4 5 Soriano CENTRIXS M Final 1

57 %
43 %
Information about 4 5 Soriano CENTRIXS M Final 1

Published on November 6, 2007

Author: Jancis

Source: authorstream.com

Slide1:  Program Executive Office C4I and Space, PMW 160.1 AFCEA C4I Symposium CENTRIXS-M Network San Diego, CA 23 May 2007 CDR Servo Soriano, PMW 160.1 CENTRIXS-M APM Jacinto.Soriano@navy.mil DISTRIBUTION STATEMENT D. Distribution authorized to the Department of Defense and U.S. DoD contractors only (Military Critical Technology) (16 April 2007). Other requests shall be referred to the PEO C4I and Space organization (Program Office PMW 160) . Agenda:  Agenda CENTRIXS-M Overview Background/Description/Architecture Block II/INC 1 (MLTC) update CENTRIXS-M NOC Update Life Cycle Support New Capability/Enhancements HFIP/SNR Chat Translation (S2C) Enclave and COI Agility Fly Away Kit (FAK) Real Time Collaboration Industry Support Hardware Design Requirements Cross Domain Requirement Security Accreditation Requirement Interoperability with DOD and Coalition Design Releasability Background :  Background Initial Fleet Deployment: CENTRIXS-M was initially fielded as a project in 2002 under the name Coalition Wide Area Network (COWAN); initially funded with Defense Emergency Response Fund (DERF), OSD, and Fleet OMN Project Management: CENTRIXS-M absorbed COWAN-Lite to form a single coherent Navy project managed by PEO C4I since 2004. Formal Resourcing: OPNAV N6 began resourcing CENTRIXS-M in FY06 Formal Acquisition: PMW 160 has established an AAP for the sustainment of Legacy CENTRIXS-M systems (Block 0, I, and II) CENTRIXS-M CPD submitted to OPNAV in July 2006 for JCID’s entry Milestone C planned for Q3FY08; IOC in FY09 Proposed ACAT III designation Program Description:  Program Description CENTRIXS-M provides secure tactical and operational information sharing between U.S. and coalition maritime partners CENTRIXS-M forms the network backbone and global infrastructure for Coalition and Multinational C4I interoperability; A key enabler to Maritime Domain Awareness CENTRIXS-M provides core data services including Secure E-Mail, Web Replication, Chat, and COP at the Secret-Releasable Level; new services include Chat translation, Automated patching and Computer Network Defense Key enabler for C2 & Warfighting Readiness Slide5:  Coalition Partner Ashore 9 May 2007 Coalition Partner Afloat Coalition NOC US Ship Coalition Ship US Ship Coalition Ship Coalition NOC Coalition NOC US NOC US Coalition ship Coalition Ship US NOC Network Enclaves:  Network Enclaves CENTRIXS includes four Multi-lateral, two Bi-lateral security network enclaves and two Communities of Interest (COI) SIPRNET used a transport for Type I and Type II encrypted traffic Fleet requirement exists to monitor more than four simultaneous security enclaves COI agility is needed as the number of Type II encrypted enclaves increase Enclave and COI Description:  Enclave and COI Description Slide8:  CENTRIXS-M Fleet Population Legacy CENTRIXS Block 0 = 129 Ships Block I = 20 Ships Block II = 4 Ships The following ship classes are used in this chart: FFG, DDG, CG, LSD, LHA, LHD, LPD(4), LCC, CVN, and MCM Note - Numbers as of end of Q1FY07 153 ships fielded with CENTRIXS-M capability SCN DDG’s FY07 = 4 SCN LPD’s = 2 NT EOL Refresh Complete! CENTRIXS-M is baselined across the fleet CENTRIXS-M Block 0 & 1:  CENTRIXS-M Block 0 & 1 Block II (MLTC) Force Level Rack:  Block II (MLTC) Force Level Rack Multi-level Thin Client architecture Simultaneous access of 4 coalition enclaves, and SIPRNET from a single thin client workstation 30 clients fielded scaleable to 100 All terminal served to ultra-thin client terminals, Leverages ISNS drops and uses Smart card access Reaccreditation planned with Solaris 10 TX/CONET 2.0 in FY09 Planned installations in FY07: HST, LIN, GW, RR, JCS, ESX Total Inventory Objective : 24 Force Level ships MLTC Client Screen View:  MLTC Client Screen View Unclassified – For Demonstration purposes only Enclave classification is displayed in window header Enclave access is based on Smart Card authorization User only required to login one time System does not allow data transfer between security enclaves Multiple Security Enclaves Accessed Simultaneously Increment 1 Requirements:  Increment 1 Requirements Multi-Level Thin Client (MLTC) Architecture Leverages existing ISNS LAN infrastructure and drops Reaccreditation required for new HW components and New OS Sun V245 and Solaris 10 TX Force Level (FL) variant COTS-based; dual rack system similar to Block II design Simultaneous access to 4 coalition enclaves plus SIPRNET 30 Ultra Thin Clients (UTC) Unit Level (UL) variant Scaled down version of FL variant, same functional capability, single rack system Simultaneous access to 3 coalition enclaves plus SIPRNET 15 Ultra Thin Clients (UTC) VMware utilized for server consolidation Planned