300 likes | 2.58k Views
335 th TSC. Track 7: 335 th Theater Signal Command (TSC) Transformation to 335 th Signal Command Theater (SC(T)). A Flatter World in SWA and Active Directory Consolidation. Session 5 22 AUG 07/1300-1400. LTC Mark Hoyt, 160 th TNOSC Director Mark.v.hoyt@swa.army.mil.
E N D
335th TSC Track 7: 335th Theater Signal Command (TSC) Transformation to 335th Signal Command Theater (SC(T)) A Flatter World in SWA and Active Directory Consolidation Session 5 22 AUG 07/1300-1400 LTC Mark Hoyt, 160th TNOSC Director Mark.v.hoyt@swa.army.mil
To discuss how to improve NetOps in Southwest Asia inspired by Thomas Friedman’s book “The World is Flat.” Purpose
The Premise of the World Is Flat Networks are Joint The Primary NetOps organizations in SWA USCENTCOM Five NetOps Functional Areas Flattening NetOps Functional Areas in SWA NetOps Reporting Information Systems Operations Network Engineering IA & CND Knowledge Management Example of Flattening - Active Directory Consolidation in Iraq Summary and Suggestions Questions and Comments Agenda
In a flat world information is readily available at any location. Assuming adequate connectivity to a network an organization can improve its capability and/or efficiency by several means. However, the inference is the following must be true for SWA: Our networks and information systems have to be “flat enough” NetOps organizations have to trust each other – networks and systems don’t have clear borders which will create conflicts in ownership If the above are true an organization can gain efficiencies by: Outsourcing – is there a place where some work can be performed at the same level, and more efficiently? In-forming – ensuring that all people with requirements have access to all information that is pertinent to them, because dissemination usually requires centralization Identifying and eliminating redundancy – gets rid of unnecessary layers, creates efficiency and speed of response The good news - NetOps in SWA works, people have the best communications ever available to a warfighter, but can it be better? The Premise of the World is Flat
All networks are joint, because DISA owns the Tier 0 - the problem is how do we establish a proper and flat relationship between joint NetOps organizations and service or component NetOps organizations to prevent redundancy and promote good relationships between communication organizations Services provide portions of the network, especially for all regions not associated with a JTF, e.g. Qatar, Bahrain, Kuwait, Oman, Kyrgyzstan Service NOSCs are permanent (or more enduring) They have an established network relationship with units deploying from their service They are supported by a global NOSC (NTOs) They are more likely to have a common toolset JNCCs are stood up to provide adequate NetOps support for a JTF and therefore: Are “one-off” based upon the mission – they don’t exist before or after the JTF Specialists in understanding client-server relationships Have portions of their network and services provided by the more permanent service organizations Gap fill for needs Create new seams in ownership in the network when they are stood-up -because they are new Networks are Joint(but Joint doesn’t make them Flat)
TNC CENT – the combined TNCC and TNC for SWA, TACON to USCENTCOM JNCC-Iraq Handles all TLA stacks in Iraq (minus Air Force and Marine) Manages the Iraq and Iraq-s Forest Manages and/or monitor IA/CND for Iraq 24x7 Operations Center JNCC-Afghanistan Handles intra-Afghanistan routing DAA Authority over systems (e.g. firewalls, patching) Splits management on the Afghan Domain Receives multiple services from the SWA TNOSC SWA TNOSC Provides NetOps support for Army components in SWA Handles all TLA stacks for the Army outside of Iraq Runs the SWA Forest for Kuwait, Afghanistan, Qatar and Bahrain 831st Provides IDS for SIPR, NIPR to include Iraq ACCC/NOSC Handles all Air Force TLA stacks Provides CSIDs for all stacks in theater Handles all Air Force IA/CND Provides the CENTAF Forest Primary NetOps Organizationsin SWA (Joint and Service)
Flattening NetOps Functional Areas in SWA
CENTCOM NetOps Functional Areas SWA can be flattened, but all functional areas affect all others, they are interrelated
SIG BN DIV AF BASE NOC SIG BDE SWA TNOSC NETCOM A2TOC TACTICAL TACTICAL SIG BN DIV SIG BN SIG BN SIG BN CENTAF ACCC MEF TACTICAL DIV MNFI/MNCI JNCC-I CJTF-82 JNCC-A CENTCOM TNC-CENT TCF TCF TCF TCF TCF TCF TCF NetOps Reporting in SWA REGIONAL BASE/POST/CAMP THEATER NetOps Relationship
