SafeNet Multi-Domain eXchange (MDeX) System

By: SAFENET  09-12-2011
Keywords: Event Management, Enterprise Management, System Architecture

SafeNet's UCDMO Baseline-validated Cross Domain Solution is now available for reuse throughout DoD and IC.  View  the video on how SafeNet's Cross Domain Solution, the MDeX System, can help you securely manage the transfer of voice, video and data across multi-level security domains.

SafeNet’s MDeX System, an assured information sharing and cross domain solution, provides a reliable, secure, and configurable means of transferring information between domains for all Intelligence Community, Department of Defense, and other sensitive operations.

The MDeX System provides consistent Multi-Level Security (MLS) services regardless of interface protocols and data content filtering needs. It establishes a stable and verifiable framework in which business and mission managers can implement concurrent yet controlled information flows with various communities of interest and security domains. The system addresses business and mission information sharing needs by providing secure ingest, distribution, dissemination, and delivery of sensitive information.

The MDeX System architecture is comprised of three parts:

  • MDeX Transfer System (MTS) : Security core appliance that orchestrates the flow and filtering of information according to customer policies and rule sets
  • Security Domain Intermediary (SDI) : Protocol and queuing edge interface between domain applications and MTS
  • Remote Management Station (RMS) : Enterprise management appliance for policy and security management, command and control, and monitoring

Unlike traditional stove-piped solutions, the MDeX System can satisfy current requirements while providing the capacity to solve other transfer requirements as mission and organization authorities identify them.

Plug and Play Architecture

  • Modular Design
  • Certify Once, Accredit Many

Situational Awareness and Control

  • Enterprise and Mission Integration
  • Ease of Use
  • Accessibility
  • Common Cross Domain System Manager
  • Dynamic Policy Enforcement

MTS Appliance :
SafeNet information flow engine, Oracle Solaris 10 with Trusted Extensions, Oracle Java, Oracle XACML, SPARC, or x86 platforms

  RMS Appliance:
SafeNet CDS manager, Oracle Solaris 10, Oracle Java, Oracle MySQL, Splunk, SPARC, or x86 platforms

  SDI Applications:
SafeNet protocol clients and queue manager, Oracle Java

Splunk is a commercial product integrated into the RMS for event management

Database repository used within the RMS for storing system data

  Obligation API:
Application Programming Interface (API) for Java content filters

The SDI API allows for legacy or unique application integration with the MDeX System  

TIBCO Java Message Service (JMS):
Provided SDI client supports TIBCO’s Enterprise Message Service (EMS) JMS client for message exchanges within enterprise bus architectures.  Requires customer to have existing TIBCO EMS Enterprise License

Industry standard access policy interoperability and extensibility so that policy decision points can exist in multiple places. Access policy managed through RMS

Plug and Play Architecture

The MDeX System’s modular design creates an environment where adding new domains, communities of interest, applications, and content filters requires significantly less custom development compared to most solutions. This gives the mission or organization the flexibility to change their requirements based on mission needs.  SDIs supply the edge interface for connectivity between security domains and the MDeX System’s core security appliance, the MTS, allowing for ready integration of the MTS within existing mission and enterprise JMS, SMTP, XMPP, and standard file sharing applications.

Many other cross domain solutions are designed and developed to address specific data types and transfers.  With these systems, adding a new data type or transfer organization requires custom development efforts, and a complete certification and accreditation effort for use approval. This process can take many months and costs a great deal of money.

To address this challenge, the MDeX System uses Plug and Play architecture and its Application Programming Interfaces (APIs) for interface protocols and content filters. This enables organizations to add new protocols or content filters without changes in the security support structure. Organizations can then isolate any additional certification and accreditation activities to just the additional protocols or content filters, without re-certification of the MTS itself.  As a result, missions and organizations can deploy MDeX System configurations with minimal certification impact and minimize accreditation time frames.

Situational Awareness and Control

Enterprise and Mission Integration
The MDeX System includes enterprise and mission management of the MDeX System cross domain environment. It accomplishes this through its centralized (managing n CDS instances) and distributed (remote accessibility to management platform) capabilities for command and control, monitoring, and management activities.

Ease of Use
The MDeX System’s intuitive GUI for remote management provides a forward-thinking interface to policy and configuration management, and the means to view audit, system, and application events. This user-friendly design enables systems managers to quickly learn MDeX System operations and eliminates the need for users to have years of trusted operating system command line interface experience.

Accessibility is another key benefit to the MDeX System. The MDeX System includes PK-enabled web access from any authorized location. The MDeX System also provides the ability for enterprise and mission management services to gain accessibility to active cross domain event information to enable proactive data flow management.

Dynamic Policy Enforcement - Real-time Policy Changes with Assurance
Dynamic policy enforcement allows data owners to establish granular information flows and content filtering policies as mission needs dictate using the industry standard, OASIS XACML, security policy language.  The separation of flow and content policies, and use of XACML, enables rapid examination and approval of defined policies by organization authorities.  Two-role control provides separation between policy definition and release for management operations. Once an organization certifies a policy for implementation, it is available to the security core appliance, the MTS, for immediate activation and enforcement. This allows organization and mission authorities to operate in a coordinated manner to implement policy changes to address changing mission needs.

Keywords: Addresses Business, content filtering, Customer Policies, Domain System, Enterprise Management, Event Management, Policy Enforcement, Security Domain, System Architecture,

Other products and services from SAFENET


Software Licensing Professional Services

With the insight gained from many years of successful implementations, SafeNet’s team of specialize in helping you tailor your license enforcement and management systems to fit unique demands of your organization’s business goals, operational processes, and desired customer experience.


SafeNet Products for Data Protection and Software Rights Management

Sentinel software licensing and management solutions help software and technology vendors to implement flexible licensing and distribution models, simplify licensing life cycle processes, protect their software and intellectual property, and license SaaS applications.


SaaS Licensing and Management Solutions| SafeNet

Sentinel Cloud Services makes it quick and easy for SaaS providers to build versatile service catalogs, provision and authorize user access, measure service usage, and instantly adapt their service offerings to embrace new and evolving market opportunities. Data collection was a premium feature of lost licensing and entitlement management systems used to forecast trends and make informed business decisions.