FIPS 140-2 Validated Network Encryptors

FIPS 140-2 Validated Network Encryptors

The Certes Enforcement Points (CEPs) are FIPS 140-2 Level 2 validated encryption appliances designed for government networks. The hardware-accelerated CEP appliances provide low-latency, tunnel-less encryption and persistent authentication for:

• Ethernet frame encryption over Layer 2 networks
• IP packet encryption over Layer 3 networks
• Data payloads over MPLS networks

The CEPs are available in three FIPS 140-2 validated models, offering full-duplex wire-speed AES 256-bit encryption at 10Mbps, 100Mbps or 1Gbps speeds. The CEPs integrate easily into any existing network without the need for infrastructure changes or router upgrades. Ideal for government networks, the units provide transparent network encryption without compromising network availability, application performance or operational visibility.

Certes Networks' low-latency encryption appliances are deployed on dozens of national and local government networks and are protecting data for the United States Social Security Administration, Department of Energy, Department of Agriculture, Coast Guard, Army, and Navy. Certes Networks CEPs are available through GSA Schedule 70 purchasing contract (GSA schedule GS-35F-0131R).

CEPs are centrally configured and managed through Certes TrustNet Manager, our web-based management platform that simplifies security management through a simple yet powerful drag and drop policy builder. With role-based access, security administrators can retain control of network security, while outsource the management of encryption appliances to the networking team or managed service provider.

This powerful suite of security management applications provides organizations the ability to secure networks, achieve regulatory compliance, and reduce the cost of deploying, managing and maintaining the encrypted network.

To learn more about our FIPS 140-2 validated encryptors or for pricing information, contact us at 1-888-833-1142 or feel free to ask us a question.

Customer Training Videos
A comprehensive set of training videos designed to demonstrate everything you need to know to successfully deploy a Certes Networks encryption solution into your network.

Online Training Videos

Learn More:
VSE Datasheet
10G Datasheet

Related Information
TrustNet Difference
Certes TrustNet Manager Whitepaper
Group Encryption Whitepaper
Layer 4 Encryption Test Results

Tech Specs

Throughput

• CEP10 VSE: Choice of 3 Mbps, 6Mbps, 10Mbps, 25Mbps, or 50Mbps encrypted throughput
• CEP100 VSE: Choice of 25Mbps, 50Mbps, 100Mbps, 155Mbps, or 250Mbps encrypted throughput
• CEP1000 VSE: Choice of 100Mbps, 155Mbps, 250Mbps, 500Mbps, 650Mbps, or 1Gbps encrypted throughput
• CEP10G VSE: Choice of 500Mbps, 650Mbps, 1Gbps, 2.5Gbps, 5Gbps, or 10Gbps encrypted throughput

Encryption Support

• AES: (256 bit keys) CBC mode
• 3 DES

Authentication and Integrity

• HMAC-SHA-1-96
• HMAC-MD5

Network Support

• Ethernet
• VLAN tag preservation
• MPLS tag preservation
• IPv4
• IPv6 (Layer 2 Ethernet encryption mode)
• NTP

Policy Selector Options

• Source or destination IP address
• Source or destination port number
• Protocol ID (Layer 3 IP packet and Layer 4 payload options)
• VLAN ID (Layer 2 Ethernet encryption option)
• Multicast address

Transforms

• Certes Networks Encapsulated Security Payload (ESP) Tunnel mode with header preservation option
• Certes Networks Encapsulated Security Payload (ESP) Transport mode (L4 option)
• Certes Networks Ethernet Encapsulated Security Payload (L2 option)

Device Management

• TrustNet
• Out-of-band management
• Alarm condition detection and reporting
• Syslog support
• SNMPv2c and SNMPv3 managed object support
• Audit Log
• Management access using X.509 v3 digital certificates

Management Communication Security Options

• TLS (full authentication)
• SSH
• IKE/IPsec

Physical
CEP10 VSE

• 1U tamper evident chassis
• Dimensions 1.6"H x 8.0"W x 5.8"D
• Rack mountable in standard 19" rack or can be used as desktop
• External Power Adapter: 100-240V A/C @ 1.5A, 50/60Hz, out-put 12V D/C,5A max (60W max)
• Thermal: In-rush 102 BTU/hr, Steady-state 102 BTU/hr
• Nominal input current: 0.25A
• Weight: 3 lbs as rackmount; 1 lb., 5 oz. as desktop

