1 / 12

AURA MOWG EMOS & IST Re-Engineering 2 October 2007 Pat Johnson

AURA MOWG EMOS & IST Re-Engineering 2 October 2007 Pat Johnson. Agenda. IST Online 2-factor Re-engineering Status IST Online schedule IST ONLINE Current Design Architecture IST ONLINE Redesign Architecture NASA Provided COTS to IOT IOT IST Opscon Impacts IST issues IST DMZ Future Plans

olympe
Download Presentation

AURA MOWG EMOS & IST Re-Engineering 2 October 2007 Pat Johnson

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AURA MOWGEMOS & ISTRe-Engineering2 October 2007Pat Johnson

  2. Agenda • IST Online 2-factor Re-engineering Status • IST Online schedule • IST ONLINE Current Design Architecture • IST ONLINE Redesign Architecture • NASA Provided COTS to IOT • IOT IST Opscon Impacts • IST issues • IST DMZ Future Plans • EMOS Status • Q&A

  3. IST Online Re-engineering Status • Testing replacement of RSA KeyFOB license server • Current server has a limited user license (up to 50 users) and was an interim solution to get MMS IST re-engineering implemented • New server will accommodate 75+ IST users between Terra, Aqua, Aura that includes IOTs, FOT engineers, System Administrators and Engineers, and Developers • The server replacement will be performed after the Online 2-factor implementation

  4. Schedule • Activities prior to Parallel Ops • IOT Review(s) & discussions – Aug/Sept. 2007 • AMSR-E session with MOWG on Aug. 16th • Aug. 22 session with MOPITT, CERES, HIRDLS/UK, OMIS Dutchspace • Aug. 23 session with AIRS • Aug. 27 session with MISR • Sept. 24 session with ASTER • Oct. 2 session planned during AURA MOWG • Pre Ship Review – Oct. 2007 • Remote site IPSec Client installation – Oct/Nov. 2007 • IOTs using separate PCs for Online and MMS will need to coordinate with EOC on firewall rules for Online PC as was done with the MMS effort recently • Parallel Ops start – Nov/Dec. 2007 • ORR – Dec.. 2007

  5. ONLINE IST Current Design Architecture closed-EBNET Firewall EBNet Firewall DMZ Firewall Remote User 1 Terminal Services EOC Terra ONLINE hosts ONLINE server Terra Online IST Terra Online IST Internet Remote User 2 TS EOC Aqua ONLINE hosts ONLINE server Aqua Online IST Remote User 3 TS Aqua Online IST Remote User 4 TS EOC Aura ONLINE hosts ONLINE server Aura Online IST Remote User N TS Aura Online IST EOC IST DMZ Encrypted Traffic Remote User firewalls are not shown

  6. ONLINE IST Redesign Architecture closed-EBNET Firewall Open EBNet Firewall DMZ Firewall Remote User 1 IPSec VPN client & Terminal Services EOC Terra ONLINE hosts ONLINE server Terra Online IST Terra Online IST Internet Remote User 2 IPSec VPN client & TS EOC Aqua ONLINE hosts ONLINE server Aqua Online IST IPSec VPN & KeyFOB Servers Remote User 3 IPSec VPN client & TS Aqua Online IST Remote User 4 IPSec VPN client & TS EOC Aura ONLINE hosts ONLINE server Aura Online IST Remote User N IPSec VPN client &TS Aura Online IST EOC IST DMZ Encrypted Traffic Remote User firewalls are not shown

  7. NASA Provided COTS • COTS • IOTs already have the Terminal Services client software, provided by NASA • VPN client software will be provided by NASA with install instructions and user guide • For those IST users who have separate Online PCs from MMS • User PCs being used for both MMS and Online have the VPN client installed already (no changes are needed) • Hardware • IOTs have Online PC at their location now • NASA will provide KeyFOBs, if needed, and user instructions • Current design will allow an IST user to use the KeyFOB assigned to them for both MMS and Online and FTP server DMZ access • KeyFOBs are not to be shared among users

  8. IOT Opscon Impacts • New layered architecture requires multiple logins by the user • For Online: VPN/KeyFOB login, Terminal Services Online IST DMZ login • The IPSec client software prevents other logins to the remote user terminal machine • Prevents back-door hacker attacks • When connected to the IST DMZ, cannot connect to any other machine • NFS mounts to other IOT machines are ‘turned off’ only during Online session • Remote User printing impacts • Printing features allow for locally printing files from the IST’s DMZ file system • Cannot print to IOT network printer while connected to IPSec VPN • Improve security with Online IST interface to meet NASA standards • Adding 2-factor login authentication (KeyFOB) for remote access to EOC DMZ ISTs • Adding IPSec VPN client to restrict access to the IOT PC while IOT logged into the DMZ IST

  9. IST Related Issues • Secure copy of planning products to HIRDLS UK and MISR Linux box EOS Engineer working with the IOTs on this issue • MMS error message on secure copy of planning products to ASTER EOS Engineer investigating issue • MISR intermittent time outs - MIITS DR EMOS00013 (was EMOS_R0631) NASA awaiting firewall rule update to allow more testing to identify problem • MISR IST data not updating when logoff VPN connection but IST session left up MIITS DR EMOS00012 (was EMOS_R0632) • IST Save file from Online IST DMZ to local user PC IST is slow Known problem with using Terminal Services Recommend using the FTP DMZ file server for file transfers

  10. IST DMZ Future Plans • Future Plans for IST DMZ • Provide MMS reports and FDS planning products to FTP DMZ Server • Replace the RSA server with RADIUS RSA server - to add more internal security checking capability (possibly mid to late 2008) to meet new NASA security standards • Will coordinate any IST outages with the users • Devise an Analysis (trending system) IST solution (year 2009) • This will occur along with the Analysis system upgrade - trade study and design analysis is planned for mid 2008 • Design and Implement a ‘Remote IST Interface from anywhere’ • The design and prototyping work is planned to occur in early to mid 2008

  11. EMOS Status • Completed: • Promotion of Terra MMS 14.1.17 delivery to Operations on 8/3/07 • Aura Online build 16.1.13 to Operations in July 2007 • In Progress: • Designing and testing the replacement of old Cabletron switches to newer CISCO 6509 switches • Transition planned to occur between mid October 2007 to December 2007 • Could be a major impact to Operations • Aqua Build 16.1.13 Online & Analysis delivery is no-earlier-than January 2008 • Terra Analysis & Online build update planned for mid 2008 • Updating the Backup EOC at Goddard with MMS & Analysis subsystems in 2008 • Looking at consolidating MMS servers and upgrading to Sun Ultra 60s (from old Ultra 1s, 2s, 5s)

  12. Q & A

More Related