Multi-security domain management integration architecture for end-to-end service management in military networks

Military networks are partitioned into isolated security domains in order to be able to handle user traffic/data at different confidentiality levels. Depending on the classification of security domains information exchange between low and high security domains is extremely restricted or even prohibited. This holds true for the user traffic as well as the network management information required to operate the corresponding Information and Communication Technology (ICT) domain. Providing centralized end-to-end service and network management across all security domains was not possible in the past because of the large variety of management protocols in-use, as each and every management protocol required a specific information release technology provided by high assurance guards. The guard technology for each network management protocol requires very high development effort per protocol making this approach prohibitive cost and time-wise. This article presents a "Multi-Security Domain (MSD) management integration architecture" enabling end-to-end service and network management across all security domains. Service management information exchange requirements between the isolated management domains are analyzed through representative use cases. The presented MSD management integration architecture introduces a novel distributed management integration technique to support those use cases while still adhering to stringent information security requirements. The proposed management integration architecture is based on Multi-Technology Operations System Interface (MTOSI) standard as well as Service Oriented Architecture (SOA) integration and security solutions.