1 / 31

Secure Network-Centric Operations of a Space-Based Asset: CLEO and VMOC

This presentation discusses the secure network-centric operations of a space-based asset, namely the Cisco Router in Low-Earth Orbit (CLEO) and the Virtual Mission Operations Center (VMOC). It explores the benefits, lessons learned, and future work in utilizing a shared network infrastructure for space-based applications.

achase
Download Presentation

Secure Network-Centric Operations of a Space-Based Asset: CLEO and VMOC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure, Network-Centric Operations of a Space-Based Asset:Cisco Router in Low-Earth Orbit (CLEO) andVirtual Mission Operations Center (VMOC) Will Ivancic wivancic@grc.nasa.gov 216-433-3494

  2. Agenda • Why • CLEO/VMOC overview • Participating Organizations • The Network • Data Flow • Timeline of Events • CLEO/VMOC Lessons Learned • Future Work • New Capabilities • NCO Experiences

  3. Why? • Shared Network Infrastructure (Mobile-IP) • $$$ Savings • Ground Station ISP • $400- $500 per satellite pass • No salaries • No heath benefits • No infrastructure costs • System Flexibility • Greater Connectivity • Relatively easy to secure • TCP/IP suite • COTS Standard • Free tools • Skilled professionals available • Tested via general use by 100s of 1000s daily

  4. The Cisco router in low Earth orbit (CLEO) • Put a COTS Cisco router in space • Determine if the router could withstand the effects of launch and radiation in a low Earth orbit and still operate in the way that its terrestrial counterparts did. • Ensure that the router was routing properly • Implement mobile network and demonstrate its usefulness for space-based applications. • Since the UK–DMC is an operational system, a major constraint placed on the network design was that any network changes could not impact the current operational network

  5. Virtual Mission Operations Center (VMOC) • Enable system operators and data users to be remote • Verify individual users and their authorizations • Establish a secure user session with the platform • Perform user and command prioritization and contention control • Apply mission rules and perform command appropriateness tests • Relay data directly to the remote user without human intervention • Provide a knowledge data base and be designed to allow interaction with other, similar systems • Provide an encrypted gateway for “unsophisticated” user access (remote users of science data)

  6. Virtual Mission Operations Center

  7. VMOC evaluated five categories • Does VMOC provide access to payload information for the warfighter? • Can the field users request information from a platform or sensor? • Can field users request information from existing databases? • Can the VMOC demonstrate rapid response and reconfiguration of an IP based platform? • Can the VMOC task platforms as required to get necessary information to the warfighter? Yes to all of the above!

  8. Mutually Beneficial Interests • Projects are complementary in their shared use of the Internet Protocol (IP) • Overall goal of network-centric operations. • (and NetCentric Operations)

  9. Participating Organizations

  10. CLEO/VMOC Network UK-DMC satellite CLEO onboard mobile access router low-rate UK-DMC passes over secondary ground stations receiving telemetry (Alaska, Colorado Springs) 8.1Mbps downlink 9600bps uplink other satellite telemetry to VMOC 38400bps downlink ‘battlefield operations’ (tent and Humvee, Vandenberg AFB) UK-DMC/CLEO router high-rate passes over SSTL ground station (Guildford, England) Segovia NOC USN Alaska Internet secure Virtual Private Network tunnels (VPNs) between VMOC partners mobile router appears to reside on Home Agent’s network at NASA Glenn primary VMOC-1 Air Force Battle Labs (CERES) ‘shadow’ backup VMOC-2 (NASA Glenn) mobile routing Home Agent (NASA Glenn)

  11. Data Flow Mobile Router Using Mobile-IPv4 and Triangular Routing

  12. Remote Request DMC-UK Warfighter Requests image of Hong Kong Experiments Workstation Satellite Scheduler & Controller Battlefield Operations (Vandenberg AFB) 2nd Ground Station Segovia NOC Is Warfighter Authorized to view image of Hong Kong Open Internet SSTL Are you really Warfighter? If image is available, return image, else get image VMOC-1 Home Agent (GRC) VMOC-2 (GRC) Database VMOC

