Why Cisco for
PSN Managed
Encryption Services?
PEPAS Certified: Cisco has successfully
completed and passed the PSN Encryption
Product Assurance Services Certification
(PEPAS). This means that the ISR G2 range
and ASR 1000 family are suitable for use on
the PSN for the protection of IL3 information
over an IL2 network.
The Public Services Network (PSN) is at the heart of the
Government ICT strategy and aims to deliver a ‘network
of networks’ with the goal of driving efficiencies in
procurement leading to an open, collaborative working
environment for UK Public Sector employees.
A fundamental characteristic of the PSN is the transportation
of protectively marked data, and as such the baseline
network will be assured to IL2-2-4. Supporting higher
impact level data such as IL3 and IL4 requires the use of
cryptographic separation using IPsec technology.
During the course of developing the PSN standards, the
challenge of delivering robust, large-scale and cost-effective
cryptographic separation was recognised, and in response,
CESG developed a new cryptographic evaluation scheme.
The PSN Encryption Product Assurance Scheme (PEPAS)
aims to ensure that cryptographic products deployed in
the PSN are suitable to protect IL3 data being transferred
across an assured IL2 network.
“Cisco has been a trusted contributor to the Public
Services Network (PSN) technical and security
workstreams since 2008 and continues to work
closely with the programme to further develop PSN
standards and best practise. Completion of their
CESG PEPAS evaluation clearly demonstrates
Cisco’s commitment to accelerating the delivery of
the PSN to Public Sector customers.”
Craig Eblett
PSN Programme Director, Cabinet Office
As the global leader in IP Networking and a major
provider of large-scale IPsec VPN solutions, Cisco
engaged with CESG and has successfully completed
the PEPAS evaluation for the ISR G2 and ASR 1000
families of routers. Any platform within these families
can be deployed to support cryptographic separation of
IL3 data carried over the PSN and in addition, may
also be used to protect IL2 information carried over
an IL0 network.
The ISR G2 and ASR 1000 families represent a
comprehensive range of high-performance, multiservice router platforms with the ability to scale from a
small branch-office deployment through to supporting
the largest data centre requirements. The ISR G2 and
ASR 1000 platforms deliver a cost-effective, unified
solution combining WAN termination, IL3 cryptographic
overlay and IL2 transport for the PSN. In addition, both
families offer value-added capabilities such as embedded
firewall, intrusion prevention and WAN optimisation.
The successful completion of the PEPAS evaluation
enables customers and partners to take advantage of
Cisco’s Dynamic Multipoint VPN (DMVPN) technology,
which uniquely addresses many of the inherent scaling
challenges present in traditional IPsec implementations.
Specifically, DMVPN delivers dynamic, on-demand IPsec
tunnel creation between branch locations providing
efficient protection for IL3 peer-to-peer applications.
WAN Encryption Solution: Cisco offers the
richest solution that will best meet customer's
business requirements for secure, converged
networking at scale.
Leadership: Cisco is the only vendor who has
already implemented solutions of this nature to
customers with a deployed base of well over 500k
DMVPN nodes across over 17,000 customers.
Customers taking advantage of DMVPN for their PSN IL3
deployments can accelerate their adoption of secure IP voice
and video services, keeping complexity to a minimum, and
optimising overall network bandwidth. The Cisco DMVPN
solution is widely deployed today, with the largest single
implementations exceeding 20,000 locations so our
customers can be assured that the technology is both well
understood and well proven.
Cisco has been engaged with the technical and security work
streams within the PSN program since 2008 and achieving
PEPAS further demonstrates Cisco’s long-standing commitment
to the success of the program. From working closely with
customers and service provider partners over the past four
years, Cisco has built up a significant body of experience in
understanding how to overcome the practical challenges
faced when deploying IL3 network overlays within the PSN.
This knowledge and experience will enable our customers to
accelerate their adoption of PSN and support the needs of
their secure stakeholders with minimal operational risk.
Network as the Services Delivery Platform:
PSN Networks that serve Business Interests through
integrated, intelligent services and network
embedded applications.
Figure 1: PSN Managed WAN Encryption
Further Information
About Cisco
ISR G2 - http://www.cisco.com/go/isrg2
Cisco is the worldwide leader in networking and
ASR 1000 - http://www.cisco.com/go/asr
communications that transforms how people connect,
Cisco DMVPN - http://www.cisco.com/go/dmvpn
communicate and collaborate. Public Sector is a key
Cisco UK PSN - http://www.cisco.co.uk/psn
strategic market for Cisco with a focus on how technology
We would welcome the opportunity to discuss the
contents of this document further. Contact us at
[email protected]
can underpin cost reduction and enable efficiencies
across the workplace and workforce. Information about
Cisco can be found at www.cisco.co.uk