Presentation is loading. Please wait.

Presentation is loading. Please wait.

CENTRIXS: “Interconnecting Coalition Networks”

Published byChristal Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "CENTRIXS: “Interconnecting Coalition Networks”"— Presentation transcript:

1 CENTRIXS: “Interconnecting Coalition Networks”
Gabor Szarka NC3A CAT9: NII Communications Infrastructure Services UNIS-TEM 3rd Dec MITRE NATO UNCLASSIFIED

2 Agenda 1. CXI phase -1 network interconnect
2. CENTRIXS-GCTF / HOA changing requirement 3. CNFC – NATO interconnect – 4 evaluated options 4. HOA - Phased installation (urgent <-> flexible) 5. Comparison – CXI / HOA different approach

3 1.1 CENTRIXS-ISAF Network Interconnection Points
Two Network Interconnection Points in phase-1: ISAF_HQ Kabul KAF – RC-S Kandahar Airfield Physical interconnect on base – red fibre Gbit speed Different AS for the management domains – BGP routing among autonomous systems Redundancy among Interconnection Points, but on base as well Testing with standalone CENTRIXS-ISAF IP stack – changeover 12th Oct

4 CXI routing

5 1.3 Secure VoIP Different technology (SIP versus CISCO CM)
Already existing users under phase 0 (migration) Gateway is using SIP trunk; SIP <-> Call manager conversion happens on CENTRIXS-ISAF side of the GW. Selected codec – local call G.711 (64 kbps) over the WAN links G.729 shall be used (issues with CUCM and VG) – codec selection during call set-up Numbering plan – two different numbering authority (CENTCOM / NCSA)

6 1.4 Outstanding issues in phase – 1 IOC
CONOPS MOU between two O&M entity shall be agreed Visibility on the GW to the other O&M shall be provided Read only credentials Different management tools BGP routing: Originally planned load sharing doesn’t work yet (Kabul primary, KAF standby) Secure VoIP function not operational yet over the GW: Functionality tested during original setup – missing elements on the CENTRIXS-ISAF side (CUCM) Numbering plan conflict (migration phase from phase 0 -> phase-1)

7 2.1 Requirement for CNFC <-> NATO IE
“Establishment of mission-critical information exchange for mission-classified information between NATO commands, NATO Units and with coalition partners other than NATO through the realization of a NATO POP CENTRIXS” “Seamless mission classified information exchange (data, chat, VoIP) between:” SHAPE JC Lisbon CC Mar Northwood NAEW Base Deployed SOCC Flagship of COM SNMG TF 151 (US lead Coalition Operation CMF) EUNAVFOR (EU Operation ATALANTA – TF 465) * Force Contributing Nations within a NATO led TF International maritime liaison organisations (e.g. IMO)

8 2.2 Situation in the AOO The only mission classified network currently available and well established in and for the AOO for Counter-Piracy Operations is CENTRIXS GCTF / CNFC Today, NATO is not connected to CENTRIXS, CNFC sub-domain, and this results in a reduction of operational and overall situation awareness for NATO NATO as a whole is not part of CNFC yet (NATO nations are part of CNFC COI – national SO allowed only onboard ship)

9 2.3 CNFC VPN COI inside CENTRIXS
Functional services: Sea (CAS) (DHS, TT, Mail) Different systems (e.g. IBM based Lotus) CENTRIXS ISAF GCTF CMFP CNFC SIPR Net CNFC CENTRIXS Four Eyes CENTRIXS J CENTRIXS K SIPR Net - Secret Internet Protocol Router Network (USA) CNFC - (Combined Naval Forces CENTCOM) ISAF - GCTF ISAF enclave GCTF - (Global Counter Terrorism Forces Network) CMFP - Cooperative Maritime Forces Pacific K - CENTRIXS US – Republic of Korea J - CENTRIXS US - Japan SAMETIME (CHAT) C2PC

10 3.1 Evaluated options (1/2) Implementation of a CENTRIXS NATO POP in NATO with connection to relevant NATO elements/entities Use of NATO NGCS WAN with encrypted channels No connection with NATO systems Parallel tunnels (inverse tunneling would mean case by case re-accreditation) Same as option 1 without use of NATO NGCS WAN Stove pipe system

