-1

We have two locations between which we want to have secure connection. The link between those two networks is 4Gbit/s, and the problem is that our firewalls can provide VPN with maximum throughput of 400Mbit/s.
Upgrade of the firewalls is out of questions, we bought them few months ago, and to turn off encryption is also out of questions.

We are thinking to buy 4 windows server (2008 or 2012) machines which would be placed at locations (2 at each location, one would be main and another failover), and they would be in charge of traffic encryption between those two locations. This would cost a lot less then firewalls or encrypting device that was recommended to us which can guarantee 1GBit/s(~70 000 USD).

Is this doable, and what throughput can we excpect?2008

Dave M
  • 4,494
  • 21
  • 30
  • 30
I don't know.
  • 275
  • 3
  • 6
  • 17

1 Answers1

2

Personally, I wouldn't use Windows Server computers for what you're looking at doing. Routers are devices that need have very little downtime, and Windows OS updates are going to create regular, recurring downtime for you. Windows Server computers have a higher attack surface than an embedded router device and definitely have more potential to expose you to security vulnerabilities.

If you absolutely can't find an embedded device that does what you want I'd look at using an OpenBSD or Linux-based commodity server computer. There's always the concern related to "support" (of which there have been fun philosophical battles on Server Fault) but I would argue that support for an OpenBSD or Linux-based solution is readily available in the marketplace.

Throughput is going to depend on your CPU, motherboard chipset, and NICs. You can easily fill a gigabit Ethernet pipe with AES-encrypted traffic with today's server CPUs and NICs.

Community
  • 1
Evan Anderson
  • 141,071
  • 19
  • 191
  • 328