XD Framework (XDF) Overview. For More Information Contact BlueSpace at Tel: (512) Web:

Similar documents
REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

MaaS360 Secure Productivity Suite

Presentation Title 11/13/2013

High Assurance Platform (HAP) High Assurance Challenges. Rob Dobry Trusted Computing NSA Commercial Solutions Center 04 & 05 August 2009

Sentinet for Microsoft Azure SENTINET

PCI DSS Compliance. White Paper Parallels Remote Application Server

7 Things ISVs Must Know About Virtualization

905M 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves

Increase user productivity and security by integrating identity management and enterprise single sign-on solutions.

Axway Validation Authority Suite

Build application-centric data centers to meet modern business user needs

ENTERPRISE MOBILE APPLICATION DEVELOPMENT WITH WAVEMAKER

TRANSFORM YOUR NETWORK

Sentinet for BizTalk Server SENTINET

The McAfee MOVE Platform and Virtual Desktop Infrastructure

BUILDING the VIRtUAL enterprise

FIVE REASONS YOU SHOULD RUN CONTAINERS ON BARE METAL, NOT VMS

The Modern Web Access Management Platform from on-premises to the Cloud

Solution Brief: Commvault HyperScale Software

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Exam C Foundations of IBM Cloud Reference Architecture V5

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

SolarWinds Orion Platform Scalability

Accelerate Your Enterprise Private Cloud Initiative

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Introducing IBM WebSphere CloudBurst Appliance and IBM WebSphere Application Server Hypervisor Edition

HCX SERVER PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY

AWS Reference Design Document

Hyper-Converged Infrastructure: Providing New Opportunities for Improved Availability

Rethinking VDI: The Role of Client-Hosted Virtual Desktops. White Paper Virtual Computer, Inc. All Rights Reserved.

Quest vworkspace. What s New. Version 7.5

Jitterbit is comprised of two components: Jitterbit Integration Environment

Private Cloud Database Consolidation Name, Title

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

VMware vcloud Air Accelerator Service

Smarter Business Agility with WebSphere DataPower Appliances Introduction

White Paper. Why Remake Storage For Modern Data Centers

CA Cloud Service Delivery Platform

Safeguarding Cardholder Account Data

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Oracle Identity and Access Management

AppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Enabling Red Hat Virtualization for the Hybrid Cloud

Cisco Cloud Application Centric Infrastructure

MASERGY S MANAGED SD-WAN

Mediaocean Aura Technical Overview

ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

BUILDING A PATH TO MODERN DATACENTER OPERATIONS. Virtualize faster with Red Hat Virtualization Suite

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Don t just manage your documents. Mobilize them!

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

McAfee Product Entitlement Definitions

Convergence is accelerating the path to the New Style of Business

Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Innovative Solutions. Trusted Performance. Intelligently Engineered. Comparison of SD WAN Solutions. Technology Brief

Certeon s acelera Virtual Appliance for Acceleration

The Now Platform Reference Guide

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

CA Cloud Service Delivery Platform

Cloud Essentials for Architects using OpenStack

Easily Managing Hybrid IT with Transformation Technology

THE FUTURE IS HYBRID. Patrick Harr. Global Vice President, Cloud Strategy and Solutions Hewlett-Packard Company

Echidna Concepts Guide

CIP Security Pull Model from the Implementation Standpoint

VMware AirWatch Integration with RSA PKI Guide

VMWARE HORIZON 7. End-User Computing Today. Horizon 7: Delivering Desktops and Applications as a Service

Iron Networks, Inc. Turnkey Converged Infrastructure-as-a-Service Platforms

Bringing DevOps to Service Provider Networks & Scoping New Operational Platform Requirements for SDN & NFV

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

BUSTED! 5 COMMON MYTHS OF MODERN INFRASTRUCTURE. These Common Misconceptions Could Be Holding You Back

SAML-Based SSO Solution

What s New in VMware vcloud Automation Center 5.1

Enterprise Private Cloud. Fully managed private cloud as a service in your data centre or ours.

