Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Solution Note 1G/10G Encryption for the Data Center Transparent, High-Speed Data Center Security Data Center security has become one of the highest network priorities as data thieves and crime rings seek to penetrate perimeter defenses through increasingly complex attack vectors with alarming success and devastating effects. The security imperative puts CIOs in the difficult position of having to secure Data Center traffic while at the same time meeting the ever-increasing performance requirements of high-speed applications and synchronous replication. Typical optical or circuit-based bulk encryption solutions do not perform authentication. This not only exposes the data to the risk of tampering by a man in the middle attack, but it also can be used to break the encryption and expose sensitive information. For information on why encryption without authentication is not secure download the following white paper at http://www.certesnetworks.com/newdocs/wp-authentication_form.html. Armed with the industry’s only multi-layer 10 Gigabit Encryptors and Certes TrustNet Manager™, you can achieve the highest level of data center security over any network with full line-rate encrypted performance up to 10Gbps - without the use of IPSec tunnels and without changing your network operations, visibility, or DR schemes. Header preservation makes secure traffic compatable with QoS and Application Monitoring Data Center Fully redundant Active Configuration supports load balancing 1Gbps/10Gbps WAN (DWDM, Carrier Ethernet, Dark Fiber, etc.) Line rate performance with microsecond delay DR Site Data Center Secure Disaster Recovery maintains compliant connectivity Typical CEP10G Data Center Deployment Scenario Variable Speed Encryption Provides Secure Investment Protection The CEP10G offers a range of encryption speeds based on software licenses using AES-256 encryption at speeds of 500 Hypervisor Mbps, 650 Mbps and 1, 2.5, 5 or 10 Gbps (full duplex), and the CEP1000 supports encrypted throughputPhysical from Server 100 Mbps up to 1 Gbps. This unique capability prevents you from overpaying for encrypted throughput because you can easily upgrade the licensed speed as your needs change and only pay the difference between your current and desired encrypted throughput. CEP1000 and CEP VSE family enables organizations to standardize on one platform for any large campus or data center network. The CEP10G integrates easily into any existing network while operating transparently in the network and ensuring all of your data transmissions are encrypted and authenticated. SN-10g-011813 Solution Note 1G/10G Encryption for the Data Center Purpose Built for High Speed Data Centers Encrypts and authenticates network traffic at wire speed Dual Hot-swappable power supplies & field-replaceable fans • From data centers to back up/DR sites • From HQ and Branches • Flexible pricing for 100Mbps, 155Mbps, 250Mbps, 500Mbps, 650Mbps, 1Gbps, • 2.5Gbps, 5Gbps, or 10Gbps encrypted throughput • Low Latency (Microseconds) Proven Certes Group Encryption Technology • Tunnel-less encryption is transparent to load balancing and HA architectures • Multi-layer capability allows layer 2, layer 3 or layer 4 based policies • Fully compatible with network monitoring, policy based routing and WAN optimization Standards Based Encryption • • • • • AES 256 encryption with automated key rotations Persistent authentication using SHA-256 hashing FIPS 140-2 Validated Common Criteria EAL4+ Jumbo Frame Support High Availability • • • • Management Aux 1 Aux 2 Aux 3 CEP10G VSE Remote Local 10G 10G Dual Hot-swappable AC or DC power supplies Dual hot-swappable power supplies AC or DC power Field-replaceable fan trays (CEP10G) Fully redundant active-active operation Management Aux 1 Remote Local 1G 1G Central Policy Management The CEP10G and CEP1000 can be configured and centrally managed via the Certes TrustNet Manager™. TrustNet Manager allows both security and network administrators to quickly and easily manage network security from a centralized interface with simple yet powerful drag and drop policy creation capability. Encryption policies can be based on source or destination IP addresses, source or destination port numbers, protocol IDs, or VLAN tags. Policies can be quickly and easily modified in seconds on even the largest networks, without traffic disruptions or interaction with remote personnel. TrustNet Manager also provides logging and audit mechanisms to meet or exceed compliance and audit requirements. Layer 2 Encryption The CEP10G and CEP1000 provides wire-speed encryption at Layer 2. This allows synchronous replication among data centers using a 10 GigE on 1 GigE connection across dark fiber or private circuits. The solution provides both encryption and authentication which is essential for secure communications. In addition to Layer 2 Ethernet, the CEP10G can encrypt multiservice MPLS traffic while keeping the MPLS labels in the clear. Layer 3/4 Encryption In addition to Layer 2 encryption, the CEP10G and CEP1000 also provide standard IPsec encryption, (which encrypts the Layer 4 header) and a unique Layer 4 compatible “payload only” encryption. This unique, patent-pending capability allows network services, such as Netflow/Jflow, and Class of Service (CoS) based traffic shaping, to be maintained through the service provider network while the payload itself is encrypted. Global Headquarters 300 Corporate Center Dr., Suite 140 Pittsburgh, PA 15108 Tel: +1 (888) 833-1142 Fax: +1 (412) 262-2574 www.CertesNetworks.com North America Sales [email protected] Asia-Pacific Sales [email protected] Government Sales [email protected] Central & Latin America Sales [email protected] Europe, Middle East and Africa Sales [email protected] SN-10g-011813