370 likes | 920 Views
Cross Domain Collaborative Information Environment (CDCIE) Joint Capability Technology Demonstration (JCTD) Overview. COCOM Sponsor: USJFCOM, USTRANSCOM Supporting COCOMs: USNORTHCOM, USSTRATCOM Service & Supporting Participants: USN, USAF, NSA, DISA, Coalition
E N D
Cross Domain Collaborative Information Environment (CDCIE) Joint Capability Technology Demonstration (JCTD) Overview COCOM Sponsor: USJFCOM, USTRANSCOM Supporting COCOMs: USNORTHCOM, USSTRATCOM Service & Supporting Participants: USN, USAF, NSA, DISA, Coalition OSD Oversight Executive: DUSD (AS&C), Fritz Schulz Operational Manager: USJFCOM J9, Jim Clark Technical Manager: USJFCOM J9, Alyson Miller Deputy Transition Manager: DISA PEO-GES NCES, Capt. Jason Burroughs Briefing ver. 19 12/01/2009 DISTRIBUTION STATEMENT C Distribution authorized to U.S. Government Agencies and their contractors, AUS, NZL, JPN, KOR, SWE, FIN, and NATO member government representatives and their contractors. Other requests for this document must be referred to: U.S. Joint Forces Command 115 Lake View Parkway Suffolk, VA 23435 Attention: Alyson Miller, 757.203.3117
CDCIE JCTD* • Project started in 2004 at USJFCOM J9 • Obtained JCTD rolling start status in 2008 • COCOM Sponsors: USJFCOM, USTRANSCOM • Supporting COCOMs: USNORTHCOM, USSTRATCOM • Service & Supporting Participants: USN, USAF, NSA, DISA, UK, AUS • OSD Oversight Executive: DUSD(AS&C), Mr. Fritz Schulz • Implementation Directive (ID) signed in August 2008 • Transitioning to DISA by the end of FY10 *Joint Capability Technology Demonstration
Whiteboard with Language Translation (CG) Whiteboard with Language Translation (CG) Whiteboard with Language Translation (CG) Web Services (WSG) Web Services (WSG) Web Services (WSG) Text Chat with Language Translation (CG) Text Chat with Language Translation (CG) Text Chat with Language Translation (CG) CDCIE Capabilities Operational collaboration and data sharing across security domains (networks). CDCIE Guards US Classified Networks CDCIEData Sync Guard Allied & Coalition Classified Networks Unclassified Networks
CDCIE Chat 1.1 • CT&E Status: • Completed NSA CT&E in October 2006 • Key Features: • Available for deployment now! • Cross Domain Multi-User Text Chat with Language Translation • Cross Domain XML Guard • Components: • Collaboration Gateway (CG) 1.1.1 - Trident Systems, COTS • Guards: • DataSyncGuard (DSG) 2.1 - BAE Systems, COTS • Clients: • TransVerse 1.3, GOTS/Open Source • InfoWorkSpace (IWS) 3.0, Ezenia, COTS • Language Translation: • Supports 20+ language pairs using SYSTRAN, Google Translate, and CyberTrans
CDCIE Chat 1.x w/ Language Translation Domain 1 Domain 2 Language Translation Server Language Translation Server XML Guard CG CG Transverse Client Transverse Client AD AD AD – Microsoft Active Directory CG – Collaboration Gateway
TransVerse Chat Client • Pure XMPP client • Java based - Supported on Windows, Solaris, Linux, and MacOS X • Extensively tested in DOD and Coalition Exercises • Designed specifically to meet the chat needs of Warfighters • Supports NCES Collaborative Services Button 2 Jabber XCP servers • Tested with all major XMPP servers • Developed by cleared personnel • Approved for use on AF GIG and is on the AF Evaluated/Approved Products List (AF E/APL) • Approved for use on NMCI SIPRnet and NIPRnet systems • Key Features • Cross Domain Chat • Cross Domain Whiteboard • Tiled, Tabbed, and Cascaded Windows • “mIRC” like user interface • HyperRooms • Searchable Chat Logs/History • Keyword monitoring and highlighting • Language Translation for both Chat and Whiteboard • File Transfer • Labeled Chat Messages (uses IC ISM) Available from: https://xmpp.je.jfcom.mil
Overview of Chat Interface Tabs for My Place, Chat, Group Chat, etc… My Chat Sessions shows all your active one-to-one and group chat (chat room) sessions. Name Italics and in red means participant is in remote domain. Translation capability Chat classification selection drop down My Contact contains your Contact or Buddy List for single domain. -NOT ENABLED FOR CROSS DOMAIN USERS Chat input area Chat Session Windows.
