Skip Navigation

CV1000 – The Industry’s First Hardened Virtual Encryptor

As the industry’s first crypto-agile Network Function Virtualization (NFV) encryption solution, the CV1000 is designed for for extended WANs and SD-WANs. The CV1000 protects data-in-motion across high speed Carrier WAN links up to 5 Gbps. The CV1000 from Thales CPL is available for sale to U.S. Federal Government exclusively through Thales TCT.  


Virtualized encryption functions provide the scalability, simplicity, flexibility, and cost-efficiencies demanded by IT and data networks managers. The CV1000 offers organizations an operational and expense friendly alternative to using a hardware appliance for securing data in motion across networks and meeting security and compliance requirements.

By using a virtual encryptor instead of a hardware appliance, organizations can remotely scale up network encryption to meet increased capacity demands or quickly make policy changes across multiple networks, while eliminating the cost for additional rack space.

  • Benefits


    Instant scalability means it may be deployed rapidly across hundreds of network links, providing robust encryption protection for data-in-motion. Designed to match flexibility and scalability of other Virtual Network Functions (VNFs), such as virtual routers, switches and firewalls, the CV1000 is completely transparent to the network; making it the ideal solution to secure your WAN or SD-WAN, right to the virtual edge.


    The CV1000 is the first high speed encryptor to offer Transport Independent Mode. It is network layer independent (Layer 2, Layer 3, and Layer 4) and protocol agnostic. By supporting Layer 3, the CV1000 offers network operators more configuration options using TCP/IP routing for securing critical data. Because it’s software-controlled, the CV1000 enables greater flexibility and responsiveness in network architecture, as well as opportunities to expand the network scale quickly.


    The CV1000 protects network communications at speeds of up to 5 Gbps encrypted bandwidth, when optimized in the network. The CV1000 leverages the SafeNet CN Series Ethernet encryptor platform, to maximize available bandwidth and minimize latency. Importantly, the CV1000 is transport layer agnostic and enables concurrent multi-layer encryption, making it an ideal solution for extended virtualized network security.

    Trusted Security

    The CV1000 offers best-in-class high-assurance encryption solutions, providing maximum security and performance. Designed to meet FIPS requirements, the CV1000 supports standards based, end-to-end authenticated encryption, automatic key management, and utilizes robust AES 256-bit algorithms.

    With integrated support for KeySecure for Government (a centralized cryptographic key management solution), the CV1000 provides optimum security for the storage of master keys, the integrity of critical security policies and the source of entropy (randomness) for cryptographic key generation

  • Tech Specs
    Virtual Network Function (VNF) - Hosting Guide
    Network data encryptor type Virtualized Network Encryption Solution (Layer 2-4), hosted on x86 platform
    Bandwidth / performance >1Gbps. Up to 5Gbps subject to host and DPDK (acceleration) configuration.
    Customer environment and performance CV1000 is customer host and target specific - performance dependent upon customer targets, environment and platform
    Virtual appliance - Host: hardware requirements Host hardware agnostic - x86 Recommended:
    • 256 Mb RAM
    • 500 Mb Virtual Disk Storage
    • Multi-core
    Appliance - Host CPU requirements Compatible with all types
    Hypervisor support VMware, KVM, Microsoft Hyper-V. Other platforms may be supported.
    Functional Specifications
    Supported topologies Point-to-point, hub and spoke, fully meshed
    Interoperability Fully interoperable with all SafeNet High Speed Encryptor CN Series hardware encryptors
    Maximum number of connections 500+
    Encryption algorithms Symmetric Cryptography:Symmetric Cryptography:
    • AES-128/256 (CFB or CTR modes)
    Asymmetric cryptography:
    • ECC-512
    • RSA-2048
    Policy based encryption
    • MAC address
    • VLAN ID
    Crypto-agility Support for custom curves, custom algorithms and entropy
    Authentication Certificate based (X.509)
    In-band/out-of-band management Console Command Line Interface (CLI)
    • SSH
    • TACACS+
    • SNMPv3
    Virtualized network interfaces Three para-Virtualized (virtio/vmxnet3) NICs:
    • Eth0 Management port
    • Eth1 Local port
    • Eth2 Network port
    Virtualized hosting environment Supports:VMware, KVM/QEMU, Hyper-V, Virtual Box, Intel DPDK
    Cloud management platform Supports:OpenStack
    CV1000 management application SafeNet Encryptor Manager CM7 Included; SafeNet Security Management Center (SMC)
    Centralized key server support Customer determined optional support for KeySecure for Government- centralized cryptographic key management solution (master key security and random number generation)
    Licensing CV1000 software Flexible model choice:
    • Perpetual
    • Subscription
    Excludes host hardware and hypervisor Simple certificate based licensing model
  • Features
    Trusted Security
    • Optimizes concurrent multi-layer network traffic encryption across Layer 2, 3, and 4
    • Flexible, cost-effective way to encrypt all the way to the virtual edge
    Customer Benefits
    • Agile, scalable solution, highly responsive to changes in IT and business needs
    • Near-zero overhead
    • At least 10 times more affordable than hardware-based appliances
    Scalable and Simple
    • Point to Point, Hub and Spoke, and  Full Mesh
    • Instant scalability to match the scale and flexibility of their Software Defined Networks Ethernet Services
    • Ease of deployment with centralized, ‘zero-touch’
  • Resources
    CV1000 Virtual Encryptor Product Brief
    Product overview with technical features and specifications.

    Download Now

    CV1000 Virtual Encryptor Data Sheet
    Detailed look into the CV1000 featuring use cases, product benefits, and more.

    Download Now

    Best Practices for Securing Network Function Virtualization Environment
    Detailed look at the unique security implications of adopting NFV approaches, and it provides a number of best practices to employ to ensure sensitive data and transmissions remain secure in these environments.

    Download Now

    CV1000 Infographic
    Key CV1000 highlights.

    Download Now

Download a free trial of the CV1000 Virtual Network Encryptor with a complementary 90 day evaluation license.

Request Download

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.