Today’s enterprises are embracing hybrid networking. Key features of the hybrid network are leveraging multiple paths between sites to achieve diversity across a variety of networks and to deliver application traffic over the most efficient path. However, as new network models are built, the security of traffic on the path is a concern.

RiOS v9.0 working together with SCC v9.0 introduces the secure transport feature. Secure transport is integrated with path selection and provides a way to configure and enable encryption services for traffic over a path. Functionality is separated into the management plane, control plane, and data plane. You configure the management plane on the SCC, in which you also configure and distribute the path selection policy.

When a network is marked as securable (Networking > Network Services: Sites & Networks page), it indicates that the SteelHead will join a group of other SteelHeads that can encrypt traffic. The SCC pushes that policy to all the SteelHeads, and you can also select one of the available SteelHeads to be the secure transport controller (the controller) for the control plane. Over the control plane, the SteelHead selected as the controller communicates with the SteelHeads in the group and coordinates the encryption keys to use over the data plane. Traffic is secured on the data plane for the path marked as securable. The SteelHeads use the encryption keys received from the controller and the Path Selection policy received from the SCC.

Secure transport uses standards-based IPSec with the highest level of commercially available security based on AES-256 and SHA-2 to secure traffic over a path. The control plane between the SteelHead acting as controller and other SteelHeads performing encryption is secured using SSL over TCP port 9443. The management plane from the SCC is secured using SSL and SSH.

One key advantage of secure transport is that management of encryption services is done centrally through the SCC, which serves as the user interface for configuration of secure transport.

For further configuration details, see the SteelCentral Controller for SteelHead User’s Guide and the SteelCentral Controller for SteelHead Deployment Guide.