A cross-domain solution (CDS) is a system that provides the ability to access or transfer data between two networks having differing security domains or between a computer in one security domain and a network in another security domain. A CDS may be one-way only (from a low to a high domain or from a high to a low domain) or may be two-way. For a one-way CDS linking two networks, highly engineered solutions, such as the Owl Computing Technologies® Dual Diode, provide a direct point-to-point optical link between the two networks having differing security domains (with data transfer in either the low-to-high direction or in the low-to-high direction). The unidirectionality of the data transfer is enforced in the circuitry of the network interface cards at both network endpoints and in the cable interconnects. In this way, the hardware provides an added layer of assurance of unidirectional information flow and non-bypassable operation. In contrast to software based one-way data transfer systems, it is easy to prove that data is not bypassing the Dual Diode because the optical link, which is the only physical channel for communications, can only carry information in a single direction since there is no receiving circuit coupled to the transmit end of the optical link and no transmitting circuit coupled to the receive end of the optical link.
Typically, the computing platforms coupled to a network are personal computers or workstations. When implementing a one-way data transfer system from a send node coupled to a first network to a receive node coupled to a second network, to achieve and maintain the unidirectionality of data flow over a one-way optical data link coupling the send node to the receive node, the personal computer at the send node must be configured so that only an optical transmitter coupled to the send node interfaces to a first end of a one-way optical data link (e.g., an optical fiber) and, on the other hand, the personal computer at the receive node must be configured so that only an optical receiver coupled to the receive node interfaces to a second opposite end of the one-way optical data link. As disclosed in U.S. Pat. No. 8,068,415 B2 to Mraz (“the '415 patent”), one solution is to provide a transmit-only interface card in the personal computer at the send node and a receive-only interface card in the personal computer at the receive node, with an optical fiber coupling the transmit-only interface card to the receive-only interface card. In this situation, the transmit-only interface card does not include any receive circuitry and thus is capable only of transmitting information while the receive-only interface card does not include any transmit circuitry and thus is capable only of receiving information. The system disclosed in the '415 patent thus requires two personal computers or servers. In this configuration, a first personal computer or server is located on the send side and includes a network interface card coupled to the send side network and a transmit-only interface card coupled to the send side of an optical fiber. Also, a second personal computer or server is located on the receive side and includes a network interface card coupled to the receive side network and a receive-only interface card coupled to the receive side of an optical fiber. The requirement for using two personal computers or servers for the cross-domain system is less than optimal.
Accordingly, there is a need for a cross-domain system which overcomes the problems identified above.