  13. Schedule Request DMC-UK Check Satellite Resources and Notify VMOC when image will be available Experiments Workstation Satellite Scheduler & Controller Battlefield Operations (Vandenberg AFB) 2nd Ground Station Segovia NOC Notify Warfighter of the time when image will become available Open Internet SSTL Request Image VMOC-1 Home Agent (GRC) VMOC-2 (GRC) Database VMOC

  14. Command Satellite DMC-UK DMC-UK 14:00 Take Image and store for later retrieval Take image when over Hong Kong (at 14:00) Satellite Scheduler & Controller Experiments Workstation SSTL Hong Kong Command Satellite When in View

  15. Image Transfer Mobile Router Note, Mobile Router appears to reside on Home Agent’s Network Experiments Workstation Satellite Scheduler & Controller File Transfer Using Mobile-IPv4 (Triangular Routing) Battlefield Operations (Vandenberg AFB) 2nd Ground Station Segovia NOC Open Internet SSTL VMOC-1 Home Agent (GRC) VMOC-2 (GRC) Database VMOC

  16. Retrieve Image Mobile Router Note, Mobile Router appears to reside on Home Agent’s Network Experiments Workstation Satellite Scheduler & Controller Battlefield Operations (Vandenberg AFB) 2nd Ground Station Segovia NOC Open Internet SSTL VMOC-1 Retrieve Image for storage and redistribution Home Agent (GRC) VMOC-2 (GRC) Database VMOC

  17. Redistribute Image Mobile Router Note, Mobile Router appears to reside on Home Agent’s Network Experiments Workstation Satellite Scheduler & Controller Battlefield Operations (Vandenberg AFB) Retrieve Image 2nd Ground Station Segovia NOC Open Internet SSTL Notify Warfighter That Image is available Authenticate Warfighter Send Image VMOC-1 Home Agent (GRC) VMOC-2 (GRC) Database VMOC

  18. Image Transfer - Two Ground Stations Experiments Workstation Satellite Scheduler & Controller File Transfer Using Mobile-IPv4 (Triangular Routing) Battlefield Operations (Vandenberg AFB) 2nd Ground Station Segovia NOC Desire is to buffer locally while in sight of the satellite then redistribute to the VMOC Open Internet SSTL Rate Mismatch Problem VMOC-1 Home Agent (GRC) VMOC-2 (GRC) Database VMOC

  19. Ideal LARGE Image Transfer – Multiple Ground Stations (New Capability – Application Not Yet Developed) Ground Station 2 Ground Station 1 Ground Station 3 Open Internet VMOC Satellite Scheduler & Controller Database VMOC Home Agent

  20. Timeline of Events (18 Months) • September 2002: Cisco approaches SSTL regarding placing Mobile Access Router onboard a spacecraft • SSTL agrees to place on UK-DMC with integration to begin in December 2002 • April 2003: Cisco approaches NASA Glenn Research Center (GRC) regarding interest in participation under joint research of existing NASA Space Act Agreement • NASA Glenn visits NASA Goddard regarding ground station support • GFSC definitely has the expertise • GRC concerned about NASA’s ability to meet cost/schedule due to bureaucracy • Security issues and motivation to “make this happen” without high level buy-in • August 2003: Initial planning meeting at GRC with Air Force, Army, GD, Cisco, and Western DataCom to discuss network, design, implementation and schedule prior to visiting SSTL • September 2003: Discussions with GSFC on cost and schedule (GRC has very limited budget) • 27 September 2003: UK-DMC and sister satellites launched from Plesetsk. • 15 October 2003: CLEO router power cycled during commissioning tests.

  21. Timeline of Events (18 Months) • December 2003: VMOC team visits SSTL to discuss network design and collaborative effort • SSTL agrees in principle and indicates that they would be willing to modify their addressing scheme to accommodate mobile networking • GRC and GD are pleasantly surprised (We will believe it when we see it!) • Talk of March 2004 demonstration, pushed to June pre GRC’s insistence. • January 2004: While waiting for the arrival of the engineering model …. • GRC personnel worked on IPv4 mobile networking technologies including traversing Network Address Translation units. • Continued discussions with GSFC, but only $100K available. Insufficient funds. • GSFC suggests we try Universal Space Networks who is looking for IP satellite

  22. Timeline of Events (18 Months) • February 2004: • Visited USN and got buy in to support second ground station. Used Military contract ending in April if no new work. Thus approximately 30 days to get in place. • Took delivery of Engineering Model at GRC and tested as much of the network as possible – pass through software not yet written! • VMOC kickoff meeting was held at Colorado Springs on February 11 through 13 • Decision was made to place a third ground station in Colorado Springs for VMOC comparative analysis. • Mentioned IPv6 mobility work – Army suggested we show this to OSD (in our spare time!) • March 2004: • Ordered Modems for grounds stations (3 Comtech COTS for downlink, 4 Amateur radio for uplink – due in April, build you own kit) • Met with Army Battle Labs to discuss network design and addressing of the mobile component of the VMOC demonstration – the remote battle field command center. • Comtech modem received • While awaiting pass-through software completion, worked IPv6 mobility demonstration. • General Dynamics is working VMOC in parallel – needs to integrate with GRC network.

  23. Timeline of Events (18 Months) • April 2004: • CPFSK Amateur radios signed for at GRC, but lost! Reordered last two kits! • USN under contract. • April 27: Performed Secure mobile network demonstration of IPv4 and IPv6 to Dr. Wells and staff at OSD and ICNS conference • April 28: Met with Integral Systems and USN to discuss network design for mobile routing. • April 29: CLEO router activated and tested with console access. • May 2004: • CPFSK modem kits received, built and partially tested. USN requests modems with understanding that we have only partially tested them! • SSTL Pass-through software and Saratoga file transfer software tested on EM. • Virtual Flatsat implemented at GRC to allow 24x7 VMOC testing. • May 11: First access to CLEO via console port via SSTL ground station • Test were via SSTL machines controlled with RealVNC • May 14: Pass-through software tested on UK-DMC. Telnet to CLEO now possible! • May 21: 1st remote commanding of CLEO from GRC network using normal routing • May 22: Sent Dave Stewart to England to get mobile networking operational. • May 28: Mobile networking operational – unsecured, on open network

  24. Timeline of Events (18 Months) • June 2004: • June 3: Mobile networking tested behind VPN firewall – secure mobile networking. • June 4: SSTL schedules telemetry passes over Colorado and Alaska for June 8 -17 and router passes over SSTL for metric collection on June 7-11. • June 8: USN ground station operational (low pass mode) and receiving telemetry • June 10: Telemetry resender operational from USN and CERES • June 7 – 11: Metric testing of VMOC and CLEO from Vandenberg Air Force Base. • June 14 – 16: Public demonstration of VMOC and CLEO at Vandenberg. • August 2004: Participate in Small Satellite Conference • Telemetry from USN Alaska Ground station. • December 22, 2004: Mobile networking operational via the USN ground station (High-rate pass)

  25. Summary - Timeline of Events • NASA’s first opportunity to touch CLEO was May 11th, 2004 • At best, satellite passes were: • 1 per day, 3 days per week, 8 minutes per pass • Cisco router testing next week (from actual email): Tues 11/05/2004:     10h05UTC pass (6:05 EDT) Wed 12/05/2004:      10h43UTC pass (6:43 EDT) Fri 14/05/2004:      10h20UTC pass (6:20 EDT) • Successful VMOC metrics testing was performed June 7-11. It is highly doubtful this would have been possible without the use of IP!

