A next-gen
Cross-Domain Solution delivers tangible cost
and time savings
for the MoD
In this case study, we explore how Xpertex supported a wider modernisation and upgrade project for the MoD, enabling seamless, secure data transfers
A next-gen Cross-Domain
Solution delivers tangible
cost and time savings
Xpertex were engaged by a prime Systems Integrator (SI) to support a wider systems modernisation and upgrade project that delivers mission-critical information to the three main areas of the Armed Forces: the Army, Royal Navy, and Royal Air Force.
The challenge was to design and build a solution that allows the safe transfer of file-based data between systems, that would pass the rigour of MoD security accreditation.
It had to replace the current, resource-intensive, manual import/export process that could take up to four hours to complete a successful data transfer and keep user involvement or intervention to a minimum.
Functionally, it must provide safe, controlled data transfer between two systems (the old and the new) that have a disparate user-base and different security profiles. These are commonly referred to as Cross-Domain Solutions (CDS). Although the concept of CDS has been around for some time, these solutions were traditionally very complex, difficult to maintain and very expensive to build, as they were typically bespoke.
The second challenge from the customer was to reduce both cost and complexity.
To address these challenges, the following approach was taken to minimise cost, complexity, and user interaction:
Use Commercial Off the Shelf (COTS) products
Select components that can provide more than 1 function
Automation of the end-to-end process
During the design phase, Xpertex identified that the solution would require the following elements:
Simple user export
Data egress function
Egress system boundary security control
High Security Gateway
Ingress system boundary security control
Data ingress function
Simple user data collection
SOURCE SYSTEM
DESTINATION SYSTEM
The firewalls used provide additional antivirus and intrusion prevention capabilities. Note that the central data diode will only allow file-based transfer in the direction of the arrow, and prevents access to the source system, as there is no electrical or optical path to exploit.
The Departure Lounge provides a simple file share where users simply place the data that they wish to import. The file(s) are then automatically transferred to the Arrivals Lounge, via the firewall security checks, across the diode and to the Arrivals Lounge file share for collection.
An overall cost reduction of 75%, and 50% reduction in complexity
Data transfer times reduced from hours to minutes, with files transferred at a rate of 10.24MB across the 1Gbps data diode
Full compliance with all MoD security requirements
