modules, NSA 5190 proves itself as a highly configurable networking appliance.   Finally yet importantly, flexibility. With decades of RD experience, NEXCOM mastered designing scalable multifunctional appliances for different application scenarios. NSA 5190 is not an exception. The mainboard is designed with an edge connector for an add-on card. The choice of card to be installed depends on customers’ requirements; it could be either FPGA, AI, or smart NIC card. Each provides its additional capabilities and serves its purpose.   Conclusion The evolvement of technologies brings new possibilities yet new challenges, and NEXCOM’s newly released 1U rackmount - NSA 5190 - is ready for both. Its futureproof design, with significantly increased memory capacity, data transfer speeds, and a set of optional features, makes NSA 5190 a perfect appliance for various use cases in businesses of all scales. NSA 5190 can manage heavy workloads without wearing out the CPU and is able to proceed with big data volumes in a shorter time.     NSA 5190 1U Rackmount Appliance with 12th Gen Intel® Core™ Processor, 2 x 1GbE RJ45 ports, and 4 x LAN Module Slots   12th Gen Intel® Core™ processor PCH: R680E 4 x DDR4 2666/3200 non-ECC/ECC UDIMM, up to 128GB 1 x M.2 2280 Key M (SATA) 1 x TPM module 1 x PCIe4 x4 connector for low profile riser card 2 x 1GbE RJ45 ports 4 x LAN module slots  

The Trend In an era defined by rapid technological advancement and digital transformation, the landscape of cybersecurity is undergoing fundamental change. As cyber threats increase, enterprises face mounting challenges in defending their assets against an ever-expanding array of attacks. High-profile data breaches, coupled with a global shortage of skilled cybersecurity professionals, underscore the urgent need for innovative solutions capable of safeguarding sensitive data and critical infrastructure. Against this backdrop, the convergence of artificial intelligence (AI) and cybersecurity emerges, promising to revolutionize the way to detect, respond to, and mitigate cyber threats.   The surge in requests for implementing AI algorithms into cybersecurity is driven by several compelling trends. From the constant attacks of advanced cyber threats to the pressing need for regulatory compliance, IT personnel worldwide are seeking intelligent and adaptive security solutions capable of keeping pace with the evolving threat landscape. Furthermore, the integration of AI into security operations empowers organizations to automate routine tasks and achieve greater operational efficiency.     The Challenge As companies start their journey of implementing AI cybersecurity hardware, they encounter countless struggles that demand innovative solutions and strategic approaches. The primary obstacle is the complexity of integrating AI hardware into existing IT infrastructure seamlessly. IT professionals must navigate compatibility issues, interoperability concerns, and the need for seamless integration with established security systems. Additionally, the resource-intensive nature of AI cybersecurity requires careful consideration of computational resources, memory allocation, and storage capacity to ensure optimal performance and scalability.   Moreover, the sensitive nature of data processed by AI cybersecurity hardware underscores the critical importance of privacy and security. IT professionals face the tough task of safeguarding sensitive data against breaches, unauthorized access, and compliance violations while harnessing the power of AI for threat detection and mitigation. Balancing the need for robust data protection measures with using data effectively for AI-driven insights is a delicate challenge, requiring the implementation of rigorous encryption and access control techniques.   NEXCOM Solution NEXCOM offers a solution to empower organizations to explore the potential of AI-driven cybersecurity to fortify network defense, protect digital assets, and secure a safer future in the digital age.   NEXCOM's NSA 7160R-based cybersecurity solution addresses the multifaceted challenges in implementing AI hardware in cybersecurity operations. Leveraging a modular design and sharing the same form factor with the previous generation of its product family, NEXCOM's solution mitigates integration complexity by seamlessly integrating with existing IT infrastructure, minimizing compatibility issues.   Furthermore, NSA 7160R is designed with scalability in mind, enabling companies to navigate resource constraints effectively by dynamically allocating computational resources, optimizing memory usage, and scaling storage capacity to meet evolving operational demands. Customers can choose different DDR5 speeds based on their budget and requirements. A flexible configuration of LAN modules enables up to 2.6TB Ethernet connectivity per system or allows up to 128GB of additional storage through storage adaptors.   