Enterprise Environmental, Safety, and Occupational Health Management Information System (EESOH-MIS) Project

spongereasonInternet και Εφαρμογές Web

12 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

262 εμφανίσεις

This document is controlled and maintained under EESOH
-
MIS Configuration Management. Printe
d copies may be obsolete. Please
check revision currency with the EESOH
-
MIS Configuration Management Manager prior to use.

REV 2.0





Enterprise Environmental,
Safety, and Occupational
Health Management
Information System
(EESOH
-
MIS) Project



System Architecture and Requirements

Allocation Description (SARAD)


JULY

2005

DES
-
0000000264
-
00



Prepared By:


Northrop Grumman Mission Syst
ems

Clearfield, Utah



EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)


REV 2.0

REVISION

HISTORY


DOCUMENT TITLE

System Architecture and Requirements Allocation Description (SARAD)

ITEM/PART NUMBER

DES
-
0000000264

REV

AUTHOR

RELEASE
ORDER

RELEASE

DATE

PAGES
AFFECTED

DESCRIPTION OF REVIS
ION(S)

00

J. Scott

N/A

9/23/2003

All

Initial release.

01

J. Scott

N/A

1/20/2004

Sections
5.3, 7.0

Updated to reflect the latest
GCSS architecture (SSO).

Changed project name to
EESOH
-
MIS

02

M. Coy

N/A

7/17/2005

Appendix
A,
B, C, D
.

Added trade study for COTS
product. Appendix

D was added
to document.

QWI
-
7501 Rev 02




EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
i

of
v

Table of Contents


1.0

INTRODUCTION

1

1.1

S
COPE

................................
................................
................................
..............................

1

2.0

APPLICABLE DOCUMENTS

2

2.1

G
OVERNMENT
P
ROVIDED
D
OCUMENTS

................................
................................
...........

2

2.2

EESOH
-
MIS

P
ROJECT
D
OCUMENTS

................................
................................
...............

2

3.0

SYSTEM OVERVIEW

3

4.0

OPERATIONAL VIEW

4

4.1

H
IGH
-
L
EVEL
O
PERATIONAL

C
ONCEPT

................................
................................
.............

4

4.2

F
UNCTIONAL
A
CTIVITIES
D
ESCRIPTION

................................
................................
...........

5

5.0

TECHNICAL VIEW

7

5.1

O
VERVIEW

................................
................................
................................
.....................

11

5.1.1

Client Tier

................................
................................
................................
.............

13

5.1.2

Presentation Tier

................................
................................
................................
..

13

5.1.3

Business Tier

................................
................................
................................
.........

14

5.1.4

Data Tier

................................
................................
................................
...............

14

5.2

S
OFTWARE
C
OMPONENTS

................................
................................
..............................

15

5.2.1

Third Party Components

................................
................................
.......................

15

5.2.2

Client Browser

................................
................................
................................
......

15

5.2.3

Web Server

................................
................................
................................
............

16

5.2.4

Servlet Container

................................
................................
................................
..

16

5.2.5

Application Server

................................
................................
................................

17

5.2.6

Messaging Provider

................................
................................
..............................

17

5.2.7

Relational Database Management System (RDBMS)

................................
...........

17

5.2.8

Report Generator and Ad Hoc Capability

................................
............................

18

5.2.9

Custom Components

................................
................................
.............................

18

5.2.10

User Interface (UI) Components

................................
................................
..........

18

5.2.11

Business Components
................................
................................
............................

18

5.2.12

Infrastructure Components

................................
................................
...................

19

5.2.13

External Interface Components

................................
................................
............

19

5.2.14

Data Access Components

................................
................................
......................

19

5.2.15

Security Components

................................
................................
............................

19

5.2.16

Utility Components

................................
................................
...............................

20

5.3

T
ECHNOLOGIES
V
IEW

................................
................................
................................
....

20

5.3.1

Client Tier

................................
................................
................................
.............

21

5.3.2

Web Browser

................................
................................
................................
.........

21

5.3.3

JavaScript

................................
................................
................................
.............

21

5.3.4

Java Applets

................................
................................
................................
..........

21

5.3.5

Protocols and Specifications
................................
................................
.................

22

5.3.6

Presentation Tier

................................
................................
................................
..

22

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
ii

of
v

5.3.7

Business Tier

................................
................................
................................
.........

24

5.3.8

Data Tier

................................
................................
................................
...............

27

6.0

HARDWARE ARCHITECTUR
E

28

6.1

C
OMPONENT
V
IEW

................................
................................
................................
.........

29

6.1.1

Client Tier

................................
................................
................................
.............

30

6.1.2

Presentation Tier

................................
................................
................................
..

30

6.1.3

Business Tier

................................
................................
................................
.........

32

6.1.4

Data Tier

................................
................................
................................
...............

32

7.0

HARDWARE CONFIGURATI
ON

34

7.1

L
ARGE
D
EPLOYMENT
C
ONFIGURATION

................................
................................
.........

34

7.1.1

Component Description

................................
................................
........................

34

7.2

M
EDIUM
D
EPLOYMENT
C
ONFIGURATION

................................
................................
......

37

7.3

S
MALL
D
EPLOYMENT
C
ONFIGURATION

................................
................................
.........

38

8.0

SECURITY SERVICES AR
CHITECTURE

39

8.1

I
DENTIFICATION AND
A
UTHENTICATION
(I&A)

................................
.............................

39

8.2

A
UTHORIZATION AND
A
CCESS
C
ONTROL

................................
................................
.......

40

8.3

C
ONFIDENTIALITY

................................
................................
................................
.........

40

8.4

I
NTEGRITY

................................
................................
................................
.....................

40

8.5

A
VAILABILITY

................................
................................
................................
...............

41

8.6

A
CCOUNTABILITY

................................
................................
................................
..........

41

8.7

N
ON
-
R
EPUDIATION

................................
................................
................................
........

41

8.8

S
INGLE
S
IGN
-
O
N

................................
................................
................................
............

42

8.8.1

Purpose

................................
................................
................................
.................

42

8.8.2

Overview

................................
................................
................................
...............

42

8.8.3

User Information

................................
................................
................................
...

42

8.8.4

Access Rights (Roles)

................................
................................
............................

42

9.0

CAPACITY AND PERFORM
ANCE

43

APPENDIX A: APPLICAT
ION SERVER TRADE STU
DY

1

A1.0

INTRODUCTION

1

A1.1

P
URPOSE

................................
................................
................................
..........................

1

A1.2

T
RADE
S
TUDY
O
VERVIEW

................................
................................
...............................

