Department of Veterans Affairs IPv6 Transition Progress 2011 ...

yummypineappleSoftware and s/w Development

Jun 30, 2012 (5 years and 4 months ago)

249 views

DepartmentofVeteransAffairs
Department

of

Veterans

Affairs
IPv6 Transition Progress
2011andBeond
2011

and

Be
y
ond
February22011
February

2
,
2011
Steven Pirzchalski
VAIP6TitiM
VA

IP
v
6

T
rans
iti
on
M
anage
r
AgendaAgenda
USG
USG
IPv6 –
Then and
Now
VA IPv6
2011 and
VA IPv6
2011 and
Beyond
VA IPv6
2005 –
2010
USG
IPV6

THEN AND NOW
USG
IPV6
THEN AND NOW
12/13/2010
3
USG IPv6
USG IPv6 ––The HistoryThe History
2010
New
OMB
IPv6
FAR Changed
to Require
IPv6 for IT
USGv6
Product
Profile &
Testin
g

2008
2009
Policy
OMB IPv6
Transition
USGv6
Testing
Milestone
IPv6 for IT
Acquisitions
g
Program
2005
10/28/2010
DoDIPv6
Transition
Memo
Rld
Memo
Released
2003
R
e
l
ease
d
4
OMB IPv6 2010
OMB IPv6 2010 ––The DriversThe Drivers
Enable Key Federal IT
Enable Key Federal IT
Modernization Initiatives
Reduce Complexity/Increase
Transparency
Bi
Enable Ubiquitous Security
Si
B
us
i
ness

Continuity
S
erv
i
ces
5
OMB IPv6 2010
OMB IPv6 2010 ––Acquisitions Acquisitions
•Comply with FAR
requirements
•Use of the USGv6
Pfil d T
P
ro
fil
e

an
d T
est

Program
E

E
nsure

completeness/quality
of IPv6 capabilities
of IPv6 capabilities
6
OMB IPv6 2010
OMB IPv6 2010 ––2012 Milestone2012 Milestone
•External Services:
–Public/external facing
servers and services
eg web email DNS

e
.
g
.
web
,
email
,
DNS
,

ISP services, etc

O
p
erationall
y
use
py
native IPv6
–End of FY 2012
(September 30 2012)
(September 30
,
2012)
7
OMB IPv6 2010
OMB IPv6 2010 ––2014 Milestone2014 Milestone
•Internal Services:
–Applications that
communicate with
public Internet servers
public Internet servers
–Supporting enterprise
networks
–Operationally use
native IPv6
End of FY 2014

