Hopr Connect
for Trusted Workloads Operating Anywhere

Animated graphic of machine identity trust

70% of enterprises are unable to realize the business value of multi-cloud due to multi-cloud complexity.

Complexity and security challenges with Kubernetes implementation confronts enterprises operating in multiple environments

"This is a great security tool that any DevOps practitioner will love."
Drew Malone, Solution Engineer and DevOps/Infrastructure veteran
Hopr named in Gartner’s
”Emerging Tech: Security —
The Future of Cyber Is Automated Moving Target Defense”

Hopr Connect
for Application Networking Across Identity Domains

Graphic comparison of isolated workload networks using identity domaines
Connecting application and service workloads across identity domains doesn't need to be complicated and costly.
By 2026, 90% of enterprises will extend their capabilities to
multi-cloud environments. Each identity domain across Kubernetes, data center, and cloud environments creates connection barriers that add complexity and cost.

Easy, Affordable, and Secure
Service and Application Networking

Graphic icon of a multi-mesh of nodes interconnected with Hopr Connect
Easily connect across Kubernetes and identity environments.
Workloads connect at either Layer 4 or Layer 7 across legacy identity boundaries.
Configure and deploy with ease.
Low-friction configuration and deployment with DevOps-friendly YAML.
Reduce architectural overhead.
Eliminate reliance on costly external services and complexity of cert-based solutions.
Extend service mesh beyond the cluster.
Simply interconnect to endpoints outside the service mesh.
Connect with external Organizations, too.
Verified-trust connections with external organizations such as suppliers and partners.

Lightweight Endpoint Protection

Hopr Connect protects endpoints with a lightweight and easily-deployed 'sidecar' composed of four components.

Envoy Proxy

A popular open source, high performance, networking proxy that creates the Hopr “data plane” with workloads, manages network communications, and provides observability functions.

Identity Manager

Receives an initial Machine Alias ID (MAID) credential on initial trust at deployment and then manages and rotates the credential frequently based on the host workload’s activity.
Graphic illustration of the components in a Hopr Sidecar

AES 256 Encryptor

A well-proven open source encryption library that encrypts and decrypts egress and ingress message traffic using the symmetric key from CHIPS™.

Secrets Manager

The 'secrets manager' holds the CHIPS™ algorithm library and secrets generator. The CHIPS™ algorithm runs at the start of a connection with another workload.

Sidecars for Two Types of Connections

Hopr Connect enables high-trust, ultra-secure, on-demand connections inside
an organization’s security architecture and with external organizations.
Gray Hopr Connect icon

Internal Connections

A sidecar that protects workload endpoints for Hopr Connect internal to an organization’s trusted security environments where identically configured sidecars are possible.
graphic icon of a containerized Hopr Sidecar

Gateway Connections

The sidecar used with Hopr Connect Gateway to turn workloads into decentralized API gateways that can connection with third party workloads.
Learn About Connect Gateway
Graphic icon of two connected containerized workloads

Try Our Tech

We offer a FREE plan so that you can use Hopr Connect to evaluate it for your use case with no time limit. Deploy Hopr Sidecars with your containerized apps and perform up to 5,000 communication sessions per month at no charge.

Onboarding is self-serve and sidecar config and deployment is a simple DevOps process.
Try for Free

Hopr’s AMTD Platform

A SaaS “Control Plane” for Hopr Sidecars deployed with Host Workloads
monitors MAID rotation and sidecars at each endpoint at every connection.
Screen capture of a hopr Connect dashboard
Runtime visibility of workload connections and volume, alerts,
and notifications are available in a client dashboard.
Additional visibility of sidecar-workload operation in the customer environments
is available from Envoy proxy observability features and sidecar logging.

Premium Features

five gold stars in a circular pattern
Enhanced Fault Tolerance
This feature improves the fault tolerance of a basic sidecar by allowing configuration to define alternate CHIPS™ algorithms should the initial algorithm fail.
Micro-segmentation
This feature allows assignment of CHIPS™ algorithms for use with specific IP ports to micro-segment applications and services.
Custom MAID Rotation
This feature allows configuration of the default MAID rotation parameters of number of connections and time cycle.
Custom CHIPS™ Algorithms
This feature allows the configuration of a custom algorithm for use in a Hopr Sidecar.

Want more detail? Learn from our FREE resources.

We curated a collection of white papers, videos, and webinars in our ‘Discovery’ library. The resources are FREE with an email. We also have public resources available from the site navbar menu.
Get Free Discovery Resources

Compare Alternatives

Feature

Others

ENDPOINT PROTECTION.
Access requires verification  of two rotating credentials
Existing solutions cannot isolate and reject misuse of stolen credentials.
DATA SECURITY.
Comprehensive encryption over the entire route between workloads.
Cert-based TLS/mTLS is not assured everywhere  and gaps expose data.
HIGH TRUST IDENTITIES.
Identity trust is verified frequently to build a chain of trust in the workload ID
Automated certificates are issued without trust vetting. The chain of trust ends with the cert manager.
TIME-TO-VALUE.
‍Simple, DevOps friendly YAML config and deployment.
Existing solutions require complicated and error-prone configuration and testing to connect across identity domains.
COST EFFICIENCY.
Cloud native pricing and self-contained identity and secrets management lowers costs.
Existing solutions rely on multiple external services with high costs per workload

Product FAQ

Must all Hopr Connect sidecars be configured with the same algorithm?

Hopr Sidecars whose workloads need to inter-operate must use the same CHIPS™ algorithm. A premium feature allows sidecar configuration  for micro-segmentation using multiple algorithms.

How is the end-to-end encryption performed?

Hopr's Synchronous Ephemeral Encryption (SEE™) protocol builds a secure 'tunnel' between workloads using the symmetric key produced by CHIPS™ at each workload. There is no key exchange.

At what layer of the OSI network stack do sidecars encrypt message traffic?

By default, encryption-decryption occurs at Layer 4, the Transport layer. Every IP packet (message headers and bodies) is individually encrypted and decrypted. Layer 7 (application layer) encryption is configurable.

Does Hopr Connect replace the API keys use for an application?

No. API keys are still passed within messages sent to an API endpoint, but they are only used for identification purposes by the API. They are protected because they are encrypted and  cannot be sniffed in transit.

How does Hopr Connect block malicious traffic?

Connection attempts from untrusted workloads fail SEE™ protocol decryption, even if they are also TLS encrypted. They are immediately logged and discarded.

Does Hopr Connect protect North-South and East-West traffic?

Yes. Hopr Connect protects all ingress and egress access to workloads located anywhere. Whether messages are N-S or E-W does not affect Hopr Connect due to its decentralized identity and secrets management capability.

Use CasesHow It WorksUnique FeaturesHopr ConnectHopr Connect GatewayPricingContact usSecurityWeb Retriever OSSAboutPrivacy policiesTerms of service
Hopr enables on-demand, verified-trust, ultra-secure application networking across clouds, organizations, and ecosystems.

Our patented technology and  protocols form Cloud Native Automated Moving Target Defense (AMTD) around workloads, API endpoints, and data in transit.

Hopr's AMTD disrupts threat actors and proactively prevents cyber attacks to increase cyber resilience.
copyright 2021-2023 | Hopr Corporation
CHIPS™, MAID™, and SEE™ are trademarks of Hopr Corporation
CHIPS™ technology the MAID and SEE™ protocols
are protected by US Patents and patents pending.