SDP Specification 1.0
软件定义边界(SDP)工作组
2014年4月
Abstract
This document describes the “Software Defined Perimeter (SDP) protocol,” which is designed to provide ondemand, dynamically provisioned, air-gapped networks.Air-gapped networks are trusted networks that are isolated from all unsecured networks and this may allow them to mitigate network-based attacks. The SDP protocol is based on workflows invented by the Department of Defense (DoD) and used by some Federal Agencies. Networks based on these workflows provide a higher level of security, but are thought to be very difficult to use compared to traditional enterprise networks...
Acknowledgments
3
Status of This Memo
6
Abstract
6
1 Introduction
7
1.1 Audience
7
2 Design Objectives
7
3 System Overview
10
3.1 The Changing Perimeter
7
3.2 SDP Concept
8
3.3 SDP Architecture
8
3.3.1 SDP Controller
9
3.3.2 Initiating SDP Hosts
9
3.3.3 Accepting SDP Hosts
9
3.5 SDP Implementations
11
3.5.1 Client-to-Gateway
11
3.5.2 Client-to-Server
11
3.5.3 Server-to-Server
11
3.5.4 Client-to-Server-to-Client
11
3.6 SDP Applications
12
3.6.1 Enterprise Application Isolation
12
3.6.2 Private Cloud and Hybrid Cloud
12
3.6.3 Software as a Service
15
3.6.4 Infrastructure as a Service
12
3.6.5 Platform as a Service
12
3.6.6 Cloud-Based VDI
12
3.6.7 Internet-of-Things
13
3.7 SDP’s Relationship to IKE/IPsec and TLS
13
4 Glossary
13
更多下载查看
