RedCreek provides Paktronix Systems Linux Firewall users with the means to incorporate the latest network security features quickly and easily. Secure communications over Intranets/Extranets and secure Remote Access are easily implemented using the Ravlin IPSec Card for the Linux 2.2 platform.

The Ravlin IPSec Card advances the state of IPSec networking and server communications in two very important and innovative ways. For the first time users can implement Internet Protocol Security Standard encryption (IPSec) and authentication in hardware on Linux 2.2. This IPSec capability is based on a new VPN form factor. All the functionality associated with RedCreek's standalone Ravlin 10 VPN hardware device has been implemented on a PCI base card that is simply installed into a Paktronix Systems Linux Firewall or any Linux 2.2 system.

Internet Protocol Security Standard (IPSec) is a framework of open standards for ensuring secure private communications over public networks like the Internet. Based on standards developed by the Internet Engineering Task Force (IETF) IP Security Working Group, IPSec is an industry-driven standard that ensures confidentiality, integrity, and authenticity of an IP network. IPSec is a key component of this standards-based, flexible solution for deploying a network-wide security policy.

The Ravlin IPSec Card in combination with the Paktronix Systems Linux Firewall allows private communications over any network, including the Internet, without performance degradation. It can turn a Paktronix Systems Linux 2.2 E-Commerce web server into a secure E-Commerce web server with hardware VPN tunnels. It also allows the Paktronix Systems Linux Firewalls to provide thorough packet filtering and access control with hardware IPSec encrypted tunnels all from one platform.

Ravlin IPSec Card
The Ravlin IPSec Card is a Network Interface Card (NIC) that can transparently encrypt, authenticate, manage, and route datagrams over LANs and WANs. This VPN process allows private communications over any network, including the Internet, without performance degradation. E-Commerce servers can outsource processor-intensive encryption and authentication. Application servers, network computers and communication servers can use real-time encryption and authentication to enhance privacy and reduce network usage costs.

Hardware encryption accelerates the encryption and decryption of sensitive data on Linux servers, security routers, and workstations. This makes it possible to encrypt and decrypt network traffic without the processing and network performance degradation usually associated with encryption.

The Ravlin technology is based on IPSec standards developed by the Internet Engineering Task Force. IPSec is an industry driven standard that ensures confidentiality, integrity, and authenticity of an IP network.

Hardware
The Ravlin IPSec Card is based on the Ravlin CryptoCore™ technology and the Intel® i960 processor. It provides 45 Mbps buffer-to-buffer speeds and uses a 10/100 Base-T Ethernet Controller. The system image resides in flash memory, and can be remotely updated at runtime.

Software
The Ravlin IPSec Card uses standard off-the-shelf parts and standard security and network protocols for future interoperability with other IPSec standard products. It is interoperable with the RedCreek Ravlin 4, Ravlin 10, RavlinSoft remote access client, Ravlin RADIUS Authentication, and many IPSec software and hardware implementations.

Download PDF of Ravlin IPSec Card data sheet.

FEATURES AND BENEFITS
Performance
RedCreek's CryptoCore technology, along with the Intel i960, provides 45 Mbps buffer-to-buffer encryption/decryption throughput.

Scalability
The I2O software specification enables off loading of processor-intensive tasks from the host, and ensures ease of use and maintainability.

Privacy
40-bit/56-bit Data Encryption Standard (DES) and 168-bit Triple DES encryption algorithms are the most widely adopted U.S. and international algorithms for encryption. Over 750 simultaneous hardware-to-hardware connections are supported.

Authentication
To perform authentication across networks, the Ravlin IPSec Card uses X.509 v.3 digital certificates, a widely accepted standard specified by the International Standards Organization (ISO). To verify the identity of the sender, the card uses Digital Signature Standard (DSS) and Secure Hash Algorithm (SHA), in conjunction with X.509 v.3 certificates. (DSS provides proof of authorship for digital signatures.)

Interoperability
To perform key exchange during the establishment of secure associations, the Ravlin IPSec Card uses the Internet Security Association and Key Management Protocol, or ISAKMP. ISAKMP/Oakley is the mandatory key exchange protocol specified by the IETF.

Strong Security
The Internet Engineering Task Force (IETF) IP Security Standard (IPSec) offers two significant features: enhanced security and protocol interoperability. The customer can be certain that IP-based communications passing over the network conform to the most secure and comprehensive standard for encryption, authentication, key management, and anti-replay services. A Ravlin IPSec Card can exchange keys and encrypted communications with any other IPSec-compliant products so customers can use multiple IPSec vendors for multiple scenarios. RedCreek Communications, Inc. can provide a list of IPSec interoperability partners.

Customer Support/Service
RedCreek provides service and technical assistance through its technical support center and exchange programs. All RedCreek products are covered under a 12-month hardware and three-month software warranty.

Technical Specifications / Standards

CryptoCore Scalable Encryption Engine	PCI Local Bus Specification Revision 2.1 Compliant
45 Mbps Buffer-to-Buffer Throughput	10/100 Ethernet Base-TX (auto-sensing)
Intel i960 RP processor	Scatter/Gather DMA
Intel CDSA Over I20	Short Length PCI Form Factor
33MHz 32-bit PCI Bus	5V PCI