By prioritizing performance optimization, NEXCOM's solution enables enterprises to achieve superior detection accuracy, response times, and scalability, delivering actionable insights and proactive threat mitigation capabilities to safeguard against emerging cyber threats effectively. NSA 7160R supports the latest dual 5th Gen Intel® Xeon® Scalable processors and is backward compatible with 4th Gen Intel®Xeon® Scalable processors, allowing customers to scale up both in CPU core count and processor generation.   In addressing the critical concerns of data privacy and security, NEXCOM's solution implements hardware-based robust encryption protocols, ensuring the confidentiality, integrity, and availability of sensitive information processed by AI. A series of various accelerators include Intel® Crypto Acceleration, Intel® QuickAssist Software Acceleration, Intel® Data Streaming Accelerator (DSA), Intel® Deep Learning Boost (Intel® DL Boost), Intel® Advanced Matrix Extensions (AMX), and more. [1]The set of accelerators may vary depending on selected processor SKU.   NSA 7160R empowers IT personnel to proceed with deployments confidently. To validate its efficacy in AI cybersecurity, NEXCOM conducted a series of tests comparing two configurations powered by dual 4th Gen Intel® Xeon® Scalable processor (DUT 1) and dual 5th Gen Intel® Xeon® Scalable processor (DUT 2). CPU SKUs’ chosen for the testing are correlated by performance and core count for fair and unbiased comparison. The rest of the configurations were of utmost equivalence. Detailed test configuration is shown in TABLE I.   For the tests, two open-source security AI models were chosen: MalConv and BERT-base-cased.     TABLE IDUT 1 AND DUT 2 TEST CONFIGURATIONS Item DUT1 DUT2 4th Gen Intel® Xeon®-based 5th Gen Intel® Xeon®-based CPU 2 x Intel® Xeon® Gold 6430 processors 2 x Intel® Xeon® Gold 6530 processors Memory 252GB16 (8+8) x 32G DDR5 4800 RDIMMs SSD 512GB1 x 2.5" SSD SATA III Storage 1.2TB4 x M.2 2280 PCIe4 ×4 4TB NVMe modules in slot 2 Ubuntu 22.04 Kernel v5.19     Test Results for MalConv AI Model MalConv (Malware Convolutional Neural Network) is an deep learning-based approach used in cybersecurity for the purpose of malware detection.   While traditional malware detection methods rely on signatures or behavior analysis, vulnerable to circumvention by polymorphic or unseen variants, MalConv utilizes convolutional neural networks (CNNs) to directly analyze executable file binary data. Trained on both malicious and benign files, MalConv learns to distinguish between them based on binary data patterns. This enables MalConv to detect polymorphic or unseen malware variants by identifying malicious characteristics within the binary code itself, bypassing reliance on signatures or behavior analysis.   Latency and throughput in the MalConvn AI model were tested on both DUTs. Latency and throughput in MalConv testing provide valuable insights into its performance, responsiveness, scalability, and efficiency in AI cybersecurity applications. Latency measurement helps determine the time taken by MalConv to analyze an input file and provide a classification (malicious or benign), while throughput measurement evaluates the ability of MalConv to process multiple files or data streams simultaneously within a given time frame.   The results of latency and throughput MalConv tests for different opt methods are shown in TABLE II.   TABLE IIMALCONV AI MODEL TEST RESULTS FOR LATENCY AND THROUGHPUT Framework Opt Method Model Platform Latency(ms) Throughput(samples/second)/(FPS) tensorflow 2.15.0 INC 2.2 Malconv.inc.int8.pb DUT 1 12.15 82.3 Malconv.inc.int8.pb DUT 2 11.18 89.47 onnxruntime 1.16.3 INC 2.2 Malconv.inc.int8.onnx DUT 1 16.55 60.43 Malconv.inc.int8.onnx DUT 2 14.47 69.1   Based on the achieved results we can conclude that 5th Gen Xeon based server shows better results in both opt methods and both test items (latency and throughput).   Lower latency is essential for real-time threat detection, enabling rapid response to security incidents. 5th Gen Xeon DUT shows 8% lower latency in tensorflow 2.15.0 framework by spending 0.97ms less than 4th Gen Xeon DUT. 5th Gen Xeon DUT shows 13% lower latency in onnxruntime 1.16.3 framework by spending 2.08ms less than 4th Gen Xeon DUT.   Figure 1. MalConv AI model test results for latency     Higher throughput indicates greater volume-handling capacity, which is essential for analyzing large datasets efficiently.   5th Gen Xeon DUT shows 9% higher throughput in tensorflow 2.15.0 framework by analyzing 7.17 more samples per second than 4th Gen Xeon DUT. 5th Gen Xeon DUT shows 14% higher throughput in onnxruntime 1.16.3 framework by analyzing 8.67 more samples per second than 4th Gen Xeon DUT.   Figure 2. MalConv AI model test results for throughput     Test Results for BERT-base-cased AI Model BERT (Bidirectional Encoder Representations from Transformers) is a powerful natural language processing model developed by Google. The "base" version refers to the smaller and computationally less expensive variant of BERT compared to its larger counterparts like BERT-large. The "cased" variant retains the original casing of the input text, preserving capitalization information.   