The HIPserver

Micro-Segmentation for
Servers

Routing Icon

Secure connectivity for Linux
and Microsoft Workloads

Cloaking Servers without Network Upgrades or Specialized Tools

The HIPserver is an identity-defined perimeter for Linux and Microsoft servers that enables simple access and segmentation. Serving as the network boundary and security perimeter for its protected workload, the HIPserver can be deployed with little no changes to existing infrastructure and eliminates the complexity associated with traditionally separate network and security controls.

A workload protected by a HIPserver can be cloaked and made undiscoverable by unauthorized systems. Server access is now restricted to only other authenticated and authorized HIP Services connecting from any network, significantly reducing the network attack surface.

Deployment Options

Deployment Options

Linux

line

Centos 6.9 and 7

Ubuntu 16.04

Fedora 25 (REHL compatible)

Windows

line

2008 R2, 2012 R2, 2016

Linux

line

Centos 6.9 and 7

Ubuntu 16.04

Fedora 25 (REHL compatible)

Windows

line

2008 R2, 2012 R2, 2016

“With HIPservers I can quickly create secure peer-to-peer WAN micro-segments that span on premises, VPCs across regions, and my DevOps team. I now have a well-encapsulated and private network overlay that’s simple, resilient, and more secure than any alternative. With one person, I can do the work it would take 10 –15 people to accomplish - with greater control and predictability.”

Cloud Network Architect,
Online University

No Specialized Skills Required

line

A simple and non-disruptive install process that can be automated for both Windows and Linux servers. With a plug-and-play design, our customers can now cloak, connect, failover, and revoke server access in minutes, with little to no changes to existing infrastructure. This eliminates the complexity, time, and costs associated with traditional networking and security solutions.

Replace Host-Based Firewalls
and Reduce Cloud Security Groups

line

After installing the HIPserver, our customers often close all inbound server ports, allowing only whitelisted and authenticated communications – making the server invisible to all untrusted systems.

This means replacing host-based firewalls and significantly reducing cloud security group rules that are complex to maintain and ineffective at eliminating north-south and east-west attacks. Both methods rely on easily spoofed and non-verifiable identifiers like IP and MAC addresses, as well as TCP ports to control access, which makes them susceptible to exploit.

Replace Host-Based Firewalls and Reduce Cloud Security Groups

line

After installing the HIPserver, our customers often close all inbound server ports, allowing only whitelisted and authenticated communications – making the server invisible to all untrusted systems.

This means replacing host-based firewalls and significantly reducing cloud security group rules that are complex to maintain and ineffective at eliminating north-south and east-west attacks. Both methods rely on easily spoofed and non-verifiable identifiers like IP and MAC addresses, as well as TCP ports to control access, which makes them susceptible to exploit.

Native Cryptographic Identity
With Strong Mutual Authentication

line

The HIPserver transparently authenticates and authorizes network communications between one or more HIP Service peers based on its unique cryptographic identity. Only whitelisted identities are allowed to communicate; even if a system uses valid application or user credentials but doesn’t have a trusted identity, the HIPserver won’t even respond. To any unauthorized systems, the HIPserver is non-existent.

Machine Mobility Without Limits

line

Because connectivity is based on an immutable identity, not changing network addresses, systems are free to move across different networks and address realms, without having to modify existing infrastructure.

Our platform has the virtualized network architecture that enables peering and micro-segmentation of private instances within and across AWS VPCs, Azure VNETs, Google Cloud, and on-premises environments. Networks are now easy to scale and orchestrate, making the WAN look and behave like one local broadcast domain with consistent policy across all environments.

Machine Mobility Without Limits

line

Because connectivity is based on an immutable identity, not changing network addresses, systems are free to move across different networks and address realms, without having to modify existing infrastructure.

Our platform has the virtualized network architecture that enables peering and micro-segmentation of private instances within and across AWS VPCs, Azure VNETs, Google Cloud, and on-premises environments. Networks are now easy to scale and orchestrate, making the WAN look and behave like one local broadcast domain with consistent policy across all environments.

Easy Instant Micro-Failover

line

Using traditional IT solutions, system failover is dependent upon either routing convergence or DNS. However, due to the complexity, failover is typically configured at a network (macro) level and not at the individual machine (micro) level.

With the HIPserver, failover is now instant and verifiable, and can easily be applied to a single discreet instance or an entire data center, without the complexity of managing IP namespace collisions or DNS namespace errors. Our customers even failover between private, non-routable instances in different clouds without requiring DNS or routing updates.