130 likes | 666 Views
AF Transformation 2011. Frank Konieczny AF Chief Technology Officer SAF/A6 Warfighting Integration and Chief Information Officer March 2011. Major Drivers. S ECURITY. F UNDING. Congress budgetary discussions $ 1B+ Cut over the FYDP AF Efficiency Initiatives. T ECHNOLOGY. C ULTURE.
E N D
AF Transformation 2011 Frank Konieczny AF Chief Technology Officer SAF/A6 Warfighting Integration and Chief Information Officer March 2011
Major Drivers SECURITY • FUNDING • Congress budgetary discussions • $ 1B+ Cut over the FYDP • AF Efficiency Initiatives • TECHNOLOGY • CULTURE • Thousands of new products and services every year • Global Providers • IT Acquisition Reform • Airman expectations • Social Networking • Mobility 98% of stolen records linked to criminals outside orgs (Verizon 2010 Data Breach Investigation Report) 73,000 new malware strains per day during the first quarter of 2011 (PandaLabs Q1 Report))
Efficiencies Transformations • Implementing AF-wide enterprise core services (e.g., email) • Consolidating data centers and associated servers • Further consolidating AF IT purchases • Reducing the number of AF firewalls, Internet gateways, and associated infrastructure, while maintaining or improving security • Reducing commercial Satellite Communications (SATCOM) costs by centralized purchasing and provisioning of services • Migrating current and developmental applications, services, and data to an AF standardized IT environment • Reducing telecommunications costs by integrating voice, video, and data services on the network – Unified Communication and Collaboration 3
Transforming System Development As - Is Infrastructure To - Be Infrastructure Transformation • Web Services • Increased Flexibility • Reduced Duplication • Enterprise Authentication & • Authorization • Increased Security • AF-wide Access • Virtualization • Reduced HW Rqmts • Reduced Facilities Costs • Blade Processors • Reduce Data Center Rqmts • Enterprise SW Licenses • Increased Standardization • Reduced Cost • Virtualized Storage • Increased Responsiveness • Enterprise Data • Authoritative Data Sources • Data De-duplication Web Web Web Services Services Services Program Services Work Flow Reliable Messaging Program-centric Infrastructure Authentication Windows Linux Authorization Virtualization Layer Consolidated Enterprise IT Baseline Based Configuration Blade Processors Metadata Virtualized Storage Environment Enterprise Data Different development teams in the enterprise, if not properly guided or monitored, may tend to choose the path of least resistance or resort to technologies that they are familiar with, which can add to integration complexity. Take Charge of Application Integration Chaos; A-G Magazine, 15 Sep 10
Transformation Cloud Services Business Services Information Services SaaS -Application Services Management & Security PaaS -App Infrastructure Services IaaS - System Infrastructure Services Cloud Enablers • Investigating all service layers • IaaS/PaaS architecture specified by the AF (standards, protocols, GOTS/COTS, web services, etc.) • AF Consolidated Enterprise IT Baseline drives specification to ensure system networthiness • AF determined SLAs • Secured Hypervisor Concerns 5
Web Services Delivery Transformation Web services paradigm for optimizing development reuse and cloud performance/ flexibility Web Services for accessing authoritative data sources Security Extensions Policy Based Access Controls – ABAC/RBAC Authentication and Authorization at each access point for exposed web services Security challenge to “ensure” a security (non tampered) path from user to data source and back
Depth in Depth Security Transformation Unauthorized or Authorized Access • Full Spectrum Attacks • Data Stolen/Altered • Applications Compromised • Networks Still Targeted 285 million records compromised in 2009Verizon 2010 Data Breach Report Traditional Focus Data Apps S/W Network Shifting Focus Securing the “Work” of the Network in Addition to the Network
End-End Security [WS-Security] Application Application SOAP SOAP HTTP HTTP TLS/SSL TLS/SSL TLS/SSL TCP TCP TCP IP IP IP MAC MAC MAC End-to-End 2-Way Authentication Intermediaries Service Invoker Service Provider Web Services Security (Authentication, Integrity, Confidentiality, Non-Repudiation, Access Control (SAML)) SSL (Integrity, Confidentiality) UNTRUSTED NETWORK SSL Endpoint SSL Processor or HTTP Service Service Implementation Code Client Application
Communication/Collaboration Transformation Dual Persona Playbook ATRIX 4G Dual Persona Playbook Gesture Recognition Rich Presence • Willingness, ability and preference of a users’ communication • Intelligent voice, messaging, time-sensitive task/doc routing Instant Messaging • One-click access and easy escalation to chat, voice and VTC Voice and Voice Conferencing • Find contacts quickly, dial and easy escalation to VTC Unified Messaging • Voicemail to email/vice versa; chat to e-mail Video P2P and VTC • Simple initiation/easy escalation to conf (desk top and suite) Video Broadcast • Commanders message, Emergency message, etc Desktop Collaboration • Desktop sharing, briefings / presentations and file transfer Mobile User Access • Smartphone, LMR, Web, bandwidth tolerant Cross Domain (security, functional)
Single Integrated Network Environment F-15E MUOS Commercial WGS AEHF Space Net Enabled ISR RQ-4 We must be able to work High High Alt Gateway Relay • between layers • between networks Net Enabled Nuclear Response High Capacity Backbone • between environments When required RC-135 E-3 B-52 Aerial E-2 B-52 Link-16 B-1 B-2 F-22 MQ-1/9 Legacy TDLs Voice Net Enabled C2 ISR C-17 KC-135 E-8 Advanced TDLs SADL EC-130 F/A-18 Net Enabled MAF F-15C VMF Mid Alt GatewayRelay Medium F-16 F-35 CAOC DCGS JFACC Op Net Mgt ERMP F-35 Low A-10 Net Enabled Attack / Weapons Net Enabled SOF Terrestrial H-60 ASOC Tact’l Net Ops CRC Tact’l Net Ops ADC II X TOC DCGS JFLCC Op Net Mgt XX Permissive JFMCC Op Net Mgt Contested Anti-access Joint Aerial Layer Network (JALN) Initial Capabilities Document (ICD) AF OV-1
How Do We Get There? IRIS: Internet Router In Space X-37B Secure cloud computing solutions Guaranteed information assurance Consolidated Enterprise IT Baseline Library of capability-based services & applications Commoditization of Edge Devices Operational applications Reliability at reduced costs Industry Partnership