Language Translation Client Capabilities • TransVerse supports three modes of translation • Automatic Translation of Sent Messages • The client automatically determines the recipients’ languages and automatically translates outbound messages to the recipients’ languages • The client always sends the original and translated text • Automatic Translation of Received Messages • The client automatically determines the senders’ languages and automatically translates inbound messages to the user’s language • The client also displays the original and translated text • Manual Translation with Software Assist of Sent Messages • Allows the user to translate to one or more languages with language translation software assistance and then edit messages prior to sending. • Typically, TransVerse communicates with the language translation via HTTPS/SOAP or a direct TCP/IP Socket connection • Uses XMPP Extension Protocol “XEP-171: Language Translation” • Web Chat supports displaying original and translated text and the ability to set the language preference for sending/receiving messages.
Language Translation Support • Supported Language Translation Engines • SYSTRAN via HTTPS/SOAP • Language Weaver via HTTPS/SOAP • Google Translate (if on Internet) via HTTP • NSA/CAMT’s CyberTrans via HTTPS/SOAP • This middleware software provides access to a wide range of classified and unclassified language translation servers. • Almost any language translation engine that supports either a HTTP, SOAP, or TCP/IP socket interface can be supported in about a week. • Supported Languages • All languages supported by SYSTRAN (over 20). Most major world languages are supported. • All languages supported by CyberTrans. List and number are classified. • Localization of TransVerse GUI • Localizing an application means the text in the graphical user interface (i.e. menus, dialog boxes, prompts) are translated into the user’s language. • The User Interface is currently localized for English, Spanish, and Japanese. • Adding other localizations is simply a translation effort and takes on average 1-2 days.
TransVerse with Automated Language Translation Name Italics and in red means participant is in remote domain. () after name indicates language of participant Original Text Translated Text for this participant's language Translated Text for other participant’s languages Classification of the chat messages
CDCIE Chat 1.2 • CT&E Status: • Based on CG 1.1.1 which completed NSA CT&E in October 2006. • Key Features: • Minor updates to CG 1.1 software • Minor updates to DSG 2.1 software • DSG-to-DSG adapters for bilateral networks. • Components: • Collaboration Gateway (CG) 1.1.2 - Trident Systems, COTS • DSG-to-DSG adapter 1.0, Trident Systems, COTS • Guards: • DataSyncGuard (DSG) 2.1/2.3 - BAE Systems, COTS • Clients: • TransVerse 1.3+, GOTS/Open Source • InfoWorkSpace (IWS) 3.0, Ezenia, COTS • Language Translation: • Supports 20+ language pairs using SYSTRAN, Google Translate, and CyberTrans
DSG2DSG Adapter 1.0 • A set of secure gateways that connect two or more DSGs operating on the same network together so that XML messages can be relayed from domain A to domain C via an intermediate domain B. • GOTS • Designed to run on a heavily secured RHEL system with a targeted SE Linux policy in effect • Communications between DSG2DSG adapters is TLS encrypted and requires mutual PKI authentication. • Setting up a pair of DSG2DSG adapters is a manual (non-dynamic) process. • A pairing of DSG2DSG Adapters and an associated data flow is called a peered instantiation • Each DSG2DSG Adapter will support at least 5 peered instantiations • A DSG2DSG Adapter can support at least 5 DSGs or DSG messages flows.
