335
Advertisement
This presentation is the property of its rightful owner.
1 / 27

335 th TSC PowerPoint PPT Presentation

335 th TSC. Track 7: 335 th Theater Signal Command (TSC) Transformation to 335 th Signal Command Theater (SC(T)). A Flatter World in SWA and Active Directory Consolidation. Session 5 22 AUG 07/1300-1400. LTC Mark Hoyt, 160 th TNOSC Director [email protected]

Download Presentation

335 th TSC

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


2007 landwarnet conference unclassified slide 1

335th TSC

Track 7: 335th Theater Signal Command (TSC) Transformation to

335th Signal Command Theater (SC(T))

A Flatter World in SWA and Active Directory Consolidation

Session 5

22 AUG 07/1300-1400

LTC Mark Hoyt, 160th TNOSC Director

[email protected]


Purpose

To discuss how to improve NetOps in Southwest Asia inspired by Thomas Friedman’s book “The World is Flat.”

Purpose


Agenda

The Premise of the World Is Flat

Networks are Joint

The Primary NetOps organizations in SWA

USCENTCOM Five NetOps Functional Areas

Flattening NetOps Functional Areas in SWA

NetOps Reporting

Information Systems Operations

Network Engineering

IA & CND

Knowledge Management

Example of Flattening - Active Directory Consolidation in Iraq

Summary and Suggestions

Questions and Comments

Agenda


The premise of the world is flat

In a flat world information is readily available at any location. Assuming adequate connectivity to a network an organization can improve its capability and/or efficiency by several means. However, the inference is the following must be true for SWA:

Our networks and information systems have to be “flat enough”

NetOps organizations have to trust each other – networks and systems don’t have clear borders which will create conflicts in ownership

If the above are true an organization can gain efficiencies by:

Outsourcing – is there a place where some work can be performed at the same level, and more efficiently?

In-forming – ensuring that all people with requirements have access to all information that is pertinent to them, because dissemination usually requires centralization

Identifying and eliminating redundancy – gets rid of unnecessary layers, creates efficiency and speed of response

The good news - NetOps in SWA works, people have the best communications ever available to a warfighter, but can it be better?

The Premise of the World is Flat


Networks are joint but joint doesn t make them flat

All networks are joint, because DISA owns the Tier 0 - the problem is how do we establish a proper and flat relationship between joint NetOps organizations and service or component NetOps organizations to prevent redundancy and promote good relationships between communication organizations

Services provide portions of the network, especially for all regions not associated with a JTF, e.g. Qatar, Bahrain, Kuwait, Oman, Kyrgyzstan

Service NOSCs are permanent (or more enduring)

They have an established network relationship with units deploying from their service

They are supported by a global NOSC (NTOs)

They are more likely to have a common toolset

JNCCs are stood up to provide adequate NetOps support for a JTF and therefore:

Are “one-off” based upon the mission – they don’t exist before or after the JTF

Specialists in understanding client-server relationships

Have portions of their network and services provided by the more permanent service organizations

Gap fill for needs

Create new seams in ownership in the network when they are stood-up -because they are new

Networks are Joint(but Joint doesn’t make them Flat)


Primary netops organizations in swa joint and service

TNC CENT – the combined TNCC and TNC for SWA, TACON to USCENTCOM

JNCC-Iraq

Handles all TLA stacks in Iraq (minus Air Force and Marine)

Manages the Iraq and Iraq-s Forest

Manages and/or monitor IA/CND for Iraq

24x7 Operations Center

JNCC-Afghanistan

Handles intra-Afghanistan routing

DAA Authority over systems (e.g. firewalls, patching)

Splits management on the Afghan Domain

Receives multiple services from the SWA TNOSC

SWA TNOSC

Provides NetOps support for Army components in SWA

Handles all TLA stacks for the Army outside of Iraq

Runs the SWA Forest for Kuwait, Afghanistan, Qatar and Bahrain 831st

Provides IDS for SIPR, NIPR to include Iraq

ACCC/NOSC

Handles all Air Force TLA stacks

Provides CSIDs for all stacks in theater

Handles all Air Force IA/CND

Provides the CENTAF Forest

Primary NetOps Organizationsin SWA (Joint and Service)


2007 landwarnet conference unclassified slide 1

Flattening

NetOps Functional

Areas in SWA


Centcom netops functional areas

CENTCOM NetOps Functional Areas

SWA can be flattened, but all functional areas affect all others, they are interrelated


2007 landwarnet conference unclassified slide 1

SIG BN

DIV

AF BASE

NOC

SIG BDE SWA TNOSC

NETCOM

A2TOC

TACTICAL

TACTICAL

SIG BN

DIV

SIG BN

SIG BN

SIG BN

CENTAF

ACCC

MEF

TACTICAL

DIV

MNFI/MNCI

JNCC-I

CJTF-82

JNCC-A

CENTCOM

TNC-CENT

TCF

TCF

TCF

TCF

TCF

TCF

TCF

NetOps Reporting in SWA

REGIONAL

BASE/POST/CAMP

THEATER

NetOps

Relationship


Flattening netops reporting

All NetOps organizations need to see all NetOps information that applies to them, this requires seams to be removed in reporting (compatible information)

