Questions re: VPN protocols globally
I’ve been charged with building a global VPN as an overlay on top of a certain 3 letter company who also sells lots of stuff. We’re looking at US East US West US Central (eventually) Brazil Singapore Frankfurt Ireland Sydney Maybe Canada Maybe India (outsourcesrs) In the planning stages now and wondering if there are any protocols I need to stay away from ITAR wise with this list of countries. Contemplating Suite B with GCM, etc and AES acceleration. Any land mines? Thanks in advance EKG
There is a Mumbai, India three letter company region available as of June 27, 2016 https://aws.amazon.com/blogs/aws/now-open-aws-asia-pacific-mumbai-region/ On Tue, 4 Oct 2016, Eric Germann wrote:
I’ve been charged with building a global VPN as an overlay on top of a certain 3 letter company who also sells lots of stuff.
We’re looking at
US East US West US Central (eventually) Brazil Singapore Frankfurt Ireland Sydney Maybe Canada Maybe India (outsourcesrs)
In the planning stages now and wondering if there are any protocols I need to stay away from ITAR wise with this list of countries.
Contemplating Suite B with GCM, etc and AES acceleration.
Any land mines?
Thanks in advance
EKG
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
I’m aware. We’re considering them down the line. So, back to the question, any ITAR gotchas with any of these companies? Thanks EKG
On Oct 5, 2016, at 11:05 AM, Peter Beckman <beckman@angryox.com> wrote:
There is a Mumbai, India three letter company region available as of June 27, 2016
https://aws.amazon.com/blogs/aws/now-open-aws-asia-pacific-mumbai-region/
On Tue, 4 Oct 2016, Eric Germann wrote:
I’ve been charged with building a global VPN as an overlay on top of a certain 3 letter company who also sells lots of stuff.
We’re looking at
US East US West US Central (eventually) Brazil Singapore Frankfurt Ireland Sydney Maybe Canada Maybe India (outsourcesrs)
In the planning stages now and wondering if there are any protocols I need to stay away from ITAR wise with this list of countries.
Contemplating Suite B with GCM, etc and AES acceleration.
Any land mines?
Thanks in advance
EKG
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
On Tue, Oct 4, 2016 at 11:15 PM, Eric Germann <ekgermann@semperen.com> wrote:
I’ve been charged with building a global VPN as an overlay on top of a certain 3 letter company who also sells lots of stuff.
you say 'vpn' do you mean 'mpls vpn' or 'ipsec vpn over intertubes' ?
We’re looking at
US East US West US Central (eventually) Brazil Singapore Frankfurt Ireland Sydney Maybe Canada Maybe India (outsourcesrs)
In the planning stages now and wondering if there are any protocols I need to stay away from ITAR wise with this list of countries.
Contemplating Suite B with GCM, etc and AES acceleration.
most places dont' really care about encryption if your use is 'for corporate use', not providing use by external parties (internet access sorts of things), I believe.
IPSec and corporate. Customers will connect to their respective regional sites separately. Any ITAR concerns there?
On Oct 5, 2016, at 12:01 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Tue, Oct 4, 2016 at 11:15 PM, Eric Germann <ekgermann@semperen.com <mailto:ekgermann@semperen.com>> wrote: I’ve been charged with building a global VPN as an overlay on top of a certain 3 letter company who also sells lots of stuff.
you say 'vpn' do you mean 'mpls vpn' or 'ipsec vpn over intertubes' ?
We’re looking at
US East US West US Central (eventually) Brazil Singapore Frankfurt Ireland Sydney Maybe Canada Maybe India (outsourcesrs)
In the planning stages now and wondering if there are any protocols I need to stay away from ITAR wise with this list of countries.
Contemplating Suite B with GCM, etc and AES acceleration.
most places dont' really care about encryption if your use is 'for corporate use', not providing use by external parties (internet access sorts of things), I believe.
* Valdis Kletnieks:
On Wed, 05 Oct 2016 12:06:07 -0400, Eric Germann said:
Customers will connect to their respective regional sites separately. Any ITAR concerns there?
If there are serious concerns there, I recommend spending the coin for an actual ITAR expert.
Right. I *think* it is possible to pull this off, but I expect that you have to file some paperwork, and doing that without proper training and knowledge of the applicable guidelines seems way too risky. (There isn't just ITAR. Local regulations apply as well.)
participants (5)
-
Christopher Morrow -
Eric Germann -
Florian Weimer -
Peter Beckman -
Valdis.Kletnieks@vt.edu