ConSentry Networks delivers secure switching, enabling enterprises to control every user and secure every port on the LAN. The ConSentry LANShield platforms — the LANShield Controller and LANShield Switch — are purpose-built devices based on custom silicon, with the horsepower to provide access control on every flow. With ConSentry, IT can control who can get onto the LAN, monitor and restrict what users can do on the LAN, and prevent threats from disrupting network services or compromising data.

The LANShield Controller makes it easy for IT to embed security directly into the LAN infrastructure. The Controller provides the full set of secure switching capabilities needed to protect enterprise assets:

	Network Admission Control (NAC) — authentication and posture check to control who can enter the LAN
	visibility — incident- and exception-based information resolved to the username, at Layer 7 for common business protocols (e.g., file name, URL)
	identity-based control — role-based provisioning to control user activities on the LAN
	threat control — detect and block propagation of worms and other malware to prevent network meltdown

The LANShield Controller works with existing LAN infrastructure and authentication databases to provide secure switching. The custom silicon provides the foundation for these control capabilities. This custom hardware includes a 128-core processor and programmable ASICs that work together to perform deep packet inspection and security monitoring and control at up to 10 Gbps. The programmability of the hardware enables ConSentry to keep pace with changes in applications and security requirements.

Transparency and High Availability
The LANShield Controller sits between access switches and the distribution or core layer, aggregating uplinks from wiring closets and enforcing access policies on all traffic. A transparent device, the LANShield Controller requires no changes to network design or user behavior, simplifying deployment and lowering IT’s cost of operations. The Controller supports high-availability and resiliency modes. Enterprises that have dual-homed wiring closet switches can deploy two ConSentry LANShield Controllers as peers — the two platforms share authentication state and preserve user authentications in case of failover. In addition, the Controller itself supports two failure modes. IT can set the device to fail to pass-through, where all LAN traffic will traverse the Controller untouched, or fail to block, where all traffic is stopped. The Controller also includes redundant power supplies and fans.

Deployment Options and IT Initiatives
The LANShield Controller and LANShield Switch provide enterprises with options for deploying secure switching. The LANShield Controller sits behind existing switches, providing an overlay approach helpful for organizations not upgrading their wiring closet switches. The LANShield Switch provides integrated secure switching, ideal for customers in the midst of a switch upgrade, building a new LAN, or in need of per-port control.