Network architecture

The CipherMail gateway is typically installed as a store and forward server. There are multiple ways the gateway can be placed within the existing infrastructure. The following setups are the most typical setups.

After content scanner

In this setup the CipherMail gateway is placed between the content scanner and the Internet. This allows outgoing email to be scanned, for example for viruses, SPAM and sensitive or confidential information, before the email gets encrypted and incoming email to be scanned after decryption.

Note

These are the two most typical setups. Different setup are however supported as long as the connected systems use SMTP.

Encryption after content scanner, decryption before content scanner

Content scanner with redirect

In this setup the CipherMail gateway is placed below the content scanner. If the content scanner detects that email must be encrypted, for example because of deep email inspection, the content scanner sends the email to the CipherMail gateway for encryption. The CipherMail gateway, after encryption, sends the email back to the content scanner. The content scanner then sends the email to the final recipient. Incoming email which is S/MIME or PGP encrypted will first be delivered to the CipherMail gateway for decryption. The CipherMail gateway will then send the email back to the content scanner where it will be scanned and if approved, it will be delivered to the internal user’s inbox.

Encryption and decryption controlled by content scanner.

Office 365 integration

In this setup the CipherMail gateway is configured as a relay for Office 365. Email from Office 365 to external recipients, is relayed via the CipherMail gateway. After encryption, the CipherMail gateway sends the email back to Office 365. The Office 365 SMTP servers will then deliver the email to the final recipients. For decrypting incoming email, email will first be delivered to Office 365. Office 365 will then deliver the email to the CipherMail gateway for decryption. After decryption the CipherMail gateway will deliver to email back to Office 365. Office 365 will then deliver the email to the inbox of the user.

Office 365 integration

Google workspace integration

In this setup the CipherMail gateway is configured as a relay for Google Workspace (formerly G Suite). Email from Google Workspace to external recipients, is relayed via the CipherMail gateway. After encryption, the CipherMail gateway sends the email back to Google Workspace. The Google Workspace SMTP servers will then deliver the email to the final recipients. For decrypting incoming email, email will first be delivered to Google Workspace. Google Workspace will then deliver the email to the CipherMail gateway for decryption. After decryption the CipherMail gateway will deliver to email back to Google Workspace. Google Workspace will then deliver the email to the inbox of the user.

Google Workspace integration

Note

For simplicity, the above examples do not show how multiple gateway’s can be configured in a high availability cluster. A HA cluster is however supported.