Two Domain Support in Chat 1.2 using DSG2DSG Adapters Domain 1 - Country A Domain 2 - Bi-lateral Network Domain 3 - Country B DSG DSG CG DSG adapter DSG adapter CG Transverse Client Transverse Client AD AD AD – Microsoft Active Directory CG – Collaboration Gateway
CDCIE Chat 2.0 • CT&E Status: • DSG 3.0 started NSA CT&E in 1 March 2009 • Initial CT&E results received Mid Oct 2009 • Working fixes to go into regression testing – completion planned for April 2010 • CG 2.0 undergoing IV&V – completion planned for early 2010 • DIA IA Certification and Accreditation for CG 2.0 planned for mid-March 2010 • Key New Features: • Cross Domain Whiteboard • Enhanced Cross Domain Chat • Web-based Chat • Multi-domain (>2) & Cascaded Domain Support • No per user cost • Enhanced Cross Domain XML Guard • Components: • Collaboration Gateway (CG) 2.0 - Trident Systems, COTS • DSG-to-DSG adapter 1.0, Trident Systems, COTS • Web Services Gateway 1.0 - GOTS • Guards: • DataSyncGuard (DSG) 2.1/2.3 and 3.0 - BAE Systems, COTS • Radiant Mercury (RM) 4.5 - SPAWAR/Lockheed Martin, GOTS • ISSE 3.6.1 - AFRL/ITT AES, GOTS • Clients: • TransVerse 1.4+, GOTS/Open Source • Language Translation: • Supports 20+ language pairs using SYSTRAN, Google Translate, and CyberTrans
Multi-Domain Support in Chat 2.0 Transverse Client Web Browser Domain 2 AD CG Domain 1 Web Browser Web Browser XML Guard CG CG Transverse Client Transverse Client AD AD CG Domain 3 AD Transverse Client Web Browser Domain N
Cascaded Domain Support in Chat 2.0 Domain 3 - Country 2 AD Domain 2 - Coalition Network Transverse Client XML Guard Web Browser Domain 1 - Country 1 CG CG Transverse Client Transverse Client Web Browser XMPP Server-to-Server XML Guard CG CG AD AD XMPP Server-to-Server Web Browser Transverse Client Web Browser XMPP Server-to-Server AD Transverse Client XML Guard CG CG Web Browser Web Browser Transverse Client Domain n - Country N AD – Microsoft Active Directory CG – Collaboration Gateway
TransVerse Whiteboard Text is automatically translated • Supports multiple pages and layers • Uses Scalable Vector Graphics (SVG) for drawing objects (text, lines, oval, rectangles, etc…). • Supports freehand drawings • Can import JPEG and PNG images • Support OpenGIS WMS provided images. • In Cross Domain whiteboards, images are not sent across the guard but are aliased.
CG Web Chat Client • Browser based thin-client chat tool • Supports most web browsers (Internet Explorer, Firefox, Safari) • Supports classification markings • Requires user certificate to be installed in browser. • Allows room discovery • Doesn’t support whiteboard or initiating language translation (can receive and display translated chat messages) • Supports cross domain group chat with language translation and classification labeling • Supports single domain one-to-one chat.
Web Services Gateway • Open standards-based solution that enables secure, bi-directional, machine-to-machine transfer of XML SOAP-based Web Services data between networks of different classification levels. The WSG 1.0 has the following capabilities: • Supports stateless SOAP 1.1 based Request/Response (synchronous) Web Services in a manner that is transparent to applications. • Supports multiple concurrent guards with load balancing / failover. • Supports XML Data Flow Configuration File (DFCF) based configuration. • Runs on Red Hat Enterprise Linux 5.1 and uses a strict SE Linux policy. • Implements a classic Type Enforcement based assured pipeline design, and provides the following fixed order filters: • XML Schema Validation. - XML Normalization. • Classification Check. - UTF-8 Dirty / Clean Word Check. • Virus Check. • Supports low latency data transfers (0.25-0.5 sec) 553 for small messages. • Supports large files (~ 150MB). • Has high performance (100s-1000s 1KB msgs/sec depending on hardware). • Intended to be part of a Defense-in-Depth cross domain solution architecture, and is designed to provide boundary protection for the guards.