fielding quantities: FY09: 27, FY10: 37, FY11: 36 MLTC Reaccreditation Required due to EOL HW/SW CENTRIXS-M Increment 1 Component Reuse for Unit Level:  CENTRIXS-M Increment 1 Component Reuse for Unit Level Power system Human-Machine Interface Sun hardware Suite PC Server New Components: New router (resolves EOL) New PC Server (no 2U server in design) NOC Overview:  NOC Overview CENTRIXS data services provided by Pacific Region Network Operations Center (PRNOC). PRNOC provides ship termination points for each enclave, one per enclave services networks. PRNOC is responsible for the following: Network monitoring and troubleshooting DNS Services Mail Services Mail Guard administration Fleet Services (Help Desk) Computer Network Defense (CND) Hardware Firewall IDS Virus scanning NOC Update:  NOC Update UARNOC CENTRIXS-M stand up at Unified Atlantic Region Network Operations Center (UARNOC) - Summer ‘07 Installation HW procurement complete; J and K enclaves planned for FY08 Includes network connectivity, applications, computer network defense, operations and help desk PRNOC Install computer network defense on CFE for TS07. FY08: HW Refresh planned on 7 enclaves (CFE, J, K, GCTF, MCFI, CNFC, CMFP). Installation of NATO enclave. Upgrade power, KVM's, install new baseline applications for fail-over capability; Tech refresh will baseline PRNOC with UARNOC ISEA responsible for Life Cycle Management, training, and tier 3 and 4 technical support at CENTRIXS-M NOC Full Redundancy w/ Failover for NOC’s Planned Shore Design:  Shore Design Goal is Robust End-to-End Network With Failover Capability New Capabilities/Enhancements:  New Capabilities/Enhancements Technical Solutions for the Warfighter HFIP/SNR:  HFIP/SNR HFIP and SNR allows direct IP connectivity between afloat units, both US and Allied/Coalition. There are technical IA challenges posed by this capability as the traditional NOC protection boundary must move to afloat units for security integrity PMW 160 responsible for integration, router interface, subnet configuration, security analysis and mitigation of IA threats PMW 170 responsible for Acquisition, Installation, Sustainment Expect Number of SNR/HFIP installations on CENTRIXS network to rapidly increase over next 18 months Alternate Low Cost RF LOS Path For Coalition Connectivity HFIP/SNR Architecture:  HFIP/SNR Architecture Chat Translation Speed to Capability:  Chat Translation Speed to Capability Chat Translation (CCL+) demonstrated during TW06/RIMPAC’06 Complex interface to bridge CCL+ with current coalition chat tool Not a cost effective solution; changes existing coalition chat architecture Sametime Chat Translation – Smarter low cost solution Does not force a change to existing coalition chat architecture IBM developed the translation plug-in available now for integration and testing (Sametime 7.5 version upgrade) COTS SW upgrade – allows coalition partners to easily procure Planned deployment on CENTRIXS “J” NLT in support of AnnualEx; Fielding across FDNF in FY07 DISA Sponsored Joint Collaboration Tool Real Time Collaboration:  Real Time Collaboration Voice and Video IP Circuits VoIP requires ~26Kbps of dedicated BW VTCoIP utilizes between 64-768Kbps High latency and jitter experience with BW constrained users Expect transition to occur in parallel with increased BW availability and ADNS Incremental upgrades Voice and Video over IP requires High Data Throughput Fly-Away Kit (FAK) Plan:  Fly-Away Kit (FAK) Plan Currently deployed by Fleet Commanders as needed in support coalition communication requirements CENTRIXS-M ISEA developed a Life Cycle Management Plan that strategically oversees and sustains FAK PR09 submission to support FAK transition to POR POR Fielding through an Accelerated Acquisition Plan (AAP) Currently fielding FAK to NECC (PMW 790) Follow-on deliveries to MOC, JMAST, Tactical Mobile (PMW 180) Training and Sustainment provided by ISEA FAK planned for Submarines as interim solution PR09 submission to support fielding a permanent solution POR Fly-Away Kits w/ Support Tail Industry Support:  Industry Support Hardware Design Requirements:  Hardware Design Requirements Verifiable component roadmaps Published EOL schedules mandatory Components should be selected from evolutions with common form/fit/function EOL, Upgrade, and Expansion Strategies should accompany design Multiple Sources required for components Proven low initial component failure Need to reduce newly-installed equipment failures CENTRIXS is NOT an “early adopter” Development of testing methodologies capable of providing high MTBF failure assurances to gov’t Methodologies must be rapid, non-destructive, capable of being executed on all units, and must simulate actual shipboard conditions (i.e., variations from spec’ed onboard power) All hardware must meet relevant PMW165/Navy/DoD environmental requirements