1

A2.0

TRADE STUDY DESCRIPT
ION

1

A2.1

B
ACKGR
OUND

................................
................................
................................
..................

1

A2.2

S
COPE

................................
................................
................................
..............................

2

A2.3

A
PPROACH

................................
................................
................................
.......................

2

A3.0

ALTERNATIVES EVALUAT
ED

2

A3.1

BEA

W
EBLOGIC

................................
................................
................................
..............

2

A3.1.1

Assumptions

................................
................................
................................
............

2

A3.1.2

Constraints

................................
................................
................................
..............

2

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
iii

of
v

A3.1.3

External Dependencies

................................
................................
...........................

2

A3.1.4

Risk Assessment

................................
................................
................................
......

3

A3.2

IBM

W
EBSPHERE

................................
................................
................................
.............

3

A3.2.1

Assumptions

................................
................................
................................
............

3

A3.2.2

Constraints

................................
................................
................................
..............

3

A3.2.3

Ex
ternal Dependencies

................................
................................
...........................

3

A3.2.4

Risk Assessment

................................
................................
................................
......

3

A3.3

O
RACLE
9
I
AS

................................
................................
................................
..................

3

A3.3.1

Assumptions

................................
................................
................................
............

3

A3.3.2

Constraints

................................
................................
................................
..............

3

A3.3.3

External Dependencies

................................
................................
...........................

4

A3.3.4

Risk Assessment

................................
................................
................................
......

4

A3.4

S
UN
ONE

................................
................................
................................
.........................

4

A3.4.1

Assumptions

................................
................................
................................
............

4

A3.4.2

Constraints

................................
................................
................................
..............

4

A3.4.3

External Dependencies

................................
................................
...........................

4

A3.4.4

Risk Assessment

................................
................................
................................
......

4

A4.0

DECISION CRITERIA

4

A4.1

S
ELECTION OF
C
RITERIA

................................
................................
................................
..

4

A4.2

D
ATA
G
ATHERING

................................
................................
................................
...........

5

A5.0

DECISION ANALYSIS (C
OST EXCLUDED)

6

A6.0

DECISION ANALYSIS (C
OST INCLUDED)

7

A7.0

CONSEQUE
NCE ANALYSIS

7

A8.0

SUMMARY

7

APPENDIX B: REPORT G
ENERATOR TRADE STUDY

1

B1.0

INTRODUCTION

1

B1.1

P
URPOSE

................................
................................
................................
..........................

1

B1.2

T
RADE
S
TUDY
O
VERVIEW

................................
................................
...............................

1

B2.0

TRADE STUDY DESCRIPT
ION

1

B2.1

B
ACKGROUND

................................
................................
................................
..................

1

B2.2

S
COPE

................................
................................
................................
..............................

2

B2.3

A
PPROACH

................................
................................
................................
.......................

2

B3.0

ALTERNATIVES EVALUAT
ED

2

B3.1

Q
UADBASE
E
SPRESS
R
EPORT

................................
................................
............................

2

B3.1.1

Assumptions

................................
................................
................................
............

3

B3.1.2

Constraints

................................
................................
................................
..............

3

B3.1.3

External Dependencies

................................
................................
...........................

3

B3.1.4

Risk Assessment

................................
................................
................................
......

3

B3.2

JR
EPORT

................................
................................
................................
..........................

3

B3.2.1

Assumptions

................................
................................
................................
............

4

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
iv

of
v

B3.2.2

Constraints

................................
................................
................................
..............

4

B3.2.3

External Dependencies

................................
................................
...........................

4

B3.2.4

Risk Assessment

................................
................................
................................
......

4

B3.3

ReportMill

................................
................................
................................
...................

4

B3.3.1

Assumptions

................................
................................
................................
............

5

B3.3.2

Constraints

................................
................................
................................
..............

5

B3.3.3

External Dependencies

................................
................................
...........................

5

B3.3.4

Risk Assessment

................................
................................
................................
......

5

B3.4

S
TYLE
R
EPORT

................................
................................
................................
.................

5

B3.4.1

Assumptions

................................
................................
................................
............

6

B3.4.2

Constraints

................................
................................
................................
..............

6

B3.4.3

External Dependencies

................................
................................
...........................

6

B3.4.4

Risk Assessment

................................
................................
................................
......

6

B3.5

O
RACLE
9
I
R
EPORTS

................................
................................
................................
.........

6

B3.5.1

Assumptions

................................
................................
................................
............

8

B3.5.2

Constraints

................................
................................
................................
..............

8

B3.5.3

External Dependencies

................................
................................
...........................

8

B3.5.4

Risk Asse
ssment

................................
................................
................................
......

8

B4.0

D
ECISION
C
RITERIA

................................
................................
................................
.........

8

B4.1

S
ELECTION OF
C
RITERIA

................................
................................
................................
..

8

B
4.2

D
ATA
G
ATHERING

................................
................................
................................
...........

9

B5.0

COST BENEFIT ANALYSI
S

9

B5.1

E
STIMATE
C
OSTS

................................
................................
................................
.............

9

B5.1.1

EspressReport

................................
................................
................................
.........

9

B5.1.2

JReport

................................
................................
................................
..................

10

B5.1.3

ReportMill

................................
................................
................................
.............

10

B5.1.4

Style Report

................................
................................
................................
...........

11

B5.1.5

Oracle9i Reports

................................
................................
................................
...

11

B5.2

E
STIMATE
B
ENEFITS

................................
................................
................................
......

12

B6.0

SUMMARY

12

APPENDIX C: PERSISTE
NCE TECHNOLOGIES TRA
DE STUDY

13

C1.0

INTRODUCTION

13

C1.1

P
URPOSE

................................
................................
................................
........................

13

C2.0

TRADE STUDY DESCRIPT
ION

13

C2.1

J
AVA
E
NTITY
B
EANS

................................
................................
................................
......

13

C2.1.1

Assumptions

................................
................................
................................
..........

13

C2.1.2

Constraints

................................
................................
................................
............

14

C2.1.3

External Dependencies

................................
................................
.........................

14

C2.1.4

Risk Assessment

................................
................................
................................
....

14

C2.2

J
AVA
D
ATA
O
BJECTS
(JDO)

................................
................................
..........................

14

C2.2.
1

Assumptions

................................
................................
................................
..........

14

C2.2.2

Constraints

................................
................................
................................
............

14

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
v

of
v

C2.2.3

External Dependencies

................................
................................
.........................

14

C2.2.4

Risk Assessment

................................
................................
................................
....

