Airwall™ server

Micro-segmentation for
servers

Routing Icon

Secure connectivity for Linux
and Microsoft workloads

Cloaking servers without network upgrades or specialized tools

The Airwall server is an identity-defined perimeter for Linux and Microsoft servers that enables simple access and segmentation. Serving as the network boundary and security perimeter for its protected workload, the Airwall server can be deployed with little or no changes to existing infrastructure and eliminates the complexity associated with traditionally separate network and security controls.

A workload protected by an Airwall server can be cloaked and made undiscoverable by unauthorized systems. Server access is now restricted to only other authenticated and authorized Airwall edge servoces connecting from any network, significantly reducing the network attack surface.

Deployment options

Deployment options

Linux

line

Centos 6.9 and 7

Ubuntu 16.04

Fedora 25 (REHL compatible)

Windows

line

2008 R2, 2012 R2, 2016

Linux

line

Centos 6.9 and 7

Ubuntu 16.04

Fedora 25 (REHL compatible)

Windows

line

2008 R2, 2012 R2, 2016

“With Airwall edge servers I can quickly create secure peer-to-peer WAN micro-segments that span on premises, VPCs across regions, and my DevOps team. I now have a well-encapsulated and private network overlay that’s simple, resilient, and more secure than any alternative. With one person, I can do the work it would take 10 –15 people to accomplish - with greater control and predictability.”

Cloud Network Architect,
Online University

No specialized skills required

line

A simple and non-disruptive install process that can be automated for both Windows and Linux servers. With a plug-and-play design, you can now cloak, connect, failover, and revoke server access in minutes, with little or no changes to existing infrastructure. This eliminates the complexity, time, and costs associated with traditional networking and security solutions.

Replace host-based firewalls
and reduce cloud security groups

line

After installing the Airwall server, our customers often close all inbound server ports, allowing only whitelisted and authenticated communications – making the server invisible to all untrusted systems.

This means replacing host-based firewalls and significantly reducing cloud security group rules, which are complex to maintain and ineffective at eliminating north-south and east-west attacks. Both methods rely on easily spoofed and non-verifiable identifiers like IP and MAC addresses, as well as TCP ports to control access, which makes them susceptible to exploit.

Replace host-based firewalls and reduce cloud security groups

line

After installing the Airwall server, our customers often close all inbound server ports, allowing only whitelisted and authenticated communications – making the server invisible to all untrusted systems.

This means replacing host-based firewalls and significantly reducing cloud security group rules, which are complex to maintain and ineffective at eliminating north-south and east-west attacks. Both methods rely on easily spoofed and non-verifiable identifiers like IP and MAC addresses, as well as TCP ports to control access, which makes them susceptible to exploit.

Native cryptographic identity
with strong mutual authentication

line

The Airwall server transparently authenticates and authorizes network communications between one or more Airwall edge service peers based on its unique cryptographic identity. Only whitelisted identities are allowed to communicate even if a system uses valid application or user credentials but doesn’t have a trusted identity. To any unauthorized systems, the Airwall server is non-existent.

Machine mobility without limits

line

Because connectivity is based on an immutable identity, not changing network addresses, systems are free to move across different networks and address realms, without having to modify existing infrastructure.

Our platform has the virtualized network architecture that enables peering and micro-segmentation of private instances within and across AWS VPCs, Azure VNETs, Google Cloud, and on-premises environments. Networks are now easy to scale and orchestrate, making the WAN look and behave like one local broadcast domain with consistent policy across all environments.

Machine mobility without limits

line

Because connectivity is based on an immutable identity, not changing network addresses, systems are free to move across different networks and address realms, without having to modify existing infrastructure.

Our platform has the virtualized network architecture that enables peering and micro-segmentation of private instances within and across AWS VPCs, Azure VNETs, Google Cloud, and on-premises environments. Networks are now easy to scale and orchestrate, making the WAN look and behave like one local broadcast domain with consistent policy across all environments.

Easy instant micro-failover

line

Using traditional IT solutions, system failover is dependent upon either routing convergence or DNS. However, due to the complexity, failover is typically configured at a network level and not at the individual machine level.

With the Airwall server, failover is now instant and verifiable, and can easily be applied to a single discreet instance or an entire data center, without the complexity of managing IP namespace collisions or DNS namespace errors. You can even failover between private, non-routable instances in different clouds without requiring DNS or routing updates.