Chris.Gunderson@W2COG (o) 703 262 5332 (m) 831 224 5182 w2cog
description
Transcript of Chris.Gunderson@W2COG (o) 703 262 5332 (m) 831 224 5182 w2cog
Public/Private Partnership for Netcentric Engineering .ORG
[email protected](o) 703 262 5332(m) 831 224 5182www.w2cog.org
Presentation to the
NCOIC March 30 2007
MYTH: Military Netcentric Operations is fundamentally different from commercial E-
business
REALITY: “The world is flat!” (Tom Friedman NY Times)….
QUESTION: Is Google good enough?
…(Lt Gen) Croom (Defense Information Systems Agency Director) said (military systems) should provide military information as easily as Travelocity …Croom invokes commercial success stories..e.g. Google and Yahoo ...said DISA would opt for a commercial approach*
*FCW 7/11/05
Netcentric Prime Directives: Flatten & Partner
• Acquisition Community needs– To efficiently survey possible solutions. – To track operational community “market” trends– Use-based contract incentives– “Test drives” of live or downloadable use-case demos– To pool resources for similar requirements– Means to propagate investments in intellectual property
• “Pointy End” Operational Communities need– To communicate via use-cases– To Eliminate buffer between them and developers– To collaborate on domain specific standards and schemas– To integrate solutions through continuous low cost experimentation– Hosting and inter-enterprise facilitation services
• Developer Communities need– To leverage and improve others’ solutions – To collaborate on technology standards and their uses.– Government certification to accelerate adoption and mitigate commercial
risk
• CJCSI 6212.01D 8 Mar 06: “Net-Ready-KPP” (NR-KPP)/
NR-KPP Cert :
“(Develop) …Verifiable performance measures …to
assess information needs…”
• DISA Joint Interoperability Test Command (JITC)
directed to enforce the NR-KPP …
NR-KPP Challenge & OpportunityNR-KPP Challenge & Opportunity
But HOW???
Net-Ready Key Performance Parameter (NR-KPP)..… not a show stopper or rubber stamp … H&R Block not the IRS!
*NETCENTRIC
VALUE ADDED!(Acquisition & OPS!)
•Data Strategy •SOA Framework •Information Assurance
Dynamic Multi-Level Privacy Streamlined Supply Chain Better Decisions Faster
=NR-KPP = +
Reward vs. Risk Measurable Useful
*•Tighter OODA Loop•Increased interaction among coalition •Decreased inventory at rest•Faster speed to market•Shortened training pipeline•Improved test scores•Fewer casualties •Decreased maintenance down time•Etc …
Risk/RewardRisk/Reward MeasurableMeasurable UsefulUsefulReusableReusable
Government Intellectual Property to industry
Industry risk reduced through certification
Low overhead fee-for-service
SOA e-Biz value proposition (VIRT + VOTS)
Leverages existing capabilities
Process change not major investment
NetCert.Gov: Embed Distributed Adaptive Collaborative V&V in
Computer Network Development Process via End-to-End Distributed Government/Industry Software Test Range
•FDCE•CANES IDE•DCGS Test network•Etc
NR-KPP Checklist
• IA => Share & Protect• Enable sharing across domains • Preserve privacy • Protect network
SOA => Reuse & Mash Up• Accelerate delivery of netcentric
capability • Enable netcentric interoperability• Decrease infrastructure cost• Compose C4 capability on-the-fly
Data Strategy => Discover in Context • Broker information discovery• Create information value chain
feedback loop
Do no harmSoftware Assurance vulnerability OK? Bind to accredited GIG IA services? Register dynamic discretionary access policy? Latencies OK? Reliability OK? Generate digital diagnostic architectural artifact.
Re-useable/Composable (i.e. Bind to T-SOAF) Discoverable? Self describing? Open standard interfaces? Cross program investment? Net-enabling IPR model? Generate digital diagnostic architectural artifact.