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

Technical Overview. Elastic Path Commerce

Switch to Parallels Remote Application Server and Save 60% Compared to Citrix XenApp

Proven results Unsurpassed interoperability Fast, secure and adaptable network. Only EnergyAxis brings it all together for the Smart Grid

Introduction and Datacenter Topology For Your System

Introduction and Data Center Topology For Your System

Setting Up Resources in VMware Identity Manager

Oracle Enterprise Manager

ticrypt DEPLOYMENT OVERVIEW AND TIMELINE Information about hardware, deployment, and on-boarding

The journey to the cloud often begins with consolidation and virtualization as first steps. Rapid virtualization deployment for private clouds

Oracle Cloud Getting Started with Oracle WebCenter Portal Cloud Service

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

Going cloud-native with Kubernetes and Pivotal

Campus IT Modernization OPERATIONAL CONTINUITY FLEXIBLE TECHNOLOGY MODERNIZED SYSTEMS

Deploying Cisco SD-WAN on AWS

PEACHTECH PEACH API SECURITY AUTOMATING API SECURITY TESTING. Peach.tech

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE

HySecure Quick Start Guide. HySecure 5.0

VMware Hybrid Cloud Solution

Multi-Domain exchange (MDeX) System

by Cisco Intercloud Fabric and the Cisco

Service Description VMware Workspace ONE

SailPoint IdentityIQ 6.4

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Migrating a Business-Critical Application to Windows Azure

Transcription:

XD Framework (XDF) Overview For More Information Contact BlueSpace at Tel: (512) 366-3940 Email: info@bluespace.com Web: www.bluespace.com

Contents 1 INTRODUCTION... 3 2 CASE STUDY... 4 2.1 PROBLEM STATEMENT... 4 2.2 SOLUTION... 4 3 XDF WHAT S IN THE BOX?... 6 3.1 XDF COMMON SERVICES... 6 3.2 XDF IDENTITY SERVICE... 6 3.3 XDF ORCHESTRATOR... 7 3.4 DEVELOPMENT ENVIRONMENT... 7 4 XDF BENEFITS... 8 5 COSTS... 9 5.1 DEVELOPMENT COST COMPONENTS... 9 5.2 DEPLOYMENT COST COMPONENTS... 9 5.3 OTHER COST CONSIDERATIONS... 9 6 XDF SERVICES... 11 6.1 XDF SETUP SERVICES... 11 6.2 XDF DEVELOPMENT SERVICES... 11 6.3 XDF SUPPORT SERVICES... 11 2/11

1 Introduction The BlueSpace XD Framework (XDF) was created to rapidly deliver cross domain applications that are more capable, flexible, easier to certify and more secure than current cross domain applications. XDF incorporates technology called SmartXD. SmartXD is: An architecture for cross-domain applications, A technology platform for integration, A set of design principles, and A set of certification principles Traditional approaches to cross-domain applications result in tightly coupled stovepipe applications that are tied to a specific cross-domain solution (guard) and specific accreditations. SmartXD breaks apart these components into a specialized service oriented architecture designed for cross-domain environments. This approach has the following benefits: Reuse of existing applications. Cross-domain application development is enormously expensive and typically results in applications with fewer capabilities and much longer release cycles. SmartXD allows you to use existing COTS or GOTS applications in a cross-domain environment, including applications you already have in operation within each network. Guard independence. SmartXD applications can leverage any approved data guard, avoiding vendor lock-in and increasing the number of available options for fielding cross-domain applications. Already have a fielded data guard in operation? SmartXD can greatly reduce your cost and accreditation time by using the guard you already have. Enhanced user experience. SmartXD can take advantage of any operational environment, from a single high side desktop to a multi-level desktop spanning multiple domains, to provide the most seamless experience to your users. Rapid integration. SmartXD greatly accelerates solution development. See the Network Monitoring Case Study in this paper for more information. 3/11

