VPN Gateway Enables Datacenter Interconnection in Compliance with Classification Level “German VS-NfD”
genuscreen 40G VPN approved for classification level “German VS-NfD” and the classification levels "Nato Restricted" and "Restreint UE/EU Restricted"
FPGA-accelerated network packet processing provides guaranteed 2x 40 Gbit/s IPsec and <20 μs latency
Highly secure transfer through encryption using AES-256-GCM with 16-byte integrity check
Kirchheim, 26 April 2023 – The German Federal Office for Information Security (BSI) has approved the high-speed gateway genuscreen 40G VPN for processing classified information. The appliance for highly secure virtual private networks was developed by the German IT security specialist genua GmbH for high-performance datacenter interconnection (DCI) at an elevated level of security. Effective immediately, authorities and companies with an obligation to maintain secrecy can use genuscreen 40G VPN to securely transfer large volumes of data classified for classification level "German VS-NfD" and the classification levels "Nato Restricted" and "Restreint UE/EU Restricted" – with minimal latencies even over long distances.
Site Networking and Geo-Redundancy for Critical Infrastructures
IT landscapes and datacenters of authorities are critical infrastructures that in many cases are distributed over multiple sites. As much of the data processed there is classified information, IT security products that perform security functions within the so-called classified information IT must be approved by the BSI before they can be used. Furthermore, authorities and institutions requiring information to be highly available often need geo-redundant datacenters that are at least 200 km apart in order to ensure the uptime of their IT infrastructure even in disaster situations such as earthquakes or floods. The interconnection of such datacenters poses particular challenges for data transfer with respect to throughput and latency.
High-Performance Packet Processing with FPGA Technology
genuscreen 40G VPN enables secure high-speed networking, even of large and complex IT ecosystems, while at the same time meeting the requirements of information security for processing classified information communications. The use of field-programmable gate arrays (FPGAs) for accelerated network packet processing allows datacenters and sites to be networked with a guaranteed throughput of 2x 40 Gbit/s for IPsec and a latency of below 20 μs with any packet mix. Higher speeds are in preparation. Perspectively, data rates of several 100 Gbit/s are realistic.
Thanks to the hardware-accelerated architecture, up to 1024 encrypted connections can be operated in parallel. Encryption with AES256-GCM and a 16-byte integrity check of the gateway protect the transferred data effectively against unauthorized access and manipulation attempts. Thanks to integrated replay protection, authorities are also fully safeguarded against replay attacks. At the same time, the space requirements of the hardware are kept to a minimum. The gateway requires just one rack unit in the datacenter.
"The use of increasingly complex, specialized hardware is practically indispensable for today's performance requirements. The particular challenge for us is to ensure that the extremely high level of security and trustworthiness is maintained. FPGAs provide a good basis for this because the key functionality of the hardware is developed in-house by us and is auditable," says Andreas Fiessler, Head of FPGA Development at genua.
Future-Proof for the Post-Quantum Age
genuscreen 40G VPN has quantum-computer-resistant software signatures. This ensures that today's VPN gateway users are already effectively protected against tomorrow's security risks.
Central management with genucenter
Part of the approval by the BSI is the Central Management Station genucenter, using which genuscreen 40G VPN can be centrally configured, administrated and continuously monitored. With its help, the status of all systems remains transparent at all times, changes and updates can be easily transferred to all areas and security guidelines can be consistently implemented.
The approval BSI-VSA-10619 is valid from January 23, 2023, until January 23, 2026
Illustration: Typical structure. Multiple genuscreen 40G VPN appliances are connected via VPN and are administrated by the Central Management Station genucenter, which can be protected by a communication server. Management itself is performed using the SSH protocol.
© genua GmbH
genua GmbH is an enabler of digital transformation. We secure sensitive IT networks in the public and enterprise sectors, for critical infrastructure organizations and in industries with an obligation to maintain secrecy with highly secure and scalable cyber security solutions. In doing so, genua GmbH focuses on the comprehensive protection of networks, communication and internal network security for IT and OT. The range of solutions spans from firewalls and gateways, VPNs, remote maintenance systems, internal network security and cloud security to remote access solutions for mobile employees and home offices.
genua GmbH is a company of the Bundesdruckerei Group. With more than 350 employees, it develops and produces IT security solutions exclusively in Germany. Since the founding of the company in 1992, regular certifications and approvals from the German Federal Office for Information Security (BSI) provide proof of the high security and quality standards of the products. Customers include, among others, Arvato Systems, BMW, the German Armed Services, THW as well as the Würth Group.