As an appliance-based Cross Domain Solution (CDS), XD Router [USG program name TurretGate] sets new standards for middleware messaging guards. It is not just a ‘bridge’ solution as it can physically connect two or more networks and offer high security, performance and throughput while retaining low latency and filter efficacy.
XD Router routes and filters message-oriented middleware (MOM) traffic among multiple domains and is capable of accreditation to Director of Central Intelligence Directrive [DCID]6/3 Protection Level (PL)4. This unique solution was architected as a blueprint to enable quick development, deployment, and certification of CDS implementations.
Click to enlarge
- Ensures accurate data exchange across multiple security domains via policy and mandatory access controls using Security Enhanced Linux (SELinux).
- Provides flexible message filter policies so administrators can easily craft secure policies to filter any JMS message traffic.
- Faster operational response is delivered by a filtering core that ensures consistent high performance regardless of the complexity of the filtering policy.
- Greater flexibility with a platform that performs release decisions based on configurable security policy and message metadata. Multiple messaging middleware solutions may be implemented.
- Lower support costs achieved by reducing the number of systems required to handle the message traffic normally throttled by higher latency, lower throughput solutions.
- Faster deployment through a CDS blueprint that is built upon certifiable components and pre-defined artifacts.
The XD Router package includes the following:
- Dedicated high-performance, high reliability platforms (specific size and configuration depends on number of networks supported)
- Two hardware configurations
- 2 network / 3 board system
- 5 network / 6 board system
- SELinux based mandatory access control
- Tier three support included
- Administrator and engineering support training available
- Advanced Security · Leverages proven security components that meet DCID 6/3 PL4 requirements using the flexible mandatory access control (MAC) via Security Enhanced Linux (SELinux)
- High Performance · Message transfer capacity rates of up to 2,400messages per second (per enterprise environment) which is critical for ensuring optimum operational responsiveness
- Flexible Filtering · Efficient inspection of message properties provides safe delivery, filtering, and configuration of information that is adaptable across enterprise environments
- Repeatable Blueprint · Rapid development methodologies, coupled with tools and artifacts based on deep expertise in CDS and SELinux, provides the ability to expedite certification across multiple environments
1. What does XD Router do?
- XD Router delivers high security and performance in an appliance-based Cross Domain Solution (CDS) for appropriate routing and filtering of message-oriented middleware (MOM) traffic among multiple domains. XD Router was specifically designed to provide low latency and high throughput, critical attributes for operationally-critical data.
2. What protocols/formats does XD Router filter?
- XD Router currently supports the Java Messaging System (JMS) fabric architecture specifically implemented in the Tibco solution. However, the componentized architecture of the XD Router enables seamless and rapid incorporation of support for other protocols, while retaining the same low latency, high throughput attributes of the system.
3. What hardware platforms are used for XD Router?
- TurretGate systems have been built on specialized hardware platforms as well as COTS server configurations. TurretGate is built on the strong security controls of SELinux with Red Hat Enterprise Linux; virtually any platform with server-scale capacity and the ability to support RHEL5 would accommodate a TurretGate implementation. Tresys is also able to provide turnkey appliances.