11 3.2 Evaluated options (2/2) Gateway between NS NATO systems and CENTRIXS CNFC FASs are proprietary system based (IBM Lotus Domino etc.) – no accredited IEG guards, proxies exist Security accreditation may be more difficult to achieve Gateway between MS NATO systems and CENTRIXS (ISAF like solution) Requires the establishment of a new MS domain

12 3.3 OPTION 1: CNFC extended through NGCS
HOA Mission Network NGCS NATO POP (SHAPE) CENTRIXS CNFC (HOA Nations) JC Lisbon (CENTRIXS CNFC) CC Mar Northwood SHAPE FLAGSHIP AT SEA Eligibility issue (CENTRIXS traffic over NGCS) – will the funds be available? Security issue (Approval to Operate) – who is the authority? Establishment of a Mission (i.e. CENTRIXS/CNFC) Domain in Static HQs ?

13 3.4 OPTION 2: CNFC extended through stove pipes
HOA Mission Network CENTRIXS CNFC (HOA Nations) JC Lisbon (CENTRIXS CNFC) CC Mar Northwood SHAPE FLAGSHIP AT SEA Dedicated communication links Establishment of a Mission (i.e. CENTRIXS/CNFC) Domain in Static HQs ?

14 3.5. OPTION 3: CENTRIXS/CNFC-NS
CNFC Information Domain NATO Secret Information Domain NATO SECRET (28 NATO Nat.) CENTRIXS -CNFC (HOA Nations) NATO POP Cross Domain Gateways ( , Chat, VOIP) SHAPE CC Mar Northwood JC Lisbon FLAGSHIP AT SEA Direct connection between NS and a non-NATO coalition system No accredited guards available for the specific systems

15 3.6 Option 4. : CENTRIXS/CNFC-MS-NS
CNFC Information Domain NATO Mission Secret Information Domain MISSION SECRET (NATO HOA Nat.) CENTRIXS -CNFC (HOA Nations) chat VOIP NATO POP (SHAPE) NATO SECRET SHAPE CC Mar Northwood JC Lisbon FLAGSHIP AT SEA Establishment of a Mission Secret Domain ?

16 3.7 Challenges Maritime community is using different Core and Functional Area Services – technical and infosec challenges during accreditation (no guards are accredited yet) Frequent rotation of Flagship: Different solutions for back-link (national or NATO PoP) – with limited capability to extend satellite links. Individual accreditation for different flagship is not duable in timely manner (one solution for all) MC195 requires “only” NS access from onboard ship No Deployed Shore HQ (yet?)

17 4.1 Phased approach Selected options are option 1. and 2. (extend CNFC) – to achieve this NATO should be part of CNFC COI Phase 0: Extend CNFC VPN through Shape PoP to different static HQs: First step – get NATO access to CNFC Tunnel through existing GCTF access No CNFC services provisioned from the NATO PoP Limited No of seats avail at NATO locations Phase 1: Upgrade phase – 0 CNFC PoP at NATO shall be established (servers) VPN concentrator installation

18 4.2 NATO Connectivity CNFC Operational view
NATO SNMG SNMG unit CTF 150 CTF 151 SNMG flagship NATO POP Nation MCC Northwood US NORTHCOM MCC Naples US NAVCENT SIPRNet Operation Allied XYZ US PACOM Operation Ocean XYZ US CENTCOM JC Lisbon JFC Brunssum JFC Naples US EUCOM CNFC SHAPE CTF Oper ATALANTA CNFC NATO POP CENTRIXS NGCS CENTRIXS

19 5.1 5.1. CENTRIXS-ISAF CNFC/HOA comparison
Connects to a NATO Mission Secret Network Same security classification different O&M Connects to NATO Secret through IEG Core services based on the same platform (MS) Established Mission Secret – large No of users Is used as Mission Secret Network. One O&M through the whole of CNFC No NATO Secret GW exists Different platform (MS <-> IBM) IOC – limited No of new users in static HQs

