TDC - Virtualization Seminar - Final - 10 December 2008 ...

bubblesradiographerΔιακομιστές

4 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

137 εμφανίσεις

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e

1




Theater Deployable
Communications (TDC)

and

Virtualization

Charles Jaglinski

TDC NCC
-
D Lead Engineer

753 ELSG/TD


11 Dec 08

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

2

Agenda


What is TDC


NCC
-
D Packages


NCC
-
D Requirements


Virtualization



I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

3

TDC Overview


TDC system provides a tactical extension of the Global
Information Grid (GIG). GIG services included:


Defense Information Systems Network (DISN) elements



Non
-
classified Internet Protocol Routing Network (NIPRNET)


Secret Internet Protocol Routing Network (SIPRNET)


Defense Switched Network (DSN)


There are three major elements to TDC:


Integrated Communications Access Packages (ICAP)


On
-
base transmission, multiplexing, voice, data, system kits, multi
-
purpose kits


SATCOM Terminals


Long Haul Transmission


Network Control Center


Deployed (NCC
-
D)


Network operations, Information Assurance, Network User Services


TDC provides the warfighter flexible, lightweight, modular, scalable,
and integrated deployable communications

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

4

TDC Implementation Tenets


TDC Mission: To select, integrate, field, and
support communications equipment for deployed
AF operations


COTS/GOTS, standards
-
based solutions


Approved Product List (JITC Approved Hardware/Software)


Evolving baseline


TDC baseline evolves annually to incorporate


Feedback from users


Fixes for reliability issues


Replacement of obsolete parts


Field common fixed/deployed equipment


“Two
-
version” rule


ICAP and NCC
-
D subdivided into series of modules and kits


To minimize training and support issues
-

no more than two
versions of any ICAP/NCC
-
D module in the field simultaneously

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

5

TDC


Notional Base

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

6

Network Control Center
-

Deployed



NCC
-
D Light


MS Windows 2003 Server


MS Exchange 2003


MS Outlook 2003


Kiwi Cat_Tools


Symantec Anti Virus


Symantec Mail Security


Sidewinder Security
Appliance w/Smart Filter


Provides network management, information assurance,
and network core services for NIPRNET/SIPRNET

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

7

Network Control Center
-

Deployed


NCC
-
D Heavy


MS Windows 2003 Server


MS IIS 2003


MS Exchange 2003


MS SQL Server


Kiwi Cat_Tools


Symantec Anti Virus Corporate Edition


Symantec Mail Security


Symantec Enterprise Security Manager
(ESM)


WhatsUp Gold Professional


Sidewinder Security Appliance


Blue Coat Security GatewayWebfilter


Veritas Backup Exec Server


Veritas Exchange with Open File Option


Remedy


Misc. (Adobe, IE, MS Readers, etc….)

Provides network management, information assurance,
and network core services for NIPRNET/SIPRNET

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

8

Dell NCC
-
D Package


Case 1
--

11U 261 Lbs

Server 1

DC
-
1

DNS Internal

Server 2

HP OpenView

CAT Tools

SQL Server Standard

PERL

Remedy

Enterprise Security Management
(ESM) Manager

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

9

Dell NCC
-
D Package

Case 2
--

11U 261 Lbs






Server 1

DC
-
2

DNS Internal

Exchange Server Enterprise Edition

IIS

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

10

Dell NCC
-
D Package

Two other cases

Case 3

110

Lbs

Monitor; Flat Panel, 17
-
Inch
(3)

Computer Mouse, Optical (3)

Keyboard (3)

Case 4

110

Lbs

Hard Disk Drives for Servers
(22)

Support 1200 People

Case1

261

Case

2

261

Case3

110

Case 4

110

Total

742 lbs

Support 3000 People

Case1

261

Case

2

261

Case3

110

Case 4

110

Total

742 lbs

Grand
Total

1484 lbs

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

11

NG NCC
-
D Package

Server 1

HP OpenView

Enterprise Security Manager

CatTools

Case 1
--

11U 275 Lbs

Server 2

Remedy

SQL Server

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

12

NG NCC
-
D Package

Server 1

DC 1

Internal

DNS

Case 2
--

11U 275 Lbs

Server 2

DC 2

Exchange Server Enterprise
Edition

Server 3

File and Print

Server 4

Backup Exec

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

13

NG NCC
-
D Package

Case 3

110

Lbs

Monitor; Flat Panel, 17
-
Inch
(3)

