Sie sind auf Seite 1von 2

DATASHEET

DATASHEET vCEP: Virtual Certes Enforcement Point Multilayer Encryption Virtual Appliance PRODUCT OVERVIEW Scalable Group

vCEP: Virtual Certes Enforcement Point

Multilayer Encryption Virtual Appliance

PRODUCT OVERVIEW

Multilayer Encryption Virtual Appliance PRODUCT OVERVIEW Scalable Group Encryption Protection without Gaps Control of

Scalable Group Encryption

Protection

without Gaps

Control of

the Keys

Regulatory

Compliance

Cryptographic

Isolation from

other Tenants

Simplify Migration to the Cloud

Physical CEP interoperability

Multi-layer

Encryption

Central

Management

The vCEP is a virtual encryption appliance that enables sensitive data to be secured in Cloud and virtualized environments. Based on Certes’ award-winning CryptoFlow technology, the vCEP operates on market-leading commercial and open-source hypervisors and Network Function Virtualization deployments. The vCEP provides data condentiality and integrity checking for sensitive data in motion across any network infrastructure. The solution permits the enterprise data owner to manage encryption keys and control encryption policies without exposing encryption keys to the infrastructure or service provider.

The vCEP uses proven Certes TrustNet group encryption technology to provide scalable network encryption without tunnels. The vCEP protects one or more virtual servers by enforcing the encryption and isolation policies specied in Certes TrustNet Manager™ (the centralized key and policy management system for TrustNet appliances). TrustNet Manager is designed for automated policy provisioning and integration with cloud operating environments.

THE VCEP PROVIDES:

Scalable Group Encryption – Full-mesh network encryption without tunnels

Protection without Gaps – Encrypt network trac between virtual servers with no unprotected gaps

Control of the Keys – Control the encryption keys and policies without sharing the keys with the cloud or virtualization provider.

Regulatory Compliance – Logging and auditing to satisfy regulators and prove that encryption is enabled.

Cryptographic Isolation from other Tenants – Persistent authentication prevents network-based attacks from other tenants in shared networks or multi-tenant cloud environments.

Simplify Migration to the Cloud - Tenant VMs run in the cloud without changes:

no software or drivers need to be loaded and no hypervisor modications are required.

Physical CEP interoperability – Use a combination of physical and virtual Certes Enforcement Point (CEP) appliances to protect both physical data center networks and virtualized cloud networks.

Multi-layer Encryption – Safeguard any network: local area networks (LANs), wide area networks (WANs), and private, hybrid, public or community IaaS cloud networks.

Central Management – Manage network encryption quickly and easily from a centralized web-based interface.

PERFORMANCE

Up to 570 Mbps for 1024 Byte packets of encrypted and authenticated trac using AES- 256 encryption *

Encryption Acceleration using AES-NI Instructions

Multi-CPU/Multi-core Support

* Actual performance may vary depending on the network trac and system conguration. Performance results were observed using a Dell PowerEdge R210 server that cost less than $1500 (3.4 GHz Quad- core Xeon processor with AES-NI support and GigE NICs) running ESXi 5.0 Update 1.

vCEP: Virtual Certes Enforcement Point

vCEP: Virtual Certes Enforcement Point DATASHEET Multilayer Encryption Virtual Appliance SECURITY ■ Encryption: AES-CBC

DATASHEET

Multilayer Encryption Virtual Appliance

SECURITY

Encryption: AES-CBC (256 bit) (FIPS 197), Triple-DES-CBC (168 bit) (NIST 800-67)

Authentication (Message Integrity): HMAC-SHA-256-96

(FIPS 180-3, FIPS 198)

Signature generation and verication: ANSI X9.31, RSASSA-PS, RSASSA-PKCS v1.5, DSA FIPS 186-2

Management session authentication: RSA, DSS

Automatic or manually triggered hitless key rotation

Group keying with TrustNet Manager SSL/TLS (bilateral authentication) based on certicates

Certicate revocation: OCSP (RFC 2560), CRL (RFC 5280)

IPSec (RFC 2401) for Layer 3 encryption

NETWORK SUPPORT

MANAGEMENT COMMUNICATION SECURITY OPTIONS

X.509 v3 digital certicates

TLS (full bilateral authentication)

SSH

IKE/IPsec

SYSTEM REQUIREMENTS

CPU: x86 architectures

Hypervisor: operates on VMware or Linux-based hypervisors (contact Certes for details on supported versions and distributions)

Memory (RAM): 128 MB (minimum)

Hard Drive Space (footprint): 2 GB (minimum)

Ethernet

INTERFACES

VLAN tag preservation

MPLS tag preservation

IPv4

IPv6 (Layer 2 Ethernet encryption mode)

Secure NTP

POLICY SELECTOR OPTIONS

Virtual network interface to the local trusted network

Virtual network interface to the external untrusted network

Virtual management interface (out of band)

May be bridged to the Local interface for in-band management

vNetwork Standard Switch (VSS) compatible

Source or destination IP address

Source or destination port number

Protocol ID (L3 and L4 options)

VLAN ID (L2 option)

Multicast address

L4 options) ■ VLAN ID (L2 option) ■ Multicast address TRANSFORMS ■ Certes Networks ESP Tunnel
L4 options) ■ VLAN ID (L2 option) ■ Multicast address TRANSFORMS ■ Certes Networks ESP Tunnel
L4 options) ■ VLAN ID (L2 option) ■ Multicast address TRANSFORMS ■ Certes Networks ESP Tunnel
L4 options) ■ VLAN ID (L2 option) ■ Multicast address TRANSFORMS ■ Certes Networks ESP Tunnel

TRANSFORMS

Certes Networks ESP Tunnel Mode (header preservation option)

Certes Networks ESP Transport Mode (L4 option)

Certes Networks Ethernet ESP Mode

DEVICE MANAGEMENT

TrustNet Manager

Command Line Interface

Out-of-band management

SNMPv2c and SNMPv3 managed object support

Alarm condition detection and reporting (traps and SNMP alarm table)

Syslog support

Audit Log

About Certes Networks

Certes Networks protects data in motion. The company’s award-winning CryptoFlow™ Solutions safeguard data trac in physical, virtual and Cloud environments, enabling secure connectivity over any infrastructure without compromising network device or application performance. Companies around the world rely on network encryption products from Certes Networks to protect data, accelerate application deployment, simplify network projects, reduce compliance costs, and improve the return on investment in IT infrastructure.

For more information visit CertesNetworks.com

Global Headquarters 300 Corporate Center Drive, Suite 140 Pittsburgh, PA 15108 USA Tel: +1 (888) 833-1142 Fax: +1 (412) 262-2574 CertesNetworks.com

North America Sales sales@certesnetworks.com

Government Sales sales@certesnetworks.com

Asia-Pacific Sales apac@certesnetworks.com

Central & Latin America Sales sales@certesnetworks.com

Europe, Middle East and Africa Sales emea@certesnetworks.com V1-01-29-2015
Europe, Middle East
and Africa Sales
emea@certesnetworks.com
V1-01-29-2015