WSG High Level Architecture XML Guards Configuration with an XML firewall and multiple domains Web Service Provider (Server) XML Firewall Domain N WSG WSG Web Service Consumer (Client) Web Service Provider (Server) WSG Domain 1 Domain 1 Domain 2 21
Experiments & Exercises • FY09 Events/Operational Utility Assessments (OUA) – Green rating • CWID 09 (Joint/Coalition/Homeland Security) • Trident Warrior 09 (Navy) • Empire Challenge 09 (Joint/Coalition ISR) • FY08 Events • JEFX 08 (Air Force) • Cross domain text chat and language translation • Crisis Management III (SOUTHCOM) • Single domain web text chat, whiteboard, and language translation • Noble Resolve 08 (JFCOM/NORTHCOM) • Cross domain text chat and language translation. • FY07 Events • CWID07 • Cross domain text chat and language translation • Trident Warrior 07 (Navy) • Cross domain text chat and language translation • Keen Edge 07 (USFJ) • Single domain text chat, whiteboard, and language translation • Crisis Management II (SOUTHCOM) • Single domain text chat, whiteboard, and language translation • FY06 Events • Strong Angel III • Cross domain text chat and language translation
CDCIE Status The CDCIE project is a FY08 Joint Capability Technology Demonstration (JCTD) Transition to DISA in progress Certification: CDCIE Chat 1.1 completed NSA Certification (CT&E) in October 2006 for use in Secret and Below Environments CDCIE Chat is on the Unified Cross Domain Management Office’s (UCDMO) baseline version 2.2 (April 2008). Listed as Data Sync Guard (DSG) 2.1 DSG 3.0 started NSA CT&E in 1 March 2009 Initial CT&E results received Mid Oct 2009 Working fixes to go into regression testing – completion planned for April 2010 CG 2.0 undergoing IV&V – completion planned for early 2010
Table 7. Current Operational CDCIE Component Requests Current Operational CDCIE Component Requests
Transition Plans • Enterprise Integration • Web Services Gateway 1.0 Integration. • DISA PEO-IAN IA32 is merging WSG with the DISA CDWSG. The combined solution will dramatically reduce complexity and deployment costs and increase scalability and security for cross domain web services, XML, and fixed format ASCII data transfer in the DISA Cross Domain Enterprise Services (CDES). • DataSync Guard 3.0 Integration. • DSG was designed to integrate into the CDES and because the DSG is faster than the TDX, the DISA CDES will be able to reduce the number of guards used and increase the number of customers served. Testing is planned for this spring. Deployment of the first DSG is planned for March/April 2010 • Collaboration Gateway 2.0 Integration/ TransVerse Integration. • Transitioning to NCES and will be considered for incorporation into the DISA Global Collaboration Strategy • CDCIE stand alone installations • CG/Transverse/XML Guard installations will continue to be supported through AFRL • WSG and DSG will be considered by PEO-IAN IA32 on a case by case basis
Transition Management Team Alyson Miller, CDCIE JCTD Technical Manager (TM), MITRE, 757.203.3117, alyson.miller.ctr@jfcom.mil Jim Clark, CDCIE JCTD Operational Manager (OM), USJFCOM J9, 757.203.3386, james.clark@jfcom.mil Capt. Jason Burroughs, CDCIE JCTD Deputy Transition Manager (XM), DISA PEO-GES NCES, 703.882.2525, jason.burroughs@disa.mil 29 29
CWID09 Architecture HLS/HLD Network CTF-High Network CTF Network Chat Client Chat Client HTTPS Chat Client HTTPS Lang Tran Server HTTPS Lang Tran Server Lang Tran Server Web Chat Client Web Chat Client Web Chat Client HTTPS & XMPP HTTPS & XMPP DSG 3.0 #1 DSG 2.3 #1 HTTPS & XMPP HTTPS HTTPS HTTPS CG 2.0 CG 2.0 CG 2.0 LDAP LDAP LDAP CDCIE CTF-High AD Server CDCIE CTF-Low AD Server CDCIE HS/HD AD Server LDAP LDAP LDAP MLWIKI AWACS MLWIKI CID MLWIKI CID AWACS DSG 3.0 #2 DSG 2.3 #2 HTTPS HTTPS HTTPS WSG 1.0 WSG 1.0 WSG 1.0
TW09 Architecture SIPR Network CENTRIX CMFP Chat Client HTTPS Chat Client Lang Tran Server HTTPS Lang Tran Server Web Chat Client Web Chat Client HTTPS & XMPP HTTPS & XMPP RM 4.5.2 HTTPS HTTPS CG 2.0 CG 2.0 LDAP LDAP CDCIE SIPRnet AD Server CDCIE CENTRIX AD Server
EC09 Architecture JWICS Web Chat Client JWICS AD Server CFBL Network SIPR Network HTTPS CG 2.0 LDAP Chat Client Chat Client RM HTTPS & XMPP HTTPS & XMPP Web Chat Client Web Chat Client HTTPS HTTPS CG 2.0 CG 2.0 LDAP LDAP CG 2.0 CFBL AD Server SIPRnet AD Server HTTPS LDAP HTTPS DDTE AD Server Web Chat Client HTTPS & XMPP Chat Client DDTE Network