Really, really secure VPN using a really secure OS. Great for highly confidential communications.
Complex and needs detailed knowledge of Trusted Solaris.
If highly confidential is your watchword, this is the one to go for. Just make sure you have a high IQ as well.
This product is built upon Sun's very secure Trusted Solaris 8 operating system, which has been used by the U.S. Department of Defense for over 25 years. It is a hardened version of the Solaris operating system platform for deployment of high-security desktops, database servers, firewalls, and communication gateways.
The basis of the software itself is a protocol called SKIP (simple key management for internet protocols), said to make it impervious to man-in-the-middle attacks, hijacks, identity spoofing or data injections.
Installing the software meant installing the secure OS. This can run on both Intel and Sparc platforms and the OS support literature gave details on both. Despite the complex and secure nature of the OS it was easy to install, as the manual ran through everything pretty logically. However, it is assumed that the systems administrator is familiar with the finer points of Solaris; without that prior knowledge one could be stuck. That said, things were looking hopeful and soon the OS was up and running ready for the next part of the installation process.
The Trusted Gateway software comes as a two-disk set, one for the software and the other for the documentation. These documents are exhaustive and give a lot of detail, which is necessary as the whole thing is quite complex to set up.
It is important to note here that it appears from the documentation that the software only runs on the Sparc version on the OS, but the Intel version is under development. The minimum hardware requirements are 64Mb of memory and 2Gb of disk space. As this is a highly specialized piece of software we would recommend having at least 1Gb of memory and 20Gb of disk space as quite a lot of traffic will be passing through.
The software works by setting up what the vendor calls a trusted VPN. Encryption is done at the IP layer, whereas they claim other products perform SSL encryption at the application layer. This is said to reduce the complexity of key management.
This software has been well put together but it is not for the faint-hearted. Despite the well laid-out documentation, it is a complex application running on top of a complex OS. Much configuration is needed, but you absolutely, positively have to have a top-secret or highly confidential network - accept no substitute. It is ideal for the organization that has to meet the highest privacy standards.