Page 14 - cdm-2014
P. 14
This can be very difficult to set up and manage, especially as sites are added or removed. In
addition, IPsec VPN tunnels don’t support dual carrier environment or Layer 4 network services.
(See Layer 4 encryption below.)
A better Web: Secure Mesh Internet (SMI).
A secure mesh Internet encryption solution is a newer technology that replaces private, site-to-
site tunnels with any-to-any network connections over the Internet. It eliminates the need to
establish point-to-point tunnels between each pair of remote sites, freeing network
administrators for other tasks and improving network performance.
SMI is based on group encryption in which the encryption keys are centrally generated and
securely sent to the encryption appliances. This enables you to manage policy and key
distribution centrally instead of on a time-consuming, site-by-site basis, as is the case with
VPNs. SMI enables users to secure ”data in motion” in a way that is transparent to network
architectures and protocols. And, if users decide to migrate to the Internet from MLPS networks
using SMI, they won’t experience any service interruptions.
If you want to lower costs and increase throughput, consider an SMI solution. It will enable you
to quickly and easily set up a fully encrypted “mesh” that provides high-speed, secure, any-to-
any connectivity over any public (or private) network.
You can switch from expensive, private WAN links to inexpensive, public Internet connections
with much greater bandwidth. Plus, you’ll get a fully compliant solution that offers security via
encryption and on-going authentication.
Layer 4 encryption.
In addition to Layer 2 Ethernet frame encryptions and Layer 3 IP packet encryption, an SMI
solution offers a Layer 4 payload-only encryption option. Layer 4 encryption offers many
advantages, including:
• Ability to pass encrypted data through NAT devices. VPN tunnels, which encapsulate the
Layer 3 address, often don’t work with NAT.
• Compatibility with policy-based routing and load balancing that require Layer 3 addresses to
be intact.
• Layer 4 encryption leaves Layer 3 headers intact, making it possible to troubleshoot a network
without turning off encryption.
• Because headers are intact, data looks unencrypted, making it possible to use within countries
that restrict encrypted data.
The safe harbor clause and compliance.
! " $ !
! # ! "