CEP100 VSE

• 1U tamper evident chassis
• Dimensions 1.75"H x 17"W x 10"D
• Rack mountable in standard 19" rack
• Power: 100-240V A/C @ 4A, 50/60Hz, auto-sensing
• Thermal: In-rush 380 BTU/hr, Steady-state 140 BTU/hr
• Nominal input current: 1.0A
• Weight: 6 lbs

CEP1000 VSE

• 1U tamper evident chassis
• Dimensions 1.75"H x 17"W x 15.5"D
• Rack mountable in standard 19" rack
• Power: 100-240V A/C @ 3 - 1.5A, 47-63Hz, auto-sensing
• Thermal, Single Power Supply: In-rush 266 BTU/hr, Steady-state 222 BTU/hr
• Thermal, Dual Power Supplies: In-rush 440 BTU/hr, Steady-state 263 BTU/hr
• Nominal input current: 0.65A @ 110V
• Weight: 10 lbs

CEP10G VSE

• 2U tamper resistant chassis
• Dimensions 3.5"H x 17"W x 15"D
• Rack mountable in standard 19" rack
• Power: 100-240V A/C @ 4A, 50/60Hz, auto-sensing
• Dual hot-swappable internal power supplies- AC or DC (-48V)
• Customer replaceable fan assemblies

Indicators

• Power
• Alarm
• LED Status

Interfaces
CEP10 VSE

• Data Interfaces: Two 10/100/1000 RJ45 Ethernet ports
• Management Interfaces: One 10/100 RJ45 Ethernet and one RS232 serial port
• Aux1 RJ45 port is for future use

CEP100 VSE

• Data Interfaces: Two 10/100/1000 Mbps RJ45 Ethernet ports
• Management Interfaces: One 10/100 RJ45 Ethernet and one RS232 serial port

CEP1000 VSE

• Data Interfaces: Two full-duplex Gigabit Ethernet ports with SFP interfaces (single mode, multimode or copper)
• Management Interfaces: One 10/100 RJ45 Ethernet and one RS232 serial port
• Management SFP port and Aux1 SFP port are for future use

CEP10G VSE

• Data Interfaces: Two full-duplex 10 Gigabit Ethernet ports with SFP+ interfaces (single mode, multimode or copper)
• Management Interfaces: One 10/100/1000 Ethernet RJ45 and one Gigabit Ethernet (SFP) and one RJ45 serial port
• Three full-duplex Gigabit Ethernet ports with RJ45 interfaces (single mode, multimode or copper) or three full-deplex 10/100/1000 Ethernet ports with RJ45 interfaces (reserved for future use)
• Two USB ports (reserved for future use)

Environmental

• Operating temperature: 0° to 40° C (32° to 104° F)
• EU WEEE
• EU RoHS-5

Regulatory

• Safety: UL 60950-1
• Emissions for CEP10 VSE: FCC part 15 subpart B class A
• Emissions for CEP100 VSE and CEP1000 VSE: FCC part 15 subpart B class B

Customer Training Videos
A comprehensive set of training videos designed to demonstrate everything you need to know to successfully deploy a Certes Networks encryption solution into your network.

Online Training Videos

Learn More:
VSE Datasheet
10G Datasheet

Related Information
TrustNet Difference
Certes TrustNet Manager Whitepaper
Group Encryption Whitepaper
Layer 4 Encryption Test Results

	CEP10 VSE	CEP100 VSE	CEP1000 VSE	CEP10G VSE
Deployment
Ideal for	Small/Remote Offices	Regional Offices	Large Enterprise / Data Centers	Large Campus / Data Center Network
Performance
Encrypted throughput range	3-50 Mbps	25-250 Mbps	100 Mbps - 1 Gbps	500 Mbps - 10 Gbps
Layer 2, 3, or 4 software programmable
Management
Certes TrustNet Manager
Out-of-band
Command Line Interface (CLI)
Encryption
AES-256
3DES
Authentication
Pre-shared Secrets
Digital Certificates
SHA-1-96
SHA-256-96
Network Support
Ethernet
VLAN Tag Preservation
MPLS Tag Preservation
IPv4
SNTP
Interfaces
Data Ports	2	2	2	2
Management	2	2	3	1
Auxiliary Ports	1	N/A	1	3
Physical
Rack Space	1U	1U	1U	2U
Certifications
FIPS 140-2 Level 2				May 2012

Customer Training Videos
A comprehensive set of training videos designed to demonstrate everything you need to know to successfully deploy a Certes Networks encryption solution into your network.

Online Training Videos

Learn More:
VSE Datasheet
10G Datasheet

Related Information
TrustNet Difference
Certes TrustNet Manager Whitepaper
Group Encryption Whitepaper
Layer 4 Encryption Test Results