This topic provides you a quick overview about the eXile service
The fact that many industrial control systems or measurement computers are based upon outdated operating systems brings potential security problems to the campus network as well as the actual application.
With eXile we want to address this problem, especially due to the fact, that in April 2014 Windows XP reached the end-of-life date. After that date, Microsoft does not provide security patches any more.
But eXile is not only useful for the current case of the end-of-life problem of Windows XP, as you can actually send any other computer system as well to eXile, that needs to be locked down to improve security and stability.
eXile stubs together different IT security techniques under the hood of a single platform to get the maximum security with existing legacy computer systems and to allow legitimate network traffic while not exposing the machine to the campus network or internet.
eXile finally helps you to keep your applications up and running and improves the stability and reliability of your system.
The purpose of eXile is not to limit your work but it should support you in this critical situation with advanced security techniques to keep away the problems that out-dated and legacy computer systems are typically exposed to.
eXile is engineered to be as flexible as possible as well as to provide a maximum of network security.
Each group, laboratory or institute can get their own dedicated eXile network or in case you have only one or two computers you can send them to a generic D-PHYS eXile network.
The advantage of a dedicated eXile network is to gain more flexibility and improve the security of your computers in eXile since you do not share the eXile network with other unknown computer systems.
eXile consists of several closed down networks, with no connections to the outside world. Each computer sent to eXile is further isolated by it's own IP subnet. Each network is then connected to the campus network by an advanced firewall system called eXile gate. Communication form one eXile computer to another is also routed through the firewall.
Every network traffic pointed from or to an eXile computer has to pass the eXile firewall and can therefore be filtered and monitored for possible security threats or unlegitimate traffic that may be harmful for your legacy computer systems.
Every eXile gate is controlled by a central management system - called eXile operator - with a configuration management database at its core. The eXile operator manages the complex firewall rules, the eXile networks and the connectivity of the eXile computers within the related network. Furthermore it handles events triggered by the eXile firewalls.
Lastly, a rich web interface is going to be sourced by the operator and provides multiple interfaces for the administrators of eXile computers as well as end-users.