End of FY 2014
(September 30 2014)
8
VA
IPV6 2005
-
2010
VA
IPV6 2005
2010
12/13/2010
9
VA IPv6 Transition Timeline
VA IPv6 Transition Timeline --HistoricalHistorical
VA IPv6
Transition
Office
Etblihd
VA IPv6
Transition
Office
Etblihd
VA June
2008 IPv6
Testing
Cltd
VA June
2008 IPv6
Testing
Cltd
VA IPv6
Transition
Plan
VA IPv6
Transition
Plan
VA IPv6
Lab
Etblihd
VA IPv6
Lab
Etblihd
Interagency
IPv6
Mti
Interagency
IPv6
Mti
Interagency
IPv6
Meeting
Interagency
IPv6
Meeting
VA IPv6
Ctiit
VA IPv6
Ctiit
Updating
IPv6
Transition
Plans
Updating
IPv6
Transition
Plans
E
s
t
a
bli
s
h
e
d
E
s
t
a
bli
s
h
e
d
VA IPv6
Working
Grou
p
s
VA IPv6
Working
Grou
p
s
VA IPv6
Addresses
VA IPv6
Addresses
C
omp
l
e
t
e
d
C
omp
l
e
t
e
d
Plan
Plan
E
s
t
a
bli
s
h
e
d
E
s
t
a
bli
s
h
e
d
M
ee
ti
n
g
M
ee
ti
n
g
Interagency
IPv6
Interagency
IPv6
Meeting
Meeting
VA
Designated
Level 1
VA
Designated
Level 1
VA IPv6
Core
Network
VA IPv6
Core
Network
VA EA
& Exhibit
300s U
p
dated
VA EA
& Exhibit
300s U
p
dated
VA Scores
5 on OMB
IPv6
Transition
VA Scores
5 on OMB
IPv6
Transition
VA Scores
5 on OMB
IPv6
Transition
VA Scores
5 on OMB
IPv6
Transition
C
onnec
ti
v
ity
C
onnec
ti
v
ity
Plans
Plans
p
Formed
p
Formed
Allocated
Allocated
Meeting
Meeting
Agency
Agency
Testing
Testing
p
with IPv6
p
with IPv6
Rating
Rating
Rating
Rating
2005
2006
2007
2008
2009
2010
2011
OMB
05-22
Memo
OMB
05-22
Memo
VA IPv6
Steering
Committee
Established
VA IPv6
Steering
Committee
Established
VA Chairs
Federal
IPv6
Training
Group
VA Chairs
Federal
IPv6
Training
Group
Internet2
Connectivity
Internet2
Connectivity
Interagency
IPv6
Meeting
Interagency
IPv6
Meeting
VA IPv6
Training
Launched
VA IPv6
Training
Launched
VA IPv6
Case Study
VA IPv6
Case Study
Internet2
Pilots
Identified
Internet2
Pilots
Identified
Planned
Interagency
IPv6
Meeting
Planned
Interagency
IPv6
Meeting
VA IPv6
PM
Identified
VA IPv6
PM
Identified
VA IPv6
Policy
Released
VA IPv6
Policy
Released
VA IPv6
Awareness
Video
VA IPv6
Awareness
Video
VA IPv6
Pilots
Identified
VA IPv6
Pilots
Identified
VA Scores
5 on OMB
IPv6
Transition
VA Scores
5 on OMB
IPv6
Transition
Interagency
IPv6 Testing
Interagency
IPv6 Testing
IPv6
Incorporated
into Strategic
Plan for
IPv6
Incorporated
into Strategic
Plan for
New OMB
IPv6 Memo
Released
New OMB
IPv6 Memo
Released
Ratin
g
Ratin
g
OneVA
Enterprise
Network
OneVA
Enterprise
Network
10
Multi
Multi--Agency IPv6 TestingAgency IPv6 Testing
Verizon
Sprint
Internet
Qwest
Level 3
Internet
11
VA IPv6 Transition Lessons Learned
VA IPv6 Transition Lessons Learned
Start Early
Be Inclusive
Executive Level Buy-In
Training
Test –Test –Test
12
VA
IPV6 2011 AND BEYOND
VA
IPV6 2011 AND BEYOND
12/13/2010
13
Why is IPv6 Important to VA?
Why is IPv6 Important to VA?
Business
(Vt)
Siliit
Investment
(V
e
t
eran
)
Continuity
Si
mp
li
c
ity
Protection
Reaching
Rural
Securit
y
Veterans
y
14
VA IPv6 Transition
VA IPv6 Transition ––Our FocusOur Focus
15
VA IPv6 Governance Structure
VA IPv6 Governance Structure
ChiefInformationOfficer
(
CIO
)
Chief

Information

Officer

(
CIO
)
Office of Information and Technology (OI&T)
Enterprise Infrastructure Engineering (EIE)
OfficeofTelecommunications
Engineering
&
Design
Office

of

Telecommunications
,
Engineering

&

Design
IPv6 Transition Lead
IPv6 Steering Committee
IPv6 Project Management
Transition Office (IPv6 PMTO)
IPv6 Transition
Working Group
Planning Activity
Security Activity
Training Activity
Registry
&
PilAii
Technology
Advisory Panel
16
Registry

&

Addressing Activity
Pil
ot
A
ct
i
v
i
t
y
Enterprise
Strategy
VA IPv6 Activities
VA IPv6 Activities

IPv6PlanningUpdate
IPv6

Planning

Update
–Transition Plan
–Addressing Plan

T&ERequirements
T&E

Requirements
–VA OMB 300 Exhibit for IPv6
–Inventory

ARINIPv6AddressRequestAugmentation

ARIN

IPv6

Address

Request

Augmentation
•New VA IPv6 CIO Directive
•Federal Task Force IPv6 Transition Worksheet
•IPv6 Acquisition Process (FAR & USGv6)
•Enterprise WAN C&A
UdPbliFi
Si

U
pgra
d
e
P
u
bli
c
F
ac
i
ng
S
erv
i
ces
–DNS
–9 Mail Domains
–126+ Application Domains
17
Domain Transition
Domain Transition ––An Agile ApproachAn Agile Approach
•Focus on early “quick
wins”
•Stagger domain
ii
trans
i
t
i
ons
•Build to full
ftilit ti
Plan
Operationalize
f
unc
ti
ona
lit
y

over
ti
me
•Roll lessons learned
into next cycle
Pilot
into next cycle
•Don’t jeopardize
operational integrity
18
Pilot
operational integrity
VA IPv6 Transition Activities Cont.
VA IPv6 Transition Activities Cont.
•IPv6 Specific Pilots

