Certes CryptoFlow solutions are the first products in the industry to combine the flexibility and power of virtualized networks with the most secure cryptographic technology. With Certes CryptoFlow solutions, enterprises and service providers can create tunnelless, multipoint and multi-layer next-generation VPNs that protect traffic for any application on any network (Next Generation VPN). CryptoFlow-VPNs protect data traffic in LAN, WAN, Internet, virtual and cloud environments. Certes CryptoFlow-VPN can be configured in seconds with an extremely simple point-and-click interface for creating security policies.

How cryptoflow-vpns protect sensitive data

  • The award-winning Certes CEP (Certes Enforcement Point) security policy enforcement appliances are positioned on physical or virtual networks or in the cloud. These physical or virtual devices process traffic and apply security policies.
  • The groundbreaking “Certes TrustNet Manager” solution creates CryptoFlow-VPNs covering a group of ciphers (CEPs), located at network endpoints. Tunnelless VPNs can be created in any topology: point-to-point, point-to-multipoint, “full mesh” and everything in between.
  • The TrustNet Manager engine decomposes the VPN into a series of security policies that are transmitted to CEP ciphers through a secure management channel. With group key distribution, ciphers are uniformly connected in the same CryptoFlow-VPN network.
  • Certes networks’ multilayer encryptors work by policy and encrypt traffic at network layer 2, layer 3 or layer 4, depending on what you want to protect and what networks the traffic will pass through. It uses the most advanced AES-256 and SHA-512 encryption available to protect and ensure the integrity of transmitted information.
  • CryptoFlow-VPN combines all ciphers into one body. An unencumbered VPN that protects data in physical, virtual and “cloud” environments.
  • The unique feature of fail-safe cyclic key generation developed by Certes Networks prevents downtime and simplifies the key rotation process. You can schedule cyclic key generation at any time, with full confidence that it will be simple and fast.
  • TrustNet Manager provides detailed reporting, alerting and auditing functions. This allows you to confirm what proper encryption and security controls for sensitive data have been applied, in terms of compliance and security architecture planning.


Control: You have a single point of control of the data encryption process in traffic, rather than a “fragmented mess” of: IPsec tunnels, SSL configurations, piecemeal application-layer control and complex configuration of each router and switch. You can put an end to that with CryptoFlow-VPN.

Keys in hand: You control all the encryption keys and don’t have to rely on some external application to control them for you.

Scaling: CryptoFlow-VPN can cover thousands of endpoints, enabling protected data traffic at a scale never before possible.

No load: CryptoFlow encryptors can process traffic at speeds of up to 10 Gbps with imperceptible latency measured in microseconds. So even applications will be fully encrypted in real time, with zero impact on network performance or application performance.

Multilayer: only Certes Networks offers encryption solutions at the network layer 2, layer 3 or layer 4 level, which allows for great flexibility and expanded use of CryptoFlow-VPN in any network and for any application.

Security decoupled from the network: Certes CryptoFlow solutions allow you to completely separate and decouple security management of data traffic from network or application management.

certes trustnet manager

Means group management of encryption taking into account: encryption policies, encryption keys and dedicated multi-layer ciphers (L2, L3, L4).

Product Overview:

Certes CryptoFlow TrustNet Manager is a web-based management platform that simplifies security management while maintaining network functionality and performance. Provides the user with a browser-based interface for managing policies, devices and key distribution in deployments using group encryption. It offers managed encryption without costly changes to the existing network infrastructure.

With Certes TrustNet Manager, users can:

  • Manage encryption of network traffic from anywhere using a web interface.
  • Define and distribute security policies with a simple drag and drop to a specific location.
  • Separate security management from network management.
  • Review and audit system events for regulatory compliance.
  • Automatically approve changes before deployment.

Policy management – Certes CryptoFlow TrustNet Manager acts as a central control point for security department staff, where policies are defined on what traffic to protect and how to protect it. Policies identify network traffic to be encrypted (based on any combination of VLAN IDs, IP addresses, ports or protocol IDs) and specify what to do with it (encrypt, leave unencrypted or block).

Encryption key management – Certes TrustNet Manager reliably distributes group encryption policies and keys to encryption devices (CEPs) across the network and periodically sends key updates (new keys). Key updates minimize the risk of a brute-force attack on encrypted data by reducing the amount of information encrypted with the same key. Along with the fail-safe function, group keys are updated only when all group members are ready to receive the new key. This prevents downtime/crashes that occur when some group members receive a new key while other group members continue to use the old key. Certes TrustNet Manager helps avoid costly misconfigurations and network failures by checking policies for errors and misconfigurations before new policies are implemented. In addition, Certes TrustNet Manager also implements policies on its own.

Security Management – Using role-based access control, Certes TrustNet Manager provides the ability to separate the security control role from network management. This allows the security team to “outsource” network management, without losing control over security policies and encryption keys. TrustNet Manager provides powerful logging and auditing functionality to create, maintain and prove regulatory compliance. TrustNet Manager offers a skastomized and easily configurable control panel (dashboard) showing the status of devices.

trustnet manager architecture

TrustNet Manager is built on a three-tier web-based architecture. Clustering, data recovery and multiple hosts form the basis of this build. The interface provides multiple users with the ability to configure vCEP virtual and CEP physical ciphers and define group encryption policies. Using TrustNet Manager, policies are created and keys are generated, which are then distributed to vCEP and CEP devices. Clusters provide redundancy and allow for linear scalability of the system. Service providers, on the other hand, can offer encryption services to multiple entities at the same time using just one instance of TrustNet Manager by taking advantage of its built-in ability to support multiple hosts.