The Conductor


Point and Click Control of the Identity Space

Granular Control From a Single Pane of Glass

The Conductor is the orchestration engine that manages policy for all distributed HIP Services, delivering effortless control of the network. It defines what overlay network segments and systems protected machines are allowed to access, as well as how they connect on the LAN, WAN, and public Internet. Policy creation and management is point-and-click simple and requires no advanced training.

Available in both software and hardware appliance form factors, the Conductor enables fast network provisioning, micro-segmentation, and secure overlay connectivity based on unchanging cryptographic machine identities, not network addresses that change and are spoofable.

Intuitive network orchestration eliminates the complex, disruptive, and time-consuming provisioning steps associated with traditional IT solutions like firewalls and VPNs. Our customers deploy and revoke secure overlay network access in seconds, with little to no change to their existing network infrastructure.

Deploy Anywhere

Deploy Anywhere

Cloud

line

Amazone Web Services

Microsoft Azure

Google Cloud Platform

Virtual

line

VMware ESXi 6.0 and Above

Microsoft Hyper-V Server 2012 R2 and Above

Hardware

line

Conductor - 1U Platform

Cloud

line

Amazone Web Services

Microsoft Azure

Google Cloud Platform

Virtual

line

VMware ESXi 6.0 and Above

MMicrosoft Hyper-V Server 2012 R2 and Above

Hardware

line

Conductor - 1U Platform

Rapid Deployment

You can now create, deploy, and disconnect overlay networks in seconds, with little to no change to your existing network infrastructure.

"With Tempered Networks we designed and deployed a completely segmented and protected overlay network for our Building Automation Controls on a shared campus network in less than 20 minutes. We were able to move our BACnet systems into our cloaked overlay network without having to modify the network or involve IT."

Tom Walker
Facility Automation Services, Penn State University

No Trust, No Access... Period

With the Tempered Platform overlay network access and segmentation policy is based on verifiable machine identities and mutual authentication. This is not only more secure than internal firewalls and VPNs, but deployment is faster and ongoing management is simpler.

Our customers scale their segmentation to protect thousands of machines faster than it takes to deploy just a few internal firewalls and VPNs – while saving money.


Building Automation System Policy Map
Building Automation System Policy Map
Policy Management

Trust-Based Policy That's Point-and-Click Simple

By default, an overlay network segment starts with Zero Trust, where no machines can communicate with each other until whitelisted policy is configured. Whitelisted machines mutually authenticate and authorize based on trusted and verifiable machine identities before encrypted peer-to-peer connections are automatically created.

This simple process replaces the multiple steps of security and network configurations (using network addresses, ports, certificates, ACLs, and VLANs, and more) typically required by IT staff.

Visualizing Policy

Verify Overlay Network Configuration and Compliance Quickly and Easily

The Visual Trust Map allows you to immediately validate communication policy between protected machines, as well as their HIP Services. With greater control of your network, showing segmentation for regulatory compliance reporting and security audits becomes quick and easy.

The Visual Trust Map verifies creation and revocation of connectivity and segmentation between endpoints
The Visual Trust Map verifies creation and revocation of connectivity and segmentation between endpoints
Visualizing Policy

Verify Overlay Network Configuration and Compliance Quickly and Easily

The Visual Trust Map allows you to immediately validate communication policy between protected machines, as well as their HIP Services. With greater control of your network, showing segmentation for regulatory compliance reporting and security audits becomes quick and easy.

Identity Management

All the Security of PKI
Without the Complexity and Cost

line

The Conductor eliminates the need for complex key and certificate management to manage authorized host-to-host communication. It serves as the machine identity authority for HIP Services that have registered themselves to the Conductor.

With simple orchestration of verifiable identities that are bound to machines, the complexity and frequent errors of managing certificates, revocation lists, or shared secrets to control access is eliminated.

Identity Management

All the Security of PKI Without
the Complexity and Cost

line

The Conductor eliminates the need for complex key and certificate management to manage authorized host-to-host communication. It serves as the machine identity authority for HIP Services that have registered themselves to the Conductor.

With simple orchestration of verifiable identities that are bound to machines, the complexity and frequent errors of managing certificates, revocation lists, or shared secrets to control access is eliminated.

HIP Invite

Automated Client Segmentation
and Access Control

line

HIP invite is an automated way to invite users to join overlay network segments. As users are invited, they can be manually or automatically added to their dedicated network segment, significantly simplifying the time-consuming process of granting users access to specific resources on the network.

Smart Device Groups

Easily Manage Groups of Machines
and Logical Segmentation

line

You can automate overlay network membership for fast provisioning and policy enforcement with Smart Device Groups. As machines are added to the Conductor, they can be automatically sorted, classified, and joined to logical groups based on a combination of attributes like MAC prefix, client type, underlay address, HIP Service type, and custom tags.

Tags can be associated with users, applications, or any type of meta data that makes group membership to a particular overlay network distinct and relevant to administrators. Device group membership provides instant updates to underlay, overlay, and routing policy for those groups and their HIP Services.

Smart Device Groups

Easily Manage Groups of Machines
and Logical Segmentation

line

You can automate overlay network membership for fast provisioning and policy enforcement with Smart Device Groups. As machines are added to the Conductor, they can be automatically sorted, classified, and joined to logical groups based on a combination of attributes like MAC prefix, client type, underlay address, HIP Service type, and custom tags.

Tags can be associated with users, applications, or any type of meta data that makes group membership to a particular overlay network distinct and relevant to administrators. Device group membership provides instant updates to underlay, overlay, and routing policy for those groups and their HIP Services.

AnyConnect API

Network Automation With API Integration

line

Via the Conductor, you can enable integration and automation with other security and networking services like directory services, SIEMs, and monitoring tools. For example, instant quarantine or failover can now be automated based on events detected by these systems.

Conductor Specifications

Deploy Anywhere

Cloud Instance

line

Virtual Instance

line

Hardware Appliance

line