Network Monitoring Tools can be different, but must be compatible

Both tactical and fixed/commercial organizations must provide SA

SA must be available to all NetOps organizations that need them - flat

In a joint and flat world there is always more than one person to report to,

Requires a standard reporting schema

Two NetOps organizations may track the same issue, but might have different requirements for SA

The goal should be to have the unit make one report available to many recipients

The information must be correct and detailed – it must be flat (available)

Multiple entities must have the permissions to contact the reporting agency

There must be a RFI process – the ability to get answers to questions rapidly, without having to go through multiple layers of command, one question – one answer

All organizations must understand the requirement to make information available and respond to questions, and follow centrally well defined CCIR

Flattening NetOps Reporting


2007 landwarnet conference unclassified slide 1

SIG BN

SWA TNOSC

TACTICAL

SIG BN

SIG BN

SIG BN

DIVISION

AF BASE

NOC

DIVISION

MEF MCCC

TACTICAL

TACTICAL

TACTICAL

CENTAF

ACCC

CJTF

JNCC-A

CENTCOM

TNC-CENT

DISA

MNFI

JNCC-I

TCF

TCF

TCF

TCF

TCF

Theater Network Engineering

TIER 0

TIER 1

TIER 1.2

TIER 2

TECHCON


Flattening network engineering

The network requires fewer players in the TLA stacks – its not a specialty skill, and it should be done by the services

There will be TLA stacks in Oman, Kuwait, Qatar, Bahrain, HOA, Sinai, Kyrgyzstan

TLA stack administration should be centralized – lots of redundancy

The military needs to centralize experts

The services are in cheaper areas, contractors cost 50 to 66% in Kuwait and Qatar when compared with Iraq and Afghanistan

TLA stacks and enterprise management can be outsourced, but

The JNCCs will need local support

The support must be in the same time zone, to be responsive

In a flat network, Qatar and Kuwait should be the primary sites because the sites are more enduring, cheaper to man, have better connectivity - and in a flat world could COOP each other

Flattening Network Engineering


2007 landwarnet conference unclassified slide 1

SIG BN

SIG BN

CENTAF

IDS

MEF

DIVISION

CENTAF

CSIDS

SIG BN

SIG BN

SIG BN

DIVISION

AF BASE

NOC

TACTICALSITES

SWA TNOSC IDS

MNFI

JNCC-I

CJTF

JNCC-A

CENTCOM

TNC-CENT

TCF

TCF

Theater Computer Network Defense

TIER 1/2

TIER 2

TIER 0

TIER 1

JTF’S HAVE DAA AUTHORITY - FIREWALLS

NOTE: RCERT SWA DOES TROUBLE TICKES AND INVESTIGATIONS FOR

IRAQ


Flattening computer network defense

Minimizing domain and forests in an AOR is critical to having uniform and controllable security policies in that AOR

There is only one RCERT in the theater – it responds to Tier 1.2 IDS tickets from the Army – this should be leveraged for the entire theater

Data storage, CAC/PKI implementation and Switch Security need to be standardized

lack of standards is hurting security, especially below the Tier 2

only the chain of command has the enforcement function

this requires JNCCs to control their information resources within their AOR

In a flat SWA world, standards and policies for the minimum standard must come through one source – that should be the Combatant Command,

service policies can be stricter, but not less than the CC policy – should be coordinated, the CC is the only organization that everyone recognizes

must reduce waivers, because of the weakest link problem

Flattening Computer Network Defense


2007 landwarnet conference unclassified slide 1

ARCENT

G6

CENTAF

A6

CENTCOM

TNC-CENT

DISA

JNCC-A

JNCC-I

Theater Content Staging and

Information Management

Army Component + Kuwait, Qatar

COMMS-I

Afghanistan

Iraq

COMMS-I

Air Force Component + Kuwait, Qatar, Oman, Kyrgyzstan


Flattening content staging and information management

Defined here as “ensuring the warfighter has the right information at right time” - the most important of the pillars – all others enable this

This is the “specialist skill” of a JNCC, and therefore they need NetOps SA and control of local NetOps systems

Only a JNCC can provide an understanding of all the component networks and systems, this is important for:

determining operational impact

providing NetOps information for communications integration

coordinating ASIs that affect multiple services

ensure redundant paths

obtain provisioning and trend analysis information – to allow better data flow

Neither the SWA TNOSC or ACCC/NOSC are manned to provide true knowledge management, which requires a direct interface to operations centers.

