Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Cloud-To-Cloud (C2C) Cross Domain SolutionB
RO
CH
UR
E
Secure, High Speed Cloud-To-Cloud Transfers
The term “cloud” in many instances has come to represent large storage repositories that are more complex than a simple hard drive. While they are extremely efficient in storing, organizing, and accessing vast amounts of information, moving information from a cloud to another cloud of different security classification, or migrating/replicating entire cloud environments has been an arduous, often substantially manual process.
Call 203-894-9342 or email [email protected] Our team is always available to meet your cybersecurity needs
The Owl Cloud-to-Cloud (C2C) solution provides a highly reliable and secure mechanism for the high-speed transfer of files one-way, from one cloud to another cloud, inside or outside of the originating organization.
From a high level, the C2C operates on a manifest-based transfer system, and utilizes isolated, independent elements throughout each stage in the process, for increased security. The administrator places files and a manifest file containing a list of authorized files on the “source” cloud.
Owl software on the blue (Send) server then processes the manifest (identifies which files are to be transferred, makes sure they exist and they match the profile in the manifest), after which separate software on the blue server divides up and transfers files over the data diode to the red (Receive) server.
The red server then delivers the files to the destination cloud.
IncorporatesEAL4+
CertifiedTechnology
ADMIN
SOURCECL OUD
DESTINATIONCL OUD
MANIFEST
FILES
FILES
BLUE SERVER RED SERVER
FILES
CL OUD-TO-CL OUD
Call 203-894-9342 or email [email protected]
The Owl SolutionThe Cloud-to-Cloud (C2C) cross domain solution is a proprietary, data diode-based cybersecurity solution, designed for secure, extremely high-volume, high-bandwidth file transfers from one cloud environment to another. C2C operates on a two-server platform, with embedded Owl Communication Cards and specialized software. Utilizing a parallel processing system with a sophisticated traffic management and threading mechanisms, the C2C has been tested and verified to transfer multiple terabytes per hour.
For increased security, C2C employs a manifest-based architecture to verify the appropriate files are being passed through the data diode. File verification is performed in-process, and the C2C is fully compatible with off-board pre-server or edge filtering tools and processes.
Features• Secure, high-speed transfer of files from a source cloud to a destination cloud• Enables transfer of files from one cloud to another cloud of differing security classification• Manifest-based file validation system for increased security• Parallel processing system enables extremely high throughput for large numbers of files• Fully compatible with off-board pre-server or edge filtering tools and processes• Validated transfer rates of multiple terabytes per hour
Owl Cloud-To-Cloud Functional ComponentsThe C2C solution features a two-server configuration, and provides a hardware-enforced unidirectional data flow from the source cloud to the destination cloud via Owl V7 Communication Cards.
SERVER-BASED SOLUTION
There are Two Configurations Currently Available for the C2C Solution:
• A single pair of Owl V7 Cards – up to 10 Gbps + A single Owl V7 Communication Card per server, using multiple NICS to provide a 40GbE interface for distributing the load
• Two pairs of Owl V7 Cards – up to 20 Gbps + Two Owl V7 Communication Cards per server, using multiple NICS to provide a 40GbE interface for distributing the load
PERFORMANCE OPTIMIZATION
• Buffers are increased and optimized to support very high volume and bandwidth
• Multiple worker threads are employed to keep the data diode pipes “full”
• Use of multiple DFTS instances supports parallel processing of files
• Utilizes NFS (Network File System) client/server architecture that allows users to access files on other computers as if they were local
• System capability has been verified at multiple terabytes per hour
Our team is always available to meet your cybersecurity needs
OWL CLOUD-TO-CLOUD – HOW IT WORKS
The operation and administration of the Owl Cloud-to-Cloud system is divided among three major elements:
SYSTEM ADMINISTRATOR:• Creates a manifest which
contains the list of authorized files
• System administrator ensures files authorized for transfer are on the source cloud and at rest
• Places manifest on the source cloud
C2C MANIFEST MANAGER:• Automatically processes
manifests
• Authenticates each manifest
• Verifies the files identified in the manifest exist and can be read
• Passes control to traffic manager via pipeline control mechanism
C2C TRAFFIC MANAGER:• Secures the manifest before
initiating work
• Analyzes files sizes and organizes work accordingly
• Distributes the workload across multiple worker threads to maximize throughput across the platform
CL
OU
D-T
O-C
LO
UD
OP
ER
AT
ION
1. Administrator places files for transfer on the network file sharing (NFS) cloud server, along with Manifest file
2. Manifest Manager (MM) searches for manifest on NFS cloud server, verifies and downloads the manifest to the hard drive
3. Manifest Manager sends a message to Traffic Manager (TM), indicating a new manifest is ready for processing
4. Traffic Manager reads the message and secures the manifest
5. Traffic Manager prioritizes workload based on manifest, then sends a message to Worker Threats (WT) to start processing files
6. Assigned Worker Threads retrieve files from NFS cloud server and feed them to the Directory File Transfer System (DFTS) – files only pass through memory and never land on the hard drive
7. To match the workload, C2C utilizes multiple Worker Threads and multiple instances of DFTS, maximizing the transfer rate
8. Received files are verified then transferred to the destination cloud server
ADMINNFS CL OUD
SERVER
MANIFEST
FILES
MEMORY
HARD DRIVE
BLUE SERVER
1
DFTS
FILES
MANIFEST
MANIFEST
2
3 5
6
4
7
FILES
RED SERVER
DFTS
8
FILES
@OwlCyberDefense 203-894-9342 | [email protected]
For more information on Owl, or to schedule a demo, visit www.owlcyberdefense.com
Owl Cyber Defense Solutions, LLC leads the world in data diode and cross domain network cybersecurity. With a constant focus on customers in the military, government, critical infrastructure, and commercial communities, Owl develops market-first, one-way data transfer products to meet a variety of operational needs, from entry level to enterprise.
B016 | V4 | 7-10-19
US
E C
AS
E
A major telecom company required large storage files to be transferred from a source cloud file server on a secured network to a destination cloud file server. The source file server contained approximately 150 files, averaging 30 GB in size, all of which needed to be transferred from the source file server to the destination file server overnight.
The Owl Cloud-to-Cloud solution was selected to provide secure one-way transfer from the source cloud to the destination cloud. The solution enabled a much faster transfer of files, replacing existing “sneaker net” using portable hard drives to transfer files from source to destination.
Files can be transferred securely with no data leakage to the low side network.
SOURCE NETWORK
FILE SERVER
DESTINATION NETWORK
FILE SERVER
LARGE STORED
FILES
L OW SIDE HIGH SIDE
ONE-WAY TRANSFER OF
FILES
CL OUD-TO-CL OUD
Owl Cross Domain Solutions
Complying with the stringent NIST 800-53 guidance and accredited for use by both the U.S. Government and Intelligence Agencies, Owl’s multi-tiered “Defense In Depth” network cybersecurity solutions have been meeting the security objectives of government entities for nearly twenty years.
Owl data diode cross domain solutions are designed to provide a comprehensive range of hardware-enforced one-way transfer capabilities and filtering - from securely transferring files from one security domain to another to creating a portal interface for information requests and database replication. End-users are provided with the critical data they need with a low-to-high or high-to-low transfer, while blocking all unauthorized external access.