Hardware
and Software Overview
The TWS-i™ dovetails with existing secure networks and
systems at any facility, acting as a 'front end' or
'gateway' through which the secure networks can be reached.
This 'front end' is a Sun Microsystems server running
Trusted Solaris, an EAL-4 certified operating system,
Trusted Computing Solutions Trusted Workstation-Thin
Client, and the SunRay Session Server application. This
server is physically connected to each secure network.
Each user connects to this 'front end' server using
a SunRay Thin Client. With no memory or harddrive of
any kind, the SunRay Thin Client is perfect from a security
standpoint; all information remains on the servers in
the data center where it can be backed up and controlled.
The TWS-i™ is a 'win-win' situation for everyone involved.
Users are no longer burdened with multiple workstations
and monitors; they can do all their work on one screen.
Security officers have complete control over information
transfer, with full auditing and other features, and
no longer have to worry about removable media or the
security of remote workstations. Network staff no longer
have to support hundreds of remote workstations with
hardware failures, OS and application upgrades, and
virus scanning. And the accountants will be most thrilled
of all, because the cost savings can be dramatic--the
savings in administration, maintenance, cabling, cooling
and power costs are significant.
Red Hat® Enterprise Linux® 5 (RHEL5) {Red Hat product}
Red Hat Enterprise Linux 5 (RHEL5) is an enhanced version of Linux based
on the Linux.org kernel version 2.6.11.4 and the National
Security Agency’s (NSA) Security Enhanced Linux
(SELinux).
Red Hat Enterprise Linux 5 (RHEL5) is the next step in raising the bar
for security and interoperability in a Linux platform
designed specifically for high assurance application
development and deployment. It is built from the ground
up to be the most secure commercial Linux operating
system available. At this point, Red Hat has upstreamed
many of the components of Red Hat Enterprise Linux 5 (RHEL5) and will
continue to support the open source community in this
manner as development on this product continues.
Red Hat Enterprise Linux 5 (RHEL5) is built to achieve a Common Criteria
EAL 4 evaluation with three protection profiles: RBAC,
CAPP and LSPP. It implements both multi-level security
(MLS) AND Type Enforcement® (TE) protections. Red Hat Enterprise Linux 5 (RHEL5) also features enhanced administrative
tools for simplified security management and graphical
tools to configure highly complex security underpinnings,
reducing administration costs and deployment time.
Because Red Hat Enterprise Linux 5 (RHEL5) builds on a popular operating
system, it is widely compatible, supporting multiple
x86 processors, a wide range of video and network devices
and graphical applications, and Citrix for server-based
Microsoft applications. Its open-source nature means
a lower total-cost-of-ownership (TCO), a non- proprietary
code base, and constant security improvements through
open-source community review.
The NetTop2 infrastructure (NT2-i™) makes use
of a high assurance operating system and applications
from Trusted Computer Solutions (Red Hat Enterprise Linux 5 (RHEL5)), which are then
layered upon commercial computer hardware. When combined,
these components present the data owner and security
manager with a thin client architecture that provides
secure, predictable, and easy to use access to multi-domain
information and secure information sharing.
The NT2-i™ allows disparate networks to be connected
through a trusted electronic interface, yet completely
prevents information transfer between security domains
except as permitted by users with the appropriate clearances.
This eliminates the need for end users to have a separate
workstation at their desk for every secure network.
Instead, users are able to accesses all appropriate
networks through one thin client, one pane of glass.
In effect NT2- i™ virtualizes the desktop thereby
saving equipment, maintenance and administrative costs.
Trusted Solaris™
The foundation of the TWS-i™ solution is the Trusted
Solaris™ Operating System from Sun Microsystems. Trusted
Solaris implements strong protections, including Controlled
Access, Role-Based Access Control (RBAC), and labeled
security permitting complete control over user privileges
and information flow within the server. User data is
completely protected from unauthorized access from other
security domains. Each user, file, and object has its
own security label.
The Common Criteria EAL4 certification for Trusted Solaris™
complies with the requirements of the Common Criteria
Protection Profiles for Labeled Security, Controlled
Access, and Role-Based Access Control. CDS offers training
in Trusted Solaris, enabling your IT staff to quickly
gain insight and hands-on experience with trusted operating
system functionality and management, ensuring quality
IT support for an TWS-i™ implementation.
Trusted Computer
Solutions® Trusted Workstation - Thin Client™
Accredited commercial-off-the-shelf (COTS) software
from TCS provides the management, additional security,
and application functionality of the TWS-i™ solution
to make it fit seamlessly into any multi-network access
federal operations. SecureOffice® Trusted Workstation–Thin
Client™ automates activities that transfer information
among communities of users operating at different sensitivity
levels. It can operate at and connect to a number of
different security domains simultaneously. For example,
Trusted Workstation™ can connect to JWICS, SIPRNET and
Coalition networks simultaneously (from the same desktop),
enabling secure access to intelligence assets, Global
Command and Control System (GCCS) and Coalition networks.