15

C2.3

JDBC

FRAMEWORK

................................
................................
................................
.......

15

C2.3.1

Assumptions

................................
................................
................................
..........

15

C2.3.2

Constraints

................................
................................
................................
............

15

C2.3.3

External Dependencies

................................
................................
.........................

15

C2.3.4

Risk Assessment

................................
................................
................................
....

15

C2.4

O
RACLE
T
OP
L
INK

................................
................................
................................
..........

15

C2.4.1

Assumptions

................................
................................
................................
..........

16

C2.4.2

Constraints

................................
................................
................................
............

16

C2.4.3

External Dependencies

................................
................................
.........................

16

C2.4.4

Risk Assessment

................................
................................
................................
....

16

C3.0

DECISION CRITERIA

16

C3.1

S
ELECTION OF
C
RITERIA

................................
................................
................................

16

C4.0

SUMMARY

17

APPENDIX D: EXTRACTI
ON, TRANS
FORMATION, LOAD (ETL
) TRADE STUDY

17

D1.0

INTRODUCTION

17

D1.1

P
URPOSE

................................
................................
................................
........................

17

D1.2

T
RADE
S
TUDY
O
VERVIEW

................................
................................
.............................

17

D1.3

B
ACKGROUND

................................
................................
................................
................

18

D1.4

S
COPE

................................
................................
................................
............................

18

D1.5

A
PPROACH

................................
................................
................................
.....................

18

D2.0

ALTERNATIVES EVALUAT
ED

19

D2.1


I
NFORMATICA

................................
................................
................................
............

19

D2.1.1

Assumptions

................................
................................
................................
..........

19

D2.1.2


Constraints

................................
................................
................................
..........

19

D2.1.3


External Dependencies

................................
................................
.....................

19

D2.1.24

Risk Assessment

................................
................................
................................

19

D2.2

A
SCENTIAL

................................
................................
................................
....................

19

D2.2.1


Assumptions

................................
................................
................................
.......

20

D2.2.2

Constraints

................................
................................
................................
............

20

D2.2.3

External Dependencies

................................
................................
.........................

20

D2.2.4


Risk Assessment

................................
................................
................................
...

20

D2.3

P
ERVASIVE

................................
................................
................................
.....................

20

D2.3.1


Assumptions

................................
................................
................................
.........

20

D2.3.2


Constraints

................................
................................
................................
...........

20

D2.3.3


External Dependencies

................................
................................
........................

20

D2.3.4


Risk Assessment

................................
................................
................................
...

20

D2.4

SAS

................................
................................
................................
...............................

20

D2.4.1


Assumptions

................................
................................
................................
.........

21

D2.4.2


Constraints

................................
................................
................................
...........

21

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
vi

of
v

D2.4.3


External
Dependencies

................................
................................
........................

21

D2.4.4


Risk Assessment

................................
................................
................................
...

21

D2.4

D
ATA
M
IRROR

................................
................................
................................
...............

21

D
2.4.1


Assumptions

................................
................................
................................
.........

21

D2.4.2


Constraints

................................
................................
................................
...........

21

D2.4.3


External Dependencies

................................
................................
........................

21

D2.4.4


Risk Assessment

................................
................................
................................
...

21

D3.0

S
ELECTION OF
C
RITERIA

................................
................................
................................

22

D3.1

D
ECISION
C
RITERIA

................................
................................
................................
.......

22

D3.2

C
RITERIA
W
EIGHTING

................................
................................
................................
....

22

D3.3

D
ATA
G
ATHERING

................................
................................
................................
.........

22

D4.0

COST BENEFIT ANALYSI
S

23

D4.1

E
STIMATED
C
OSTS

................................
................................
................................
............

23

D4.1.1


Informatica

................................
................................
................................
...........

23

D4.1.2


Ascential

................................
................................
................................
...............

23

D4.1.3


Pervasive

................................
................................
................................
..............

23

D4.1.4


SAS

................................
................................
................................
.......................

23

D4.1.5


Data Mirror

................................
................................
................................
.........

23

D4.2

E
STIMATED
B
ENEFITS

................................
................................
................................
....

24

D5.0

STUDY RESULTS

24

D6.0 SUMMARY

25

APPENDIX E: HARDWARE

ITEMS IDENTIFICATION

25

E1.0

INTRODUCTION

25

E1.1

PC

L
APTO
P

................................
................................
................................
....................

26

E1.2

SSL

A
CCELERATOR

................................
................................
................................
.......

26

E1.3

L
OAD
B
ALANCER

................................
................................
................................
...........

26

E1.4

W
EB
C
ONT
AINER
M
ACHINE

................................
................................
...........................

27

E1.5

A
PPLICATION
S
ERVER
M
ACHINE

................................
................................
...................

27

E1.6

E
MAIL AND
COM

A
UTOMATION
S
ERVER
M
ACHINE

................................
......................

28

E1.7

D
ATABASE
S
ERVER
M
ACHINE

................................
................................
.......................

28



List of Figures


F
IGURE
1

-

E
NTERPRISE
A
RCHITECTURE
P
ICTORIAL
C
ONCEPT

................................
.......................

3

F
IGURE
2

-

H
IGH
-
L
EVEL
O
PERATIONAL
C
ONCEPT

................................
................................
..........

4

F
IGURE
3

-

F
UNCTIONAL
M
EDIA
V
IEW

................................
................................
............................

5

F
IGURE
4



F
UNCT
IONAL
A
CTIVITIES
D
ESCRIPTION

................................
................................
........

6

F
IGURE
5



I
NSTALLATION
P
ROMOTION OF DATA TO
R
EGIONAL AND
M
ASTER
W
AREHOUSES

...........
13



List of Tables


EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
vii

of
v

T
ABLE
I

:

TV
-
1
A
-

J
OINT
T
ECHNICAL
A
RCHITECTURE
S
TANDARDS

................................
...................

7

T
ABLE
II

:

TV
-
1
B
-

D
O
D

5000.2
-
R

S
TANDARDS

................................
................................
..............

9

T
ABLE
I
II

:

TV
-
1
C
-

DITSCAP

S
TANDARDS

................................
................................
...................
10

T
ABLE
IV

:

A
PPLICATION
S
ERVER
D
ECISION
M
ATRIX

................................
................................
......

