Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Combat Support Agency Defense Information Systems Agency GIG EWSE IA and NetOps (EE213) 17 August 2011 UNCLASSIFIED Tactical Edge Service: NetOps and.

Published byLouisa Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "A Combat Support Agency Defense Information Systems Agency GIG EWSE IA and NetOps (EE213) 17 August 2011 UNCLASSIFIED Tactical Edge Service: NetOps and."— Presentation transcript:

1 A Combat Support Agency Defense Information Systems Agency GIG EWSE IA and NetOps (EE213) 17 August 2011 UNCLASSIFIED Tactical Edge Service: NetOps and IA Considerations NetOps and IA Considerations

2 A Combat Support AgencyAgenda Additional Tactical NetOps Challenges NetOps/IA Implications of Proposed Communications and Service Delivery Solutions NetOps/IA Research Areas Summary 2

3 A Combat Support Agency An EWSE Approach to the Tactical Edge Service Problem Technical Approach Framework 3 Tactical Services Tactical Networks Tactical Edge Environment Enterprise Services Core Networks Fixed Environment Network & Service Mgmt Identify management capabilities required to support the developed strategies Techniques and design patterns to adapt to the constrained tactical env. Techniques to improve network performance to meet the service layer requirements Service Adaption techniques to improve quality and reliability of tactical edge services Strategy #1 Strategy #2 Strategy #3 Strategy #4 Focus of this briefing

4 A Combat Support Agency NetOps in the fixed and tactical environments involves the same three general areas –monitoring, managing & controlling availability, allocation & performance (GEM) –protecting & defending to assure capabilities (GNA) –managing the visibility & accessibility of information (GCM) The tactical environment is made more difficult by –Operating Environment Much more dynamic network topology User and resource node mobility Limited capacity, intermittent communication channels Greater likelihood of deliberate action by adversary to disrupt/deny RF channels –Resource Limitations Availability of trained NetOps personnel Space, weight, and power constraints on processing, transmission & storage resources for NetOps Availability of RF spectrum and device capabilities Technical and procedural barriers to “resource pooling” –Organizational Structures Need to communicate “forward”, “upward” and “laterally” among heterogeneous mix of organizational elements and systems Complexity of operational control and reporting chains Why is Tactical NetOps more difficult?

5 A Combat Support Agency NetOps/IA Considerations for Service Adaptation Solutions Tiered Service Model –“Tier” of service should be chosen based on functional requirements and network path; “best available bandwidth” rather than shortest path algorithm for service delivery point selection may be more appropriate –Need to provide mechanism for characterization of network path between end device and service delivery point Service Proxy Gateway –Asynchronous operation (e.g. store & forward) implies use of transferable user identity token/credentials or authentication of users at proxy device –Compression, data/protocol translation imply intermediate decryption/re- encryption –Cross domain invocation of services requires agreement on user identity, attributes, and authentication mechanisms –Need to consider confidentiality and integrity of stored/cached data –Intelligent content filtering requires either external tagging or visibility into payload data Service Broker –Greatest utility is when broker can access service delivery points in multiple organizations Requires supporting policy and interoperable user identity, attributes, and authentication mechanisms Need to monitor and manage cross-domain resource utilization –Need to verify identity of both service delivery points and users –If combined with aggregation, the issue of transferable user identity token/credentials applies

6 A Combat Support Agency NetOps/IA Considerations for Service Design Pattern Solutions Adaptive Content Delivery –Needs same type of network path characterization mechanism as tiered service Distributed Architecture/Runtime Binding –Need to verify identity of distributed platforms –Need to monitor which distributed platform is being used by which user –May need mechanism to control distribution of load Forward Caching/Store and Forward –Implies use of transferable user identity token/credentials –Confidentiality and integrity of stored/cached data Offline Mode –May need to rate-limit traffic when device reconnects

7 A Combat Support Agency NetOps/IA Considerations for Enhance Transport Solutions Use of more sophisticated or adaptive modulation/ transmit power techniques and increased antenna gain makes RF spectrum management more complex Need agreement on QoS approach and implementation across domains; mission criticality versus transmission requirements of supported service (e.g. jitter, max latency) in packet queuing priority an open question Performance Enhancing Proxies imply intermediate decryption/re-encryption Application level gateways and security devices doing deep packet inspection need to account for payload compression

8 A Combat Support Agency Summary of NetOps/IA Considerations Supporting dynamic, secure relationships between users and resources requires bi-directional endpoint authentication Sharing of resources across organizational boundaries requires both operational agreement and NetOps function to monitor and control such use Rewriting packets and/or storing information at intermediate locations requires adjustments to end to end security and key distribution model Autonomous adaptive use of physical channel resources (bandwidth/spectrum) by end devices needs to be accounted for as part of overall NetOps resource management

9 A Combat Support Agency NetOps/IA Research Areas Network Path Characterization Method –potential for leveraging information exchanged as part of routing protocols –ongoing work in feeding link performance information into routing process Interoperability of Identity and Access Control across organizational boundaries –common identity solution for both users and service delivery points –assignment of capabilities to unanticipated users Extending Service Monitoring –how to identify who is utilizing a particular service –monitoring and controlling cross boundary service utilization Spectrum Allocation and Management for Self-adaptive RF Devices

10 A Combat Support Agency Example – Use DHCP to map end devices to servers and track use 10 1) End device does normal DHCP discovery/request 2) Response from DHCP server includes IP addresses for end device and Service Delivery Point 3) Assignment of end device and Service Delivery Point reported to/collected by NetOps center 4) Service Delivery Point logs requesting IP addresses

11 A Combat Support Agency Issues are both technical and operational –Need agreement on sharing and management of resources on across organizations for greatest efficiency –Method for assured user identity and access control across organizational boundaries a key capability Some possible technical improvements involve straightforward extensions of existing technology –Example #1 Both Tiered Service and Adaptive Content Delivery need a network path characterization mechanism Route computation often uses path characteristics but essentially discards this information and determines a single best route Expand available set of route choices and associated metrics by using Neighbor Specific BGP –Example #2 DHCP in wide use to distribute client IP address, subnet mask, DNS server and gateway IP information RFC 2132 includes option for providing multiple server addresses as part of DHCP response Use DHCP to distribute clients among alternative servers or to service broker 11Summary

12 A Combat Support Agency 12 www.disa.mil UNCLASSIFIED

Download ppt "A Combat Support Agency Defense Information Systems Agency GIG EWSE IA and NetOps (EE213) 17 August 2011 UNCLASSIFIED Tactical Edge Service: NetOps and."

Similar presentations

M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.

M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.
All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.

All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.
Distributed Data Processing

Distributed Data Processing
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Introducing the TE Concept.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Introducing the TE Concept.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Cloud Computing to Satisfy Peak Capacity Needs Case Study.

Cloud Computing to Satisfy Peak Capacity Needs Case Study.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.

Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Rev A8/8/021 ABC Networks

Rev A8/8/021 ABC Networks
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Ch.6 - Switches CCNA 3 version 3.0.

Ch.6 - Switches CCNA 3 version 3.0.
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
A Guide to major network components

A Guide to major network components

Similar presentations

Ads by Google