Category:
Firewalls, Virtual Private Networks (VPN)
MODIFICATION:
Virtual Appliance

The ViPNet Coordinator VA virtual appliance is a versatile security gateway for deploying on virtualization and cloud platforms. It provides secure access to virtualized data centers in dynamic cloud environments, protecting against network attacks and unauthorized access. The virtual appliance can be seamlessly integrated into an existing infrastructure. It satisfies the most severe requirements for functionality, usability, reliability and fault tolerance.

ViPNet Coordinator VA is a virtualized software solution, which is implemented by deploying the coordinator on a virtualization platform (VMware ESXi, Microsoft Hyper-V, KVM, Oracle VM (Xen) Server) or in public cloud services such as Amazon Web Services (AWS) and Microsoft Azure.

You can manage the ViPNet Coordinator VA via user-friendly web interface, SSH console and a central management system.


Use Cases

ViPNet Coordinator VA, together with other ViPNet VPN products, provides effective implementation of many data protection user scenarios:

  • Establishing secure communication channels between different offices of a company (site-to-site and multi-site-to-site)
  • Protected access for remote and mobile users
  • Protecting backbone links between data centers
  • Protecting multiservice networks (including IP telephony and videoconferencing)
  • Data protection within virtual and cloud infrastructures
  • Network segmentation and DMZ
  • Secure controlled access to the Internet
  • Any combinations of the above mentioned scenarios

Advantages

Virtualization technology offers more freedom by eliminating the need to solve any compatibility issues with other vendors operating systems and applications and the implementation does not affect your existing business processes. The virtual appliance may be deployed on multiple different virtualization platforms.

Additionally:

  • Reliable VPN, even in case of unstable communication channels
  • Separate filtering of encrypted (VPN) and unencrypted traffic
  • VPN organization at the network (L3) and data link layer (L2) in one virtual device
  • ViPNet Coordinator VA functionality fully complies with ViPNet Coordinator HW gateways
  • No additional costs for equipment installation and maintenance
  • Support for commonly used virtualization systems
  • Flexible licensing and ability to scale quickly
  • Ease of management and fast deployment
  • Fully compatible with modern network services:
    • DHCP, WINS, DNS services
    • Dynamic address translation (NAT, PAT)
    • Multimedia protocols (SIP, H323, SCCP, etc.)
  • Unified management system for virtual and hardware security gateways
  • Failover cluster enhances fault-tolerance

VPN

  • VPN-gateway network-layer (L3 VPN)
  • VPN-gateway data-link-layer (L2OverIP VPN)
  • IP address server
  • VPN packet router
  • Traffic masking due to its encapsulation to UDP or TCP
  • Transport server
  • Secure Internet Gateway

Firewall

  • Stateful packet Inspection (SPI) firewall
  • Separate traffic filtering rules for unencrypted and encrypted IP traffic
  • Network addresses translation (NAT/PAT)
  • Protection against spoofing

Proxy server

  • Protection against spoofing
  • Transparent work without configuring any special applications on client computers
  • Traffic control and filtering by a file’s MIME type and HTTP request method
  • Traffic scanning by third party antivirus over ICAP

Network functions

  • MultiWAN support: WAN (balancing and redundancy), VPN (redundancy)
  • Routing network traffic based on:
    • Static routing
    • Dynamic routing (OSPF)
    • Policy based routing
  • Virtual LANs support (VLAN IEEE 802.1Q)
  • Link aggregation (bonding, EtherChannel, LACP)
  • Jumbo frames support
  • Traffic classification and prioritization (QoS, ToS, DiffServ)

Services

  • DHCP-server
  • DHCP-relay
  • DNS-server
  • NTP-server

Management and monitoring

  • Local configuration via command line interface (CLI)
  • Remote configuration via SSH client and WebUI
  • Centralized management via ViPNet Prime
  • Monitoring over SNMP
  • Exporting system log to remote host using syslog protocol
  • Exporting the IP packet log and transferring in the CEF format

Fault-tolerance

  • Failover cluster (Active/Passive)
  • Reservation of network interfaces both at the hypervisor level and at the level of individual virtual machines
  • Easy configuration recovery using standard hypervisor tools - backups and snapshots

Modification

VA100

VA500

VA1000

VA2000

Performance1

VPN Throughput, Mbps

175

600

1 700

5 500

Firewall Throughput, Mbps

350

940

3 500

5 900

Maximum number of concurrent sessions

150 000

500 000

1 000 000

3 000 000

Maximum number of filters and firewall rules

13 500

26 000

38 000

88 000

Recommend number of VPN-clients2

100

500

1 000

2 000

System requirements (Minimum)

vCPU

2

2

4

8

RAM

2 Gb

2 Gb

4 Gb

8 Gb

Storage

80 Gb

Network interfaces

4 x Gigabit Ethernet

Virtual Environment Requirements3

Private Clouds (Hypervisors)

  • VMware ESXi 6.5, 6.7
  • VMware Workstation 12.x, 14.x, 15.x
  • Microsoft Hyper-V Server 2019
  • KVM, QEMU-KVM, and Libvirt
  • Oracle VM VirtualBox 6.x
  • Oracle VM Server 3.4

Public Clouds

  • Amazon AWS
  • Microsoft Azure

1. Testing was done on a server with 2x Intel® Xeon® E-2620v3, 24 Gb RAM, VMware vSphere ESXi 6.7. Each value was obtained in a separate performance test.

2. Maximum number of clients registered on a coordinator.

3. Proper work of ViPNet Coordinator VA in different environments is not guaranteed.