Gateways and Endpoints

BlackRidge Extensible Trust System (XTS) include hardware and software gateways and software endpoints that implement BlackRidge Transport Access Control (TAC) with First Packet Authentication™. BlackRidge gateways and endpoints perform identity insertion, identity resolution and policy enforcement on network sessions. Identity insertion is the process that associates a network connection request with a user or device identity and inserts identity tokens into TCP sessions. Identity resolution is the reverse process by which a BlackRidge gateway or endpoint associates and authenticates an identity token with a user or device identity. Policy enforcement implements the provisioned security policy — forward, redirect, or discard — for the connection request to a protected resource.

A BlackRidge gateway can work in both identity insertion and identity enforcement modes,
and provide identity insertion on behalf of devices and users.

Cloud and Virtual Gateways

BlackRidge gateways are available for leading hypervisors and cloud compute environments. Like physical gateways, each appliance is configured with two data ports, along with a dedicated management port. All virtual appliances adapt to their environment, automatically sizing based on the provisioned host resources. Supported environments include: VMware ESXi™, Linux Kernel Virtual Machine (KVM), Amazon Web Services (AWS), and Microsoft Azure.

Enterprise and Branch Gateways

BlackRidge enterprise gateways are software that runs on 1U rack-mountable appliances in either 1GbE or 10GbE network configurations. Each gateway is configured with either two 1GbE or two 10GbE data ports, along with a 1GbE dedicated management port. Multiple network interface options are available: copper interfaces with RJ-45 or fiber optics with SFP+ or SR transceivers, and with optional NIC bypass capability to fail open or closed. The 1GbE and 10GbE rack-mountable gateways support up to 40,000 identities and 4,000,000 sessions.

A fanless branch or desktop gateway is available for protecting assets in remote or branch offices, small subnets or single servers. The small form factor branch gateway is configured with two 1GbE data ports along with one 1GbE port for management, and it supports up to 1,000 identities and 100,000 concurrent network sessions.

TAC Endpoints - Software, Hardware and IoT Devices

A BlackRidge endpoint is TAC software that is integrated in a user device or is embedded in a hardware device. The TAC endpoint performs identity insertion into TCP/IP session establishment requests and performs mutual authentication of network sessions. TAC software endpoints are available for Windows® 7/10 and Ubuntu, with additional Linux operating systems and macOS® to be supported.  BlackRidge hardware endpoints include the BlackRidge TAC Identity Device (TAC-ID) and partner IoT devices. Specifications for hardware endpoints are included in other datasheets.