All NetOps organizations need to see all NetOps information that applies to them, this requires seams to be removed in reporting (compatible information) Network Monitoring Tools can be different, but must be compatible Both tactical and fixed/commercial organizations must provide SA SA must be available to all NetOps organizations that need them - flat In a joint and flat world there is always more than one person to report to, Requires a standard reporting schema Two NetOps organizations may track the same issue, but might have different requirements for SA The goal should be to have the unit make one report available to many recipients The information must be correct and detailed – it must be flat (available) Multiple entities must have the permissions to contact the reporting agency There must be a RFI process – the ability to get answers to questions rapidly, without having to go through multiple layers of command, one question – one answer All organizations must understand the requirement to make information available and respond to questions, and follow centrally well defined CCIR Flattening NetOps Reporting
SIG BN SWA TNOSC TACTICAL SIG BN SIG BN SIG BN DIVISION AF BASE NOC DIVISION MEF MCCC TACTICAL TACTICAL TACTICAL CENTAF ACCC CJTF JNCC-A CENTCOM TNC-CENT DISA MNFI JNCC-I TCF TCF TCF TCF TCF Theater Network Engineering TIER 0 TIER 1 TIER 1.2 TIER 2 TECHCON
The network requires fewer players in the TLA stacks – its not a specialty skill, and it should be done by the services There will be TLA stacks in Oman, Kuwait, Qatar, Bahrain, HOA, Sinai, Kyrgyzstan TLA stack administration should be centralized – lots of redundancy The military needs to centralize experts The services are in cheaper areas, contractors cost 50 to 66% in Kuwait and Qatar when compared with Iraq and Afghanistan TLA stacks and enterprise management can be outsourced, but The JNCCs will need local support The support must be in the same time zone, to be responsive In a flat network, Qatar and Kuwait should be the primary sites because the sites are more enduring, cheaper to man, have better connectivity - and in a flat world could COOP each other Flattening Network Engineering
SIG BN SIG BN CENTAF IDS MEF DIVISION CENTAF CSIDS SIG BN SIG BN SIG BN DIVISION AF BASE NOC TACTICALSITES SWA TNOSC IDS MNFI JNCC-I CJTF JNCC-A CENTCOM TNC-CENT TCF TCF Theater Computer Network Defense TIER 1/2 TIER 2 TIER 0 TIER 1 JTF’S HAVE DAA AUTHORITY - FIREWALLS NOTE: RCERT SWA DOES TROUBLE TICKES AND INVESTIGATIONS FOR IRAQ
Minimizing domain and forests in an AOR is critical to having uniform and controllable security policies in that AOR There is only one RCERT in the theater – it responds to Tier 1.2 IDS tickets from the Army – this should be leveraged for the entire theater Data storage, CAC/PKI implementation and Switch Security need to be standardized lack of standards is hurting security, especially below the Tier 2 only the chain of command has the enforcement function this requires JNCCs to control their information resources within their AOR In a flat SWA world, standards and policies for the minimum standard must come through one source – that should be the Combatant Command, service policies can be stricter, but not less than the CC policy – should be coordinated, the CC is the only organization that everyone recognizes must reduce waivers, because of the weakest link problem Flattening Computer Network Defense
ARCENT G6 CENTAF A6 CENTCOM TNC-CENT DISA JNCC-A JNCC-I Theater Content Staging and Information Management Army Component + Kuwait, Qatar COMMS-I Afghanistan Iraq COMMS-I Air Force Component + Kuwait, Qatar, Oman, Kyrgyzstan
Defined here as “ensuring the warfighter has the right information at right time” - the most important of the pillars – all others enable this This is the “specialist skill” of a JNCC, and therefore they need NetOps SA and control of local NetOps systems Only a JNCC can provide an understanding of all the component networks and systems, this is important for: determining operational impact providing NetOps information for communications integration coordinating ASIs that affect multiple services ensure redundant paths obtain provisioning and trend analysis information – to allow better data flow Neither the SWA TNOSC or ACCC/NOSC are manned to provide true knowledge management, which requires a direct interface to operations centers. All implementations require the services as supporting organizations to be responsive to the prioritization of the JNCCs (only they can gain a true understanding of the priorities) Flattening Content Staging and Information Management