Demonstrate Increased Value/Bit Exchanged COI approved mission thread? Meta data registered in context? Increased automation? Mission based MOE OK (i.e., compress time line,
and/or improve mission outcome)? *Generate digital diagnostic architectural artifact
Net
-Rea
dy
Par
amet
ers
and
Bu
sin
ess
Ob
ject
ives
Measurable & Testable Parameters
* Confirm with operational evaluation
Open Architecture
• Open standards, e.g., (JBI) Enterprise Service Bus
• IAW GIG IA Roadmap
• Emphasis on semantic IOP
• Team with industry consortia
ES
B
Trusted Discovery
IA Services on High Assurance Platform
Resources
Trusted Sharing Services: Authentication, Authorization, Audit, MLS, CND
DiscoveryM2M MessagingMediationESMGIS
Test Services & Toolkits
Enterprise S
ervice Bus
Resources
Radio WAN A
Terrestrial WAN B
RadioWAN CResources
Resources
Resources
NCES legacy
NCES On Ramp
DGInet
NR-KPPcompliant
COI capability
module
Other legacy
High Assurance Platform (HAP)
Trusted Operating System
On Ramp
Radio PAN
Ethernet LAN ashore
EthernetLAN afloat
On Ramp
Resources:Applications
Data, Hosting,Utilities,
Help desk,etc
COI Services COI Services COI Services
High Assurance Platform (HAP)
Trusted Operating System
High Assurance Platform (HAP)
Trusted Operating System
NR-KPP tested capability module
W2COG Institute: Enabling Trusted Transactions of Valuable Information at the Right Time
• An international, collaborative association of networking technology and operational experts
• A brokering service that efficiently puts expert providers in touch with customers
• An open GIGlite.org on-line environment for rapid prototyping ventures among self-selecting industry, government, and academic experts and dynamic repository of net-ready capability bundles
GIGlite.org… a disruptive approach
To provide an infrastructure for collaboration and communication among government, academia, and industry to rapidly develop and propagate re-usable and continuously improving tools that facilitate trusted transactions of valuable information at the right time, i.e. bundles of netcentric capability.
•Gov’t, industry, & academic members
•Title 10 compliant, Non-FAR < ~90 day S&T & engineering spirals
•Open source/Open Standards IPR model
•Rolodex of experts
• Distributed major SOA test range
•Single POC for Gov’t labs and sponsors
•Distributed, Adaptive, Collaborative, SOA V&V and certification
•Convenient process for reuse of off-the-shelf componentsGIGLite.org NetCert.gov
Best Netcentric SOA Practice
Net-Ready Certification
$ & IP
e-Portal for Gov’t certified off-the-shelf bundles of netcentric
capability
Processes(E-biz rapid discovery cycles)
GIGlite.Org open source/open standards “community sandbox” Colors and texture of the horizontal network grow incrementally richer through collective investment.... …Tax paying citizens of the network prosper through information value chain management
Domain Context(Semantics)
Network Performance(Protocols, Meters &Switches)
Trusted transactions(Privacy)
Dynamic Context(Space & Time)
Military
Domain-specific “verticals” include ecosystem of developers, operators, & testers
Financial
Industry
Airline
Industry
Medical
Disaster
Response
1st Adapt existing GOTS2nd Buy COTS solutions3rd Create adaptable solution as last resort
~90 day pilots target measurable increments ofvalue added and deliver net-ready consumable tools and methods per “ABC”* model
*
NetCert.Gov adaptive collaborative mission-thread based V&V via pre-deployment M&S and post-deployment operational audit of VIRT-based SLAs
Net Ready KPP (NR-KPP) :IA = Trusted SharingSOA = VOTSData strategy = VIRTNetcentric Productivity = SLAs
Public/private partnership designed to accelerate a “net-ready” market for products and services that facilitate trusted transactions of valuable information at the right time:
•A “Dot org” facilitates rapid non-FAR information processing discovery cycles via “open” IPR model and self selecting industry-academic-government project teams
•A light weight “Dot gov” administration office manages a distributed major software “test range” that brokers adaptive, distributed, net-ready V&V, and facilitates transfer of funds, artifacts, and intellectual property across government community of sponsors, operators, and labs
•Standing non-FAR legal vehicle between .org and .mil streamlines non-proprietary, capability-based, T&E & discovery process for all participants
