General information about GOST VPN service
GOST VPN is a service for organizing a secure communication channel between the infrastructure in Selectel and the infrastructure located at an external site. The information transmitted through the channel is encrypted according to GOST in accordance with the requirements of the Federal Security Service and FSTEC of Russia.
To build a secure channel, the following is used equipment ViPNet. Selectel provides and configures the equipment on its own side, it does not install and configure the SCSI on an external site, for more details see section Areas of responsibility. For service connections equipment must be installed and configured at the external site that complies with the demands.
Principle of operation
The infrastructure at each of the sites is united into a private network; as a gateway to the network, a cryptographic information protection system is installed, which routes and processes the traffic of the protected channel.
In Selectel, the SCSI and your infrastructure are connected over a private network at the L3 level through the Selectel global router. If you need to commute the SCSI and server to Selectel directly over L2, you can place a dedicated server in the certified data center segment.
A secure communication channel is created between the ACS in Selectel and the external site, and the information is transmitted in encrypted form.
Equipment
If the Selectel data center and the off-site site have different models of ACS, the throughput and protection class of the channel will be the same as the lower performing model.
Equipment in Selectel data centers
As part of the service, hardware models of the ViPNet Coordinator HW 4 line from InfoTeks are provided in Selectel data centers. The equipment has certificates:
- FSS of Russia — protection class KS3;
- FSTEC of Russia — firewall type A.
* When combining two or more physical network interfaces
Equipment requirements at the external site
Any of the ViPNet Coordinator models, hardware (HW) or virtual (VA), must be used to create a secure channel at an external site. Selectel does not provide equipment for rent to be placed on the external site. You may engage one of the following to select, purchase equipment and set up a ViPNet network official partners of the ViPNet manufacturing company.
Areas of responsibility
Selectel provides
- provision and installation of SCSI in Selectel data center;
- switching of SCSI in Selectel data center to the Internet and local network;
- operability of equipment, local network and Internet connection, replacement of equipment in case of failure;
- installation of an update to the ACS in the Selectel data center;
- changing the rule of traffic passing to the SCSI at the client's request.
Selectel is not responsible for
- for the organization of interconnection at the external site: installation of the of the required encryption transferring the inter-network information file and master key to Selectel, and importing the response information received from Selectel;
- organization of a global router network to interconnect infrastructure and SCSI in the Selectel data center.
Cost
The cost of the service adds up:
- from the selected ViPNet Coordinator HW model;
- the number of interconnections you need;
- the need to organize a high-availability cluster of two ViPNet Coordinator devices.
The cost of the service can be viewed at selectel.ru or calculate in control panels under Security → GOST VPN. If the model you need is not on the list, to calculate the cost of service file a ticket.
The following is used to pay for the service depending on the type of balance in the account single balance or basic balance. The service is paid monthly, when ordering the service the payment for the first month is deducted from the balance, further payments are deducted automatically at the beginning of each following period.