20 NATO UNCLASSIFIED Releasable to ISAF
CONTACTING NC3A NC3A Brussels Visiting address: Bâtiment Z Avenue du Bourget 140 B-1110 Brussels Telephone +32 (0) Fax +32 (0) Postal address: NATO C3 Agency Boulevard Leopold III B-1110 Brussels - Belgium NC3A The Hague Oude Waalsdorperweg AK The Hague Telephone +31 (0) Fax +31 (0) Postal address: NATO C3 Agency P.O. Box CD The Hague The Netherlands NATO UNCLASSIFIED Releasable to ISAF

Download ppt "CENTRIXS: “Interconnecting Coalition Networks”"

Similar presentations

Frits Broekema Principal Scientist NATO C3 Agency

Frits Broekema Principal Scientist NATO C3 Agency
Combined Enterprise Regional Information Exchange System Introduction.

Combined Enterprise Regional Information Exchange System Introduction.
Common intranet system V-SAT In Nepal Annex 9. ESTABLISHMENT PROCESS.

Common intranet system V-SAT In Nepal Annex 9. ESTABLISHMENT PROCESS.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
NATO NNEC Core Enterprise Services

NATO NNEC Core Enterprise Services
Unisys Mobile CommHub – Inventing the Future Presented by: Edward Minyard, ITIL Partner Global Infrastructure Services.

Unisys Mobile CommHub – Inventing the Future Presented by: Edward Minyard, ITIL Partner Global Infrastructure Services.
Hosted Revolution Ltd Hosted Exchange October 2009 V2.01.

Hosted Revolution Ltd Hosted Exchange October 2009 V2.01.
NATO Consultation, Command and Control Agency

NATO Consultation, Command and Control Agency
A formal approach to national CIS validation in support of NATO expeditionary forces certification The Interoperability Experimentation, Testing and Validation.

A formal approach to national CIS validation in support of NATO expeditionary forces certification The Interoperability Experimentation, Testing and Validation.
IEG Portfolio (Scenario A and B)

IEG Portfolio (Scenario A and B)
CP2073 - Networking1 WAN and Internet Access. CP2073 - Networking2 Introduction What is Wide Area Networking? What is Wide Area Networking? How Internet.

CP Networking1 WAN and Internet Access. CP Networking2 Introduction What is Wide Area Networking? What is Wide Area Networking? How Internet.
Joint Information Environment

Joint Information Environment
Georgia Interoperability Network

Georgia Interoperability Network
NATO UNCLASSIFIED. Historical ISAF Mission Networks … NATO UNCLASSIFIED2  ISAF Secret         NATO Managed & Administered CENTRIXS GCTF  US.

NATO UNCLASSIFIED. Historical ISAF Mission Networks … NATO UNCLASSIFIED2  ISAF Secret         NATO Managed & Administered CENTRIXS GCTF  US.
IETV : I NTEROPERABILITY E XPERIMENTATION, T ESTING AND V ALIDATION C APABILITY © NATO Consultation, Command and Control Agency, 2009.

IETV : I NTEROPERABILITY E XPERIMENTATION, T ESTING AND V ALIDATION C APABILITY © NATO Consultation, Command and Control Agency, 2009.
Module CSY3021 Network Planning and Programming RD-CSY3021-08/09 1.

Module CSY3021 Network Planning and Programming RD-CSY /09 1.
NATO CIS Services Agency TechNet International 2009- Keynote Speech Session I – International Threats – Regional Solutions Presented by Lieutenant General.

NATO CIS Services Agency TechNet International Keynote Speech Session I – International Threats – Regional Solutions Presented by Lieutenant General.
NATO CIS Services Agency Interoperability in Afghanistan The perspective of NCSA The ISAF CIS Coordinator and Service Provider Dag Wilhelmsen Technical.

NATO CIS Services Agency Interoperability in Afghanistan The perspective of NCSA The ISAF CIS Coordinator and Service Provider Dag Wilhelmsen Technical.
NATO Consultation, Command and Control Agency

NATO Consultation, Command and Control Agency
CENTRIXS-ISAF: Phase 1 Overview

CENTRIXS-ISAF: Phase 1 Overview

Similar presentations

Ads by Google