5

T
ABLE
V:

C
LIENT
PC

CHARACTERISTICS
................................
................................
.......................
26

T
ABLE
VI

:

SSL

ACCELERATOR CHARACTE
RISTICS

................................
................................
........
26

T
ABLE
VII

:

L
OAD BALANCER CHARACT
ERISTICS

................................
................................
............
27

T
ABLE
VIII

:

W
EB CONTAINER CHARACT
ERISTICS

................................
................................
..........
27

T
ABLE
IX

:

A
PPLICATION SERVER CH
ARACTERISTICS

................................
................................
.....
28

T
ABLE
X

:

A
PPLICATION SERVER CH
AR
ACTERISTICS

................................
................................
......
28

T
ABLE
XI

:

D
ATABASE
S
ERVER
C
HARACTERISTICS

................................
................................
........
29



EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
1

of
42



1
1
.
.
0
0


I
I
N
N
T
T
R
R
O
O
D
D
U
U
C
C
T
T
I
I
O
O
N
N


1.1

Scope

The purpose of this document is to identify the major system architectural compone
nts and
associate them with requirements. This document assists analysts in the further definition of
software requirements and assists systems engineers with hardware utilization planning and
acquisition.


EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
2

of
42



2
2
.
.
0
0


A
A
P
P
P
P
L
L
I
I
C
C
A
A
B
B
L
L
E
E


D
D
O
O
C
C
U
U
M
M
E
E
N
N
T
T
S
S


While executing the EESOH
-
MIS Project, Northrop Grumman Mission Systems will adhere to
the guidelines, policies and procedures as outlined in the following government documents:


2.1

Government Provided Documents

DoD 8510.1
-
M: DoD Information Technology Certification and Accreditation

Process (DITSCAP)
Application Manual, 31 July 2000,

Joint Technical Architecture User Guide and Component JTA Management Plan, Version 1.0,
14 September 2001, and

DoD 5000.2
-
R: Mandatory Procedures for Acquisition Programs (MDAPS) and Major
Automated Info
rmation System (MAIS) Acquisition Programs, 5 April 2002.


2.2

EESOH
-
MIS Project Documents

Contractual Engineering Task (CET) for (the) Automated Civil Engineering System


Environmental Management (EESOH
-
MIS) System. Dated 26 June 2002 and Revised 29
August
2002.


EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
3

of
42



3
3
.
.
0
0


S
S
Y
Y
S
S
T
T
E
E
M
M


O
O
V
V
E
E
R
R
V
V
I
I
E
E
W
W


A pictorial view of the Enterprise Architecture To
-
Be Concept (PROJ
-
2000
-
GCSSAF
-
0371) is
shown in
Figure
1
. The application database, operational data store, and data warehouse
concept has b
een identified within the contents of this document. The application data structure
will be designed to support an operational data store and data warehouse interface.




Figure
1

-

Enterprise Architecture Pictorial Concept



EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
4

of
42



4
4
.
.
0
0


O
O
P
P
E
E
R
R
A
A
T
T
I
I
O
O
N
N
A
A
L
L


V
V
I
I
E
E
W
W


The operational view describes the tasks and activities of concern and the information
exchanges required. These kinds of descriptions are useful for facilitating a number of actions
and assessments across the Department of Defense such as
examining business processes for
reengineering or technology insertion, training personnel, examining doctrinal and policy
implications, coordinating joint and multinational relationships, and defining the operational
requirements to be supported by physic
al resources and systems, e.g., communications
throughput, specific node
-
to
-
node interoperability levels, information transaction time windows,
and security protection needed.


4.1

High
-
Level Operational Concept

The High
-
level Operational Concept diagram (
Figure
2
) focuses on the players involved in the
EESOH
-
MIS functions. The peripheral boxes categorize the players that support EESOH
-
MIS
operational activities. The central box represents the players and information
flows within the
activities itself and includes technicians, management, environmental coordinators and
commanders. It should be noted that the definitions of policy, high
-
level management and mid
-
level management differ by service component and in some c
ases may not apply. The various
organizations are further identified by the phase of the development cycle that their associated
system interface will be implemented. The Functional Media View within the high level
operational concept is further defined
in
Figure
3
.


Fire
Department
Furnishing
Management
Environmental
Management
Housing
Maintenance
Real Property
Program
Management
Industrial
Hygiene
Occupational
Medicine
Policy
High-Level
Management
Mid-Level
Management
Shop Coordinators
Shop Coordinators
Preventative Industrial
Health Maintenance
Operational Maintenance
Automated Civil
Engineering System
Equipment
Maintenance
Sampling
Analysis


Figure
2

-

High
-
Level Operational Concept

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
5

of
42





Air Quality

Management

Natural

Resources

CAPP

Inspection

and

Enforcement

Toxics (Lead

& Asbestos)

Tanks

ECAMP

Pesticide

Management

EPCRA

Hazardous

Materials

EIAP

DUSD

Cultural

Sample

Analysis

Personnel

Identification

Automated Civil Engineering

System

Policy

High
-
Level

Management

Mid
-
Level

Management

Sh
op
Co
or
di
na
tor
s

Sh
op
Co
or
di
na
tor
s

Real Property

Solid Waste

Incident

Reporting

Fire

Department

Hazardous

Waste

Low Level

Radiation



Figure
3

-

Functional Media View


4.2

Functional Activities Description

The Fun
ctional Activities Description identified in
Figure
4

illustrates the functional
dependencies within the functional medias. It shows the inter
-
relations between the activities
and whether they are engaged in provid
ing or receiving information (or both).

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
6

of
42




Figure
4



Functional Activities Description



EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
7

of
42



5
5
.
.
0
0


T
T
E
E
C
C
H
H
N
N
I
I
C
C
A
A
L
L


V
V
I
I
E
E
W
W


The technical profile is the minimal set of rules governing the arrangement, interaction, and
interdependence of system parts
or elements, whose purpose is to ensure that a conforming
system satisfies a specified set of requirements. The technical profile provides the technical
systems
-
implementation guidelines upon which engineering specifications are based, common
building blo
cks are established, and product lines are developed. The technical profile includes
a collection of the technical standards, conventions, rules, and criteria organized into profile(s)
that govern system services, interfaces, and relationships for particu
lar systems architecture
views and that relate to particular operational views.


Table
I
: TV
-
1a
-

Joint Technical Architecture Standards


SERVICE AREA

SERVICE

STANDARD

2.1
INFORMATION
-
TECHNOLOGY
STANDARDS

2.1.2.2.1 Year 2000 (Y2K)
C
ompliance

Applications/Platforms handle Y2K date and time format transition

2.1.2.2.2 Defense Information
Infrastructure Common Operating
Environment (DII COE)

Level
-
5 Compliant (Segmentation, COE Kernel, Install w/ COE tools) for
those applications/fun
ctions that support Joint Tactical Forces (JTF) and
Combatant Commands

2.2
INFORMATION
PROCESSING
STANDARDS

2.2.2.1 Application Software Entity

1) Authorizes use of COTS, GOTS, custom SW or combination; 2) CSA
categories: Multimedia, Communications, Bus.

