The HIPrelay

Routing Based on Identity,
Not Location

Routing Icon

Purpose-Built for the
Connected World

An Overlay Brokering Trust

The HIPrelay routes encrypted HIP Service overlay connections across all networks and transport options, without modifying the underlying network.

Secure end-to-end connectivity is now simple whether you have a Layer 2, Layer 3, or bridged L2/L3 network using Ethernet, Wi-Fi, cellular, MPLS, or radio. Whether you control the networks or not, The HIPrelay makes the WAN and Internet behave like one local broadcast domain making WAN micro-segmentation a reality.

Deploy Anywhere

Deploy Anywhere

Cloud

line

Amazone Web Services

Microsoft Azure

Google Cloud Platform

Virtual

line

VMware ESXi 6.0 and Above

Microsoft Hyper-V Server 2012 R2 and Above

Hardware

line

HIPswitch 500 - 1U Platform

Cloud

line

Amazone Web Services

Microsoft Azure

Google Cloud Platform

Virtual

line

VMware ESXi 6.0 and Above

MMicrosoft Hyper-V Server 2012 R2 and Above

Hardware

line

Conductor - 1U Platform

Reduce Network Attack Vectors

A private identity namespace and outbound-only connections from HIP Services to the HIPrelay eliminate the need for expensive public IP addresses and inbound firewall rules to connect machines. Only the HIPrelay needs a public IP.

“The HIPrelay is a miracle in simplicity for secure WAN connectivity and segmentation. My team eliminated 250 inbound firewall rules, that really represented 250 open holes to my network, and replaced them with two outbound rules for HIP Service and Conductor access. It significantly reduced our attack surface and has made it simple to connect non-routable systems across separate campus networks in seconds. Now we don’t have to deal with IP conflicts or modify our existing network.”

Tom Walker
Facility Automation Services, Penn State University

Access Based on Identity - not IP Address

The HIPrelay is the only routing technology that doesn’t rely on Layer 3 rules, network addresses, or traditional routing protocols to securely connect and route privately addressed systems across networks. Instead, the HIPrelay relies on verifiable cryptographic identities to determine if a WAN connection is allowed and forwards authenticated and encrypted traffic only to authorized endpoints.

Reduce network complexity by eliminating connection barriers like NAT, different addressing realms, IP conflicts and complex firewall rules.

Building Automation System Policy Map
Building Automation System Policy Map

Point and Click Policy Management

HIPrelay rules are point-and-click simple. Simply select a machine or a group of machines to connect and then specify the HIPrelays you want them to use. The result is peer-to-peer connectivity across Layer 2 and Layer 3 networks that transforms the WAN or public Internet into your own private, cloaked, and encrypted LAN.

Fast, Simple, and Predictable Network Provisioning

line

Site-to-site VPNs are often used to securely connect separate networks. But VPNs are complex, inflexible and only secure connections to the network perimeter exposing internal resources after connectivity is terminated and forwarded.

By moving both the network boundary and security perimeter from the network edge to ID enforcement points in front of or on the hosts themselves, secure end-to-end connectivity and rapid provisioning are now possible. Creating overlay networks via the HIPrelay eliminates the need to configure a complex and insecure chain of network and security policies between two or more endpoints.

Fast, Simple, and Predictable
Network Provisioning

line

Site-to-site VPNs are often used to securely connect separate networks. But VPNs are complex, inflexible and only secure connections to the network perimeter exposing internal resources after connectivity is terminated and forwarded.

By moving both the network boundary and security perimeter from the network edge to ID enforcement points in front of or on the hosts themselves, secure end-to-end connectivity and rapid provisioning are now possible. Creating overlay networks via the HIPrelay eliminates the need to configure a complex and insecure chain of network and security policies between two or more endpoints.

Secure Segmented Access without VPNs

line

You can now easily give employees, contractors, and vendors granular remote access to your network and resources as an alternative to traditional VPN-based access. Through the point-and-click UI, you can now add and revoke access in one click.

Add or Revoke Vendor Access With the Click of a Mouse

line

Need to give remote access to a technician to troubleshoot your HVAC system, and nothing else? No problem. With a click of the mouse authenticated peer-to-peer sessions are established through the HIPrelay and can be disabled or revoked just as quickly.

Add or Revoke Vendor Access
With the Click of a Mouse

line

Need to give remote access to a technician to troubleshoot your HVAC system, and nothing else? No problem. With a click of the mouse authenticated peer-to-peer sessions are established through the HIPrelay and can be disabled or revoked just as quickly.

Use any Transport and Failover Anywhere

line

Our customers have created overlay networks that securely connect privately addressed machines on separate cellular networks to non-routable instances in their data center. They then create failover policy to private instances in separate clouds, all without modifying existing infrastructure. They replace the cost and management overhead of internal firewalls and VPNs while significantly reducing the complexity of ACLs, perimeter firewall rules, and VLAN management cutting IT costs by as much as fifty percent.