Radiant Mercury Update to CDSE Workshop x4270 • Kontron CP308 ... Radiant Mercury Support Modeling...
Transcript of Radiant Mercury Update to CDSE Workshop x4270 • Kontron CP308 ... Radiant Mercury Support Modeling...
PEOC4I.NAVY.MIL
Integrated Information Warfare for the
21st Century
19 July 2016Dennis E. Bowden
Radiant Mercury Technical Director703-633-3943
[email protected]@scmis.nro.smil.mil
Program Executive OfficeCommand, Control, Communications, Computers and Intelligence (PEO C4I)
Radiant Mercury Update to CDSE Workshop
Darlene Gunter PMW 130 Cross Domain APM
619-524-7344darlene.gunter1@navy.(smil).mil
Agenda
• Intro • Capabilities• Detailed Versioning Table • Plans• RADMERC 6.0 Overview
3
BD[1
Slide 2
BD[1 Bowden, Dennis [USA], 2/1/2016
Intro
• RADMERC is a Navy Abbreviated Acquisition Program (AAP) minimally funded through the FYDP
• Operates on a fee-for-service basis • Operates globally supporting the DoD, Intelligence
Community (IC) and Foreign Military Sales (FMS) systems from tactical through strategic level operations
• Large message / data format library available for reuse by other RADMERC customers
4
Agenda
• Intro • Capabilities• Detailed Versioning Table • Plans• RADMERC 6 Overview
5
Capabilities
• RADMERC 5.1.1 is current UCDSMO baseline version Runs on Oracle Solaris 10 with Trusted Extensions (10TX)
Operating System (OS) Supports both formatted and unformatted data types SABI, TABI and TSABI
• A “single box” solution allowing simultaneous data transfer between multiple security domains
• Operates on a wide variety of customer-provided x86 hardware platforms Fully leverages modern multi-core processors
6
Deployed PlatformsSpecific to v5.X
• HPDL380(G6/G7/G8),
DL385, DL360(G6/G7), DL580(G7), z420
• DellR300, R600, R610, R710,
R720, 1950, 2950, R815
• IBMx3650
• Crystal ComputersRS-235, RS-255 RS-
111S13, RS-112RE-412 *tested only
• Oracle/SunX4170, x4270
• KontronCP308 AM4011
• Curtis WrightVPX3-1257VME-1901
• Themis• Core Systems• Germane
7
Capabilities
• Flexible data transfer mechanisms Streaming Sockets: TCP and UDP sockets supporting
COP, simulation, VoIP, video, NTP, etc. File-based: Secure FTP supporting imagery, MS Office,
PDF, video, etc. Java Messaging Service
• Secure communication using HTTPS Concurrent Socket channels can be optionally
configured to use SSL/TLS to secure their TCP communications
8
Capabilities
• Cross Domain Web and Cloud Services Promotes scalability, collaboration and sharing of resources Full support for REST and SOAP based web services
• Secure communication using TLS Concurrent Socket Input and/or Output channels can be
optionally configured to use SSL/TLS to secure their TCP communications
• Cross Domain Collaboration - Chat, Whiteboard, Wiki Provides the Cross Domain component for deployed
collaboration tools• XML Validation and Transformation
9
Capabilities
• Message Analysis and Generation (MAG) parser/ formatter and rules engine MAG engine breaks message data content into specified fields
or sections MAG and Rules engine validates data integrity by verifying
syntax and range checking
• RADMERC is a multi-homed device Multiple network interface cards (NICs) – one per security
domain Establishes connections with multiple hosts over a single NIC Data flows uni- or bi-directionally over each connection
10
The ‘MAG’ allows RADMERC to be highly configurable
Capabilities
• Cross Domain System SNMP Monitoring allows RADMERC to be monitored via SNMP like any other device on the network Based on the NSA defined CDS-SNMP MIB
• Reliable Human Review (RHR) allows unformatted data to be reviewed by a human before it is sent high-to-low Windows Desktop Digital Signature (WinDDS) Workflow tool
facilitates the RHR
• Remote Monitoring options Enabled remote access to management console Established server-client relationship between multiple
RADMERC systems to allow for centralized change control
11
Not-so-typical Capabilities
• Dynamic Rule Set Rule set updated automatically (FBCB2, JSF)
• Load balancing and failover (ADMACS)• Periods Processing (SSN / SSGN)
Network classifications based on mission - 17 approved configurations
• Large Configurations 1200 Channels (FBCB2) 8 Classifications (NCCT)