•On-line “GIG-lite.ORG” serves as dynamic run-time repository of requirements, capabilities, best practices/practitioners, and lessons learned
•JCIDS/ACQ documents (e.g. JCD, ISP, CDD,CPD, NR-KPP) become “living” parallel & iterative on-line digital artifacts that continuously capture and propagate new requirements, discoveries, policies, and best practices
•Bundles of off-the-shelf DOTMLTF capability, are certified as net-ready, visible, consumable and continuously deployed via commercial e-Portal
Acquisition “lite” for GIG Information Processing Components
Net-Ready e-Portal
Consumable COTS & GOTS bundles certified to deliver netcentric increments of Valuable Information at the Right Time (VIRT) via trusted information transactions, i.e. Value Off the Shelf (VOTS)
NR-KPP based Consumer Report format that compares bundles of similar net-enabling products and services
Commercial e-Market offering certified bundles of net-enabling products and services
Innovators’ “dating service” to broker customers and providers of net-enabling products and services
“GIGLite.org”•On-line SOA subversion-based DEVNET•Secure multi-level access •Dynamic Library:
•Netcentric RQMTS•Mission Threads•Mission Level Models•VOTS S/W offerings
GIG To-Be Acquisition
Vision
BACKUP
Approach• Use “ABC”* approach to build SOA Baseline =
GIGLite.org Spiral 0• Test IA, SOA, and data strategy re:
– 1. Do no (unacceptable) harm– 2. Bind to the SOA Foundation:
• Discoverable• Self describing• Open interfaces
– 3. Demonstrate netcentric value added• Leverage “.org” to minimize bureaucracy and
overhead = provide valuable service to developer and customer
*ABC = Adapt existing capability or Buy COTS before Creating specialized capabilty
DataDataSecuritySecurity
UserUserInterfaceInterface
DataDataObjectsObjects
Services –Services –Web & SOAWeb & SOA
WorkflowWorkflow/Process/Process
Access/Access/Roles/Roles/
PrivacyPrivacy
Data AssetData AssetPreservationPreservation
TechnicalTechnicalRequirementRequirement
InformationInformationStreamsStreams
Cross-domain InformationCross-domain InformationExchange Framework (CIEF) Elements of InterestExchange Framework (CIEF) Elements of Interest
DataDataSecuritySecurity
UserUserInterfaceInterface
DataDataObjectsObjects
Services –Services –Web & SOAWeb & SOA
WorkflowWorkflow/Process/Process
Access/Access/Roles/Roles/
PrivacyPrivacy
Data AssetData AssetPreservationPreservation
TechnicalTechnicalRequirementRequirement
InformationInformationStreamsStreams
Objective: Value/BitObjective: Value/Bit
Objective: Re-usableObjective: Re-usable
Objective: Intuitive Objective: Intuitive
Objective: ProtectObjective: Protect
Objective: Objective: Discover in contextDiscover in context
Objective: ShareObjective: Share Objective: Mash upObjective: Mash upObjective: StreamlineObjective: Streamline
Objective: UsefulObjective: UsefulPersistence/redundancyPersistence/redundancy
CIEF Objective is Trusted Transactions of Valuable
Information at the Right Time Across Domains
GIGlite.org Logical Stack
Identity/Privacy Utilities & Services: Objective is Trusted Transactions
Publish/Subscribe Utilities & Services: Objective is Seamless Delivery of Value in Context
Business Process Utilities & Services. Objective is Continuous Improvement
Computer Network Defense and Software Assurance Utilities & Services: Objective is Protection of Assets
– Security• Trusted Authorization Broker (TAB) • Trusted Authorization Policy Engine
(TAPE) • CAC• V-LDAP• Cyber Operation Information System
– Discovery• 3DV Open Source registry• DGInet geospatial services• M2mi xxx
– Messaging• M2MI xxx• JBI Middleware
– Mediation• NCES on ramp• Commercially viable JBI Enterprise
Service Bus• SOA tool kits (e.g. Jumpstart,
C/JMTK)
– ESM• SPAWAR Cross-domain Information
Exchange Framework via GIGLite Collabnet Portal
– NR-KPP Test Services• M&S web suite• Web SOA test bench• Center fro Assured Software (CAS)
evaluation
NCESOn Ramp
DISA Appliance(NCES Inside)
–The DISA Appliance bundles the NCES Services into a single deployment component that is accessible via “NCES on ramp” toolkit to deliver NCES capabilities to ESBs.
S2OAF Technology Stack = NCES legacy + Best of Breed GOTs + OTD + Managed Services via ESB
JBI E
nterp
rise Service B
us
High Assurance Platform (HAP)
System Assurance OS layer (COIS?)
