G snap security-solution

265 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
265
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

G snap security-solution

  1. 1. gSNAP Primer Kevin Mayo –Chief Architect – Global Government ●Sun Microsystems, Inc. ●
  2. 2. Introduction – What is gSNAP? • (government) Secure Network Access Platform • Reference Architecture for secure collaboration at the desktop ■ “70% solution” developed specifically for govt customers • Competitive advantage for Sun in specific markets ■ Sun unique products and technology ■ CSO technical engagements ■ Complimentary partner products and integration Sun Confidential: Internal or Partner Use Only
  3. 3. How We Use IT is Also Changing Dynamic Coalition and Interoperability Formation Standards Best of Class Threat of Global Security Terrorism Access Anytime Technology As Major Anywhere Element of Operations Sun Confidential: Internal or Partner Use Only
  4. 4. gSNAP Market Drivers • Government agencies have increasing need to collaborate ■ Within agency ■ With other agencies ■ With trusted partners (suppliers, research centres) ■ With agencies of other nations • Government users have increasing need to access information from anywhere, anytime • Security and privacy are key requirements • Sources of information are increasingly diverse Sun Confidential: Internal or Partner Use Only
  5. 5. gSNAP Market Positioning • Government agencies with collaboration needs ■ Defence (NATO) ■ Public security/ public safety (Interpol) ■ Emergency response (central, provincial, city) ■ Public health (CDC, WHO) ■ Government research centres and universities Sun Confidential: Internal or Partner Use Only
  6. 6. Government System Requirements • Trusted computing environment • Single Virtual Switch to Multiple Networks ■ ■ Single desktop with connections to multiple security domains implemented as physically separated networks (without enabling intra-domain routing) End-users have controlled access to domains based on security level, compartmentalization • Secure Inter-Domain Data Transfer ■ Automated and manual auditing based on pre-defined policies and procedures • Remote Access Protocol Options ■ Tarantella, Citrix, RDP, X Windows or Browser. Sun Confidential: Internal or Partner Use Only
  7. 7. Changing the Game— Single Multi-Tiered Secure Communications SINGLE-POINT FOR INFO ASSURANCE Secure Domain A, Apps 1,2,3 Secure Domain B, Apps 4,5,6 Secure Domain C, Apps 7,8,9 Secure Domain D, Apps 10,11 Secure Domains A to Z On ONE Terminal With data assurance across security domains Sun Confidential: Internal or Partner Use Only
  8. 8. Desktop Consolidation: Ultra-Thin Client Front-End Before: After: To ensure a high level of security physically isolated clients were deployed often resulting in up to 10 different Desktops in a single office Full Session Mobility enabled by a single stateless Sun Ray TM frontend and protected by a Trusted Solaris TM based back-end Sun Confidential: Internal or Partner Use Only
  9. 9. The Sun Solution: Secure Network Access Platform User Community A Switch User Community B Switch Switch User Community C User Community D Switch Switch Trusted Solaris ● Sun Ray Session ● Server ● Switch Switch Switch ● ● ● ● ● 24/7 remote management Sun Ray stateless Clients Java Card identity Network attached storage for audit logs Sun Jumpstart Software for automated site replication Sun Confidential: Internal or Partner Use Only • Highly scalable • Multi-network consolidation • Ultra secure • Identity/Role-based access • Audit ability • Session mobility
  10. 10. Secure Network Access Platform for Government Solution 3rd Party Security Extensions TCS, TNE, AC Tech, Cryptek, Tenix, RSA, Maxim, etc. Integration to Legacy Systems Tarantella, Citrix, RDP, Thinsoft Java Ultra-Thin Client Environment SunRay 1G, 170; Sun Ray Session Server, Trusted CDE, Java Cards Government Accredited Trusted Operating Env Trusted Solaris Certified EAL4 (B1): CAPP, LSPP, RBPP Sun Solaris Enterprise StorEdge ™ 9 RAS Compute Platform Consulting, Training, and Support Services Sun Servers Sun Open Work Practice, Workshop, POC, Architecture and Implementation + Training and Support Sun Confidential: Internal or Partner Use Only
  11. 11. Trusted Solaris Direction Trusted Solaris BSM Solaris Solaris 2.3 Trusted Networking Trusted Desktop RBAC Trusted Solaris layered on Solaris Process Attributes Device Allocation Virtualization Privilege Policy Solaris 8/9 Sun Confidential: Internal or Partner Use Only Solaris 10