Infrastructure Pilots
–Mission Pilots

Inter
-
AgencyInformationExchange
Inter
Agency

Information

Exchange
•IPv6 Service into Veteran’s homes
•Internet2 Program
–Internet2 connection
–Internet2 Lab

Internet2Pilots
Internet2

Pilots
•DREN
•IPv6 Lab
19
VA Infrastructure Pilots
VA Infrastructure Pilots
Enclave Pilot

Phase 1: Turn up IPv6 in a secured isolated and monitored setting

Phase 1: Turn up IPv6 in a secured
,
isolated
,
and monitored setting
•Phase 2: IPv6 networking between secured enclaves
•Phase 3: IPv6 networking with the open internet
E-Mail Pilot
•Initial focus on IPv6 enabled SMTP traffic

Limited MSFT Exchange deployment

Limited MSFT Exchange deployment
•Lessons learned for enterprise mail upgrade
Va.gov Pilot
•Leverage industry best practices
•Initial deployment of ipv6.va.gov

Evaluate security and operational capabilities
20
Evaluate security and operational capabilities
Pilot Considerations for va.gov
Pilot Considerations for va.gov
•Approach

Do we IPv6 enable the existin
g
site or re
p
licate it?
gp
–Do we do it in-house or use a cloud based service?
–Do we use va.gov or a specialized domain such as ipv6.va.gov for
initial launch?

Addressing
Addressing
–Do we have IPv6 addresses to use?
–Are they advertised?
–Can we allocate them?
ShouldwegetthemfromourISP?

Should

we

get

them

from

our

ISP?
•Routing
–Are we routing IPv6 (BGP) to the outside world?
–What IPv6 routing protocols are we using internally?
•DNS
–Will our DNS support AAAA records?
–Will .govsupport AAAA records?

IstheIPv6Gluesetupin
gov
andvagov?

Is

the

IPv6

Glue

setup

in
.
gov
and

va
.
gov?
–Do we have IPv6 connectivity to our DNS servers? .gov?
21
Pilot Considerations for va.gov Cont.
Pilot Considerations for va.gov Cont.
•Network Connectivity

Do we have IPv6 connectivit
y
from out ISP?
y
–Is IPv6 enabled on our routing devices from our gateway to our servers
(web and DNS)?
•Server

Does the va.
g
ov servers su
pp
ort IPv6?
gpp
•Application
–Does our http (and other web based applications) support IPv6?
–Are there any IPv4 addresses hard coded into our applications/code?

Security
Security
–Will the gateway security products support IPv6?
–Are the web server and other supporting servers updated with any IPv6
related patches and security configurations?

Network
Management
Network

Management
–Can we manage IPv6 with our existing management system?
–Can we see what is going on with the IPv6 side?
•Transition Mechanisms
Doweneedtouseatransitionmechanism?

Do

we

need

to

use

a

transition

mechanism?
–Tunneling or translation?
22
VA IPv6 Mission Pilots
VA IPv6 Mission Pilots
Patient MonitoringNurse Call/Monitor
Edldidliitiititildt
UtiliIP6ttfbdidtit
E
xpan
d
s
l
eep
di
sor
d
er c
li
n
i
c ac
ti
v
iti
es
t
o
i
nc
l
u
d
e a
t
-
home monitoring via IPv6 connectivity.
Utili
zes
IP
v
6

t
o convey a new se
t
o
f

b
e
d
s
id
e pa
ti
en
t

choice icons to free up nurses’ time.
Benefits :
•Increases the number of
individualsclinicianscan
Benefits :
•Alleviates patient frustration
particularlywhenspeech
individuals

clinicians

can

treat
•Lessening wait time for
patients to be evaluated
particularly

when

speech

impaired
•Assists nursing staff to support
patient needs.
RemoteCarePilot
VideophonePilot
Remote

Care

Pilot
Videophone

Pilot
Employ IPv6 video conferencing to provide scheduled
and drop-in medical appointment service.
Employ IPv6 video devices to improve service inside
VA’s network, replacing current devices.
Benefits :Benefits :
•Allows doctors and clinicians
to treat additional patients
without significant patient
travel

Greaterutilizationofdoctors
•Lower cost to service and
maintain
•Improves level of service and
speed of connection
23

Greater

utilization

of

doctors

and clinicians time
Some of the Challenges
Some of the Challenges
•IPv6 Support in Security Products
•IPv6 Support in Network Management
Products
•Carrier Support for IPv6 (to Veterans)
•Enabling Legacy Applications to support
IPv6
•IPv6 DNS (.gov)
12/13/2010
24
QUESTIONS
QUESTIONS
25