LingBo Tang wrote: > Does it make any sense to run Trusted Extensions on server machines who > may not have X system, like data server?
It most certainly does. Especially if the 'data server' is sharing user home directories or project data directories out over NFS. This is because NFS is label aware when using Trusted Extensions. > I like to use a server to store all sensitive data in central location, > and share with different users with TX functionality. That is the normal way TX is deployed. There are also other cases where TX is deployed in a 'server' environment. These are often called network guards. What network guards often do is function similar to a firewall/router but use the additional labeling information in addition to normal firewall matching rules to make the access choices. Some network guards also do automatic reclassification of data based on rules or processing by dedicated classification engines. Network guards are often used to bridge multiple networks of different label classifications without requiring that TX be run as the desktop/server OS on all the machines. -- Darren J Moffat
