1 / 15

Architectural Solutions for the Joint Information Environment

Architectural Solutions for the Joint Information Environment. Jerry Bass Customer Solutions Architect, CISSP Air Force / Navy Operation gbass@cisco.com – 978.936.4012. JIE Systems / Capabilities Architecture Systems: Campus, DC, Core Capabilities: UC, Cybersecurity , Sustainment.

gus
Download Presentation

Architectural Solutions for the Joint Information Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Architectural Solutions for the Joint Information Environment Jerry Bass Customer Solutions Architect, CISSPAir Force / Navy Operationgbass@cisco.com – 978.936.4012

  2. JIE Systems / Capabilities ArchitectureSystems: Campus, DC, Core Capabilities: UC, Cybersecurity, Sustainment Enterprise Licensing and Sustainment Unified Capabilities Campus Network Cybersecurity Data Center / Cloud Secure Core Network

  3. JIE Systems / Capabilities ArchitectureSystems: Campus, DC, Core Capabilities: UC, Cybersecurity, Sustainment Deployed Network Enterprise Licensing and Sustainment Unified Capabilities Single Security Architecture Enterprise Management Campus Network Cybersecurity Data Center / Cloud Secure Core Network

  4. Secure Core NetworkSystems Architecture • Share IT infrastructure • High Bandwidth, flexible optical core • IP overlay for application delivery • Single security architecture • Secured gateways to external entities • Common TLA services • Platform for Enterprise Services • Data Center Interconnect • Federated private / public cloud To SWA To NW Asia To CONUS To NW Asia To CONUS

  5. Secure Core Network Systems Architecture Access Aggregation Distribution Core Boundary Services Edge IP-NGNBackbone Virtual Device Contexts Customer Edge Router Firewall Services T Aggregation Router (T-AR) T Provider Edge Router (T-PE) T-CE Router (T-CE) JIE-PE Internet Tactical CDC Session Border Controller Intrusion Detection “Enterprise Information Environment” Provider Core Router S-CE Router (S-CE) S Aggregation Router (S-AR) S Provider Edge Router (S-PE) Campus Network DCA MSAE DCA MSAA JIE-CE Router (JIE-CE) Threat Intelligence Service Reputation Based Filtering SONET / SDH MSPP Anomaly Detection U Aggregation Router (AR) U-CE Router (U-CE) Application Visibility & Control (AVC) ROADM Line Rate NetFlow 802.1AE MACsec 802.1X Access Security Group Tags Wavelength Services URL Filtering / Web Security Carrier Packet Transport Identity Based Access Control

  6. Secure Core NetworkSystems Architecture

  7. Campus NetworkSystems Architecture

  8. Data Center CloudSystems Architecture

  9. Air Force Network L3VPNVRF Design AFGW n AFGW 3 AFGW 2 AFGW 1 • Initially 3 VRFs – Base, AFGW, MGT • Routes are shared between Base and AFGW • Traffic in MGT can’t be reached from AFGW or Base • Additional VRFs for missions or extranets can be set up to connect a subset of bases, with or without external access • Similar model for JIE Add new customers at the MILDEP level Within MILDEP, add COI networks for short or long term missions EXT EXT EXT EXT FW FW FW FW INT INT INT INT Management Site Shared Routes BASE VRF MGT VRF AFGW VRF COI 3 VRF COI 1 VRF SDP B SDP A SDP B SDP A SDP B SDP A SDP A SDP B COI 2 VRF Base 1 Base 2 Base 3 Base n

  10. Joint Regional Security Stack (JRSS)Centralized, virtualized cybersecurity suite • Provide full visibility at all levels; intra-base and intra-agency • Full and consistent suite at every Camp / Base / Post / Station • Multi-tiered design; C/B/P/S tier and Agency tier • System can be centrally managed but policy control can be distributed to each agency • Reduced hardware and reduce O&M costs; increase scalability • Survivable; both local and regional redundancy

  11. Joint Information Environment Operational Architecture -- Capability End State Coalition Forces Computing Data • Defensibility/Redundancy/Resiliency • Federation/Shared Infrastructure • Enterprise Services • Identity Access Management • IC/Mission Partners Deployed Environment “Enterprise Information Environment” APEX Navy ERP AT21 DCO AFATDS CloseCombat TM Airmen Fundamentals iEHR Enterprise Mail Defense Travel Mission Applications Applications Computing Data “Enterprise Information Environment” Home Mobil (TDY/Deploy) Future Devices Work Access at the Point of Need

  12. Secure Core Network Systems Architecture Access Aggregation Distribution Core Boundary Services Edge IP-NGNBackbone Virtual Device Contexts Customer Edge Router Firewall Services T Aggregation Router (T-AR) T Provider Edge Router (T-PE) T-CE Router (T-CE) JIE-PE Internet Tactical CDC Session Border Controller Intrusion Detection “Enterprise Information Environment” Provider Core Router S-CE Router (S-CE) S Aggregation Router (S-AR) S Provider Edge Router (S-PE) Campus Network DCA MSAE DCA MSAA JIE-CE Router (JIE-CE) Threat Intelligence Service Reputation Based Filtering SONET / SDH MSPP Anomaly Detection U Aggregation Router (AR) U-CE Router (U-CE) Application Visibility & Control (AVC) ROADM Line Rate NetFlow 802.1AE MACsec 802.1X Access Security Group Tags Wavelength Services URL Filtering / Web Security Carrier Packet Transport Identity Based Access Control

  13. Campus NetworkSystems Architecture Application Software Virtual Machines Compute Storage / SAN Endpoints Unified Access Distribution Core Boundary Services Edge IP-NGNBackbone Virtual Device Contexts Site-to-Site Dynamic VPN LSC Call ControlPublisher / Subscribers Firewall Services Survivable Remote Site Telephony Intrusion Detection Customer Edge Router Unity ConnectionVoicemail Tactical CDC Internet Session Border Controller Emergency Responder E911 Services Installation Processing Node (IPN) Unified Presence Services Threat Intelligence Service Personal / Immersive Telepresence Unified Access Wired / Wireless Virtual Switching System Virtual Device Contexts Application Visibility & Control (AVC) Virtual Firewall Edge and VM IP Phones / Soft Clients Identity Based Access Control Backplane Stacking(StackWise) Community of Interest Networks URL Filtering / Web Security Mobility Endpoints 802.1X Access Security Group Tags Line-Rate NetFlow Identity Based Access Control Universal Power over Ethernet 802.1AE MACsec

  14. Data Center / CloudSystems Architecture Application Software Virtual Machines VSwitch Storage and SAN Compute Access Aggregation and Services Core Edge IP-NGNBackbone Virtual Device Contexts Virtual Device Contexts Secure Domain Routing Customer Edge Router Firewall Services Tactical CDC Internet Fabric-Hosted Storage Virtualization Intrusion Detection Session Border Controller Storage Media Encryption Service Profiles Virtual Machine Optimization Port Profiles & VN-Link Fiber Channel Forwarding Threat Intelligence Service Line-Rate NetFlow Fabric Extension Port Profiles & VN-Link Web Reputation Application Control (SLB+) Virtual Firewall Edge and VM Service Control URL Filtering Virtual Contexts for FW & SLB Cyber Threat Defense Email Security Identity / Access Management

More Related