TAB TAPETrustedService
Engine (TSE)
Network A
Network B
Network C
Resources
Resources
Resources
CAC
Trusted:DiscoveryMessagingMediationESM
NCES legacy
NCES On Ramp
To BeNR-KPP compliant application
Service
DGInetJumpstart
ToolkitC/JMTK
M2MI VIRT engine
3DVE Registry
To be NCES Foundation Service
V-LDAPOther JBI ESB Middle Ware
NR-KPPcompliant
COI capability
module
= Later spiral enterprise service
= S2OAF spiral 0
Other legacy
Test Services
NR-KPP tested capability module
= NCES enabled application or utility Operating System
On Ramp
DataDataSecuritySecurity
UserUserInterfaceInterface
DataDataObjectsObjects
Services –Services –Web & SOAWeb & SOA
WorkflowWorkflow/Process/ProcessAccess/Access/
Roles/Roles/PrivacyPrivacy
Data AssetData AssetPreservationPreservation
TechnicalTechnicalRequirementRequirement
InformationInformationStreamsStreams
Objective: Value/BitObjective: Value/BitMOE = OODA loop compression; Data at rest MOE = OODA loop compression; Data at rest within OODA loop; Mission performance metrics, within OODA loop; Mission performance metrics, e.g. probability of kill, casualty rate, etc.e.g. probability of kill, casualty rate, etc. Objective: Re-Objective: Re-
usableusableMOE = Technology MOE = Technology registered; IP registered; IP license available; license available; Open standards Open standards interfacesinterfaces
Objective: IntuitiveObjective: IntuitiveMOE = Time required to MOE = Time required to achieve proficiencyachieve proficiency
Objective: ProtectObjective: ProtectMOE = Degree of MOE = Degree of vulnerability vulnerability Introduced Introduced
Objective: Discover in contextObjective: Discover in contextMOE = Meta-data registered w/rt MOE = Meta-data registered w/rt content, context, & content, context, & administrationadministration
Objective: ShareObjective: ShareMOE = Rules for dynamic MOE = Rules for dynamic data access control defined, data access control defined, enforced, and audited enforced, and audited
Objective: Mash upObjective: Mash upMOE = discoverable, self-MOE = discoverable, self-described & commercial described & commercial standard open interfacestandard open interface
Objective: StreamlineObjective: StreamlineMOE = speed of executionMOE = speed of execution
Objective: Useful Objective: Useful persistence & redundancypersistence & redundancyMOE = Life cycle MOE = Life cycle maintenance and “sunset” maintenance and “sunset” criteria defined criteria defined
Adaptive Collaborative Validation & Verification Measures of
Effectiveness (MOE)
RISK
REWARD
DataDataSecuritySecurity
UserUserInterfaceInterface
DataDataObjectsObjects
Services –Services –Web & SOAWeb & SOA
WorkflowWorkflow/Process/Process
Access/Access/Roles/Roles/
PrivacyPrivacy
Data AssetData AssetPreservationPreservation
TechnicalTechnicalRequirementRequirement
InformationInformationStreamsStreams
Adaptive Collaborative Validation & Verification
Discoverable by CND, s/w assurance, ID, and pub/sub services?Discovers CND, s/w assurance, ID, and pub/sub services?
Use case, MOEs, and SLAs defined? Acceptable latencies? Acceptable speed to capability?
Discretionary access rules registered?Binds to ID services?
Meta-data registered w/rt content, context, and admin?
Basic IA compliance?Binds to IA services?CND & s/w vulnerability assessment OK?
Technology registered?Technology reuses capability?Technology is easily licensed? Technology employs open standards?
Mission simulation verifies value added per MOEs and service level targets? Operator training time OK?
Operator proficiency score OK?
Technology refresh model OK?
Candidate Enterprise Capability Module
(ECM)
JBI E
nterprise Service B
us
High Assurance Platform (HAP)
System Assurance OS layer (COIS?)
TAB TAPETrustedService
Engine (TSE)
Network A
Network B
Network C
Resources
Resources
Resources
CAC
Trusted:DiscoveryMessagingMediationESM
NCES legacy
NCES On Ramp
To BeNR-KPP compliant application
Service
DGInetJumpstart
ToolkitC/JMTK
M2MI VIRT engine
3DVE Registry
To be NCES Foundation Service
V-LDAPOther JBI ESB Middle Ware
PatrolNET
= Later spiral enterprise service
= S2OAF spiral 0
Other legacy
Test Services
NR-KPP tested capability module
= NCES enabled application or utility Operating System
On Ramp
18 Month Pilot Series:•Global Strike + TST COI•NSA Identity Services C&A• NCES, NECC, CANES programs•Deliverables every Quarter•“Flag Day” Trident Warrior 08