g snap security-solution

gSNAP Primer

●Kevin Mayo

–Chief Architect – Global Government

●Sun Microsystems, Inc.

Sun Confidential: Internal or Partner Use Only

Introduction – What is gSNAP?

• (government) Secure Network Access Platform

• Reference Architecture for secure collaboration at the desktop

■ “70% solution” developed specifically for govt customers

• Competitive advantage for Sun in specific markets

■ Sun unique products and technology

■ CSO technical engagements

■ Complimentary partner products and integration


Threat of Global Terrorism

Technology As Major Element of Operations

How We Use IT is Also Changing

Dynamic Coalition Formation Interoperability and

Standards

Best of Class Security

Access Anytime Anywhere


gSNAP Market Drivers

• Government agencies have increasing need to collaborate

■ Within agency

■ With other agencies

■ With trusted partners (suppliers, research centres)

■ With agencies of other nations

• Government users have increasing need to access information from anywhere, anytime

• Security and privacy are key requirements

• Sources of information are increasingly diverse


gSNAP Market Positioning

• Government agencies with collaboration needs

■ Defence (NATO)

■ Public security/ public safety (Interpol)

■ Emergency response (central, provincial, city)

■ Public health (CDC, WHO)

■ Government research centres and universities


Government System Requirements

• Trusted computing environment

• Single Virtual Switch to Multiple Networks ■ Single desktop with connections to multiple security

domains implemented as physically separated networks (without enabling intra-domain routing)

■ End-users have controlled access to domains based on security level, compartmentalization

• Secure Inter-Domain Data Transfer ■ Automated and manual auditing based on pre-defined

policies and procedures

• Remote Access Protocol Options ■ Tarantella, Citrix, RDP, X Windows or Browser.


Changing the Game— Single Multi-Tiered Secure Communications

Secure Domains A to Z

On ONE Terminal

With data assurance across security

domains

Secure Domain A, Apps 1,2,3

Secure Domain B, Apps 4,5,6

Secure Domain C, Apps 7,8,9

Secure Domain D, Apps 10,11

SINGLE-POINT FOR INFO ASSURANCE


Desktop Consolidation: Ultra-Thin Client Front-End

Before: To ensure a high level of security physically isolated clients were deployed often resulting in up to 10 different Desktops in a single office

After:

Full Session Mobility enabled by a single stateless Sun Ray TM front-end and protected by a Trusted Solaris TM based back-end


Switch

The Sun Solution: Secure Network Access Platform

• Highly scalable

• Multi-network consolidation

• Ultra secure

• Identity/Role-based access

• Audit ability

• Session mobility

User Community

A

User Community

B

User Community

C

User Community

D

Switch Switch Switch Switch Switch

● Trusted Solaris

● Sun Ray Session

● Server

Switch Switch

● Network attached storage for audit logs

● Sun Jumpstart Software for automated site replication

● Sun Ray stateless

● Clients Java Card identity

● 24/7 remote management


Secure Network Access Platform for Government Solution

3rd Party Security Extensions

Integration to Legacy Systems

Java Ultra-Thin Client Environment

Government Accredited Trusted Operating Env

RAS Compute Platform

Consulting, Training, and Support Services

TCS, TNE, AC Tech, Cryptek, Tenix, RSA, Maxim, etc.

Enterprise Solaris ™ 9

Tarantella, Citrix, RDP, Thinsoft

SunRay 1G, 170; Sun Ray Session Server, Trusted CDE, Java Cards

Trusted Solaris Certified EAL4 (B1): CAPP, LSPP, RBPP

Sun StorEdge Sun Servers

Sun Open Work Practice, Workshop, POC, Architecture and Implementation + Training

and Support


Solaris

2.3

Solaris

8/9

Solaris 10

Trusted Solaris

Solaris

Trusted Solaris Direction

Trusted

Solaris

layered

on Solaris

BSM RBAC Process Attributes

Device Allocation

Virtualization

Privilege Policy

Trusted Networking

Trusted Desktop


Digital Certificates Everywhere

Secure Execution

User Rights Management

Process Rights Management

Cryptographic Framework

IPFilter

Kerberos Single Sign On

Easily Activated Security Profiles

Solaris 10 Security

Secure Foundation of Dramatic Improvements


Adds labeled security to Solaris 10

Multi-level networking, printing

Multi-level CDE GUI

Leverages User & Process RM

Uses Containers

Compatible with all Solaris apps

Target of CAPP, RBACPP, LSPP @ EAL 4+

Trusted Extensions

Available 1HCY2006

Multi-Level Labeled Security


military

INS

DE

A

Co

alition

Based on Best Practices From Innovative Customer Solutions:

DTW—DODIIS Trusted Workstation

● Proven solution developed at Joint Intelligence Center Pacific—JICPAC

● Mandated by DIA as standard secure desktop access solution for DODIIS community

● Circa 2000 seats deployed, multi-year program managed by JEDI

Government Control Center

Sun Network Access Platform Solution

Intellig

ence


DTW Components

JEDI JUMPSTART IMAGE:

Trusted Solaris 8 (12/02)

SunRay Software 2.0 w/Failover Groups

JMDI (JEDI) Extensions

Jumpstart support - Streamlined User & Host management

Audit Management - Authorized application Mgmt.

TCS software

● SunRay thin Clients with 24” Flat-Panel monitors ● Load Balanced Sun Servers ● Windows 2003 servers connected via RDP