Category:
Firewalls, Virtual Private Networks (VPN), Encryption
Modification:
Hardware
Operating system/
platform:
Linux

The ViPNet Coordinator VA virtual appliance is a versatile security gateway for deploying on a virtualization platform. It provides secure access to virtualized data centers in dynamic cloud environment, protecting against network attacks and unauthorized access. The virtual appliance can be seamlessly integrated into an existing infrastructure. It satisfies the most severe requirements on functionality, usability, reliability, and fault tolerance.

ViPNet Coordinator VA is a virtual appliance version of the ViPNet Coordinator HW hardware appliance. It runs inside a hypervisor in a virtual host.

ViPNet Coordinator VA Web Access for configuring security options


Use Cases

ViPNet Coordinator VA, together with other ViPNet VPN products, provides effective implementation of many data protection user scenarios:

  • Establishing secure communication channels between different offices of a company (site-to-site and multi-site-to-site)
  • Protected access for remote and mobile users
  • Protecting backbone links between data centers
  • Protecting wireless networks
  • Protecting multiservice networks (including IP telephony and videoconferencing)
  • Data access control in LANs
  • Secure controlled access to the Internet
  • And any combinations of the above-mentioned scenarios

Advantages

Virtualization technology offers more freedom as you do need to solve any compatibility issues with other vendors´ operating systems and applications, virtual appliance implementation does not affect your business processes. The virtual appliance is pre-installed on an adapted Linux OS and can be deployed on various virtualization platforms.

And also:

  • No license restrictions for the concurrent VPN connections through ViPNet Coordinator for Windows
  • Fully compatible with modern network services:
    • DHCP, WINS, DNS services
    • Dynamic address translation (NAT, PAT)
    • Multimedia protocols (SIP, H323, SCCP, and others)
  • Failover cluster enhances fault-tolerance

Form factor

OVA image

Secure remote management

Centralized management

ViPNet Administrator or ViPNet Network Manager

Remote access

Web interface, command line interface

Security features

VPN gateway

Provides site-to-site and client-to-site encrypted connections.

L2VPN gateway (L2overIP technology)

Allows you to establish encrypted connection between sites in a common broadcast domain.

Layer 3 Stateful Inspection Firewall

Provides filtering of public and VPN traffic by IP, VPN ID, TCP/UDP ports, and type of the over-IP protocol.

IP server

Provides for connectivity between the VPN hosts. this is based on a proprietary ViPNet dynamic routing protocol, which is used by the hosts to notify each other about their access parameters.

VPN router

Encrypted traffic is routed based on the ViPNet host identifiers specified in the unencrypted part of IP packets, which is protected against falsification. The routing is performed over a proprietary protocol designed for secure dynamic routing of traffic. Along with the routing, network address translation (NAT) is performed for encrypted traffic. All forward encrypted packets that are received by a coordinator are sent to other hosts with the coordinator’s IP address as their source IP address.

Transport server

Provides for:

  • The delivery of key updates and software upgrades to the hosts
  • The mail exchange via a corporate secure mail client ViPNet Business Mail
  • The secure exchange of files via the File Exchange program

Integrated Services

VA100

VA500

VA1000

VA2000

DNS, NTP, DHCP server

+

+

+

+

DHCP relay

+

+

+

+

IPsec gateway

+

+

-

-

Failover cluster

+

+

+

+

Virtual Environment Requirements

Virtualization platforms

Recommended version

VMware vSphere 5.x

5.5.0

Oracle VM Virtualbox 4.x

4.3.28

More to come…

 

Parameters*

ViPNet Coordinator VA modification

VA100

VA500

VA1000

VA2000

Firewall throughput, Mbit/s

100

650

800

2000

Max number of concurrent sessions

150.000

500.000

1.000.000

3.000.000

VPN throughput, Mbit/s

100

500

950

2.400

* Testing was done on the Intel® Xeon® CPU ES-2630 with 2.4 GHz processors. Each value was obtained in a separate performance test.