The CN6000 Series encryptors provide highly secure, full line-rate transparent encryption for data in transit across both dark fiber and metro / wide area Ethernet networks; in point-to-point, hub & spoke or meshed environments.
The CN6000 Series are rack-mounted, network encryptors for mission-critical applications; offering 1Gbps to 10Gbps bandwidth speeds. They are the optimal choice when you require:
- Efficient, investment-proof data encryption
- Multi-purpose, in-field upgradable and flexible hardware
- Choice of Common Criteria,and FIPS certifications
- Compact 1U form factor with advanced performance and power features.
The CN6000 Series encryptors include integrated support for KeySecure for Government, a centralized key management platform. KeySecure for Government provides simple and secure encryption key management across the entire lifecycle; including key generation, storage, distribution and deletion.
CN6000 Series Encryptors from Thales CPl are available for sale to the U.S. Federal Government exclusively through Thales TCT.
- CN6100 10 Gbps Network Encryptor: Market-leading encryptor, offering variable-speed licenses up to 10 Gbps.
- CN6140 Multi-link Encryptor: Multi-port (1 or 10 Gbps), high-assurance encryptor designed to provide up to 40 Gbps (4×10), full line rate transparent encryption
- CN6010 Network Encryptor: Scalable Network encryptor with variable license speeds up to 1 Gbps.
Key Features
| Model | CN6010 | CN6100 | CN6140 |
|---|---|---|---|
| Maximum Speed | 1Gbps | 10Gbps | 40Gbps |
| Ethernet point-to-point, hub & spoke, mesh full-duplex encryption | ✓ | ✓ | ✓ |
| Protocol and application transparent | ✓ | ✓ | ✓ |
| DoDIN APL | ✓ | ✓ | Pending |
| FIPS 140-2 L3 certified | ✓ | ✓ | Pending |
| Low overhead full duplex line-rate encryption | ✓ | ✓ | ✓ |
| Ultra-low latency for high performance | ✓ | ✓ | ✓ |
| Support for external (X.509v3) CAs | ✓ | ✓ | ✓ |
| Robust AES encryption algorithm | ✓ | ✓ | ✓ |
| CRL and OCSP server support | ✓ | ✓ | ✓ |
| Automatic key management | ✓ | ✓ | ✓ |
| Flexible encryption policy engine | ✓ | ✓ | ✓ |
| Encrypts Unicast, Multicast and Broadcast traffic | ✓ | ✓ | ✓ |
| Network interfaces | RJ45 SFP | XFP | SFP |
| Policy based on MAC address or VLAN ID | ✓ | ✓ | ✓ |
| Support for Jumbo frames | ✓ | ✓ | ✓ |
| Self-healing key management in the event of network outages | ✓ | ✓ | ✓ |
| Per packet confidentiality and integrity with AES-GCM encryption* | ✓ | ✓ | ✓ |
| Fibre Channel point-point encryption | N/A | N/A | N/A |
| Automatic network discovery and connection establishment | ✓ | ✓ | ✓ |
| Centralized configuration and management using CM7 and SMC | ✓ | ✓ | ✓ |
| AES 128 or 256 bit keys | 128/256 | 128/256 | 128/256 |
| Remote management using SNMPv3 (in-band and out-of-band) | ✓ | ✓ | ✓ |
| Encryption modes | CFB CTR GCM |
CFB CTR GCM |
CFB CTR GCM |
| FPGA based cut-through architecture | ✓ | ✓ | ✓ |
| Tamper resistant and evident enclosure | ✓ | ✓ | ✓ |
| Anti-probing barriers | ✓ | ✓ | ✓ |
| Dual swappable AC or DC power supplies | ✓ | ✓ | ✓ |
| Flexible encryption policy engine | ✓ | ✓ | ✓ |
| User replaceable fans and battery module | ✓ | ✓ | ✓ |
| Fully interoperable with related CN/CS models | ✓ | ✓ | ✓ |
| Transport Independent Mode | ✓ | ✓ | ✓ |