Trusted Workstation – Thin Client™ provides most of
the user functionality specified for the DoDIIS Trusted
Workstation, including:
• Graphical user interface
• Imagery handling and dissemination
• Electronic mail
• File transfer
• Connectivity to external systems at multiple sensitivity
levels
• Interactive personal communications
• Collaborative planning
• Local and remote printing
• Web browsing
Cross domain information sharing is supported by the
SecureOffice® Trusted File Relabeler™. This trusted
application permits you to easily downgrade or upgrade
files, provided you are authorized to use the tool in
accordance with the appropriate security profile. The
Trusted File Relabeler™ supports four workflows based
on three roles in order to provide support for Reliable
Human Review (two-person review)–required for many site
security policies, especially when downgrading information.
Sun Microsystems™
Server
The central hardware of the TWS-i™ solution consists
of a robust server from Sun Microsystems™. This server’s
size depends greatly on the number of users and the
applications they run, and can range in size from the
two-processor Sun Fire™ v210 to the 106-processor Sun
Fire™ 15K. This central server simplifies administration
and makes it more cost effective to implement reliability
features such as RAID, hot-swappable components, and
centralized backup. CDS has years of experience with
the specification and configuration of Sun servers,
assuring that the right server will be chosen for each
installation.
Sun Microsystems
Sun Ray™ Thin Client
The ‘user end’ of the TWS-i™ trusted solution, the SunRay™
Thin Client replaces the cluster of workstations at
each user’s desk. The Sun Ray™ is little more than a
framebuffer at the end of an Ethernet cable–a completely
stateless device with no internal storage and no moving
parts. As such it requires no configuration and is easy
to replace should it fail. And because SunRays are not
unique, a user can use any appropriate SunRay on the
network to access his login session.
Remote
Desktop Client
While the TWS-i™ trusted solution is based on Trusted
Solaris, it also supports Windows functionality through
the use of Citrix ICA,Microsoft RDP or Sun’s Taraentella
client software. This allows the user to open his Windows
server desktop in a window on the Solaris desktop. Not
only does this give the user true Windows functionality,
it also allows consolidation of Windows servers, further
saving administration costs by replacing dozens of user
workstations with a few central servers.
The Many Benefits of the Trusted
Workstation Infrastructure
Hardware cost savings
The CDS TWS-i™ solution saves money up front in hardware
alone, by replacing several PCs at each desk with a
single inexpensive stateless device. It is completely
compatible with your existing Ethernet network and desktop
monitors. And over the long term, the unmatched scalability
of Sun Microsystems servers means that your hardware
investment is a safe one.
Administration cost savings
The TWS-i™ solution saves money over the long term with
centralized administration. All administration is done
through Trusted Solaris™ and TCS SecureOffice® Trusted
Workstation – Thin Client™ software on the central server,
instead of having to track service packs, security patches,
and application updates across dozens or hundreds of
individual PC workstations.
Increased flexibility
With the TWS-i™ solution, user privileges can be changed,
users added and removed, and entire new networks added,
in minutes–all with graphical administration tools.
No longer must the building be completely rewired to
accommodate new secure networks.
Enhanced security
The TWS-i™ solution gives the security administrator
total control over security privileges, from restricting
the flow of information between classification levels
all the way down to setting privileges on individual
files. TCS SecureOffice® Trusted Workstation – Thin
Client™ software provides complete audit trail, management,
and search facilities, while the Sun Microsystems Trusted
Solaris™ Operating System maintains the integrity of
the system itself.
Increased productivity
The TWS-i™ solution requires a minimum of user training.
For the most part, the user is presented with their
familiar Solaris or Windows desktop, doing all of their
work through a single thin client device. They only
have to work with one SunRay™, not several different
workstations. And users can move freely from one SunRay™
thin client to another in seconds.
Complete compatibility
Because the TWS-i™ solution employs Trusted Solaris
and Citrix ICA / Microsoft RDP, nearly all user applications
that run on Solaris or Windows will run without modification.
Increased reliability
Because the TWS-i™ solution is based around a robust
central server with redundant components and centralized
backup, the reliability of the entire network is greatly
increased. And on the desktop, the SunRay™ Thin Client
is a simple framebuffer–a completely stateless device
with no moving parts. Should it fail, it can be replaced,
and the user can return to work, in sixty seconds.