2 Case Study A customer using an existing commercial network monitoring solution from SolarWinds (www.solarwinds.com) wanted to extend their monitoring console to work across domains. Using XDF, BlueSpace added cross-domain capability to their solution without any changes to their commercial products or environment. 2.1 Problem Statement SolarWinds sell a networking monitoring solution called Orion and a network monitoring console called the Enterprise Operation Console (EOC). A single EOC can provide a dashboard view of multiple Orion instances running within different networks. The customer wished to extend their high side EOC to their low side Orion networks, but faced two seemingly insurmountable challenges. First, the EOC used proprietary communication protocols that were unsupported by UCDMO listed data guards. Second, in this customer s environment, the only available guard was a file transfer guard from the low domain to the high domain. Unfortunately the EOC is designed only to pull information from Orion servers. There is no capability to push information into an EOC from a file. The customer approached BlueSpace for potential solutions. 2.2 Solution BlueSpace was able to design and build a proxy Orion server in the high side network that represented the Orion server in the low side network. Using its SmartXD technology, BlueSpace was also able to quickly integrate with the low side Orion server, poll it for network status, and convert that information into a file format acceptable by the guard. The guard transfers this file to the high side network where the SmartXD Orion proxy server reads it. This proxy server maintains the information in a cache until the EOC polls for it. From the EOC s point of view it looks as it if is directly polling the low side Orion server. 4/11

High Domain SolarWinds EOC VM Smart XD Active Directory SolarWinds Orion Guard Smart XD VM SolarWinds Orion Active Directory Low Domains The XD framework has capabilities that helped: Handle network failure conditions Corrupted files Out of order or duplicate files Partial and full network status updates Data integrity checks Figure 1: XD Network Monitoring Use-Case Built using XDF, this solution is independent of the actual guard installed. In fact, the development team was not even told which guard was being used. The customer can move the solution to a different guard without changing the application. Furthermore, XDF offers the customer future advantages, such as the ability to directly launch low side Orion applications. 5/11

3 XDF What s In the Box? XDF includes the software and documentation to create robust, high performing, cross-domain applications that leverage COTS and GOTS applications on multiple security domains. 3.1 XDF Common Services XDF Common Services enable rapid integration of existing COTS and GOTS applications into cross-domain solutions: Configuration based upon standard Enterprise Integration Patterns (EIP) Cross-domain identity mapping Cross-domain application session management Secure application state transition validation Audit trail generation Cross-domain application monitoring Data masking capabilities to mask or replace sensitive data and optionally restore that data in response messages. Guard connectors that abstract the details of different guard connection management and communication implementations Protocol conversion for guards that do not natively support the application protocols (for example, SOAP web services or RESTful web services). Message exchange pattern conversion (for example, request-response message mapping to guard unidirectional threads) Content pre-validation that checks each cross-domain message prior to deliver to the guard to prevent misconfigured or misbehaving applications from unnecessarily loading a guard and possibly triggering a guard shutdown Volume and frequency filters Behavior filters XDF Common Services features an event processing engine that is easily configured to alter or extent the processing logic and to add or remove processing steps. Process flows are represented graphically as directed graphs, making process documentation, communication, training, testing, and certification much easier compared to logic embedded in program code. 3.2 XDF Identity Service The XDF Identity Service manages cross-domain identities and performs delegated authentication. Users often have different identities in different domains. Furthermore, crossdomain security policies often prohibit identities and credentials from being passed from one domain to another. The XDF Identity Service maps identities between different domains and facilitates delegated credentials. For example, a user wishing to perform a cross-domain federated search from one domain to another may need to first authenticate with the search services in the other domain. The XDF Identity Service provides a way to 6/11

map the cross-domain request to the correct local identity and authenticate to those services. 3.3 XDF Orchestrator Recently, client hypervisor technologies such as AFRL s SecureView have made it possible to access multiple networks from a single computer. In addition, products like SecureView contain windowing technology that allows applications running in different domains to reside on a single desktop. XDF Orchestrator is a technology that orchestrates applications running in different domains as if they were a single seamless multilevel application, but without any actual trusted application code or multi-level data storage. Figure 2: XD Orchestrator Example In Figure 2, XDF Orchestrator is used to launch low side browsers onto search results displayed in a single high-side window. No URLs or web pages are actually passed between domains. XDF Orchestrator replaces search results returned to the high side with unique numbers and then restores the actual URLs on the low side when a user clicks to open an item. The desktop allows windows from different domains to appear on the same desktop on the same screen. The result appears to be a seamless multi-level search capability but is in fact are separate single level applications controlled by XDF Orchestrator. 3.4 Development Environment XDF works in any standard Java environment. Apache Maven. BlueSpace uses Eclipse and 7/11