Processing, Environment
Mgt., DB Utilities, Eng. Support

2.2.2.2.1.1 Software Engineering
Services

1) Reduce life
-
cycle costs/risks; 2) minimize need to modify code; 3)
maximize portability

2.2.2.2.1.2 User Interface Services

C507: X
-
Window System Pro
tocol; C508: Xlib; C509: X Toolkit Intrinsics;
C510: File Formats; M021/M027/ MO28/M029/M213/M214A/M214B/
M214C/M216: CDE2.1/Motif 2.1; Win32 APIs: Microsoft Win32

2.2.2.2.1.3 Data Management
Services

ISO/IEC 9075: DB Language
-

Entry
-
level SQL; ISO/IEC
9075
-
3: DB
Languages
-

SQL/CLI

2.2.2.2.1.4.1 Document Interchange

ISO 8879: SGML; HTML 4.0 Spec.; XML 1.0; See Table 2.2
-
1 for
detailed list of standards

2.2.2.2.1.4.2 Graphics Data
Interchange

JPEG V.1.02; PNG Spec.; GIF V.89a

2.2.2.2.1.4.7 Data In
terchange
Storage Media

ISO 9660
-
:1988 Information Processing
-

CD
-
ROM

2.2.2.2.1.7 Operating System
Services

OS Controls via APIs; ISO/IEC 9945
-
1: 1996: POSIX Info Tech.; ISO/IEC
9945
-
1:1996: POSIX Real
-
time Ext.; ISO/IEC 9945
-
1:1996: POSIX
Thread Ext.;
ISO/IEC 9945
-
2:1993: POSIX: Shell & Utils; IEEE
1003.2d:1994: POSIX
-

Part 2: Shell & Utils; ISO/IEC 14519:1999: POSIX
Ada; IEEE 1003.5g:1999: POSIX Ada; IEEE 1003.13: POSIX Realtime
API; IEEE 1003.5b:1996: POSIX Ada API; Win32 APIs: Vol. 1

2.2.2.2.1.8 I
nternationalization
Services

ANSI/ISO 8859
-
1: 1987: Latin Alphabet No.1; ISO/IEC 10646
-
1:1993:
UCS

2.2.2.2.1.10 System Management
Services

Systems Mgt. includes Configuration Mgt., Network Mgt., Fault Mgt., and
Performance Mgt.

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
8

of
42



SERVICE AREA

SERVICE

STANDARD

2.2
INFORMATION
PROCESSIN
G
STANDARDS

2.2.2.2.1.11.1 Remote Procedure
Computing

C310 DCE 1.1: Time; C311 DCE 1.1: Security; C705 DCE 1.1: Directory
Services; C706 DCE 1.1: RPC

2.2.2.2.1.11.2 Distributed Object
Computing

Common Object Request Broker: Architecture and

Specification
, CORBAservices Naming Service Specification

2.2.3.1 Data Management

ISO/IEC DIS 9075
-
1: SQL/Framework; ISO/IEC DIS 9075
-
2:
SQL/Foundation; ISO/IEC DIS 9075
-
3: CLI; ISO/IEC DIS 9075
-
4:
SQL/PSM; ISO/IEC DIS 9075
-
5: SQL/Bindings; ISO/IEC DIS 9075
-
10:
SQL/O
LB; ISO/IEC DIS 13249
-
3: SQL Multimedia; ISO/IEC 9579:1999:
SQL Remote DB Access; The Object DB Std: ODMG 2.0;

2.2.3.2.1 Document Interchange

XHTML 1.0; RDF Model & Syntax Spec.; RDF Schema Spec.

2.2.3.4.2 Virtual Machines

Java Virtual Machine (JVM)

2.2.3.5.1 Remote
-
Procedure
Computing

OSF
-
DCE Version 1.2.2

2.2.3.5.2 Distributed
-
Object
Computing

OMG doc. orbos/98
-
05
-
10: Persistent State Service 2.0; OMG doc.
orbos/98
-
03
-
04: CORBA Name Serv.; OMG doc orbos/98
-
05
-
04:
CORBA/Firewall Security; OMG doc.

orbos/97
-
08
-
14: MOF; OME doc:
bom/99
-
03
-
01: Workflow Mgt.; OMG doc. Mfg/98
-
06
-
06: Distributed Sim.
Serv.; OMG doc orbos/99
-
02
-
12: Revises Realtime CORBA; OMG doc.
orbos/99
-
03
-
29: Errata for Realtime CORBA

2.2.2.6.2 Learning Technology

IEEE 1484.1: Lear
ning Tech. Sys. Arch. (LTSA) v.4.0; IEEE P1484.2:
Learner Model; IEEE P1484.12: Learning Object Metadata (LOM); AICC
AGR 006: Computer Managed Instruction (CMI)

2.3
INFORMATION
TRANSFER
STANDARDS

2.3.2.1.1.1.3 File Transfer

IETF Std. 9/RFC
-
959: FTP

2.3.
2.1.1.1.8.1 Hypertext Transfer
Protocol (HTTP)

IETF RFC
-
2616: HTTP

2.3.2.1.1.1.8.2 Uniform Resource
Locator (URL)

IETF RFC
-
1738: URL; IETF RFC
-
1808: Relative URLs

2.4
INFORMATION
MODELING,
METADATA, &
INFORMATION
EXCHANGE
STANDARDS

2.4.2.1 Activity Mode
l

IEEE 1320.1
-
1998: IEEE Std. for Functional Modeling Language

2.4.2.2 Data Modeling

DoD Manual 8320.1
-
M
-
1: DoD Data Standardization Procedures; FIPS
PUB 184: Integration Definition for Information Modeling

2.4.2.4.1 DoD Date Standards

DDDS Counter ID#
195: Calendar Date YYYYMMDD; DDDS Counter
ID#165: Ordinal Date YYYYDDD; DDDS Counter ID#166: Year Date
YYYY

2.4.2.5.1 Information Exchange
Standards Applicability

Development of logical data models; Exchange data using data
-
mgt., data
interchange, and di
stributed computing services; Using object
-
oriented
interfaces

2.4.2.5.2.2 Character
-
based
Formatted Messages

MIL
-
STD 6040: USMTF

2.4.3.1 Object Modeling

IDEF1X97:Conceptual Schema Modeling and the Unified Modeling
Language (UML) v.1.3; IEEE 1320.2
-
199
8: IEEE Std. Conceptual
Modeling Language; Object Mgt. Group (OMG) Unified Modeling
Language (UML) Spec. v.1.3

