Background
Xpertex were engaged by a prime Systems Integrator (SI) to support a wider systems modernisation and upgrade project that delivers mission-critical information to the three main areas of the Armed Forces: the Army, Royal Navy, and Royal Air Force.
The Challenge
The challenge was to design and build a solution that allows the safe transfer of file-based data between systems, that would pass the rigour of MoD security accreditation.
It had to replace the current, resource-intensive, manual import/export process that could take up to four hours to complete a successful data transfer and keep user involvement or intervention to a minimum.
Functionally, it must provide safe, controlled data transfer between two systems (the old and the new) that have a disparate user-base and different security profiles. These are commonly referred to as Cross-Domain Solutions (CDS). Although the concept of CDS has been around for some time, these solutions were traditionally very complex, difficult to maintain and very expensive to build, as they were typically bespoke.
The second challenge from the customer was to reduce both cost and complexity.
The Solution
To address these challenges, the following approach was taken to minimise cost, complexity, and user interaction:
- Use Commercial Off the Shelf (COTS) products
- Select components that can provide more than 1 function
- Automation of the end-to-end process
During the design phase, Xpertex identified that the solution would require the following elements:
- Simple user export
- Data egress function
- Egress system boundary security control
- High Security Gateway
- Ingress system boundary security control
- Data ingress function
- Simple user data collection
The firewalls used provide additional antivirus and intrusion prevention capabilities. Note that the central data diode will only allow file-based transfer in the direction of the arrow, and prevents access to the source system, as there is no electrical or optical path to exploit.
The Departure Lounge provides a simple file share where users simply place the data that they wish to import. The file(s) are then automatically transferred to the Arrivals Lounge, via the firewall security checks, across the diode and to the Arrivals Lounge file share for collection.
Solution Benefits
- An overall cost reduction of 75%, and 50% reduction in complexity
- Data transfer times reduced from hours to minutes, with files transferred at a rate of 10.24MB across the 1Gbps data diode
- Full compliance with all MoD security requirements
A next-gen Cross-Domain Solution delivers tangible cost and time savings for the MoD
Xpertex played a key role in a system modernisation and upgrade project for the MoD, supplying a leading-edge Cross-Domain Solution to support secure, seamless data transfers, with sustainable cost savings.