In AI cybersecurity, BERT-base-cased offers a versatile framework for natural language understanding in cybersecurity applications. This model can be utilized for various tasks such as threat intelligence analysis, email and message classification, malicious URL detection, incident response and threat hunting, and more.     During the tests static, dynamic and FP23 BERT-base-cased model latencies of each DUT were analyzed. The tests were conducted using 1 and 4 active cores to determine if there would be any improvement with increased core involvement. The results are shown in TABLE III.   Static model latency refers to the time it takes for the pre-trained Bert-base-cased model to process input data and make predictions without further adaptation. Dynamic model latency measures the time required for Bert-base-cased to adapt or fine-tune itself during runtime based on evolving threat conditions or changes in the operating environment. FP23 model latency represents the latency of Bert-base-cased when configured to maintain a specific false positive rate of 23%. Minimizing FP23 model latency allows security teams to respond more quickly to security incidents, reducing the time and resources required for investigation and mitigation.     TABLE IIIBERT-BASE-CASED AI MODEL TEST RESULTS FOR STATIC, DYNAMIC AND FP23 LATENCIES Framework Opt Method Core Used for Test Platform Static qatmodel Latency(ms) Dynamic qat model Latency(ms) FP32model Latency(ms) Pytorch 2.1.0 IPEX 2.1.100 1 Core DUT 1 97.5 472.46 862.99 DUT 2 86.28 327.53 726.27 4 Cores DUT 1 29.84 118.94 261.3 DUT 2 25.08 98.78 214.32     Based on the achieved results we can conclude that 5th Gen Xeon based server shows better results in all 3 test items (static, dynamic and FP23 BERT-base-cased model latencies) and both test setups for CPU resource allocations (1 and 4 cores).   Lower static model latency is desirable for real-time threat detection, enabling rapid analysis of text data such as security alerts, email content, or chat messages. Longer latency may introduce delays in processing, affecting the responsiveness of security operations and hindering timely threat mitigation efforts. 5th Gen Xeon DUT shows 12% lower latency in 1 core scenario by spending 11.22ms less than 4th Gen Xeon DUT. 5th Gen Xeon DUT shows 16% lower latency in 4 cores scenario by spending 4.76ms less than 4th Gen Xeon DUT.   Figure 3. BERT-base-cased AI Model Test Results for Static Latency     Lower dynamic model latency enables the model to respond more quickly to emerging threats and shifting attack patterns, enhancing its effectiveness in cybersecurity operations. 5th Gen Xeon DUT shows 31% lower latency in 1 core scenario by spending 144.93ms less than 4th Gen Xeon DUT. 5th Gen Xeon DUT shows 17% lower latency in 4 cores scenario by spending 20.16ms less than 4th Gen Xeon DUT.   Figure 4. BERT-base-cased AI Model Test Results for Dynamic Latency     Achieving lower FP23 model latency is essential for minimizing false positives while maintaining high detection accuracy. This ensures that security teams can focus their efforts on genuine threats without being inundated by false alarms. 5th Gen Xeon DUT shows 16% lower latency in 1 core scenario by spending 136.72ms less than 4th Gen Xeon DUT. 5th Gen Xeon DUT shows 18% lower latency in 4 cores scenario by spending 46.98ms less than 4th Gen Xeon DUT.   Figure 5. BERT-base-cased AI Model Test Results for FP23 Latency     Test Summary Both devices successfully executed AI security software, with the platform utilizing the 5th Gen Intel® Xeon® Scalable processor showcasing superior performance over the server employing the 4th Gen Intel® Xeon® Scalable processor. Both platforms demonstrated efficiency in latency and throughput for security-related tasks, and proved ready for AI cybersecurity.   Conclusion As the cybersecurity landscape continues to evolve, IT personnel must remain proactive in adapting to emerging threats and leveraging the latest advancements in AI technology. Integrating AI algorithms, such as MalConv and Bert-base-cased, into cybersecurity operations represents a significant advancement in the fight against cyber threats.   NEXCOM’s NSA 7160R servers offer enhanced threat detection, rapid response times, and improved operational efficiency, addressing the ever-evolving challenges faced by enterprises in safeguarding their digital assets. As both tested platforms demonstrate their significant contribution to addressing cybersecurity workloads, the decision on which platform to choose ultimately rests with the customer, who can select based on their specific requirements and the performance achieved.   Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.