About secure transport concentrators
Secure transport concentrators are auxiliary sites, which are associated with a primary site that requires secure transport. These auxiliary sites must always be linked to the primary site. The concentrators contain only appliances that will perform secure transport. The concentrators inherit most of their properties from the primary site and the properties are resolved when you perform a hybrid push from the Sites & Networks page.
Typically, the secure transport concentrator is located in a data center. In the data center, in addition to SteelHeads that perform path selection and QoS, there are devices that perform secure transport. All the networks and uplinks that go into these devices are secured. The SCC designates these devices in the site and creates an auxiliary site called a secure transport concentrator.
In the case of backhauling traffic, a branch office sends internet-bound encrypted data to the data center that has the secure transport concentrator. At the data center, data is decrypted and path selection is performed (that is, Any - Default site - relay) rule will probed for internet-bound traffic. Internet-bound traffic is relayed as per the rule and is sent to the internet.
Best practices for creating secure transport concentrators
• Create a site for which you need secure transport, typically the data center. Define the topology for the site appropriately; that is, create secure networks and uplinks. Call this SiteA.
• Create a secure transport concentrator associated with SiteA. The SCC prompts you to add appliances and link them to the SiteA.
• You will inherit most of the properties of SiteA (that is, the linked site). You will be prompted to import uplinks from the linked site but only for secured networks. If there are no secure networks in the associated site then the SCC issues an error.
• The secure transport concentrator uplinks will change the gateway of the inherited uplinks. The other properties aren’t editable.