Skip Navigation
  • Overview

    The first hardened virtual encryptor designed for extended WANs and SD-WANs

    Why Virtualized Encryption?
    In a world increasingly dominated by workforce mobility, distributed WAN, virtualization and borderless infrastructure, the need for robust, high-performance virtualized encryption security is growing. In addition, today’s WANs often extend well beyond core infrastructure, and that data still requires robust encryption protection. The SafeNet Virtual Encryptor CV1000 (CV1000) gives IT and data network managers the ability to respond to changing needs, meet the increasing demand for agility, and provides data protection across the extended and virtualized WAN – all the way to the virtual edge. CV1000 is available for sale to the U.S. Federal Government exclusively through SafeNet AT.
    Virtualized encryption functions provide the scalability, simplicity, flexibility, as well as much needed cost-efficiencies demanded by IT and data networks managers. The CV1000 provides organizations with an operational and expense friendly alternative to using a hardware appliance for securing data in motion across networks and meeting security and compliance requirements. By using a virtual encryptor instead of a hardware appliance, organizations can remotely scale up network encryption to meet increased capacity demands or quickly make policy changes across multiple networks, while eliminating the cost for additional rack space.
    As the first hardened virtual encryptor, the SafeNet Virtual Encryptor CV1000 is unique. Instant scalability means it may be deployed rapidly across hundreds of network links, providing robust encryption protection for data-in-motion. Designed to match flexibility and scalability of other VNFs, such as virtual routers, switches and firewalls, the CV1000 is completely transparent to the network; making it the ideal solution to secure your WAN or SD-WAN, right to the virtual edge.
    The CV1000 is the first high speed encryptor to offer Transport Independent Mode, meaning it is network layer independent (Layer 2, Layer 3, and Layer 4) and protocol agnostic. By supporting Layer 3, the CV1000 offers network operators more configuration options using TCP/IP routing for securing critical data. Because it’s software-controlled, the CV1000 enables greater flexibility and responsiveness in network architecture, as well as opportunities to expand the network scale quickly.
    The CV1000 protects network communications at speeds of up to 5 Gbps encrypted bandwidth, when optimized in the network. The SafeNet Virtual Encryptor CV1000 leverages the SafeNet CN Series Ethernet encryptor platform, to maximize available bandwidth and minimize latency. Importantly, the CV1000 is transport layer agnostic and enables concurrent multi-layer encryption, making it an ideal solution for extended virtualized network security.

    Trusted Security
    Just like the SafeNet CN series of hardware encryptors, the CV1000 offers best-in-class high-assurance encryption solutions, providing maximum security and performance. Designed to meet Common Criteria and FIPS requirements, the CV1000 supports standards based, end-to-end authenticated encryption, automatic key management, and utilizes robust AES 256-bit algorithms.

    With integrated support for KeySecure for Government (a centralized cryptographic key management solution), the CV1000 provides optimum security for the storage of master keys, the integrity of critical security policies and the source of entropy (randomness) for cryptographic key generation

  • Encryptor At-A-Glance
    Virtual Network Function (VNF) - Hosting Guide
    Network data encryptor type Virtualized Network Encryption Solution (Layer 2-4), hosted on x86 platform
    Bandwidth / performance Up to 5 Gbps (with support for DPDK Intel Library)
    Customer environment and performance CV1000 is customer host and target specific - performance dependent upon customer targets, environment and platform
    Virtual appliance - Host: hardware requirements Host hardware agnostic - x86 Recommended:
    • 256 Mb RAM
    • 500 Mb Virtual Disk Storage
    • Multi-core
    Appliance - Host CPU requirements Compatible with all types
    Hypervisor support VMware, KVM, Microsoft Hyper-V. Other platforms may be supported.
    Functional Specifications
    Supported topologies Point-to-point, hub and spoke, fully meshed
    Interoperability Fully interoperable with all SafeNet High Speed Encryptor CN Series hardware encryptors
    Maximum number of connections 500+
    Encryption algorithms Symmetric Cryptography:Symmetric Cryptography:
    • AES-128/256 (CFB or CTR modes)
    Asymmetric cryptography:
    • ECC-512
    • RSA-2048
    Policy based encryption
    • MAC address
    • VLAN ID
    Crypto-agility Support for custom curves, custom algorithms and entropy
    Authentication Certificate based (X.509)
    In-band/out-of-band management Console Command Line Interface (CLI)
    • SSH
    • TACACS+
    • SNMPv3
    Virtualized network interfaces Three para-Virtualized (virtio/vmxnet3) NICs:
    • Eth0 Management port
    • Eth1 Local port
    • Eth2 Network port
    Virtualized hosting environment Supports:VMware, KVM/QEMU, Hyper-V, Virtual Box, Intel DPDK
    Cloud management platform Supports:OpenStack
    CV1000 management application SafeNet Encryptor Manager CM7 Included; SafeNet Security Management Center (SMC)
    Centralized key server support Customer determined optional support for KeySecure for Government- centralized cryptographic key management solution (master key security and random number generation)
    Licensing CV1000 software Flexible model choice:
    • Perpetual
    • Subscription
    Excludes host hardware and hypervisor Simple certificate based licensing model
  • Benefits
    Trusted Security
    • Optimizes concurrent multi-layer network traffic encryption across Layer 2,3, and 4
    • Flexible, cost-effective way to encrypt all the way to the virtual edge
    Customer Benefits
    • Agile, scalable solution, highly responsive to changes in IT and business needs
    • Near-zero overhead
    • At least 10 times more affordable than hardware-based appliances
    Scalable and Simple
    • Point to Point, Hub and Spoke, and Full Mesh
    • Instant scalability to match the scale and flexibility of their Software Defined Networks Ethernet Services
    • Ease of deployment with centralized, ‘zero-touch’