Cloud-To-Cloud (C2C) Cross Domain SolutionB

RO

CH

UR

E

Secure, High Speed Cloud-To-Cloud Transfers

The term “cloud” in many instances has come to represent large storage repositories that are more complex than a simple hard drive. While they are extremely efficient in storing, organizing, and accessing vast amounts of information, moving information from a cloud to another cloud of different security classification, or migrating/replicating entire cloud environments has been an arduous, often substantially manual process.

Call 203-894-9342 or email Info@owlcyberdefense.com Our team is always available to meet your cybersecurity needs

The Owl Cloud-to-Cloud (C2C) solution provides a highly reliable and secure mechanism for the high-speed transfer of files one-way, from one cloud to another cloud, inside or outside of the originating organization.

From a high level, the C2C operates on a manifest-based transfer system, and utilizes isolated, independent elements throughout each stage in the process, for increased security. The administrator places files and a manifest file containing a list of authorized files on the “source” cloud.

Owl software on the blue (Send) server then processes the manifest (identifies which files are to be transferred, makes sure they exist and they match the profile in the manifest), after which separate software on the blue server divides up and transfers files over the data diode to the red (Receive) server.

The red server then delivers the files to the destination cloud.

IncorporatesEAL4+

CertifiedTechnology

ADMIN

SOURCECL OUD

DESTINATIONCL OUD

MANIFEST

FILES

FILES

BLUE SERVER RED SERVER

FILES

CL OUD-TO-CL OUD

Call 203-894-9342 or email Info@owlcyberdefense.com

The Owl SolutionThe Cloud-to-Cloud (C2C) cross domain solution is a proprietary, data diode-based cybersecurity solution, designed for secure, extremely high-volume, high-bandwidth file transfers from one cloud environment to another. C2C operates on a two-server platform, with embedded Owl Communication Cards and specialized software. Utilizing a parallel processing system with a sophisticated traffic management and threading mechanisms, the C2C has been tested and verified to transfer multiple terabytes per hour.

For increased security, C2C employs a manifest-based architecture to verify the appropriate files are being passed through the data diode. File verification is performed in-process, and the C2C is fully compatible with off-board pre-server or edge filtering tools and processes.

Features• Secure, high-speed transfer of files from a source cloud to a destination cloud• Enables transfer of files from one cloud to another cloud of differing security classification• Manifest-based file validation system for increased security• Parallel processing system enables extremely high throughput for large numbers of files• Fully compatible with off-board pre-server or edge filtering tools and processes• Validated transfer rates of multiple terabytes per hour

Owl Cloud-To-Cloud Functional ComponentsThe C2C solution features a two-server configuration, and provides a hardware-enforced unidirectional data flow from the source cloud to the destination cloud via Owl V7 Communication Cards.

SERVER-BASED SOLUTION

There are Two Configurations Currently Available for the C2C Solution:

• A single pair of Owl V7 Cards – up to 10 Gbps + A single Owl V7 Communication Card per server, using multiple NICS to provide a 40GbE interface for distributing the load

• Two pairs of Owl V7 Cards – up to 20 Gbps + Two Owl V7 Communication Cards per server, using multiple NICS to provide a 40GbE interface for distributing the load

PERFORMANCE OPTIMIZATION

• Buffers are increased and optimized to support very high volume and bandwidth

• Multiple worker threads are employed to keep the data diode pipes “full”

• Use of multiple DFTS instances supports parallel processing of files

• Utilizes NFS (Network File System) client/server architecture that allows users to access files on other computers as if they were local

• System capability has been verified at multiple terabytes per hour

Our team is always available to meet your cybersecurity needs

OWL CLOUD-TO-CLOUD – HOW IT WORKS

The operation and administration of the Owl Cloud-to-Cloud system is divided among three major elements:

SYSTEM ADMINISTRATOR:• Creates a manifest which

contains the list of authorized files

• System administrator ensures files authorized for transfer are on the source cloud and at rest

• Places manifest on the source cloud

C2C MANIFEST MANAGER:• Automatically processes

manifests

• Authenticates each manifest

• Verifies the files identified in the manifest exist and can be read

• Passes control to traffic manager via pipeline control mechanism

C2C TRAFFIC MANAGER:• Secures the manifest before

initiating work

• Analyzes files sizes and organizes work accordingly

• Distributes the workload across multiple worker threads to maximize throughput across the platform

CL

OU

D-T

O-C

LO

UD

OP

ER

AT

ION

1. Administrator places files for transfer on the network file sharing (NFS) cloud server, along with Manifest file

2. Manifest Manager (MM) searches for manifest on NFS cloud server, verifies and downloads the manifest to the hard drive

3. Manifest Manager sends a message to Traffic Manager (TM), indicating a new manifest is ready for processing

4. Traffic Manager reads the message and secures the manifest

5. Traffic Manager prioritizes workload based on manifest, then sends a message to Worker Threats (WT) to start processing files

6. Assigned Worker Threads retrieve files from NFS cloud server and feed them to the Directory File Transfer System (DFTS) – files only pass through memory and never land on the hard drive

7. To match the workload, C2C utilizes multiple Worker Threads and multiple instances of DFTS, maximizing the transfer rate

8. Received files are verified then transferred to the destination cloud server

ADMINNFS CL OUD

SERVER

MANIFEST

FILES

MEMORY

HARD DRIVE

BLUE SERVER

1

DFTS

FILES

MANIFEST

MANIFEST

2

3 5

6

4

7

FILES

RED SERVER

DFTS

8

FILES

@OwlCyberDefense 203-894-9342 | Info@owlcyberdefense.com

For more information on Owl, or to schedule a demo, visit www.owlcyberdefense.com

Owl Cyber Defense Solutions, LLC leads the world in data diode and cross domain network cybersecurity. With a constant focus on customers in the military, government, critical infrastructure, and commercial communities, Owl develops market-first, one-way data transfer products to meet a variety of operational needs, from entry level to enterprise.

B016 | V4 | 7-10-19

US

E C

AS

E

A major telecom company required large storage files to be transferred from a source cloud file server on a secured network to a destination cloud file server. The source file server contained approximately 150 files, averaging 30 GB in size, all of which needed to be transferred from the source file server to the destination file server overnight.

The Owl Cloud-to-Cloud solution was selected to provide secure one-way transfer from the source cloud to the destination cloud. The solution enabled a much faster transfer of files, replacing existing “sneaker net” using portable hard drives to transfer files from source to destination.

Files can be transferred securely with no data leakage to the low side network.

SOURCE NETWORK

FILE SERVER

DESTINATION NETWORK

FILE SERVER

LARGE STORED

FILES

L OW SIDE HIGH SIDE

ONE-WAY TRANSFER OF

FILES

CL OUD-TO-CL OUD

Owl Cross Domain Solutions

Complying with the stringent NIST 800-53 guidance and accredited for use by both the U.S. Government and Intelligence Agencies, Owl’s multi-tiered “Defense In Depth” network cybersecurity solutions have been meeting the security objectives of government entities for nearly twenty years.

Owl data diode cross domain solutions are designed to provide a comprehensive range of hardware-enforced one-way transfer capabilities and filtering - from securely transferring files from one security domain to another to creating a portal interface for information requests and database replication. End-users are provided with the critical data they need with a low-to-high or high-to-low transfer, while blocking all unauthorized external access.