2.4.3.2 DoD Data Definitions

DoD 8320.1: Data migration from bit
-
oriented and character
-
oriented joint
message standards

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
9

of
42



SERVICE AREA

SERVICE

STANDARD

2.4.3.3 Information
Exchange
Standards

Multi
-
functional Information Distribution System (MIDS); STANAG 5522:
Edition 1, Tactical Data Exchange
-

LINK 22

2.5 HUMAN
-
COMPUTER
INTERFACE
STANDARDS

2.5.2.1.1 Character
-
based Interfaces

DoD Human
-
Computer Interface Style Guide

2.
5.2.1.2 Graphical User Interface

Uses of commercial user interface style guide; No Hybrid GUIs
-

mixing of
user interface styles

2.5.2.2.1 Commercial Style Guide

Commercial style guide to be selected as basis for user interface
development

2.5.2.2.1.1
X
-
Window Style Guide

Open Software Foundation (OSF) M027: CDE 2.1/Motif 2.1
-

Style Guide
and Glossary; OSF M028: CDE 2.1/Motif 2.1
-

Style Guide Certification
Check List; OSF M029: CDE2.1/Motif 2.1
-

Style Guide Reference

2.5.2.2.1.2 Windows Style Guide

The Windows Interface Guidelines for Software Design

2.5.2.2.2 DoD Human
-
Computer
Interface (HCI) Style Guide

DoD Human
-
Computer Interface Style Guide

2.5.2.2.3 Domain
-
level Style Guides

User Interface Specification for the DII

2.5.2.2.4 System
-
leve
l Style Guides

To be created as necessary using the User Interface Specifications of the
DII

2.6
INFORMATION
SYSTEM
SECURITY
STANDARDS

2.6.2.5 Human
-
Computer Interface
Security Standards

DoD Human
-
Computer Interface Style Guide

2.6.2.6 Web Security Stan
dards

Secure Sockets Layer (SSL) Protocol v.3.0

2.6.3.2.2.2.1 Evaluation Criteria
Security Standards

Common Criteria Protection Profiles , Orange Book Class C2


Department of Defense Instruction 5000.2
-
R also provides guidance as described in TV
-
1b.


Ta
ble
II

: TV
-
1b
-

DoD 5000.2
-
R Standards


SERVICE AREA

SERVICE

STANDARD

ACQUISITION
STRATEGY

C2.7.1 Open Systems

Open systems approach, widely supported commercial interface
standards

C2.7.2 Interoperability

DoD Joint Technical Arc
hitecture (JTA) and any obtained or anticipated
waivers or deviations

C2.7.3 IT Supportability

Infrastructure and support considerations identified in the ORD and
described in the Command, Control, Communications, Computers, and
Intelligence Support Plan

(C4ISP)

C2.7.5 Information Assurance

Implementation strategy for information assurance

C2.8.1 Support Strategy

Develop and document a support strategy for life
-
cycle sustainment
and continuous improvement of product affordability, reliability, and
sup
portability, while sustaining readiness

C2.9.1.4.2 Business Strategy

Prefer open interface standards and commercial item descriptions

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
10

of
42



SERVICE AREA

SERVICE

STANDARD

TESTING AND
EVALUATION

C3.1.1Testing and Evaluation
Overview

Support the PM with the coordination of developmental test

and
evaluation (DT&E), operational test and evaluation (OT&E), and
LFT&E, family
-
of
-
systems interoperability testing, closely integrated
with requirements definition and systems design and development.

SYSTEMS
ENGINEERING

C5.2.3.5.5.6 Software Management

Engineer software
-
intensive systems using best processes and
practices known to reduce cost, schedule, and performance risks

C5.2.3.5.6.2 Software Spiral
Development

Plan a spiral development process for both evolutionary and single
-
step
-
to
-
full
-
capabil
ity acquisition strategies. A cyclical, iterative build
-
test
-
fix
-
test
-
deploy process characterizes spiral development and yields
continuous improvements in software.

C5.2.3.5.8 Reliability, Availability,
and Maintainability (RAM)

Reliability requirement
s shall address mission reliability and logistic
reliability. Availability requirements shall address the readiness of the
system. Maintainability requirements shall address servicing,
preventive, and corrective maintenance.

C5.2.3.5.11.2 DoD Joint Techn
ical
Architecture (JTA)

Implementation of the JTA is the use of applicable standards cited as
mandated in the JTA. The implementation of the JTA is required for all
new, or changes to existing, IT

C5.2.3.5.11.1 IA Requirements/IT
Design Considerations

In
tegrated architectures shall be used to develop IT, including NSS,
interoperability requirements. The Joint Operational Architecture and
the JTA shall serve as the foundation for evolutionary development of
these mission area integrated architectures.

C5
.3.7 Accessibility Requirements

System development includes accessibility requirements as outlined in
Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794 (reference
(cu))). All electronic and information technology...where appropriate,
shall incl
ude requirements to ensure people with disabilities are able to
use the system and have access to the information or data

AP5.1.1 C4ISP. Command, Control,
Communication, Computers, And
Intelligence (C4I) Support Plan
(C4ISP) Mandatory Procedures And
Form
ats

This Appendix provides the mandatory format and review process for
the C4ISP...(which) provides a mechanism to identify and resolve
implementation issues related to an acquisition program’s C4ISR
infrastructure support and IT system, including NSS, int
erface
requirements.


DoD Instruction 5200.40 and the DITSCAP Application Manual provide security guidance as
described in TV
-
1c.


Table
III

: TV
-
1c
-

DITSCAP Standards


SERVICE AREA

SERVICE

STANDARD

PHASE 1 :
DEFINITION

C3.4.2.2.3
.3 Classification and
Sensitivity of Data.

Define the type and sensitivity of the data processed by the system.
Determine the national security classification of information to be
processed (unclassified, confidential, secret and top secret) along with
any

special compartment.

C3.4.2.2.3.4 System Users

Define the user's security clearances, their access rights to specific
categories of information processed, and the actual information that the
system is required to process.

C3.4.2.2.3.5 System Life Cycl
e

Define the system life cycle and where the system is in relationship to
its life cycle.

C3.4.2.2.4 System CONOPS

Develop a system CONOPS, including functions performed jointly with
other systems.

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
11

of
42



SERVICE AREA

SERVICE

STANDARD

C3.4.4.2.1 Operating Environment

Describe the physical
, personnel, communications, emanations,
hardware, software, and procedural security features that will be
necessary to support site operations.

