Strengths: Makes managing IPsec connections across the enterprise easy. Performance; purpose-built for encryption
Weaknesses: Might be pricey in an enterprise deployment
Verdict: Great enterprise features. Purpose-built offering. Decent enterprise class solution that we make our Best Buy this month
The CipherOptics series of network encryption devices include CipherEngine Enforcement Points (CEPs) and combine with the CipherEngine policy and key management solution to encrypt traffic across a range of network types, sizes and topologies. CipherEngine acts as a transparent overlay that integrates easily into any existing network architecture, providing encryption rules and keys.
CipherEngine consists of a suite of tools that perform various tasks. CipherView is the network management component and is used to configure and manage the encryption appliances. The Management and Policy Server (MAP) is used for policy generation and management. You can use the MAP function to create polices for hub and spoke, mesh, Layer 3 point-to-point and multicast networks that require common keys to secure traffic between multiple nodes. Key Authority Point (KAP) is the key generation and distribution tool that is used with MAP generated policies. Policy Enforcement Points (PEPs) are the encryption appliances that enforce the security policies.
We tested using the CEP100 as our gateway and CipherEngine as our client. The gateway requires a serial connection to the initial configuration. Once you assign IP information the rest of the configuration is done through the web interface. The client was easy to install and use. The local key generation happens through a command-line window.
The product was designed to work on any topology and network and is typically deployed between the edge router and the switch. Supported Layer 2 topologies include point-to-point, hybrid, mesh and 802.1Q (VLAN) tagged links. Protection for Layer 3 includes multicast, broadcast and MPLS networks. High availability features such as multi-home and load balanced scenarios deliver enterprise class protections.
The solution works as an inline device that inspects every packet allowing for granular policy choices to encrypt, clear text or discard.
A decent feature is the ability to permit encryption of packet data, while leaving port and protocol information in the clear, allowing functionality such as port-based QoS, NAT, policy-based routing and NetFlow statistic collection to operate unimpeded after encryption.
Support on a 90-day basis is provided under the warranty period, and following this multiple support options are available for fees ranging from ten to 15 per cent of the list price.