General information about GOST VPN service

GOST VPN is a service for organizing a secure connection between your infrastructure in Selectel and the infrastructure located at an external site.Information that is transmitted through the secure connection is encrypted according to GOST in accordance with the requirements of FSB and FSTEC of Russia.

Selectel provides and configures equipment only on its own side. We do not install and configure equipment and software on external sites, for more details see the section Areas of Responsibility.

To connect the GOST VPN service, ViPNet Coordinator equipment that meets the requirements must be installed and configured at the external site.

If you need to organize a secure connection to your infrastructure in Selectel, you can use the GOST VPN Remote Access service.As part of this service, we set up a secure connection between ViPNet Coordinator in Selectel and our partner's ViPNet Client.

Tasks to be solved

GHOST VPN helps:

organize a secure GOST connection for data transfer between your infrastructure in Selectel and infrastructure at an external site: telecom operators, government agencies, banks, hospitals, commercial biometric systems and others;
fulfill the data security requirements of the Russian Federation legislation.

GOST VPN Remote Access Helps:

organize a secure remote GOST connection for the work of your employees and for the administration of your infrastructure in Selectel;
fulfill the data security requirements of the Russian Federation legislation.

Principle of operation

In Selectel, the ViPNet Coordinator cryptographic information security tool (CISP) and your infrastructure are connected over a private network at the L3 level via a global router.If you need to configure network connectivity between ViPNet Coordinator and a server in Selectel directly over L2, you can place a dedicated server in a certified data center segment.

The connection scheme and choice of service depends on the tasks you need to solve:

STATE VPN — configures a secure site-to-site connection between your infrastructure in Selectel and the infrastructure at the external site;
VPN Remote Access — configures a secure client-to-site connection from a remote workstation to your infrastructure in Selectel.

GOST VPN

An interconnection agreement is entered into between Selectel and the network owner at the external site.

Under this agreement, your infrastructure at Selectel and the infrastructure at the external site are combined into a private network.As a gateway, ViPNet Coordinator IPSs are installed on each side, which route and process the secure channel traffic.

GOST VPN Remote Access

You and our partner enter into a direct agreement for the provision of ViPNet Client software.Under this agreement, a secure communication channel is created between ViPNet Coordinator in Selectel and ViPNet Client, which is provided by our partner, through which information is transmitted in encrypted form.To access your infrastructure in Selectel, you need to connect from a remote workplace using ViPNet Client.Compatibility of ViPNet Client software with various operating systems, devices and platforms can be found in the official documentation for ViPNet Client from InfoTex.

Equipment

If different models of ViPNet IPS are installed in the Selectel data center and at the off-site site, the throughput and security class of the channel will be the same as the lower performing model.

Equipment in Selectel data centers

As part of the service, hardware models of the ViPNet Coordinator HW 4 line from InfoTeks are provided in Selectel data centers.The equipment has certificates:

FSS of Russia — protection class KS3;
FSTEC of Russia — firewall type A.

	HW100C(N)	HW100C(Q)	HW1000	HW1000 D	HW2000	HW5000
Platform	N1	Q1	Q7	Q9	Q5	Q2
L3 VPN bandwidth, Mbps	175	400	915	2500*	6600	10 000*
L2 VPN bandwidth, Mbps	175	400	915	2500*	6000	10 000*
DOE, Mbps	930	1400	930	2800*	9200	13 000*
Interfaces	4 x RJ-45 1 x SFP	4 x 1G RJ-45 2 x 1G SFP	6 x RJ-45	8 x RJ-45 4 x SFP	4 x RJ-45 4 x SFP 4 x SFP+	4 x RJ-45 8 x SFP+

* When combining two or more physical network interfaces

Equipment requirements at the external site

Any of the ViPNet Coordinator models, hardware (HW) or virtual (VA), must be used to organize a secure channel at an external site.Selectel does not provide hardware and software for rent for deployment at an external site.To select, purchase equipment and create a ViPNet network, you can engage one of the official partners of the ViPNet manufacturing company.

Areas of responsibility

The allocation of responsibility depends on the service — GHOST VPN or GHOST VPN Remote Access.

GOST VPN
GOST VPN Remote Access

Selectel	provides ViPNet Coordinator HW and hosts it in the Selectel data center; configures the connection of ViPNet Coordinator HW in the Selectel data center to the Internet and LAN; ensures equipment, local network and internet connection availability, replacement of equipment in case of failure; installs software updates on ViPNet Coordinator HW in the Selectel data center; changes the traffic rules on ViPNet Coordinator HW at the request of a Selectel user.
User Selectel	leases infrastructure from Selectel's data center; configures a global router for its infrastructure in Selectel; Organizes the signing of an agreement between Selectel and the network owner at an external site; organizes the interaction between Selectel and the network owner in the outside area after the agreement is signed; provides information for configuring network connectivity and rules on ViPNet Coordinator HW
Network owner at an external site	signs a consent to the exchange of inter-network information; places the SCSI equipment on its side; organizes and administers the ViPNet network on its side; transmits the inter-network master key and inter-network information; imports inter-network information that it receives from Selectel

Selectel	provides ViPNet Coordinator HW and hosts it in the Selectel data center; organizes inter-network communication between ViPNet networks of our partner and Selectel; provides inter-network information exchange when ViPNet Client is connected; installs software updates on ViPNet Coordinator HW in the Selectel data center; changes the traffic rules on ViPNet Coordinator HW at the request of a Selectel user.
User Selectel	leases the necessary infrastructure from Selectel's data center; concludes a contract with our partner for installation and administration of the VipNet Client encryption system; leases ViPNet Client from our partner; configures a global router for its infrastructure in Selectel
Our partner	fulfills the terms and conditions of the signed contract with the Selectel user for installation and administration of the ViPNet Client software; procures and configures ViPNet Client software; sends Selectel information to establish a remote connection

Cost

GOST VPN

The cost of the GOST VPN service is affected by:

ViPNet Coordinator HW model;
number of interconnections;
the need to organize a high-availability cluster of two ViPNet Coordinator devices.

The cost of the service can be viewed at selectel.ru or in the control panel: click Products in the top menu and select GOST VPN. If the model you need is not on the list, create a ticket to calculate the cost of the service.

To pay for the service, depending on the type of balance in the account, a single balance or the main balance is used.The service is paid monthly, when ordering the service the payment for the first month is deducted from the balance, further payments are deducted automatically at the beginning of each following period.

GOST VPN Remote Access

The amount of payment for the GOST VPN Remote Access service is made up of the cost:

GOST VPN service The service is paid monthly, when ordering the service the payment for the first month is deducted from the balance, further payments are deducted automatically at the beginning of each following period;
of our partner's ViPNet Client lease — annually;
ViPNet Client installation by our partner is a one-time fee.

To calculate the cost , create a ticket.