g snap security-solution
DESCRIPTION
Solaris security solutionsTRANSCRIPT
gSNAP Primer
●Kevin Mayo
–Chief Architect – Global Government
●Sun Microsystems, Inc.
Sun Confidential: Internal or Partner Use Only
Introduction – What is gSNAP?
• (government) Secure Network Access Platform
• Reference Architecture for secure collaboration at the desktop
■ “70% solution” developed specifically for govt customers
• Competitive advantage for Sun in specific markets
■ Sun unique products and technology
■ CSO technical engagements
■ Complimentary partner products and integration
Sun Confidential: Internal or Partner Use Only
Threat of Global Terrorism
Technology As Major Element of Operations
How We Use IT is Also Changing
Dynamic Coalition Formation Interoperability and
Standards
Best of Class Security
Access Anytime Anywhere
Sun Confidential: Internal or Partner Use Only
gSNAP Market Drivers
• Government agencies have increasing need to collaborate
■ Within agency
■ With other agencies
■ With trusted partners (suppliers, research centres)
■ With agencies of other nations
• Government users have increasing need to access information from anywhere, anytime
• Security and privacy are key requirements
• Sources of information are increasingly diverse
Sun Confidential: Internal or Partner Use Only
gSNAP Market Positioning
• Government agencies with collaboration needs
■ Defence (NATO)
■ Public security/ public safety (Interpol)
■ Emergency response (central, provincial, city)
■ Public health (CDC, WHO)
■ Government research centres and universities
Sun Confidential: Internal or Partner Use Only
Government System Requirements
• Trusted computing environment
• Single Virtual Switch to Multiple Networks ■ Single desktop with connections to multiple security
domains implemented as physically separated networks (without enabling intra-domain routing)
■ End-users have controlled access to domains based on security level, compartmentalization
• Secure Inter-Domain Data Transfer ■ Automated and manual auditing based on pre-defined
policies and procedures
• Remote Access Protocol Options ■ Tarantella, Citrix, RDP, X Windows or Browser.
Sun Confidential: Internal or Partner Use Only
Changing the Game— Single Multi-Tiered Secure Communications
Secure Domains A to Z
On ONE Terminal
With data assurance across security
domains
Secure Domain A, Apps 1,2,3
Secure Domain B, Apps 4,5,6
Secure Domain C, Apps 7,8,9
Secure Domain D, Apps 10,11
SINGLE-POINT FOR INFO ASSURANCE
Sun Confidential: Internal or Partner Use Only
Desktop Consolidation: Ultra-Thin Client Front-End
Before: To ensure a high level of security physically isolated clients were deployed often resulting in up to 10 different Desktops in a single office
After:
Full Session Mobility enabled by a single stateless Sun Ray TM front-end and protected by a Trusted Solaris TM based back-end
Sun Confidential: Internal or Partner Use Only
Switch
The Sun Solution: Secure Network Access Platform
• Highly scalable
• Multi-network consolidation
• Ultra secure
• Identity/Role-based access
• Audit ability
• Session mobility
User Community
A
User Community
B
User Community
C
User Community
D
Switch Switch Switch Switch Switch
● Trusted Solaris
● Sun Ray Session
● Server
Switch Switch
● Network attached storage for audit logs
● Sun Jumpstart Software for automated site replication
● Sun Ray stateless
● Clients Java Card identity
● 24/7 remote management
Sun Confidential: Internal or Partner Use Only
Secure Network Access Platform for Government Solution
3rd Party Security Extensions
Integration to Legacy Systems
Java Ultra-Thin Client Environment
Government Accredited Trusted Operating Env
RAS Compute Platform
Consulting, Training, and Support Services
TCS, TNE, AC Tech, Cryptek, Tenix, RSA, Maxim, etc.
Enterprise Solaris ™ 9
Tarantella, Citrix, RDP, Thinsoft
SunRay 1G, 170; Sun Ray Session Server, Trusted CDE, Java Cards
Trusted Solaris Certified EAL4 (B1): CAPP, LSPP, RBPP
Sun StorEdge Sun Servers
Sun Open Work Practice, Workshop, POC, Architecture and Implementation + Training
and Support
Sun Confidential: Internal or Partner Use Only
Solaris
2.3
Solaris
8/9
Solaris 10
Trusted Solaris
Solaris
Trusted Solaris Direction
Trusted
Solaris
layered
on Solaris
BSM RBAC Process Attributes
Device Allocation
Virtualization
Privilege Policy
Trusted Networking
Trusted Desktop
Sun Confidential: Internal or Partner Use Only
Digital Certificates Everywhere
Secure Execution
User Rights Management
Process Rights Management
Cryptographic Framework
IPFilter
Kerberos Single Sign On
Easily Activated Security Profiles
Solaris 10 Security
Secure Foundation of Dramatic Improvements
Sun Confidential: Internal or Partner Use Only
Adds labeled security to Solaris 10
Multi-level networking, printing
Multi-level CDE GUI
Leverages User & Process RM
Uses Containers
Compatible with all Solaris apps
Target of CAPP, RBACPP, LSPP @ EAL 4+
Trusted Extensions
Available 1HCY2006
Multi-Level Labeled Security
Sun Confidential: Internal or Partner Use Only
Sun Confidential: Internal or Partner Use Only
military
INS
DE
A
Co
alition
Based on Best Practices From Innovative Customer Solutions:
DTW—DODIIS Trusted Workstation
● Proven solution developed at Joint Intelligence Center Pacific—JICPAC
● Mandated by DIA as standard secure desktop access solution for DODIIS community
● Circa 2000 seats deployed, multi-year program managed by JEDI
Government Control Center
Sun Network Access Platform Solution
Intellig
ence
Sun Confidential: Internal or Partner Use Only
DTW Components
JEDI JUMPSTART IMAGE:
Trusted Solaris 8 (12/02)
SunRay Software 2.0 w/Failover Groups
JMDI (JEDI) Extensions
Jumpstart support - Streamlined User & Host management
Audit Management - Authorized application Mgmt.
TCS software
● SunRay thin Clients with 24” Flat-Panel monitors ● Load Balanced Sun Servers ● Windows 2003 servers connected via RDP