Example of Flattening Iraq AD Consolidation
IRAQ FOREST JNCC-I CENTAF FOREST ACCC EACH AF BASE DOMAIN ARCENT FOREST (SWA TNOSC) TACTICAL SIG BN SIG BN DIV FOREST ARCENT TACTICAL TACTICAL TACTICAL FOB/COB FORESTS BDE FOREST 1MEF MCCC JNCC-A TCF TCF TCF TCF Theater Simple Active Directory Depiction DOMAINS ENTERPRISE FORESTS OUs Single Sign-On Outside Iraq Inside Iraq Access? AD RELATIONSHIP NOT COMPLETE RELATIONSHIP
Lack of unity in an Active Directory (AD) structure creates problems. For example, there are problems with multiple domains in Iraq. Creates security inconsistencies (SMS/WSUS) Violates Netcentricity by creating seams in Single Sign On and information access Hinders the use of two factor authentication (CAC/PKI) Requires additional servers and system administrators Leads to baselining In contrast a unified AD structure leads to Netcentricity, Allows for confirmable and consistent security policies with accountability Eases system administration – you can see the seams between systems Allows single sign-on and access to information Saves money (system administrators and servers) – and simplifies identifying redundancy Increases mobility - users can have an account throughout an AOR Flattening Information Systems Operations
JTF The Problem Current use of AD by BCTs is not Netcentric SPT BCT How Many Forests? Common GAL? Mobility? BCT AF The Problem Part 2 Over 20 Forests in Iraq
Why Consolidate? • To combine the disconnected Iraq AD Forests and provide a common Iraq Forest • Provide seamless access – allow mobility • Provide centralized enterprise communications support and services • Enhance security to all units within Iraq – common policy • Allow tactical formations to concentrate on SIPR support • Allow users access that don’t belong to a BCT or DIV forest • Merge FOBs and COBs into a common domain on SIPR and NIPR • FOBs and COBs are the normal locations of major headquarters • Merge willing Divisions and BCTs onto NIPR
Consolidation – What is Not Happening • No merger of the SIPRNet • No merger for BCTs that are currently deployed • No forced patching on BCTs • No requirement for the BCT to provide equipment • No usurping of the DAA and his authority • Domain administration will not be done outside of Iraq
Consolidation – What is in it for the BCT • Allows BCT to concentrate on supporting their SIPRNet • Allows BCT to not spend money on unresourced NIPRNet • SMS roll-up/management for your own network • SMS package creation – distribution (not pushed) • Centralized WSUS and AV pushes to BCT • Easier sharing of information via tools (less workarounds – no trusts) • Access to an automated common GAL • Single sign-on in their AOR • Secure AD • DC VPN s • Smart Card for Domain Admin Access • Service Account Security • 24x7 AD Monitoring using MOM and Change Auditor • Ability to move anywhere in the theater below the BCT level and still have access to information
Consolidation – What is in it for Iraq and the theater • Single sign-on in Iraq • SMS roll-up/management • Standardized security using SMS, WSUS and SAV • Better use of resources • Easier sharing of information for the theater (less workarounds) • Everyone on the MIIS GAL • 24x7 monitoring on AD in Iraq • Ability to move Brigades anywhere in the theater • What Else: A potential change for Army strategy concentrating on netcentric deployability for modular units
In SWA NetOps the functional areas are tightly integrated, but all are done differently by country, and by organization – this requires great coordination and flattening of information Often the biggest problem is the lack of trust between organizations. In extension all organizations feel they have to control something for it to be responsive. There are many reasons to flatten SWA NetOps: Makes a more user friendly and available network Leads to a better and more capable network Allow for the establishment of a true NetCop It provides better, more responsive, uniform and controllable CND It would save millions of dollars It allows for concentration of expertise It makes it easier for units and personnel to move in the theater It makes it easy to identify redundancy Summary of The World is Flat