Cross-Domain Command & Control with SaltStack Enterprise

By Nicholas M. Hughes

August 05, 2019

TL;DR;WTVI (Too Long; Didn’t Read; Watched the Video Instead)

Everything in this blog is in the video, plus a whole lot more. Click below!

Cross-Domain Command & Control with SaltStack Enterprise

Use Case Definition

Out in the world, there are atypical networks. Networks that don’t connect to the Internet. Networks that don’t connect to other networks within the control of the same group of administrators. These networks are certainly the outliers, but they’re still out there. Each network is handled as it’s own “security domain”, with its own set of requirements for safeguarding the information and systems within. You’ll typically find these types of “enclave” networks in Industrial Control System (ICS), National Security System (NSS), and Safety Critical System (SCS) applications where it’s very important to keep systems apart from your normal day-to-day operations.

Cross-Domain Solutions (CDS) allow an isolated critical network to exchange information with others, without introducing the security threat that normally comes from direct network connectivity. Basically, these systems perform deep inspection of the content traversing security domains. For instance, when data travels from a high security domain to low security domain, we’re predominantly worried about preventing information leaks. We don’t want any information to end up on the lower security domains where it doesn’t belong. Conversely, when information travels from a low security domain to a high security domain, we want to make sure that we don’t pass up any malicious code that would infect our critical domains.

Cross-Domain Solutions are often found where enclave networks exist. However, they usually only handle data traffic… leaving administration traffic out in the cold. This is partly due to the traditional methods of administration, such as SSH, being hard or impossible to inspect and partly due to administration and automation tooling not being purpose-built for this type of application.


So, how can we administer systems across disconnected networks when we want to keep them disconnected? SaltStack to the rescue! We can insert a Cross-Domain Solution in between the SaltStack Enterprise operations framework and the disconnected Salt masters within the enclave networks. The SaltStack Enterprise communication is uniquely well-suited for this type of application, and will allow administration traffic to be proxied through the inspection devices and flow across the organization without introducing the large attack surface of direct network connectivity.


This is definitely a niche use case, but it is a huge win for organizations running these types of environments. If this type of administration would be beneficial to your organization, please reach out to talk to us today!