AT&T is installing encryption equipment throughout its IP-based network that lets the carrier provide more-flexible IPSec-based security to business customers for their voice, video and multicasting.
Ron Howell, AT&T senior network architect, says the services, which are based on CipherOptics encryption gateways, are "going to make IPSec simpler and easier because we can now build tunnels dynamically." AT&T's traditional approach -- providing business customers with IPSec services via routers -- has turned out to be too rigid as a point-to-point service, he says.
"Customer want to be sure their IP-based information is secure," Howell says. The problem with router-based IPSec as a network service for business customers, though, is that IPSec tunnels act like point-to-point links, which are difficult to set up and tend not to work well in load-balancing.
Howell says AT&T for the past year has been investigating other technical approaches that still support IPSec, and has determined that the CipherOptics CipherEngine Policy & Key Manager provides encryption flexibility well-suited for VOIP, video and multicasting.
"It separates the key function from the encryption function," Howell says. "We can manage the keys more efficiently. We can build tunnels dynamically," he says.
The CipherEngine includes the Secure Gateway appliance for encrypting or decrypting traffic at speeds as fast as 1.9Gbps, and a separate server-based based "key-authority point" for setting IPSec-based encryption policy, algorithm and key length. It supports algorithms including the Advanced Encryption Standard.
Ron Willis, CEO at CipherOptics, says the Security Gateway typically would be placed behind the corporate router connecting to the Internet.
The Security Gateway "is doing rapid packet inspection and security policy look-up," Willis says, and then encrypting traffic according to the intended corporate policy. Encrypted traffic sent from one Security Gateway would be decrypted on the receiving end by another Security Gateway. The gateway can send traffic to any other vendor's IPSec gateway, and it will work over AT&T's MPLS network.
Howell says AT&T is making the IPSec services available to business customers around the world in several ways, among them, installing the CipherOptics encryption equipment on the customer premises and providing the service via CipherOptics gear installed in AT&T's global network. Manufacturing companies are said to be requesting the CipherEngine equipment for their operations in China, where in December it will be put to use in eight cities, including Beijing and Shanghai.