All implementations require the services as supporting organizations to be responsive to the prioritization of the JNCCs (only they can gain a true understanding of the priorities)

Flattening Content Staging and Information Management


2007 landwarnet conference unclassified slide 1

Example of Flattening Iraq

AD Consolidation


2007 landwarnet conference unclassified slide 1

IRAQ

FOREST

JNCC-I

CENTAF

FOREST

ACCC

EACH AF BASE

DOMAIN

ARCENT

FOREST

(SWA TNOSC)

TACTICAL

SIG BN

SIG BN

DIV FOREST

ARCENT

TACTICAL

TACTICAL

TACTICAL

FOB/COB FORESTS

BDE FOREST

1MEF MCCC

JNCC-A

TCF

TCF

TCF

TCF

Theater

Simple Active Directory Depiction

DOMAINS

ENTERPRISE

FORESTS

OUs

Single Sign-On

Outside Iraq

Inside Iraq

Access?

AD RELATIONSHIP

NOT COMPLETE

RELATIONSHIP


Flattening information systems operations

Lack of unity in an Active Directory (AD) structure creates problems. For example, there are problems with multiple domains in Iraq.

Creates security inconsistencies (SMS/WSUS)

Violates Netcentricity by creating seams in Single Sign On and information access

Hinders the use of two factor authentication (CAC/PKI)

Requires additional servers and system administrators

Leads to baselining

In contrast a unified AD structure leads to Netcentricity,

Allows for confirmable and consistent security policies with accountability

Eases system administration – you can see the seams between systems

Allows single sign-on and access to information

Saves money (system administrators and servers) – and simplifies identifying redundancy

Increases mobility - users can have an account throughout an AOR

Flattening Information Systems Operations


2007 landwarnet conference unclassified slide 1

JTF

The Problem

Current use of AD by BCTs is not Netcentric

SPT

BCT

How Many Forests?

Common GAL?

Mobility?

BCT

AF

The Problem Part 2

Over 20 Forests in Iraq


2007 landwarnet conference unclassified slide 1

Why Consolidate?

  • To combine the disconnected Iraq AD Forests and provide a common Iraq Forest

    • Provide seamless access – allow mobility

    • Provide centralized enterprise communications support and services

    • Enhance security to all units within Iraq – common policy

    • Allow tactical formations to concentrate on SIPR support

    • Allow users access that don’t belong to a BCT or DIV forest

  • Merge FOBs and COBs into a common domain on SIPR and NIPR

  • FOBs and COBs are the normal locations of major headquarters

  • Merge willing Divisions and BCTs onto NIPR


2007 landwarnet conference unclassified slide 1

Consolidation –

What is Not Happening

  • No merger of the SIPRNet

  • No merger for BCTs that are currently deployed

  • No forced patching on BCTs

  • No requirement for the BCT to provide equipment

  • No usurping of the DAA and his authority

  • Domain administration will not be done outside of Iraq


2007 landwarnet conference unclassified slide 1

Consolidation –

What is in it for the BCT

  • Allows BCT to concentrate on supporting their SIPRNet

  • Allows BCT to not spend money on unresourced NIPRNet

  • SMS roll-up/management for your own network

  • SMS package creation – distribution (not pushed)

  • Centralized WSUS and AV pushes to BCT

  • Easier sharing of information via tools (less workarounds – no trusts)

  • Access to an automated common GAL

  • Single sign-on in their AOR

  • Secure AD

    • DC VPN s

    • Smart Card for Domain Admin Access

    • Service Account Security

    • 24x7 AD Monitoring using MOM and Change Auditor

    • Ability to move anywhere in the theater below the BCT level and still have access to information


2007 landwarnet conference unclassified slide 1

Consolidation –

What is in it for Iraq and the theater

  • Single sign-on in Iraq

  • SMS roll-up/management

  • Standardized security using SMS, WSUS and SAV

  • Better use of resources

  • Easier sharing of information for the theater (less workarounds)

  • Everyone on the MIIS GAL

  • 24x7 monitoring on AD in Iraq

  • Ability to move Brigades anywhere in the theater

  • What Else: A potential change for Army strategy concentrating on netcentric deployability for modular units


2007 landwarnet conference unclassified slide 1

Summary


Summary of the world is flat

In SWA NetOps the functional areas are tightly integrated, but all are done differently by country, and by organization – this requires great coordination and flattening of information

Often the biggest problem is the lack of trust between organizations. In extension all organizations feel they have to control something for it to be responsive.

There are many reasons to flatten SWA NetOps:

Makes a more user friendly and available network

Leads to a better and more capable network

Allow for the establishment of a true NetCop

It provides better, more responsive, uniform and controllable CND

It would save millions of dollars

It allows for concentration of expertise

It makes it easier for units and personnel to move in the theater

It makes it easy to identify redundancy

Summary of The World is Flat


2007 landwarnet conference unclassified slide 1

Questions and Comments


  • Login