  12. 12. Secure Foundation of Dramatic Improvements Solaris 10 Security Digital Certificates Everywhere Secure Execution User Rights Management Process Rights Management Cryptographic Framework IPFilter Kerberos Single Sign On Easily Activated Security Profiles Sun Confidential: Internal or Partner Use Only
  13. 13. Multi-Level Labeled Security Trusted Extensions Adds labeled security to Solaris 10 Multi-level networking, printing Multi-level CDE GUI Leverages User & Process RM Uses Containers Compatible with all Solaris apps Target of CAPP, RBACPP, LSPP @ EAL 4+ Available 1HCY2006 Sun Confidential: Internal or Partner Use Only
  14. 14. Sun Confidential: Internal or Partner Use Only
  15. 15. Based on Best Practices From Innovative Customer Solutions: DTW—DODIIS Trusted Workstation ● Proven solution developed at Joint Intelligence Center Pacific—JICPAC ● Mandated by DIA as standard secure desktop access solution for DODIIS community Coalition Sun Confidential: Internal or Partner Use Only DEA INS Circa 2000 seats deployed, multi-year program managed by JEDI Sun Network Access Platform Solution military Intelligence ● Government Control Center
  16. 16. DTW Components JEDI JUMPSTART IMAGE: Trusted Solaris 8 (12/02) SunRay Software 2.0 w/Failover Groups JMDI (JEDI) Extensions Jumpstart support - Streamlined User & Host management Audit Management - Authorized application Mgmt. TCS software ● ● ● SunRay thin Clients with 24” Flat-Panel monitors Load Balanced Sun Servers Windows 2003 servers connected via RDP Sun Confidential: Internal or Partner Use Only
  17. 17. SPAWAR ● ● ● ● ● ● Reduced acquisition costs by consolidating multiple PC clients into a single Sun Ray ultra-thin client Improved end-user operational efficiencies for secure info workflow with little incremental training Military grade encryption for transport through untrusted environments Highly scalable, with reduced administration, rock-solid security, and easy deployment Provides complete audit trail facilities Tested and validated with government Accreditation SUN RAY SOLUTION SUPPORTING MULTI-NATIONAL COALITION FORCES IN THE ASIA PACIFIC REGION PROBLEM: How to dynamically add/subtract foreign parties into a community of interest at various levels of need-to-know SOLUTION: • Sun Ray Ultra-Thin Client OEM Boards • Cryptek FIPS-140-1 3DES Encryption • Sun Fire(TM) Netra servers • Trusted Solaris(TM) 8 • AC Technology Biometrics • Smart Card Sun Confidential: Internal or Partner Use Only
  18. 18. JICPAC ● ● ● ● Reduced acquisition costs by consolidating multiple PC clients into a single Sun Ray ultra-thin client Improved end-user operational efficiencies for secure info workflow with little incremental training Compatible with over 150 existing applications and INFOSEC tools Highly scalable, with reduced administration, rock-solid security, and easy deployment ● Provides complete audit trail facilities ● Tested and validated to DIA Accreditation SUN RAY SOLUTION SUPPORTING US MILITARY INTEL AT THE JOINT INTELLIGENCE CENTER OF THE PACIFIC (JICPAC) PROBLEM: How to deploy a COTS single desktop that provides secure access to multiple information classifications and applications under gov't accreditation SOLUTION: • • • • Sun Confidential: Internal or Partner Use Only Sun Ray Ultra-Thin Client Sun Fire(TM) 12K servers Trusted Solaris(TM) 8 TCS Secure Office
  19. 19. MLTC—Multi-Level Thin Client (Centrix M) ● United States Navy - USJFCOM & SPAWAR – – >100 MLTC terminals were used as part of the USJFCOM CJTFEX Operation Blinding Storm in June 2004 – Deployed and in production on the USS Mount Whitney and USS Blueridge and at New COMPACFLT's Command Center – ● Response to the fleets requirement for information sharing among allies and coalition partners Schedules for deployment to entire fleet starting FY06 Improved Operational Efficiency: – – Eliminates need for client side storage of sensitive data – ● User Mobility saves times as they move locations – ● Connectivity to multiple domains from a single seat Near Real-time Dynamic security policy Being used in the Middle Eastern Gulf Region Accredidated Internal use by NSA for DoD (SABI) for or Partner Use Only Sun Confidential:
  20. 20. CENTRIX-Maritime Sun V240, V210 and Netra 20 servers running Trusted Solaris CITRIX w/Win 2000 servers All Secret – Siprnet & coalition Networks Used as a secure Gateway to “PC” applications. Maxim provided GOTS code – free within Government Sun Confidential: Internal or Partner Use Only CJTFEX 04-2

×