The CN6000 Series encryptors provide highly secure, full line-rate transparent encryption for data in transit across both dark fiber and metro / wide area Ethernet networks; in point-to-point, hub & spoke or meshed environments.
The CN6000 Series are rack-mounted, network encryptors for mission-critical applications; offering 1Gbps to 10Gbps bandwidth speeds. They are the optimal choice when you require:
- Efficient, investment-proof data encryption
- Multi-purpose, in-field upgradable and flexible hardware
- Choice of Common Criteria,and FIPS certifications
- Compact 1U form factor with advanced performance and power features.
The CN6000 Series encryptors include integrated support for KeySecure for Government, a centralized key management platform. KeySecure for Government provides simple and secure encryption key management across the entire lifecycle; including key generation, storage, distribution and deletion.
CN6000 Series Encryptors from Thales CPl are available for sale to the U.S. Federal Government exclusively through Thales TCT.
- CN6100 10 Gbps Network Encryptor: Market-leading encryptor, offering variable-speed licenses up to 10 Gbps.
- CN6140 Multi-link Encryptor: Multi-port (1 or 10 Gbps), high-assurance encryptor designed to provide up to 40 Gbps (4×10), full line rate transparent encryption
- CN6010 Network Encryptor: Scalable Network encryptor with variable license speeds up to 1 Gbps.
Key Features
Model | CN6010 | CN6100 | CN6140 |
---|---|---|---|
Maximum Speed | 1Gbps | 10Gbps | 40Gbps |
Ethernet point-to-point, hub & spoke, mesh full-duplex encryption | ✓ | ✓ | ✓ |
Protocol and application transparent | ✓ | ✓ | ✓ |
DoDIN APL | ✓ | ✓ | Pending |
FIPS 140-2 L3 certified | ✓ | ✓ | Pending |
Low overhead full duplex line-rate encryption | ✓ | ✓ | ✓ |
Ultra-low latency for high performance | ✓ | ✓ | ✓ |
Support for external (X.509v3) CAs | ✓ | ✓ | ✓ |
Robust AES encryption algorithm | ✓ | ✓ | ✓ |
CRL and OCSP server support | ✓ | ✓ | ✓ |
Automatic key management | ✓ | ✓ | ✓ |
Flexible encryption policy engine | ✓ | ✓ | ✓ |
Encrypts Unicast, Multicast and Broadcast traffic | ✓ | ✓ | ✓ |
Network interfaces | RJ45 SFP | XFP | SFP |
Policy based on MAC address or VLAN ID | ✓ | ✓ | ✓ |
Support for Jumbo frames | ✓ | ✓ | ✓ |
Self-healing key management in the event of network outages | ✓ | ✓ | ✓ |
Per packet confidentiality and integrity with AES-GCM encryption* | ✓ | ✓ | ✓ |
Fibre Channel point-point encryption | N/A | N/A | N/A |
Automatic network discovery and connection establishment | ✓ | ✓ | ✓ |
Centralized configuration and management using CM7 and SMC | ✓ | ✓ | ✓ |
AES 128 or 256 bit keys | 128/256 | 128/256 | 128/256 |
Remote management using SNMPv3 (in-band and out-of-band) | ✓ | ✓ | ✓ |
Encryption modes | CFB CTR GCM |
CFB CTR GCM |
CFB CTR GCM |
FPGA based cut-through architecture | ✓ | ✓ | ✓ |
Tamper resistant and evident enclosure | ✓ | ✓ | ✓ |
Anti-probing barriers | ✓ | ✓ | ✓ |
Dual swappable AC or DC power supplies | ✓ | ✓ | ✓ |
Flexible encryption policy engine | ✓ | ✓ | ✓ |
User replaceable fans and battery module | ✓ | ✓ | ✓ |
Fully interoperable with related CN/CS models | ✓ | ✓ | ✓ |
Transport Independent Mode | ✓ | ✓ | ✓ |