C3.4.4.2.2 System Development,
Integration, and Maintenance

Environment

Describe the system development appro
ach and the environment
within which the system will be developed. The system development
approach is an information security strategy that incorporates security
into each phase of a system's life cycle.

PHASE 1 :
DEFINITION

C3.4.4.2.3 Threat Description
and
Risk Assessment

Define the potential threats and single points of failure that can affect
the confidentiality, integrity, and availability of the system.

C3.4.5.2.1 Applicable Instructions or
Directives

Determine the security instructions or directiv
es applicable to the
system. In most cases, this will include national level directives, OMB
Circulars A
-
123 (reference (l)) and A
-
130 (reference (d)), and DoD
Directives.

C3.4.5.2.4 Security Concept of
Operations

Describe the security CONOPS including s
ystem input, system
processing, final outputs, security controls and interactions and
connections with external systems. Include diagrams, maps, pictures,
and tables in the security CONOPS.

C3.4.5.2.5 Network Connection
Rules

Identify any additional requ
irements incurred if the system is to be
connected to any other network or system.

C3.4.6. Prepare the System
Architecture Description

Prepare a high level overview of the types of hardware, software,
firmware and associated interfaces envisioned for the

completed
system.

C3.4.8 Tailor the DITSCAP and
Prepare the DITSCAP Plan

Determines the appropriate certification level and adjusts the DITSCAP
activities to the program strategy and system life cycle.

PHASE 2 :
VERIFICATION

C4.3.2 System Architecture
Analysis

Make sure security requirements defined in the SSAA are integrated
into the system security architecture

C4.3.5 Integrity Analysis of
Integrated Products

Integrity analysis of products being integrated into the system must
identify the security
functionality of each product.

PHASE 3 :
VALIDATION

C5.3.2 Security Test and Evaluation
(ST&E)

Evaluate the technical implementation of the security design and to
ascertain that security software, hardware, and firmware features
affecting confidentiality,

integrity, availability, and accountability have
been implemented as documented in the SSAA and that the features
perform properly.

C5.3.3 Penetration Testing

Assess the system's ability to withstand intentional attempts to
circumvent security features
through exploitation of the technical
security vulnerabilities.

PHASE 4 : POST
ACCREDITATION

C6.3.2 SSAA Maintenance

Each time any change occurs to the system mission, the threat,
operating environment, security architecture, or any operating
procedures,
those changes should be reflected in the SSAA.



5.1

Overview

The systems architecture is a description of systems and interconnections providing for, or
supporting, war
-
fighting functions. For a domain, the systems architecture view shows how
multiple system
s interoperate, and it may describe the internal construction and operations of
particular systems within the architecture. The systems architecture view associates physical
EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
12

of
42



resources and their performance attributes to the operational view and its requir
ements per
standards defined in the technical architecture.

The EESOH
-
MIS system architecture is based on the GCSS
-
AF architecture framework, which
is pattered on the J2EE (
J
ava
2

Platform,
E
nterprise
E
dition) architectural framework. This
architecture pr
ovides a standard development platform for building robust distributed
applications. J2EE is a framework for developing and deploying enterprise systems. Sun
Microsystems characterizes J2EE in this way: “The Java 2 Platform, Enterprise Edition (J2EE)
de
fines the standard for developing multi
-
tier enterprise applications. J2EE simplifies enterprise
applications by basing them on standardized, modular components, by providing a complete set
of services to those components, and by handling many details of a
pplication behavior
automatically, without complex programming.” (
java.sun.com/j2ee/faq.html
)


EESOH
-
MIS will be structured based on the GCSS/J2EE
1

tier concept, which include the client,
presentation, bus
iness, and data tier.
Figure
5

shows the relationship of this tier
-
based
EESOH
-
MIS architecture.


EESOH
-
MIS will be made up of discrete subsystems that will be logically segregated into
installation transaction sit
es


these sites would be a base or a cluster of bases likely in close
proximity; for connectivity and access considerations. Each cluster of transaction installations
will be associated with a regional data warehouse that would roll up installation transa
ction data.
The data warehouses will have tools for analysis, data mining, scenario building facilitated by
data cubes. Although the tool set would be the same for the regional and the master Data
Warehouse the specific objects developed for each would be
distinct.


The Data Warehouse will be comprised of a demoralized star schema derived from the
transaction system. This star schema is used for speed in querying large data sets. Also,
logically the star schema is comprised of fact tables and many conformed

dimensions
(information represented to the same granularity in relationship to each other and the fact table).


Each fact table will represent an area of domain knowledge that will be organized through a
third party tool to catalog data views that will be

discrete representations of data mining
analysis. The data warehouse must be constructed to yield knowledge articulated from the
resulting trend analysis and scenario building.


The Data Warehouse will be logically separated from the staging area and pres
entation tier.





1

EESOH
-
MIS System Requirements Spe
cification section 2.1 and system requirement SYS_978, SYS_995

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
13

of
42





DATA TIER
-

Master Data Warehouse

Data Warehouse

DATA TIER
-

Application

BUSINESS TIER

P
RESENTATION TIER

CLIENT TIER

Business Objects

Army Forts

Navy Ports

Air Force

Bases

Regionalized

Application

Servers

Pacifi

c

U.S

.

Euro

pe

Client

Browsers

Application Database

(VPN)

Standard Reports

DATA TIER
-

Regional DataStore

Opera
tional Data Store

Analytical Reporting

Extraction/

Transformation/

Loading

Data Warehouse

DATA TIER
-

Regional DataWarehouse

Analytical Reporting

Operational Data Store

DATA TIER
-

Master DataStore


Figure
5



Installation Promotion of data to Regional and Master Warehouses


5.1.1

Client Tier

The client tier interacts with the user and displays information from the system to the user.
E
xamples of clients include web browsers, Personal Data Appliances (PDAs), rich web clients,
and Java applications. The client tier can include some or all of these types of clients.
2


5.1.2

Presentation Tier

The presentation tier is responsible for receiving re
quests from clients in the client tier and
generating the appropriate response to the client, often mixing static content with dynamic. This
tier is sometimes referred to as the web tier; however, its functional support extends beyond the
web.





2

EESOH
-
MIS System Requirements Specification section 2.1 and system requirement SYS_890

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
14

of
42



5.1.3

Business

Tier

The business tier handles the core business logic and workflow of the application. This tier
provides the necessary interfaces to the underlying business service and data access
components. EESOH
-
MIS will utilize two business tiers, one that will a
llow interaction from the
client tier as well as external data feeds, Meta data, and legacy data load.


