This document provides an overview and demonstration of Sterling Computers' CrossWatch solution for providing cross domain situational awareness using SolarWinds products. CrossWatch allows Orion servers running in different security domains to push monitoring data to a centralized Enterprise Operations Console, giving operations staff a single dashboard view of the status of IT assets across multiple domains. The demonstration shows how CrossWatch adapts the EOC's "pull" model to a cross-domain "push" model, caching and formatting data from low domain Orion servers for display in the high domain EOC.
Right Money Management App For Your Financial Goals
Cross Domain Solutions for SolarWinds from Sterling Computers
1. Cross Domain Solutions for SolarWinds®
from Sterling Computers
Presented By:
Ed Bender
SolarWinds Worldwide, LLC
Senior Federal SE Manager
ed.bender@solarwinds.com
410-286-3060 (office)
Ben Chernicoff
Sterling Computers Corp.
Software Architect
Ben.Chernicoff@sterlingcomputers.com
503-926-6513(office)
VIEW AND NAVIGATE STATUS OF NETWORKS ON A SINGLE SCREEN
2. Agenda
• Need for Cross Domain Solution
• SolarWinds Overview
• Orion® Solution Overview and Demonstration
• Orion Architecture and Scalability
• SolarWinds Enterprise Operations Console (EOC) Demonstration
• Sterling Computers’ Cross Domain Solution
• Questions and Answers
2
23. CrossWatch for SolarWinds Deployment Architecture
EOC
Multi-Level
User Experience
Orion
Server
Low Side
High Side
HTTP
SOAP
CrossWatch
SmartXD SWIS SWIS
XML
SOAP
CrossWatch
SmartXD
SWIS
XML
Orion
Server
One Way
CDS
CrossWatch adds cross domain aware components into the
SolarWinds deployment to provide a multi-level monitoring capability
24. What is SmartXD?
• A cross-domain guard abstraction layer that simplifies building multi-
level applications and capabilities
• It’s NOT a guard!
– Utilizes existing approved cross domain transfer solutions
– Tightly integrates with: AFRL ISSE, NSA Cloud Security Gateway, BAE XTS Guard,
and Tresys XD Bridge
– Generically supports any streaming TCP/IP, FTP, or other file-transfer based guard
• XML messages are transferred across the guard
– XML message are defined by a strict XML schema, which can be installed on the guard
and used to validate messages in transit
• Platform independent; i.e. runs on Windows, Linux, Solaris, etc.
• Written in Java and runs in Apache Tomcat
• Common Core of other products in this briefing
25. What is CrossWatch?
• CrossWatch is a type of store-and-forward system that adapts the “pull” model used by
the EOC into a cross-domain “push” model where results are pushed from a low domain to
a high domain
• CrossWatch on the low domain implements the SolarWinds Information Service (SWIS)
protocol and executes SWIS queries on a periodic basis against the low-side Orion server;
these results are sent to SmartXD where they are formatted and packaged into well defined
XML messages that are suitable for cross domain transfer. The messages are then
transmitted to the guard
• On the high side the messages are received and processed by SmartXD and forwarded
to CrossWatch where they are cached; the high side EOC polls CrossWatch and the results
are delivered; to the EOC, the high-side CrossWatch component appears to be the
low-side Orion server
• Some EOC queries include time ranges, so CrossWatch contains algorithms to correctly
match the results cached from the low side Orion to the queries executed by the high side
EOC
• CrossWatch also handles conditions such as missed polling intervals (for example, if
either the EOC or Orion go down, or the cross domain transfer rejects a payload), and
insures the cache does not grow without bound
26. CrossWatch and EOC Example Screen
Data retrieved from the EOC handler will display within the EOC as usual
Orion Instances from
multiple domains
27. EOC Behavior
• On some pages EOC has hyperlinks that would normally redirect the user to the Orion
server; direct linking to a low-side Orion doesn’t work in the same way in a low-to-high only
cross domain deployment
• The EOC handler implements a proxy web server that will return a web page stating that
the Orion server is located in a different network and what the user must do to that network
to access that Orion server; likewise, operations in the EOC that perform on-demand
operations to Orion, such as reports and alert acknowledgements will not work. More
sophisticated behavior is possible in a two-way-transfer scenario
• Sterling has technology that will allow the high side EOC to directly launch web pages in
the low side Orion server; the high side EOC handler intercepts the web page redirect and
relays a small control message through a two-way cross domain solution to the low side
Orion handler; the low side Orion handler then opens the correct web page on the local
Orion server; again, this transfer is covered later
• If the user has a cross domain access solution (multi-level desktop) such as AFRL
SecureView at the site, the result is that the low side Orion web page opens on the same
screen as the high side EOC; everything would work just like it does within a single
network; a screen shot of this is on the next slide
Provides performance monitoring, advanced alerting, and custom reporting in a clean and organized Web Interface
Plug and play and Fully Customizable
Proactive vs. Reactive approach to IT Management