4 XDF Benefits SmartXD applications developed using XDF offer a number of benefits over traditional, guard specific, point solutions. Those benefits include the following: 1. Accelerate Adoption of Cloud and Tagged Data work seamlessly with cloud environments, tagged data and existing environments. 2. Flexible and Non-Disruptive plug n play with guards and make existing applications cross domain capable. 3. Accelerate Capability Delivery lower the cost, time and risk to deliver solutions. 4. Simplify Certification lower the cost, time and risk of C&A by leveraging existing guards and cross domain guard services. 5. Extendable add new data sources, data processing, user capabilities, information views, and integration points. 6. Improve Security intelligently process data to eliminate unnecessary duplication and transfer of complex data across domains. Cross domain transfers are limited to highly constrained XML. 7. Low TCO deploy on modern technologies that are easy to configure, deploy and manage in the cloud or on traditional networks. 8/11

5 Costs 5.1 Development Cost Components The cost components of XDF for development purposes are the following: 1. XDF License and Maintenance Fees the fees for SmartXD are typically small in comparison to the overall project. 2. Development and Test System HW / SW typically at least one development system and one test system. 3. Data guard this is required if operational testing is going to be performed on a production network. XDF provides a guard stub for development and testing on non-production networks. 4. Setup and Support Services this is required if development and / or testing are going to be performed on premises other than BlueSpace. These services are for the install, training and developer support of XDF. 5. Development Services BlueSpace services to design, develop, and test the application. 6. Operational Test the license allows for an operational test in a production environment. If this is part of the development effort, the cost of resources and services to perform certification and support the operational test must be included. 5.2 Deployment Cost Components 1. Application Server HW / SW the necessary capacity needs to be in place to host the SmartXD application appliances in each of the security domains. 2. Data Guard HW / SW if an existing data guard with adequate capacity for the XML transfers does not exist, hardware and software will need to be purchased as part of the data guard deployment. 3. Deployment Services Services to deploy the applications and the data guard including supporting the ST&E process. 4. Data Guard Annual Maintenance Fees if an existing data guard is not being used, the fees for annual maintenance and support must be included. 5. Internal Resources resources to support the planning, deployment, operation and maintenance of the system must be included. 5.3 Other Cost Considerations SmartXD helps keep costs low. Consider the following: 1. SmartXD applications do not replace existing systems, they extend them to be cross domain capable. 9/11

2. SmartXD applications can be entirely browser based. No client code is required making it easy to deploy and maintain and well suited to cloud architectures. Users can use their applications from any workstation with a browser and system access. 3. SmartXD applications use any certified data guard. This means existing guards can be leveraged, different guards can be used and future guards can be installed without affecting the application or the user. 4. SmartXD applications are flexible (investment protection). They can support application data, traditional databases and tagged data. They can run on virtually any data guard. They can be deployed in the cloud. They can be easily extended. 5. SmartXD applications are easy to certify. They are deployed as PL2 virtual application appliances in each security domain. Typically PL4 certification requires only the approval of an XML schema which defines the cross domain traffic for each SmartXD application. 6. SmartXD applications are easy to manage. They are based on standard, modern technologies. Management functions are part of each SmartXD application including the ability to monitor SmartXD application appliance and connections to data guards and other applications. 10/11

6 XDF Services 6.1 XDF Setup Services BlueSpace provides a set of setup services that include the following: 1. Install XDF 2. SmartXD Architecture and Design Training 3. SmartXD Application Development Training 4. SmartXD Build Environment Training 5. SmartXD Joint Development and Support Training 6.2 XDF Development Services Typically BlueSpace will leverage its expertise and resources to develop or assist in the development of the application. In the case of a joint effort, BlueSpace will work with the government to establish a joint development process. The BlueSpace development process is an iterative, agile process supported by a set of open source tools that enable full process support from requirements capture to testing and validation. 6.3 XDF Support Services BlueSpace provides 5 x 10 remote technical and developer support. 11/11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback