Use case

Zoning networks with public and private services

Companies that offer services that should be reachable by third parties need to separate these public services from the private parts of their network. In business-to-consumer industries, a public service may be a web shop or a community platform; in busines-to-business industries, typical examples are data sharing platforms for suppliers or partner companies. All companies may operate a local mail server or web server. Such public services are placed in a demilitarised zone (DMZ), separated from the private part of the network by a firewall.

The firewall is typically combined with a network address translation (NAT) router, that provides local hosts with a private network address, while being reachable from the internet under a public address and forwarding packages between the two networks.

Secure switching effectively puts each host in its own protective zone, building a peer-to-peer tunnel for each communication flow. Rack-mountable switches connect all hosts and provide them with a localised, private address, thus replacing a NAT router; by authenticating all connections, they replace the firewalls. In the end, the concept of local and demilitarised zones to ensure the necessary separation of public traffic and private data can be abandoned completely.

Secure switches solve the problem that expert knowledge on authentication, encryption and tunnelling is required to add essential security that is not part of the basic internet protocols.