SEC-VPN™

Simplified, IPSec VPN to Edge Infrastructure

Built from the ground up to secure communication to fleets of head-less devices

Scalable, Cost Efficient, Seamless Management

SEC-VPN is an IPSec solution designed to support flexible deployment and configuration options, including automatic failover, load balancing, and multi-tenancy with on-premises or cloud-based management. Additionally, devices can establish multiple IPSec VPN tunnels to various endpoints simultaneously, enabling concurrent role-based access and policy-driven data paths.

SecEdge SEC-VPN Solution Details Schematic

MULTI-TENANT MANAGEMENT

  • Tunnel Management and Orchestration
  • Key Generation and Rotation
  • Certificate Management
  • APIs for Control and Management System
  • Cloud or Data Center Integration

DEVICE

  • IPSec Session Initiation
  • Multiple Tunnels per Device
  • Bound to a Hardware Root-of-Trust

PUBLIC/PRIVATE CLOUD OR DATA CENTER

  • IPSec VPN Tunnel Termination
SEC-VPN_Icon_SecEdge_white-edge.svg

SEC-VPN™

Features

  • Scalable, Unlimited IPSec VPN Tunnels
  • Automated, secure device onboarding
  • Out-of-band key management
  • Versatile deployment options
  • Provides Integration To A Diverse Range Of Hardware Roots-of-Trust
  • Cloud or on-Premises, single or multi-tenant configuration
  • Masked IP addresses, separate uplink/downlink tunnel keys
  • VPN terminates in VM, behind firewall

SEC-VPN™

Benefits

  • Cost efficient, secure communication to millions of edge devices
  • Quick & seamless service initiation
  • IPSec tunnels setup & management separate from data path
  • Flexible use case fit: geo-redundancy, high-availability, regional distribution, etc.
  • Engineered for zero-trust
  • Enables multiple business models
  • Privacy, reduced attack surface
  • HW-Concentrator free solution

SEC-VPN™

Components

SEC-VPN Service Schematic

1 - MicroEdge™

  • Linux-based VPN agent—runs on connecting edge devices
  • Establishes and maintains IPSec tunnels
  • Onboards device to SEC-VPN service; sets up and maintains control channel with ControlEdge™
  • Can establish multiple tunnels to distinct NetEdge™ endpoints
  • Available in zero-trust configuration—trust anchored in fTPM/TPM and OpTEE/Arm® TrustZone™

2 - NetEdge™

  • Service-side VPN termination endpoint
  • Deploys as a VM on-cloud or on-premises data center
  • Provides high availability and load balancing for MicroEdges
  • Supports more than 20k tunnels per instance

3 - ControlEdge™

  • Administers all MicroEdge™ and CloudEdge™ endpoints in the solution (onboarding, configuration, security lifecycle, etc.)
  • Provides APIs for service setup and management
  • Integrates Security Key Vault and HSM; supplies key material and key rotation
  • Supports setting up organizations enabling multi-tenant configurations
  • Micro-services architecture in a Kubernetes environment
  • Can be deployed in public cloud or on-premises

SEC-VPN

Markets

Active AI Camera on the wall in red, purple, blue

Edge AI

  • AI Model Protection in-Transit
  • ISV Application security
  • OEM Secure Product Updates
  • End User Secure Access
AdobeStock_558880680_238_layer.jpeg

Edge Compute

  • Secure Board Management Control (BMC) in Data Centers
AdobeStock_425106784_04022024.webp

Edge Control

  • IoT / Industrial IoT
  • Device Lifecycle Management
  • Secure access to brownfield industrial equipment