  26. CLEO/VMOC Lessons Learned • The ability to have all the tools available in a full IOS on the onboard router proved invaluable • Argument for slimmed-down IOS • May be more robust or easier to qualify rigorously for the space environment. • Argument for full IOS • Removing functionality may result in less stable code rather than more stable code, as any change in software can affect the robustness of software and second. • Full IOS has been tested daily by hundreds of thousands of users • It is quite probable the functionality taken out will end up being the functionality one needs for some later, unforeseen configuration need. • Mobile networking greatly simplifies network configurations at the ground stations and adds an extremely insignificant amount of overhead (three small packets per session for binding setup). • Triangular routing is preferred if the rate on the terrestrial links cannot meet or exceed the rate of the downlink. • Triangular routing along with new file transfer applications enables full utilization of the downlink.

  27. CLEO/VMOC Lessons Learned • The interface between asset owners will have to be identified and some special software written when sharing infrastructure • Use of commercial standards (IP, Simple Object Access Protocol , XML) make implementing these software interfaces much quicker and easier than if noncommercial standard protocols were used. • The engineering model of the onboard and ground assets is a necessity • According to Universal Space Networks and Integral System Integration, there are products available for ground station TT&C that have become de facto industry standards. Using them will greatly simplify ground station integration and reduce costs. • An example provided by USN and ISI: IN–SNEC’s CORTEX satellite telemetry products for ground stations

  28. Future Work • Use CLEO to move GPS reflectometry experiment data from a 3 Mbps solid state data recorder (SSDR) to an 8 Mbps SSDR • Allows all data to be transmitted to ground in single pass • Reducing power requirements and SSDRs can be turned off when empty • Perform this multi-ground station large file transfer • USN ground station modifications necessary for operation with the DMC satellites • Application software needed to run a file transfer over multiple ground stations. • SSTL commanding satellites through the USN ground system • Require SSTL to modify its Mission Planning System to automatically check availability of USN assets (This may be happening via AFRL and SSTL contracts with USN) • VMOC as Systems Coordinator and Security Manager for SSTL and USN assets • IPv6-Compliant Satellite • Onboard Router • HAIPIS Encryptor • IPv6 compliant instruments

  29. New Capabilities • Onboard router enables standard payloads to be placed on a local area network and be commanded and controlled using commercial standard Internet Protocols. • VMOC’s distributed architecture provides for survivability and rapid reconfiguration • Needed in the battlefield, science, and business environments. • Enables remote secure command and control of spacecraft, sensors, and manned and unmanned aerial vehicles. • By using commercial standard equipment and commercial standard protocols • Competition and standardization results in significant cost savings • Increases number of available assets • Ground and Space assets may be available from multiple commercial and government providers • Multiple assets results in more available contacts, greater contact time, and quicker response time • Use multiple ground stations enables large file transfers to take place over multiple ground stations’ contact times • Allows system implementers tremendous flexibility in the design of the space system • Possible reduction of the downlink transmit rate and corresponding transmit power because of the increased contact time

  30. NCO Experiences • Successful NCO has more to do with building trust relationships at the “people level” than it has to do with technology. • Putting NCO in an operational system is the true test. • This forces ALL security issues to be address! • Internetwork Centric Operations, NCO across various networks owned and operated by various entities if far different the NCO within your own network. • Everybody has to expose themselves to some degree. That degree has to be negotiated up front. • I need to understand how your system works and you need to understand how my system works. • Strengths and vulnerabilities are exposed to some degree. • Internetworking NCO is like a marriage • 50/50 is doomed to failure. 100% commitment is required by all parties. • You MUST understand and accept the needs of the other parties. • Patience and Persistence, Patience and Persistence, and more Patience and Persistence!

  31. The compete technical report and this presentation are available at: http://roland.grc.nasa.gov/~ivancic/papers_presentations/papers.html We are always willing to bring the demonstration to you, if so desired.

More Related