PORTFOLIO
HIGH AVAILABILITY ACP 145 GATEWAY
THE EDS HIGH AVAILABILITY (HA) ACP145 GATEWAY IS BASEDON THE INTERNATIONAL STANDARD ACP145 FOR MESSAGING
The EDS High Availability (HA) ACP145 Gateway has been built to meet the ACP 145 Gateway requirements of the UK MoD to provide secure High Grade Interoperability between the CCEB nations.
Overview
The EDS High Availability (HA) ACP145 Gateway is
based on the International Standard ACP145 Gateway to Gateway
Implementation for Messaging Services. The EDS (HA)ACP145 Gateway is
designed to be a flexible and modular gateway solution providing X.400,
STANAG 4406 and ACP145 gateway messaging services through a standard
set of components. The Gateway consists of two separated domains, each
of these hosting a clustered Exchange 2003 server; one provides the
connection to the external system and network and the other to the
internal system. EDS Communications and Messaging Group has the
capability and knowledge to interpret the wide range of defence
messaging interoperability requirements and provide the specialist
integration required to build this specialist High Availability Gateway.
Our unique gateway design integrates COTS components with EDS' own
proprietary advanced security module that interfaces the Security
Enforcing Functions (SEF). This provides the bridge between the
internal and external sides of the gateway. The primary functions of the
ACP 145 Gateway Service are to verify signed messages received from
other gateways, generate a boundary signature on all messages leaving
the Gateway, and to map incoming policy security labels to an equivalent
security label. The security module also provides content verification
and virus checking.
Security
- The EDS (HA) ACP145 Gateway is designed to ensure that the Security Enforcing Functions SEF are not linked into the messaging components of the Gateway so that the SEF checking cannot be bypassed.
- ACP145 Gateway supports PKI features
- The ACP145 Gateway uses approved signing algorithms.
- The ACP145 Gateway uses approved encryption algorithms.
EDS Security Enforcing Functions
The SEF modules are assured to pass ALL messages through the SEF. The SEF modules ensure that:
- All messages are virus scanned using McAfee virus scanner
- All messages have been passed through the EDS Content Verification Engine.
- Any message that is intended for an internal recipient who does not dominate the security label of the message is blocked in its entirety.
- A message is non delivered and not passed through the Gateway where none of the message recipients match with the MTA's address space.
- Any messages that contain any invalid addresses (ie. No matching incoming address space or the recipient address is not found in the LDAP directory) are blocked.
- Gives a guarantee that passing a message to these functions via the SEF module will allow the ACP145 Gateway solution to achieve security accreditation.
System Software Requirements
- Supported Platform Windows 2003 Enterprise Server
- Messaging protocols X.400, STANAG 4406, ACP145
KEY COMPONENTS
- X400
- STANAG 4406
- W2K3
- E2K3
- Security Enforcing Functions(SEF)
- Message Prioritisation
- Virus Scanning
- Content Verification
- Dominance Checking
- Labelling (FLOT)
FEATURES AND BENEFITS
- High Availability, Reliability and Performance within the design provides the resilience based on standard off the shelf hardware that meets requirements for a high grade messaging gateway.
- The Gateway supports the logging and auditing of Exchange Server and integration of SEF logging for legal accountability.
- Option to sign the message between gateways providing message integrity and non-repudiation.
- System Backup supported for fast system recovery and meeting service requirements.
- The ACP145 standard provides international gateway interoperability.
- The Security Enforcing functions provide a comprehensive and configurable framework for the latest high-grade security.
Mike Hobden
Business Relationship Manager
Comms & Messaging Group
T: +44 (0)1256 748640
F: +44 (0)1256 742612
E: mike.hobden@eds.com