Defence Directory

Directory services are a critical military infrastructure component, used for tactical, operational and strategic systems. Military directories are used to provide information services, support for military message handling systems, and as supporting infrastructure for other applications such as PKI (Public Key Infrastructure). 

In a military environment, there are a number of stringent requirements driven by operational requirements and mandated by standards.  Defence Directory is an X.500 high performance directory server that has been designed to comply with standards defined in ACP (Allied Communications Protocol) 133.  ACP133 defines the directory services, architecture, protocols, schema, policies and procedures to support messaging communications between allied nations, including NATO and the CCEB.

Defence Directory deployments make use of advanced X.500 functionality, in particular:

• Replication – Access to directories by remote users needs to minimize the dependencies on other servers. This means that extensive use is made of X.500 replication.  Attribute filtering is available to ensure that only the right information is published (for example in a border directory viewable to outside users)
• Strong Authentication – In order to avoid unwanted or malicious updates or changes to the directory it makes use of strong authentication based on X.509 PKI.
• Signed Operations – used to verify the originator of the operation, the data in the operations has not been corrupted or tampered with and to provide secure audit.

The Defence Directory toolset can be used to synchronize data between any pair of directories. A key target is synchronisation of data from Microsoft Active Directory to the Defence Directory. A typical scenario is where local data (e.g., users, certificates and CRLs) from Active Directory is synchronised to a Defence Directory that acts as part of a distributed directory deployment.

The military directory is critical infrastructure that is important in itself and as support for other applications. It is important to monitor servers for availability and correct operation. Defence Directory provides two approaches to achieve this.

• SNMP (Simple Network Management Protocol) - Defence Directory can be monitored with standard SNMP Management tools, such as HP OpenView or Solstice Enterprise Manager. The big advantage of SNMP is that it enables operational management to be integrated with management of networks and other components with a single operator interface.
• Defence Directory's DConsole tool which provides GUI monitoring of one or more defence directory servers. DConsole also has knowledge of directory replication and can monitor replication agreements from both ends. This is important to ensure that all servers are up to date with the most recent information.

Defence Directory can operate as a full X.500 DSA (Directory System Agent) as well as providing LDAP access. It supports the X.500 DAP (Directory Access Protocol), DSP (Directory System Protocol) and DISP (Directory Information Shadowing Protocol) protocols and can be used as a standalone X.500 service, or to provide a configuration database for use in a Military Message Handling System. Defence Directory offers high performance, superior scalability (over 10 million entries), and flexible management.

Key Benefits

• Provides comprehensive security functionality
• Gives full ACP133 support and conformance
• Enables Data Synchronisation between directories – including Active Directory
• Includes comprehensive management and operational tools.
• Allows flexible replication and replication management.
• Defence Directory is a mature and robust product deployed for many years in demanding operational environments.

Features

• Support of STANAG 4406 and ACP123 Military Messaging.
• Support of (legacy) ACP 127 Military Messaging.
• Support of user identification for authentication purposes.
• Storage of X.509 PKI information.