Proven Reliability w/ Evolutionary Roadmap Cross Domain Requirements:  Cross Domain Requirements Current system provides user interface to multiple SECRET REL and US SECRET enclaves Space, Weight, and Power (SWAP) savings New Requirement: addition of TS and UNCLAS enclaves Assurance (accreditation) is major hurdle New Requirement: multilevel storage and LAN technologies Shared storage and single cable infrastructure Must integrate with COTS & GOTS hardware/software Must satisfy Cross Domain Solutions (CDS) security requirements Requirement to isolate critical security information (CSI) CSI consists of security policy, configuration, & software kernel Portability of CSI (e.g., flash memory) Immediate upgradeability of systems Immediate change in mission parameters, etc. Handling of CSI as COMSEC material New Cross Domain applications may be required in near future Net Management, Directory Services, Search, etc. Security Accreditation Requirements:  Security Accreditation Requirements Difficult to execute a under extended accreditation cycles Certification Test and Evaluation takes ~18 Months (Medium Priority) Reduction in accreditation timeline critical Potential solution is in as-is use or incremental modification to components already accredited Further: Security-critical components must have Common Criteria certification prior to insertion in gov’t development/acquisition Further: Prior SABI certification a plus in obtaining CENTRIXS-specific accreditation Require accelerated re-accreditation for operationally dictated changes Change in enclaves Addition of new enclaves Modification or addition to fielded applications Changes in security policy Security Accreditation tools Security configuration and accreditation tracking DITSCAP/DIACAP/SABI-CDS requirements traceability Interoperability with DoD Coalition Information Systems:  Interoperability with DoD Coalition Information Systems Multi-National Information Sharing (MNIS) is umbrella program for DoD coalition networks Administered by DISA Unified Cross Domain Management Office (UCDMO) maintains Cross Domain Systems (CDS) Inventory NSA aegis Adjudicates solution requirements and applicability Coordinates development of point solutions for CDS Integration required with DoD/Navy IA Activities NCDOC, JTF GNO,… Must remain aligned with other DOD Activities Design Releasability:  Design Releasability Desirable to have commercial version of product for sale to coalition partners Should be interoperable with US Navy version and with MNIS and joint systems Cannot violate any releasability restrictions Penetration test methods, test reports and results Must be able to share added capability with our Coalition Partners Points of Contact Program Office:  Points of Contact Program Office QUESTIONS?:  QUESTIONS? CMFP Details:  CMFP Details Cooperative Maritime Forces Pacific Primary Multi-National Coalition Network in PACOM AOR Comprised of GCTF-1 nations within PACOM AOR Community of Interest (COI) nations US, UK, AU, CAN, Spain, India, France, Germany, Singapore, Italy, Japan, Korea New Zealand, Netherlands, Thailand, Malaysia, Philippines, Chile, and Peru Initially tested during TW05 (CFP COI) CPF directed primary network for TW06 and RIMPAC’06 Blue Ridge Block II. Minimal MLTC reconfiguration required Transfer from CNFC to CMFP will require no security re-accreditation for MLTC Coordination with CPF/C3F/C7F to ensure CMFP HD are fielded on all PACFLT Deployers Block II and Inc 1 Architecture:  APPS KG MUX Block II and Inc 1 Architecture Coalition VLAN ISNS SIPRnet Trusted Session Server NIC NIC NIC NIC NIC NIC ISNS SIPRnet ADNS Multi-Level Thin Client Design Reduce space, weight, and power (SWAP) Leverages existing ISNS drops 4 coalition enclaves + SIPRNET All terminal served to ultra-thin client terminals, Smart card access 30 drops; scaleable to 100 drops Slide35:  C4I Afloat Networks and Enterprise Services (CANES) CENTRIXS SVDS HM&E Routing/Net Mgmt SCI LAN ISNS ADNS UNCLAS LAN (NTCSS) SCI ADNS EMS GENSER LAN (GCCS-M) RF Mgmt/ Multiplexing Combat Systems ADNS GENSER ADNS Legacy Voice VoIP Networks + ADNS + Services FY-08 - FY-13 Consolidated Afloat Networks & Enterprise Services Life Cycle Support:  Life Cycle Support ISEA in place to provide LCS for all fielded systems Provisioning and Sparing Interactive Electronic Technical Manual (IETM) Planned Maintenance Engineering drawings and Installation docs Configuration Management Fleet Services Desk { centrixs@spawar.navy.mil } 24/7/365 Distance Support operation Training curriculum and products Deliver Capability and ensure Proficiency. Train both System & Operational Employment CBT is being developed and Interactive Courseware is the long term training solution Training Gap Must address a way ahead for Unit Level training Knowledge management training shortfall

Add a comment

Related presentations