• remote business
• oil, gas & mining
• communities
• travel destinations
• cafés

• the difference
• how it works
• equipment
• solutions
  • stationary
  • mobile/portable
  • business continuity
  • point-to-multipoint
  • VPN
    • end-to-end VPN
    • hosted SuperVPN
  • VoIP
  • custom
  • satellite for Mac & Linux
  • e-rate
  • data center co-location
  • telemedicine solutions
• coverage
• plans
• 24/7 support
• contact
• customer login
• webmail login
• news
• president's blog

• ARRA broadband stimulus plan

Call Skycasters today

If calling from outside
the U.S. please dial
330-752-0272

Faster secure network connections using satellite Internet access.

about VPNs | end-to-end VPN | hosted SuperVPN

The SuperVPN Solution.

This solution is not an end-to-end VPN, but a hybrid solution incorporating a VPN and a PN (Private Network). This managed solution is offered as a turn-key solution to a complex problem.

It does not have the VPN-over-satellite performance limitations of its competitors because Skycasters securely connects the customer's private satellite network directly to a VPN device located in the Skycasters NOC. That VPN device communicates with a compatible device at the customer's headquarters. This solution eliminates the need to use a VPN across the space segment.

In the Skycasters SuperVPN secure network model, all data is secured across the space link by both the TDMA architecture and session-key encryption between the remote hardware (satellite modem) and the satellite hub at the Skycasters NOC. This segment of the connection is therefore secure with or without added VPN technology.

Skycasters routes the secure traffic between its private satellite network and its customer's headquarters network across a variety of customer-selected options including point-to-point T-1 or VPN across the Internet. Since the Internet method is by far the least costly, it is the most popular. If the Internet method is chosen, then it is important to note that in the SuperVPN network configuration the VPN need only exist across the public Internet and not across the private satellite network. This completely avoids the performance problems of VPN-over-satellite because there is no VPN used across the satellite link.

As an option, split-tunneling at the Skycasters VPN router can allow non-secure traffic to directly access the Internet backbone at the Skycasters router, eliminating the need to unnecessarily backhaul this traffic to the headquarters router.

The SuperVPN Network

The Skycasters SuperVPN high-performance secure solution allows the customer to establish dedicated VPN across the Internet to connect their headquarters network with Skycasters NOC in Akron, Ohio. In the illustration below, an IPsec VPN secures the traffic while it passes over the public Internet to and from the customer headquarters location and the Skycasters satellite gateway equipment. The traffic between the satellite uplink center and the remote satellite sites traverses the already-secure private satellite network.

Please click diagram to see more clearly.

SuperVPN - VPN Segment

Since the Skycasters VSAT-powered satellite network is itself a private network, the point-to-point VPN connection only has to be made across the Internet (the public portion of the data path).

The point-to-point VPN configuration connects dedicated Skycasters routers and hub equipment at the NOC to an IPsec compatible device at the customer's headquarters. A permanent VPN session is established across the Internet between the Skycasters private network and the customer's network, and all designated data traffic is sent through the established connection. In the SuperVPN scenario, the remote site computers do not require a VPN client to be installed. Also, since the encrypted private data is not tunneled end-to-end, it allows much greater speeds to be achieved by taking advantage of the performance-enhancing IP acknowledgement spoofing technologies over the space segment. These performance enhancing characteristics are disabled when using VPN service across the space-segment, so confining the VPN to only the portion of the transmission where it is needed dramatically increases performance.

SuperVPN - Space Segment

Skycasters VSAT Conditional Access utilizes encryption technology to protect the various services against unauthorized access on the satellite downlink. Conditional access provides privacy by protecting multimedia streams and digital file transmissions to a site (email, file transfers, etc) and preventing transmissions from being intercepted by any site except those designated by Skycasters.

The VSAT NOC (Network Operations Center) individually encrypts each multimedia stream or package with a unique session key. Access to a stream or package is controlled by the NOC, making its session key available in usable form to individually authorized VSAT receivers. The NOC passes to a VSAT remote unit its session keys in a scrambled format only usable by that specific receiver. Each remote includes a tamper-resistant hardware cryptofacility (secure ASIC) in which unique key material has been stored during the manufacturing process. The cryptofacility is only capable of decrypting with session key material created by the NOC especially for the cryptofacility. As such, the receiver is only capable of decrypting the appropriate satellite services, and no other receiver can decrypt the service unless intentionally enabled by the NOC as part of a broadcast or multicast application.

There is no encryption algorithm required for the upstream data going from the remote to the NOC, because the upstream channels (inroutes) are inherently secure based on their method of operation. Inroutes use a Time Division Multiple Access (TDMA) method of access and transmission, which means that multiple VSAT transmitters are all using the same inroute or set of inroutes for transmission. Transmissions occur in almost random bursts on the inroutes and the TDMA time-slot assignments of the transmissions are controlled via the receive/downlink channel, so compromise of outroute security would be necessary in order to compromise inroute security.

SuperVPN - Network Security Terrestrial Segment (Internet)

All traffic across the Internet between the Skycasters VPN routers at the satellite uplink center and the customer's headquarters location is secured by IPsec. Using the latest Cisco IPsec VPN technology, Skycasters provides industry standard secured communication between our NOC and the customer HQ.

The result is that customers will connect to the Skycasters SuperVPN private satellite network with the security level of a dedicated private network, while using the Internet at a fraction of the leased line cost. Skycasters main VPN routers are located in the VSAT NOC facility and mediate all access between the Skycasters private satellite network and the customer HQ.

Conclusion

Skycasters' innovative hybrid solution, SuperVPN, solves the VPN-over-satellite performance problems while maintaining the highest levels of security. The solution provides unprecedented cost effectiveness for networks with as few as one remote satellite site. Skycasters' VPN over satellite runs more than twice as fast as comparable satellite VPN services. TDMA and session-key encryption ensure that the space segment is fully secure. IPsec VPN across the Internet keeps the terrestrial segment fully secure.

Please discuss your specific requirements with your sales engineer. Skycasters offers end-to-end VPN solutions as well as the hosted SuperVPN solution. If you prefer to manage your own VPN, you may elect to co-locate VPN hardware in our data center.

about VPNs | end-to-end VPN | hosted SuperVPN

• home
• equipment warranty
• subscriber agreement
• site map
• privacy policy
• usage terms
• links

Please read these Terms and Policies before using this site
Copyright © 2001-2009 Skycasters®, LLC. All rights reserved