Senetas CN6000 Series Encryptors – rack-mounted, carrier-grade encryption for high-speed Ethernet and Fibre Channel networks.
The intrinsic key generation and distribution capability of the CN6000 Series eliminates reliance on external key servers, providing a robust, fault-tolerant security architecture.
Senetas CN6000 Series encryptors (also known as SafeNet CN6000 Series Encryptors) provide highly secure, full line-rate transparent encryption for data moving across both dark fibre and metro / wide area Ethernet networks; in point-to-point, hub & spoke or meshed environments.
The CN6000 Series are rack-mounted, high-speed encryptors for business-critical applications; offering 1Gbps to 10Gbps bandwidth speeds. They are the optimal choice when you require:
- Efficient, investment-proof data encryption
- Multi-purpose, in-field upgradable and flexible hardware
- Choice of Common Criteria,and FIPS certifications
- Compact 1U form factor with advanced performance and power features.
Senetas’ CN (and CV) Series encryptors include integrated support for SafeNet KeySecure (Gemalto’s centralised cryptographic key management solution) that provides maximum security for the storage of master keys, the integrity of security policies and the source of entropy for the generation of cryptographic keys.
CN6000 Key Features
| Model | CN6010 | CN6040 | CN6040 | CN6100 |
| Network Protocol | Ethernet | Fibre Channel |
Ethernet | Ethernet |
| Maximum Speed | 1Gbps | 1-4 Gbps | 1Gbps | 10Gbps |
| Ethernet point-to-point, hub & spoke, mesh full-duplex encryption | ✓ | N/A | ✓ | ✓ |
| Protocol and application transparent | ✓ | ✓ | ✓ | ✓ |
| Common Criteria EAL2+ certified | ✓ | ✓ | ✓ | ✓ |
| FIPS 140-2 L3 certified | ✓ | ✓ | ✓ | ✓ |
| Low overhead full duplex line-rate encryption | ✓ | ✓ | ✓ | ✓ |
| Front panel access for all interfaces | ✓ | ✓ | ✓ | ✓ |
| Ultra low latency for high performance | ✓ | ✓ | ✓ | ✓ |
| Support for external (X,509v3) CAs | ✓ | ✓ | ✓ | ✓ |
| Robust AES encryption algorithm | ✓ | ✓ | ✓ | ✓ |
| CRL and OCSP server support | ✓ | ✓ | ✓ | ✓ |
| Automatic key management | ✓ | ✓ | ✓ | ✓ |
| Flexible encryption policy engine | ✓ | ✓ | ✓ | ✓ |
| Encrypts Unicast, Multicast and Broadcast traffic | ✓ | N/A | ✓ | ✓ |
| Network interfaces | RJ45 SFP | SFP | RJ45 SFP | XFP |
| Policy based on MAC address or VLAN ID | ✓ | N/A | ✓ | ✓ |
| Support for Jumbo frames | ✓ | N/A | ✓ | ✓ |
| Self healing key management in the event of network outages | ✓ | ✓ | ✓ | ✓ |
| Per packet confidentiality and integrity with AES-GCM encryption | ✓ | N/A | ✓ | pending |
| Fibre Channel point-point encryption | N/A | ✓ | N/A | N/A |
| Automatic network discovery and connection establishment | ✓ | ✓ | ✓ | ✓ |
| Centralised configuration and management using CM7 and SNMPv3 | ✓ | ✓ | ✓ | ✓ |
| AES 128 or 256 bit keys | 128/256 | 256 | 128/256 | 128/256 |
| Remote management using SNMPv3 (in-band and out-of-band) | ✓ | ✓ | ✓ | ✓ |
| Encryption modes | CFB CTR GCM |
CFB | CFB CTR GCM |
CFB CTR GCM |
| FPGA based cut-through architecture | ✓ | ✓ | ✓ | ✓ |
| Tamper resistant and evident enclosure | ✓ | ✓ | ✓ | ✓ |
| Anti-probing barriers | ✓ | ✓ | ✓ | ✓ |
| Dual swappable AC or DC power supplies | ✓ | ✓ | ✓ | ✓ |
| Flexible encryption policy engine | ✓ | ✓ | ✓ | ✓ |
| User replaceable fans and battery module | ✓ | ✓ | ✓ | ✓ |
| Fully interoperable with related CN/CS models | ✓ | ✓ | ✓ | ✓ |
| Latency – microseconds per encryptor (typical for IPv4 traffic with 64-1518 octet frames) | < 10 @ 1Gbps < 50 @ 100Mbps < 650 @ 10Mbps |
<1 | < 10 @ 1Gbps < 50 @ 100Mbps < 650 @ 10Mbps |
<5 |
| SNMPv1/2 monitoring (read-pnly) | ✓ | ✓ | ✓ | ✓ |
| NTP (time server) support | ✓ | ✓ | ✓ | ✓ |
| In-field firmware upgrades | ✓ | ✓ | ✓ | ✓ |