Computer Mouse, Optical (3)

Keyboard (3)

Support 1200 People

Case1

275

Case

2

275

Case3

110

Total

660 lbs

Support 3000 People

Case1

275

Case

2

275

Case3

110

Total

660 lbs

Grand
Total

1320 lbs

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

14

DoD IA Regulations

CJCSI 6510.01D, Information Assurance and Computer Network Defense, 15 Jun 2004

DoDD 8500.1, Information Assurance (IA), 24 Oct 02

DoDI 8500.2, Information Assurance (IA) Implementation, 6 Feb 03

STRATEGIC COMMAND DIRECTIVE 527.1, Information Operations Conditions Systems
Procedures, 27 Jan 06

JTF
-
GNO WARNORD 07
-
003

DoD STIG DoD IA Enterprise Solutions STIG





I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

15

IA Solution

I A Case

9U

HBSS

(Host Based Intrusion Detection (HIDS)

Network Intrusion Detection (NID))


Rem/Retina (being replaced)

McAfee Remediation Manager

IntruShield


Adds Approx
7 Cubic Feet Space

Adds Approx 275 lbs

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

16

Issues

1.
Expensive IA requirements


Mostly in hardware

2.
Two different NCC
-
D Packages in the field


Training issues


Logistics Issues

3.

Current NCC
-
D Packages 4 years old


Need to field replacement in 2 years



I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

17

RFP Requirements

The purpose of the NCC
-
D is to allow the deployed communications personnel to
proactively and reactively manage and protect the network infrastructure, and to
protect sensitive data transported over the WAN via state
-
of
-
the
-
art COTS products
that will satisfy the Air Force’s need for standardization and reduced life cycle costs.



The NCC
-
D package is defined
to
support 100, 500, 1000 and 3000 personnel
incrementally with a connected ratio of
1 to 3 or 10 to 1000 devices
utilizing the
network at the same time. It shall provide for a logical transfer of services without
disruption to either NIPRNET or SIPRNET. The NCC
-
D shall be broken down into
manageable components.
It shall be packaged along functions i.e. edge
devices (proxy servers, firewalls, IDS, etc), switching, servers and storage.
This is an effort to reduce unneeded duplication of service when robusting a specific
item, for example if more servers are needed we do not want more firewalls, proxies
or IDS equipment. This package is the point of entry and egress for all NIPRNET
and SIPRNET and shall protect the network from intrusion while maintaining
services to the base personnel.



All Information Assurance (IA) hardware and software shall be listed on the
Common Criteria page on DISA’s website at the time of contract award.

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

18

RFP Requirements (cont.)

The integrator shall provide
software images and appropriate VMware
scripts to automate the reloading
of all Windows
-
based servers to include
applications. These images shall provide the capability to choose (change) the
system NetBIOS name, System Fully Qualified Domain Name (FQDN) (DNS name),
IP address, and the system SID (Microsoft Security Identifier). This will speed up
frequent re
-
installations of all NCC
-
D servers in the field and
reduce the amount
of time needed for deployment.


The integrator shall provide one CD with the
software image for each server type for each package.

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

19

Solution

Through Virtualization

we solved


1.
IA Issues

2.
Different NCC
-
D packages

3.
Weight

4.
Size



I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

20

Transit Cases

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

21

Weight

Support 3000 People + IA Requirements

Case 1 edge

166 lbs

Case

2 switch

114 lbs

Case 3 servers

119 lbs (times 2)

Case 4 storage

115 lbs

Total

633 lbs

VS

1759 lbs


I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

22

Added Benefit

The biggest benefit to TDC and the Government.

Virtualization Saved Approximately



$16,000,000


Over a separate IA solution and future NCC
-
D
replacement

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

23

Virtualization Software

1.


VMWare Infrastructure
-

Enterprise Edition



-

ESX Server



-

ESX "i" Server (firmware integrated)



-

VMotion



-

StorageMotion



-

High Availability



-

Distributed Resource Scheduler



-

Consolidated Backup



-

Distributed Power Management



-

Update Manager



2.


Virtual Center

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

24

iSCSI NAS

I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

25

Summary

Virtualization Allowed:


TDC to meet it’s IA requirements while reducing:



Weight


Space


Cost



Logistics Tail


Training Requirements




I n t e g r
i

t y
-

S e r v
i

c e
-

E x c e l
l

e n c e

26

Questions?