5.1.4

Data Tier

The data tier is divided into three areas: the application database, the operational data store,
and the data warehouse. The data are separat
ed into the three data stores mainly for efficiency
and clarity.


The application database will house the transactions to maintain the daily operations occurring
at a facility in support of mission critical operations. Transactions from the application d
atabase
will be extracted, stored, transformed and forwarded on a timed basis to the operational data
store. The application database will be configured optimally for maximum transaction speed.


The operational data store will be the main repository for m
anaged and ad hoc reporting. As
such, this data store will be configured to optimize data retrieval. A set of reporting views will be
applied to data stores that will de
-
normalize structures for easier human access. Ad hoc
reporting will be accomplished

using Oracle Discoverer, a web based report query tool.


Data from the operational data store can be transferred to a data staging area for loading into
the data warehouse. A data warehouse data store is typically used for management and trend
data anal
ysis. As such, the repository that supports these types of queries requires specialized
data structures and storage retrieval technology. The Oracle Data Warehouse product will be
used to support this data store.


Figure 7

graphically depicts the major software components highlighting custom and third party
components. As described in previous sections, the architecture is based upon four tiers. The
diagram below partitions the component view into these four tier
s, highlighting the major
components within. Since the EESOH
-
MIS user interface is a web browser, the client tier is
simply a web browser with some minor UI components. The presentation tier is comprised of
the web and servlet engines along with some UI
and utility components. The business tier is
the most complex, comprised of application and messaging servers that host many business,
infrastructure, interface, and data access components. The data tier is mainly comprised of the
RDBMS (with the underst
anding that external components exist outside EESOH
-
MIS). Security
overarches all tiers because of the need to secure all aspects of the system.


EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
15

of
42



5.2

Software Components


Figure 7: EESOH
-
MIS software architecture: component view


5.2.1

Third Party Components

EESOH
-
MIS leverages existing solutions by integrating with industry
-
proven products. The
selection favored companies that comply with industry
-
accepted standards such as J2EE.
Certified components offer plug and play
-
like features such that as EESOH
-
MIS evolv
es,
components can be “upgraded” to meet these evolving needs without affecting other
components in the system and without the burden of refactoring the architecture. This “loose
coupling” (of components) allows for right sizing the architecture and adapt
ing to the changing
needs of the customer. The purchase of third party components can also provide a savings to
the government and preclude a stovepipe solution. These components provide a majority of the
infrastructure in EESOH
-
MIS.


All third party com
ponents are operationally configured based on the relevant Security Technical
Implementation Guide (produced by DISA Field Security Operations).


5.2.2

Client Browser

The client browser is specified by the system requirements
3

as Microsoft Internet Explorer 6.0
(or higher). The browser (along with the web server, servlet container, and backend
components) largely supports the first three categories of the identified architectural challenges.
It provides the user interface and supports user interaction such as f
orms based input, interface



3

EESOH
-
MIS System Requirements Specification section 2.1 and system requirement SYS_993

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
16

of
42



to report generation and ad hoc queries, and access to internal and external data. Client side
validation is also supported on the browser.


5.2.3

Web Server

The web server
4

software is responsible for receiving client requests and s
ending corresponding
responses. EESOH
-
MIS uses the HTTP server from the Apache Software Foundation (hereafter
the HTTP server is generally referred to as Apache).


Alternative(s): Microsoft Internet Information Server (IIS) can also successfully perform th
e web
server function. From a functional and performance perspective, the two web servers are
approximately equivalent. The Apache web server arguably provides an increase in security
because there are significantly fewer attacks compared with IIS.


The
web server (along with the browser, servlet container, and backend components) largely
supports the first three categories of the identified architectural challenges. It services client
requests for static information such as access to static documents, CD
-
ROM documents, and
manuals.


NOTE
:

The web server will be securely configured as defined by the latest version of the
Web Application Security Technical Implementation Guide (produced by DISA Field
Security Operations).


5.2.4

Servlet Container

The servlet cont
ainer software is responsible for processing Java server page (JSP) templates
and Java servlets. The servlet container software is logically separate from the application
server; however, the major application server vendors include servlet support with t
heir
application server products. EESOH
-
MIS uses the servlet container provided by the Oracle9iAS
Containers For J2EE (OC4J). This servlet container comes as part of the Oracle 9iAS package.
The Oracle servlet container is 100% compatible with Jakarta T
omcat. See
Appendix

A:
Application Server Trade Study

for more details.


Alternative(s): The Jakarta project also produces the Tomcat servlet container. This open
-
source servlet container could be used instead of
OC4J. There are also several other servlet
containers that could be considered; however, there is no functionality difference. The tradeoff
between Oracle and other solutions is performance.


The servlet container (along with the browser, web server, and

backend components) largely
supports the first three categories of the identified architectural challenges. It provides dynamic
content by communicating with backend components to retrieve data from the EESOH
-
MIS
database and format it for the user.





4

EESOH
-
MIS Sys
tem Requirements Specification section 2.1 and system requirement SYS_975

EESOH
-
MIS Project

System Architecture and Requirements Allocation Description (SARAD)



DES
-
0000000264

Page
17

of
42



5.2.5

App
lication Server

The application server software is responsible for implementing the J2EE specification
5
. This
software provides a majority of the enterprise infrastructure. EESOH
-
MIS uses the Oracle 9iAS
application server.


Alternative(s): BEA Weblogic
(version 7) and IBM Websphere (version 5) provide enterprise
framework support comparable to Oracle 9iAS. EESOH
-
MIS is designed to run on any certified
J2EE 1.3 application server. See
Appendix

A: Application Server Trade Study

for more details.


The application server supports many of the architectural challenges by providing an integrated
business and security engine. All business logic
6

and workflow is controlled via this component
in a manner that is highly re
liable and scalable. Server side validation and security are also
implemented in the application server.


5.2.6

Messaging Provider

The messaging provider is responsible for implementing the Java Messaging Service (JMS)
7
.
EESOH
-
MIS uses JMS to interface with ex
ternal DoD and military systems. The messaging
provider (like the servlet container) is logically separate from the application server; however,
most application server vendors offer messaging services integrated with their application
server products. E
ESOH
-
MIS uses the IBM Websphere MQ and MQ Series messaging
provider.


Alternative(s): TIBCO, Sonic MQ, Swift MQ and Softwired iBus are all viable messaging
provider alternatives. EESOH
-
MIS uses point
-
to
-
point asynchronous messaging, as well as the