Secure PX Intelligent Rack Power Distribution Units
Raritan, a brand of Legrand
Category
Data Centre Physical Security Innovation of the Year
Entry Description
What are your product's/solution's key distinguishing features and/or USP?

Raritan’s full line of Secure PX Intelligent Rack PDUs are equipped with the latest network security protocols, the most diverse options for user authentication and management, and leverage the best-in-class data encryption methods. PX Intelligent PDUs are continuously updated in order to provide the safest deployment experience while meeting the increased network security requirements in high-risk environments.

If a device is on a network, a set of security measures must be in place to protect the equipment, its data and the network it is connected to.

Key Security Features:

1. Encryption: As rack PDUs are connected to management networks and even to the production networks, it is critical that any and all data sent or received by the PDUs are encrypted. We only enable secure encrypted communication by default — HTTPS and SSH. We use the strongest encryption in the industry as in:
• HTTPS connections use TLS 1.0/ 1.1/ 1.2 with AES 128/ 256-bit ciphers supporting the widest range of browsers
• SSH connections use public key authentication where password authentication is not adequate or feasible, like in scripts
• SNMP v3 connections are encrypted with MD5 or SHA authentication protocols and DES or AES privacy protocols
• StartTLS implementation ensures encrypted transport of user credentials from the PDU to the remote authentication server
• Besides being a secure server, the PDU is also secure client when dealing with remote authentication servers using TLS for OpenLDAP and active directory as well as CHAP for RADIUS communication

2. Password Policies: With all the security measures available and implemented, passwords remain the most critical component of security. We provide several ways to ensure passwords are strong and current.
• Strong passwords require a minimum of eight characters with lower case, upper case, numerals and special characters while forbidding the past three passwords
• Force password change ensures that the default password gets changed after the first-time login as default passwords are the easiest way hackers take control of connected devices
• Password expiration ensures passwords getting refreshed periodically, preventing hackers from accessing the PDUs from any known security breaches

3. Firewall: Rack PDUs are accessed over the network for various reasons ranging from simple data collection to critical alert notifications, and even power control. With systems and users needing access from various segments of the corporate network, it is critical to keep unauthorized access completely out through the following means:
• IP-Based Access Control Lists (IP ACL) rules determine whether to accept or discard traffic to/from the PDUs, based on the IP address of the host sending or receiving the traffic
• Role-Based Access Control (RBAC) rules act similar to IP access control rules which allow access to PDUs based on the roles of individual users

4. Defense in Depth: Rack PDUs play a critical role in managing the power infrastructure and servers, using the PDUs remote power control functionality. Therefore, it is essential to protect against network breaches. We have implemented several security measures that keep the rack PDUs one step ahead of these threats:
• Blocking access after repeated failed login attempts to defend against potential Distributed Denial of Service (DDoS) attacks and logging the source of the attempts
• Timing out inactive sessions to prevent unauthorized access
• Limiting the use of the same login credential from multiple clients
• Enforcing restricted service agreement warnings and requiring that users accept them to login

5. Certificates: X.509 digital certificates ensure that both parties in a secure connection (TLS) are authorized users. As rack PDUs are increasingly accessed over public networks, having valid certificates protect against man-in-the-middle attacks. In order to make this process as efficient as possible, Raritan rack PDUs support two major types of certificates:
• CA certificates that are issued and signed by public certificated signing authorities after thorough verification of the user’s business; the PDU interface even generates the certificate signing request for submission to signing authorities such as Verisign, Digicert and more
• Self-signed certificates when a CA certificate is not deemed necessary; the PDU also provides an interface to generate a self-signed certificate

What tangible impact has your product/solution had on the market and your customers?

The rapid growth of digital data has put immense pressure on data center managers to evaluate their security initiatives. PX Intelligent PDUs are designed with security top of mind, offering our customers the highest security measures from the rack level up.

PX Intelligent PDUs leverage the state-of-the-art Xerus Technology Platform, which delivers unparalleled security. Xerus improves security across the entire infrastructure with the latest network security protocols, advanced data encryption methods, strong password policies, and login protection.

• Meet enterprise-level IT security requirements
• Secure and encrypt any and all device communications
• Control user access to guard against errors and malicious intents
• Protect against breaches and stay ahead of potential threats

What are the major differentiators between your product/solution and those of your primary competitors?

• Deeper/more sophisticated security encryption and protocols
• Better adaptation to any enterprise network environment.
• Ability to communicate and report effectively and automatically if any unusual access attempt is made
• Ability to define more rules and actions for each device deployed and inform administrators automatically
• Implementation of full compliance with SB-327 Information privacy: connected devices. Along with added VAPT security tests (detailed Security certification for Xerus Firmware available upon request)

Please supply any supportive quotes and/or case study materials to demonstrate the value of this product/solution to your customers/partners.

• Instant addressing and monitoring of new potential threats to the integrity of the Xerus Firmware code
• Dedicated Firmware team providing dedicated Firmware upgrades to any specific customer environment
• Detailed Linux library documentation for easy debugging and upgrades
• Best in class Firmware support environment for remote support and assessment
• Overall the most complete feature/function documentation and testing on the market (more than 25 years of constant development and testing)

For further information on Secure PX Intelligent PDUs, please visit: https://www.raritan.com/landing/pdu-rack-level-security

Nominator/Nominee details:
Company: Raritan, a brand of Legrand
Name: Edwin de Boer
Job Title: Senior Marketing Manager, EMEA
Telephone: +31 102844056
Email address: edwin.deboer@legrand.com
Website: www.raritan.com
Supporting Documents