General information about GOST VPN service

Last update: March 25 2025

General information about GOST VPN service

GOST VPN is a service for organizing a secure communication channel between the infrastructure in Selectel and the infrastructure located at an external site. The information transmitted through the channel is encrypted according to GOST in accordance with the requirements of the Federal Security Service and FSTEC of Russia.

To build a secure channel, the following is used equipment ViPNet. Selectel provides and configures the equipment on its own side, it does not install and configure the SCSI on an external site, for more details see section Areas of responsibility. For service connections equipment must be installed and configured at the external site that complies with the demands.

Tasks to be solved⁠

GHOST VPN helps:

• organize a secure GOST connection for data transfer between your infrastructure and the infrastructure at an external site: telecom operators, government agencies, banks, commercial biometric systems and others;
• fulfill the data security requirements of the Russian Federation legislation.

Principle of operation⁠

The infrastructure at each of the sites is united into a private network; as a gateway to the network, a cryptographic information protection system is installed, which routes and processes the traffic of the protected channel.

In Selectel, the SCSI and your infrastructure are connected over a private network at the L3 level through the Selectel global router. If you need to commute the SCSI and server to Selectel directly over L2, you can place a dedicated server in the certified data center segment.

There is a contract between Selectel and the network owner at the external site. interconnection agreement. Under this agreement, a secure communication channel is established between the ACS in Selectel and the external site, through which information is transmitted in encrypted form.

Equipment⁠

If the Selectel data center and the off-site site have different models of ACS, the throughput and protection class of the channel will be the same as that of the lower performing model.

Equipment in Selectel data centers⁠

As part of the service, hardware models of the ViPNet Coordinator HW 4 line from InfoTeks are provided in Selectel data centers. The equipment has certificates:

• FSS of Russia — protection class KS3;
• FSTEC of Russia — firewall type A.

	HW100	HW1000	HW1000 D	HW2000	HW5000
Platform	N1	Q7	Q9	Q5	Q2
L3 VPN bandwidth, Mbps	175	915	2500*	6600	10 000*
L2 VPN bandwidth, Mbps	175	915	2500*	6000	10 000*
DOE, Mbps	930	930	2800*	9200	13 000*
Interfaces	4 x RJ-45 1 x SFP	6 x RJ-45	8 x RJ-45 4 x SFP	4 x RJ-45 4 x SFP 4 x SFP+	4 x RJ-45 8 x SFP+

* When combining two or more physical network interfaces

Equipment requirements at the external site⁠

Any of the ViPNet Coordinator models, hardware (HW) or virtual (VA), must be used to create a secure channel at an external site. Selectel does not provide equipment for rent to be placed on the external site. You may engage one of the following to select, purchase equipment and set up a ViPNet network official partners of the ViPNet manufacturing company.

Areas of responsibility⁠

Selectel⁠

• provision and installation of SCSI in Selectel data center;
• switching of SCSI in Selectel data center to the Internet and local network;
• operability of equipment, local network and Internet connection, replacement of equipment in case of failure;
• installing an update to the ACS in Selectel data center;
• changing the rule of traffic passing to the SCSI at the client's request.

User Selectel⁠

• lease of infrastructure in Selectel data center;
• Configuring a global router for infrastructure in Selectel;
• organization of interaction between Selectel and the network owner at an external site;
• providing information for configuring network connectivity and rules on ViPNet Coordinator HW.

Network owner at an external site⁠

• encryption equipment and organization of the ViPNet network;
• transmission of the inter-network master key and inter-network information;
• import of inter-network information received from Selectel.

Cost⁠

The cost of service is influenced by:

• ViPNet Coordinator HW model;
• the number of interconnections required;
• the need to organize a high-availability cluster of two ViPNet Coordinator devices.

The cost of the service can be viewed at selectel.ru or calculate in control panels: from the top menu, press Products and select GOST VPN. If the model you need is not on the list, to calculate the cost of service file a ticket.

The following is used to pay for the service depending on the type of balance in the account single balance or basic balance. The service is paid monthly, when ordering the service the payment for the first month is deducted from the balance, further payments are deducted automatically at the beginning of each following period.