Many institutions have an ever increasing requirement to process data at more than one security level. A given task may start at a lower security domain and then be completed at a higher security domain in a separate high security area. The ability to work in the high domain and to access a low domain network from the same workstation is highly desirable. Often the high domain physical spaces are small in size so reducing the hardware footprint is desirable.
FIG. 1 shows a typical configuration of a first prior art system 10 that provides access to two security domains. FIG. 1 shows a high domain computer 12 and a low domain computer 14, both connected to a low domain network 16. High domain data is passed through the low domain network to a high domain server 18 using a Virtual Private Network (VPN) tunnel 20. There is no connectivity between the high and low domain computers 14 and 16; connectivity between the domains, if required, requires a cross domain solution (CDS). The low domain computer 14 is connected to a low domain server 22 via the low domain network 16.
FIG. 2 illustrates a second prior art system 24 that provides access to two security domains. The system shown in FIG. 2 reduces size, weight, and power parameters when compared to the first system 10 of FIG. 1, but still requires two network interface cards (NICs). Prior art system 24 utilizes a single computer 26 equipped with two virtual machines, one for the high domain and one for the low domain. Each virtual machine has its own NIC. In these prior art system architectures multiple low domain computers can be simply added, but there is no way to simply add additional high domain computers without requiring each additional high domain computer to have its own VPN connection.