• Repeatable Accreditation Process (SSNs, NAVMACS, WIN-T)
• Headless operation (USAF B2 aircraft)
Radiant Mercury’s flexibility can handle unlimited CONOPSRadiant Mercury’s flexibility can handle unlimited CONOPS12
Sample Supported CONOPS
Function of Data Flow Radiant Mercury Support
Modeling and Simulation Support
RADMERC processes 1000s of Distributed Interactive Simulation Protocol Data Unit (DIS PDU) messages-per-second
Command and Signal Support
Real-time remote commands to automated devices (e.g., unmanned vehicles, sensor controls, antenna tracking, GBS bandwidth allocation)
Cross Domain Network Management
Device status and control via Simple Network Management Protocol (SNMP) based on the NSA defined CDS-SNMP MIB 1.0.8. Network Time Protocol (NTP) synchronization
Surveillance and WarningInformation about Missile Launches. This is critical information to the Missile Defense Agency (MDA) and the SEW program. It has been enhanced to include data for targeting
Situational Awareness Common Operational Picture, Blue Force Tracking
Database Record Transfer RADMERC supports cross-domain database replication of Logistics and Intelligence databases
Cross Domain Cloud and Web Service
RADMERC facilitates cross domain standards-based query/response web services
National and Tactical Imagery Dissemination
RADMERC is the only Cross Domain Transfer Solution with the capability to sanitize imagery metadata, re-label it for foreign release, and reformat the resulting National Imagery Transmission Format (NITF) product
13
Agenda
• Intro • Capabilities • Detailed Versioning Table • Plans• RADMERC 6.0 Overview
14
BD[1
Slide 13
BD[1 Bowden, Dennis [USA], 2/1/2016
Version
Version Rationale for Change4.X • On sunset list and we are working to upgrade these systems
5.0 • Port from TSOL 8 (end of life) to Solaris 10 with Trusted Extensions from TSOL 8
5.0.1 • Fixed issues identified during 5.0 certification
5.1 • Added new features including support for JMS (Java Message Service), SNMP (Simple Network Management Protocol), HTTPS
• TLS/SSL Channel• Improved MAG Engine Performance
5.1.1 • RADMERC current version being deployed• Enhanced configuration activation time and concurrent socket output
channel to handle higher load• Fixed issues identified in 5.1
6 • Port capabilities to RHEL 6 (SELinux) - additional security features• Lab Based Security Assessment in CY 2016
15
Version
• Three digit number separated by “.”• First Digit
Major Build (i.e. new Operating System)
• Second Digit Moderate Build - functional or security related
improvements
• Third Digit Minor patch - correct deficiencies (functional or security
related)
• Operating System Patches / IAVAs• Closely aligned to NSA’s new versioning policy
16
Agenda
• Intro • Capabilities • Detailed Versioning Table • Plans• RADMERC 6.0 Overview
17
BD[1
Slide 16
BD[1 Bowden, Dennis [USA], 2/1/2016
Plans
• RADMERC 6.0 certification and placement on the UCDSMO baseline is our highest priority
• Improve ease of use while maintaining compliance with DoD and IC guidance
• Explore support for NSA’s “Sidecar” protocol and Filter Componentization Effort to improve filtering capabilities
• Adapt and enhance RADMERC to become a pre-installed, remotely managed appliance Model after commercial firewalls/routers Solution for tactical users such as Navy’s P-8A program
18
Agenda
• Intro • Capabilities • Detailed Versioning Table • Plans• RADMERC 6.0 Overview
19
BD[1
Slide 18
BD[1 Bowden, Dennis [USA], 2/1/2016
RADMERC 6.0 Overview
Oct 2013: Pre Security Design Review (SDR) with NSA Nov 2014: Formal SDR with NSA and UCDSMO Dec 2015: Software Development Completed Mar 2016: UCDSMO RADMERC 6 LBSA discussions May 2016: Software FAT and Alpha Completed 27 Jun 2016: SDR at CERDEC facility, Aberdeen
Proving Grounds, MD July-Dec 2016: LBSA Jan 2017: SAO (planned)
20
Radiant Mercury - Points of Contact
Darlene Gunter, CDS [email protected]
(619) 524-7344
Dennis Bowden, Technical [email protected]
(703) 633-3943
John Rubel, IV&V [email protected]
(703) 400-6909
Kevin Miller, Lockheed Martin [email protected]
(303) 932-4786
21
Visit us at www.peoc4i.navy.mil
We Deliver Information Warfare Capabilities to the
Fleet.