CN8000 Multilink Encryption
SWISS QUANTUM SECURITY
Centauris CN8000 multi-link encryptors are designed for quantum-safe data protection of traffic on large-scale data networks; the CN8000 encrypts up to 10 x 10Gbps (100Gbps) of Ethernet or Fibre Channel layer 2 network traffic with no overhead and minimum latency.
- Data Center Interconnect encryption
- Data Recovery Center encryption
- Storage Area Network encryption
- LAN and MAN encryption
- Fully meshed wide area network encryption
- Multi-tenancy encryption for MSPs
For more details, download the applications datasheet.
The CN8000 harnesses the power of quantum mechanics to help ensure secure communications – the encryption keys are generated by IDQ’s Quantum Random Number Generator to guarantee inherent and provable randomness. The CN8000 can also be upgraded to be quantum-safe via the Cerberis QKD Server (quantum cryptography) to ensure long-term protection of the data in transit.
Centauris CN8000 encryptors are modular by design; ensuring maximum cost-effectiveness, flexibility and scalability. Each encryption chassis can hold up to 10 encryption cards, supporting diverse protocols such as Ethernet & Fibre Channel. The encryption is transparent to other network equipment , so it is ideal for multilink encryption or to secure multi-protocol infrastructures without having to change the architecture, or during network migrations.
It also guarantees flexibility for multi-vendor networks as well as future network evolution. Point-to-point and multipoint wire-speed encryption with ultra-low latency and full bandwidth is made possible by operating at the layer 2 of the OSI model. The CN8000 offers network manageability and 100Gbps performance without sacrificing security. The products are designed for CC-EAL4 and FIPS 140-2 level 3 certification.
A multi-tenancy management model allows each encryption card to be certified and managed individually by a different enterprise or government department. This allows best-practice separation of duties between network and security teams on the level of the encryption chassis level, or on the level of each encryption card. This allows easy management and new revenue streams for Managed Service Providers, while ensuring crypto separation and security for the users.
The CN8000 is Swiss-made for high security, with robust anti-tamper measures and physical protection. High-quality encryption keys are generated by IDQ’s quantum random number generator (Quantis), which ensures that the keys are truly random with high entropy. The CN8000 can also be upgraded to use quantum keys from IDQ’s Quantum Key Distribution server for long-term data protection.
State-of-the-art key management ensures seamless and automated security with no manual intervention required. Advanced security features also include granular policy management and separation of duties on a per-card and per-device level. This enables different encryption cards to be used in a multi-tenancy environment, for example, with crypto separation between different clients in a data center or different divisions within the same organisation.
Centauris encryptors work in point-to-point modes for Ethernet and Fibre Channel, and point-to-multipoint and fully meshed multipoint modes for Ethernet, supporting the encryption of unicast, broadcast and multicast communications. All encryptors in the Centauris family are compatible, allowing for example one encryption card in the CN8000 to be connected in a meshed network to multiple other dedicated Centauris encryptors in a campus or wide area network.
Advanced Group Key Encryption ensures easy management of such multipoint environments, with separate keys able to be attributed to different VLANs or MAC addresses. The Centauris platform may be provisioned and managed locally or remotely through a secure management interface, CypherManager, with easy upgrade and diagnostic capabilities. Logs and alerts can be integrated seamlessly into standard SIEM or network monitoring platforms.
The Centauris CN8000 encryptor work across point-to-point, point-to-multipoint and fully-meshed network topologies.
POINT TO POINT
Centauris encryptors work in point to point mode for high performance data center interconnection, LAN extension or metropolitan backbone connection. Each encryption card in the CN8000 supports Ethernet up to 10Gbps, with native Fibre Channel support up to 8Gbps under development. Fully loaded the CN8000 support 100Gbps of Ethernet traffic. Protocols such as Ethernet over-IP are also supported.
Different encryption cards may be used for different agencies or division within the same organisation for crypto-separation in multi-tenancy environments.
POINT-TO-MULTIPOINT AND FULLY MESHED
The CN8000 Ethernet encryption cards can also secure multipoint networks across a transparent LAN service (carrier Ethernet service or layer 2 MPLS service). Both hub & spoke and fully meshed topologies are supported. Different Centauris devices of different bandwidths may be used simultaneously in a network (eg. a 10Gbps CN8000 card at the HQ connected to several 1Gbps or 100Mbps dedicated encryptors in the field).
- Unicast, Multicast or Broadcast traffic encryption
- Support of Encrypt, Discard or Bypass modes
- Support of Jumbo frames
- Supports 256 VLANs (802.1Q)
- Automatic discovery of multicast encryption groups
- Automatic aging/deletion of inactive groups
- Secure distribution and updates of keys to all members of multicast groups
- Fault tolerance to network outages and topology changes
- Remote management through secured SNMPv3 connection
Features & Benefits
High-performance, state-of-the-art Swiss Quantum security; reducing the cost of company-wide data encryption.
Reduces costs for large-scale data encryption
- Provides 100Gbps encryption performance cost effectively at a fraction of the cost of multiple dedicated encryptors
- Allows companies to encrypt all their data on a company wide level through interoperability with other Centauris encryptors
- Allows the scalability to evolve with the network through adding additional encryption cards
Transparent to Network and Applications
- 100% bandwidth available, with no encryption overhead
- Easy installation into existing network architectures without expensive network equipment upgrades required
- Low cost maintenance (“set and forget”)
- Infrastructure neutral: compatible with underlying networking equipment regardless of vendor
- Support for point-to-point, hub & spoke and fully meshed Ethernet architectures with unicast, broadcast and multicast encryption
High-Performance Scalable Encryption
- Encrypted throughput up to 100Gbps with latency as low as 7 microseconds per link
- Bump-in-the-wire layer 2 encryption does not affect latency sensitive applications
- Ability to upgrade to higher bandwidths through software licenses for network scalability
- Encrypts all network protocols for extra security
State-of-the-Art Swiss Quantum-Safe Security
- Swiss manufactured for high security
- Quantum-safe for long-term data protection; provides future-proof encryption which can be upgraded to Quantum Cryptography (QKD) to withstand quantum computers (selected encryptors)
- High quality encryption keys generated through IDQ’s quantum True Random Number Generator
- Able to upgrade point-to-point networks to Quantum Key Distribution (QKD) for extra security level
- Group key management to ensure secure, scalable and efficient management of multipoint architectures
- Support for internal and external Certificate Authority
- Highly resilient group key management, designed for automatic resilience to network outages and topology changes
- Secure key exchange with automatic and seamless key change and refresh
- Leading standards-based encryption – 256-bit AES
- Built for security with FIPS-grade tamper proofing and physical protections
Advanced Management Tools
- Easy policy configuration and efficient & secure daily management through centralized intuitive GUI, with minimal maintenance requirements
- Management tools allow easy implementation and monitoring of best-practice security policies (such as Separation of Duties, etc)
- Local CLI management option