Tempered Networks takes a unique approach to network security and policy enforcement with an identity-based approach to allow (or not allow) devices to communicate.
There are a few moving parts to Tempered’s approach, including its newest product, the HIPrelay, so bear with me as I get it outlined here.
Tempered builds an identity fabric that controls which devices are allowed to communicate across some kind of network (campus, data center or WAN). This identity fabric has three major components:
- Hosts: Tempered leverages the IETF’s Host Identity Protocol, which provides a unique, cryptographically derived identity for each device that will connect across the fabric, such as laptop, a server, an IoT device, a smartphone, and so on. Tempered provides lightweight software for devices to establish and maintain this identity.
- HIP Services: These services, which include the HIPswitch and HIPrelay, are enforcement points that act as gateways. Hosts must authenticate to these gateways. If hosts are allowed to communicate, the gateway will set up an AES-256 encrypted tunnel between gateways for the hosts.
- Conductor: The Conductor is a policy engine that sits outside the data plane. HIPswitches and HIPrelays query the Conductor to determine if hosts are allowed to connect. Operators will program connectivity policies in the Conductor, which are then enforced by the HIP Services. The Conductor can assign multiple policies to devices, which Tempered calls Smart Device Groups. The Conductor itself can be deployed on premises as a physical appliance or in a VM. It can also be deployed in a cloud.
Tempered Networks says that its identity fabrics can run on top of existing Ethernet and IP networks without the need to make significant changes to how traffic is switched and routed. Its goal is to use the HIP protocol and cryptographic identity as a kind of shim that gets inserted between the network and transport layers.
Tempered is positioning its fabric for use cases such as Point of Sale devices in retail locations, medical devices, and IoT devices in manufacturing or building control systems.
As mentioned, the HIPrelay is a new addition to Tempered’s portfolio. HIPrelay enables identity-based routing across IP networks. The HIPrelay is available as an add-on to the HIPswitch 400 appliance, and in virtual and cloud options.
Tempered Networks announced the HIPrelay this May.