Solaris Trusted Extensions is out there on the net for brave souls who live on the edge. It has been hiding in Nevada build 42a for about a month without much fanfare. A few people have reported on the alias that they have been able to install it and run the multilevel desktop. The Solaris Express 7/06 release will provide a more formal vehicle for early adoptors. But for me, this is old stuff.
I have been running Trusted Solaris and/or Trusted Extensions for more than a decade, both at home and in the office; I currently run Trusted Extensions on laptop, my office workstation and our department SunRay server. I first published a Sun Blueprint about my multilevel home office in the March 2001 article Maintaining Network Separation with Trusted Solaris.
I moved to Trusted Extensions three years ago (when it was just a prototype), and have been continuously refining its configuration. It will take me a while to explain how it all works, so I will just provide an overview in this blog entry.
I am currently working from home on a red Acer Ferrari 3400 (an AMD 64 Athlon system). I am connected via WiFi to the Sun's Wide Area Network (SWAN) using an IPSec tunnel, but I am writing this using a Firefox browser connected to the public website blogs.sun.com website. This web browser is running in a labeled zone, public, which is used for public Internet browsing. I use another labeled zone, internal, for access to SWAN, via another Firefox browser. Since these two browsers are running in separate zones they are isolated and can't interfere with each other. This protects SWAN from spyware, cookie theft, and other infections lurking on the web.
Things get interesting when clicking on links to external websites from the internal browser. These URLS are automagically redirected to the public browser by a label-aware proxy. I will be unveiling this magic a litte bit at a time in future entries.