Black Box EncrypTight Enforcement Point (ETEP) Manual De Usuario
ETEP Installation Guide
9
1
Product Overview
ETEP Introduction
The EncrypTight Enforcement Point (ETEP) Variable Speed Encryptors (VSEs) are purpose-built
encryption appliances that provide multi-layer data protection. With straightforward setup and
configuration, the ETEP has the flexibility to provide Ethernet frame encryption for Layer 2 networks, IP
packet encryption for Layer 3 networks, and Layer 4 data payload encryption for MPLS networks.
encryption appliances that provide multi-layer data protection. With straightforward setup and
configuration, the ETEP has the flexibility to provide Ethernet frame encryption for Layer 2 networks, IP
packet encryption for Layer 3 networks, and Layer 4 data payload encryption for MPLS networks.
The ETEP’s variable speed capability lets you enable just the bandwidth you need, using a software
license. As your bandwidth needs increase, simply update your license. No need to replace your
hardware. The ETEP offer full-duplex, line rate encryption from 3 Mbps to 1 Gbps using the AES-256
encryption algorithm.
license. As your bandwidth needs increase, simply update your license. No need to replace your
hardware. The ETEP offer full-duplex, line rate encryption from 3 Mbps to 1 Gbps using the AES-256
encryption algorithm.
Figure 1
Multipoint Ethernet Encryption using EncrypTight Manager
The ETEP interfaces with network equipment through two data ports, the local port and the remote port.
Unencrypted traffic that originates from a trusted, local network is received on the local port, where the
ETEP applies security processing. Encrypted traffic is sent from the remote port to an untrusted network
such as the Internet. At the opposite endpoint, the process is reversed. Encrypted traffic is received on the
ETEP remote port and decrypted. The decrypted traffic is sent from the local port to the destination.
Unencrypted traffic that originates from a trusted, local network is received on the local port, where the
ETEP applies security processing. Encrypted traffic is sent from the remote port to an untrusted network
such as the Internet. At the opposite endpoint, the process is reversed. Encrypted traffic is received on the
ETEP remote port and decrypted. The decrypted traffic is sent from the local port to the destination.
The ETEP is managed in-line or out-of-band through a dedicated Ethernet management interface. The
ETEP can be managed in two ways, depending on the size and complexity of your deployment:
ETEP can be managed in two ways, depending on the size and complexity of your deployment: