US Army Tactical C2 Interoperability Services: Publish and Subscribe Server (PASS) and Data Dissemination Service (DDS) Sam Easterling Army PM Battle Command 2 DEC 09 [email protected]
Dec 22, 2015
US Army Tactical C2 Interoperability Services:
Publish and Subscribe Server (PASS) and Data Dissemination Service (DDS)
Sam EasterlingArmy PM Battle Command
2 DEC [email protected]
Outline
• What are PASS/DDS in a nutshell?
• Operational Context
• Technical Detail
• Summary
• Weather Effects Matrix• Battle Scale Forecast Model
• Air Defense to Maneuver Units• Positive Aircraft ID• Weapon Coverage
• Display and disseminate COP• Disseminate Orders• Tactical Collaboration• Interoperability between • Tactical and Theater levels• Chem-Bio Rad-Nuc (CBRN)
WEATHER
AIR PICTURE
ENGINEER
FIRE SUPPORT
AIR DEFENSE
NBC
ENEMY
LOGISTICS
MANUEVER
Functional Capabilities
Man
euve
rLo
gisti
cs
Weather
Air D
efen
se
FBCB2/JBC-P
Blue
For
ce/S
ATBC
(CPOF, MCS)
IMETS
Airs
pace
Army Battle Command Systems
Battle Command Common Services
• Local Terrain• “Go/No-Go” Areas
Maps DTSS
Fire
Sup
port
AFATDS
• Synchronized Fires, Effects, & Maneuver• Execute Responsive Fires• JADOCSHand helds• Target Locations• Radar/Observer Locations
• Combat Power• In-transit Visibility
BCS3
• Secondary Imagery• Intelligence Summary• Enemy Locations• Enemy Geometries
Intelligence ASAS
DCGS-A
• Joint Automated Air Space Control with the JFACC
• Air Support Request
• PLI/SA• MEDEVAC• Orders
AMDWS
TAIS
GCCS-A/NECC• Shared SA• Net-Ready• Interoperability• Automatic Database Replication
EAC
C2
PASS/DDS (in a nutshell)• Built to support many-to-many data exchange requirements
emerging from stovepiped architectures• Publication/ Subscription mechanism
– Does not impose a model on the way the application conducts the Business of War.
• Not a database, but published data is stored for future subscriptions with a time-to-live
– Flexible methodology allowing for insertion of new schemas and message exchange
• Web Services/SOAP and XML• Runs over HTTP(s).
– Internet protocol– Protocol knows how to deal with latent and ‘dirty’ networks
• Data agnostic– But…. ABCS message exchange is based on PASS schemas
Data that Battle Command Exchanges via PASS / DDS
• Friendly Position Reports (ground and air)• Enemy Situation Reports• Sensor tracks• Military C2 Graphics / Battlespace Geometries• Significant Activities (SIGACTS)• Targets• Airspace Control Orders (ACO)• Weather• Task Organization Information• Addressbook Change Notification• Indicators and Warnings
Network Service Center
RC(S) HQKandahar
RC(E) HQ(Bagram)
ISAF HQUSFOR-A
KIFC
NATO HQ
RNOSC (operated by 143d ESC)
UK 6DIV assumes RC(S) HQ – o/a NOV 09; 1MEF – o/a NOV 10
AFT
((FOUO))
ISAF Joint Cmd HQ (IJC) - KAIA
CSTC-A
Other RC HQs - RC(C), RC(W), RC(N)
Draft Phase 2 (IJC FOC) – NOV 09 OEF Application Architecture
Kev Events- UK assumes operational control of RC(S) – UK 6DIV- 169 CAB RIP-TOA with 3CAB (Bagram)- IJC FOC – o/a 15 NOV
Key Tasks- Add CX-I GCCS-J 4.2 @ Bagram (servers/software already in place)- Deploy CPOF LM on I-S @ RCs- Finish Construction of Tech Control Facility to deploy GCCS-Js on CSD, I-S, CX-I @ Kandahar- Continue migration of JADOCS to 1.0.4.1 on SIPR
- (In Progress) IJC defines CONOPS and reporting requirements for operational employment of NATO and US C2 systems (to be finalized at CENTCOM/NATO OPT 9-13 Nov 09)- (In Progress) NATO accreditation of CX-I/I-S interconnect- (In Progress) NC3A fields COP LM infrastructure in support of IJC COP data interoperability- (In Progress) NC3A develops, deploys, and trains JOCWATCH pub/sub interface to PASS- (In Progress) Migrate current data into IJC to support CPOF an enhancing collaboration and visualization tool (SIGACTs/Events, Operational Graphics, CPOF data objects, Tracks, other ABCS COP data)
Decision Points- (IJC J6 and NATO) What systems are used for exchanging SIGACTS, tracks, geometries, and other COP information in ISAF (GCCS-J, JOIIS, ICC & iGeoSIT)Drives decision to field GCCS-A bolt-on to GCCS-J for PASS interoperability
14th Eng Bn (CBT)
CPOF WS 3.0.2P2 (QR1)
National Assets
GCCS-J 3.6.7
BFT Global NOC
BCS3 NationalData Portal (NDP)
Combat Training Center
4-25ID -> 3-101(FOB Salerno)
BC Server
CPOF Mid-Tier
BC Enterprise Svcs
JADOCSV1.0.4.1
CIDNE
TIGR Heavy Repository
DCGS-AWork Station Suite
TAISv9.3p1 FBCB2 AIC
TIGR Light Repository
AMDWS
AFATDSx11
BCS3
JADOCS x3
DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
4-4ID -> 1-101(J-Bad AF / FOB Fenty)
BC Server
CPOF Mid-Tier
BC Enterprise Svcs
JADOCSV1.0.4.1
CIDNE
TIGR Heavy Repository
DCGS-AWork Station Suite
BCS3
DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
TAISV9.3p1sp1
FBCB2 AIC
TIGR Light Repository
AMDWS
AFATDSx11
3-10MTN -> 173d IBCT(FOB Shank)
BC Server
CPOF Mid-Tier
BC Enterprise Svcs
JADOCSV1.0.4.1
CIDNE
TIGR Heavy Repository
DCGS-AWork Station Suite
TAISv9.3p1 FBCB2 AIC
TIGR Light Repository
AMDWS
AFATDSx11
BCS3
JADOCS x3
DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
169CAB -> 3CAB – TF Thunder(Bagram AF)
BC Server
CPOF Mid-Tier
BC Enterprise Svcs
JADOCSV1.0.4.1
CIDNE
DCGS-AWork Station Suite
TAISv9.3p1 FBCB2 AIC
AMDWS
AFATDS x4
BCS3
JADOCS x2
DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
82CAB -> 101CAB – TF Pegasus(Kandahar AF)
BC Server
CPOF Mid-Tier
BC Enterprise Svcs
JADOCS v1.0.3.5 bld 25
CIDNE
DCGS-AWork Station Suite
TAISv9.3p1 FBCB2 AIC
AMDWS
AFATDS x4
BCS3
JADOCS x1
DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
3MEB(FOB Leatherneck)
BC Server
CPOF Master Rep / Data Bridge
MarineLink
JADOCS v1.0.3.5 bld 25
CIDNE
BCS3
JADOCS x10
DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
C2PC (COP) C2PC(EMT)
AFATDS
IOS (COP)
IOSv2 (Intel)
TF KANDAHAR (CAN)
Canada C2 Apps(Placeholder)
US Battalion
BCS3
CPOF WS3.0.2p2 (QR1)
CanadaC2 Apps
TBC Server(PASS / NRTS)
AFATDSx11
4-82ABN -> 170IBCTETT
BC Server
CPOF Mid-Tier
BC Enterprise Svcs
DCGS-AWork Station Suite
BCS3
JADOCS x2 DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
TAISV9.3p1sp1
FBCB2 AIC
AMDWS
AFATDSx11
Assumed
48IBCT(GA) -> 86IBCT(VT)TF Phoenix
BC Server
CPOF Mid-Tier
BC Enterprise Svcs
DCGS-AWork Station Suite
BCS3
JADOCS x2 DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
TAISV9.3p1sp1
FBCB2 AIC
AMDWS
AFATDSx11
Assumed
GCCS-J 4.1.1
GCCS-J 4.1.1
GCCS-J 4.1.0.4GCCS-J 4.1.0.3
GCCS-J 4.2
GCCS-J 4.1.1
Awaiting DISA FDO approval to upgrade to 4.1.1
JADOCS ServerV1.0.2.2 p2
JADOCS x10
JADOCS ServerV1.0.3.6 bld 5
JADOCS x11
CJTF-82 -> CJTF-4(Bagram AF)
BC Server
CPOF Master Repo / Data Bridge
BC Enterprise Svcs
JADOCSV1.0.4.1
CIDNE
DCGS-AWork Station Suite
TAIS v10.0
FBCB2 AIC
AMDWS
AFATDSx11
BCS3
JADOCS x12
DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
JADOCSV1.0.4.1
JADOCSx3
GCCS-J 4.1.1
GCCS-J 4.1.1
GCCS-J 4.1.1
CIDNE
BC Server
CPOF Master Rep / Data Bridge
MS OfficeSharepoint 2007
CIDNE
WEBTAS
DCGS-A Work Station Suite
ISRIS Server
CIDNE
WEBTAS
NIRIS
JOCWATCH
iGeoSIT
COP LM
MIP Gateway
CPOF Master Repo / Data Bridge
CIDNE
BC Server
CPOF Master Rep / Data Bridge
JADOCS ServerV1.0.3.5 bld 25
JADOCS x4
JIOC-A
BC Server(PASS/NRTS)
iGeoSIT
NIRIS
iGeoSITViewer
JOCWATCH
JADOCS v1.0.3.5 bld 25
JADOCSx51
iGeoSIT
NIRIS
iGeoSITViewer
JOCWATCH
Placeholder NATO Apps
SIPR-CSD(4-eyes)
US-SIPR
ISAF-SECRET
NATO-SECRET
UK-OVERTASK
CAN-LCSS
CENTRIXS-ISAF
US-JWICS
CENTCOMHQ - QATAR
GCCS-J 4.1.1
MIDB
CAOC
BC Server
CPOF Master Rep / Data Bridge
CPOF WS3.0.2p2 (QR1)
CIDNE
CENTCOMHQ - TAMPA
Joint Mission Mgmt Ctr
GCCS-J 4.1.1
CPOF LM
GCCS-J 4.2
GCCS-A
CPOF LM
GCCS-J 4.1.1
GCCS-J 4.2
GCCS-J v4.1.1
JADOCS ServerV1.0.3.6 bld 5
JADOCS x11
Planned insertion of JREAP feed of Link-16 air tracks here
JADOCS ServerV1.0.3.6 bld 5
JADOCS x11
JADOCSx48JADOCS x2v1.0.3.5 bld 25
JADOCS x 5V1.0.3.6 bld5
JADOCS v1.0.3.5 bld 25
JADOCS x5
TF UBIQUE (NED)
5-2ID -> 2SCR
BC Server
CPOF Mid-Tier
BC Enterprise Svcs
JADOCS v1.0.3.5 bld 25
CIDNE
TIGR Heavy Repository
DCGS-AWork Station Suite
BCS3
JADOCS x2
DCGS-A BAL
CPOF WS3.0.2p2 (QR1)
TAISV9.3p1sp1
FBCB2 AIC
TIGR Light Repository
AMDWS
AFATDSx11
JADOCS v1.0.3.5 bld 25
TF HELMAND (UK)
ICS
JADOCSV1.0.3.6 bld 5
CIDNE(?) GrATS
JADOCS x158
HeATS
C2PC
JADOCS v1.0.3.5 bld 25
JADOCS x 1V1.0.3.6 bld5
BASTIONJADOCS
v1.0.3.5 bld 25
JADOCS x 71V1.0.3.6 bld5
Placeholder for 101CAB Avn BnSIPR JADOCS
BC Server
CPOF Master Repo / Data Bridge
CX-I Network PoP
GCCS-J 4.1.1
GCCS-J 4.1.1
Homestation
((FOUO))
TAISv9.3p1
AMDWS
AFATDS x4
-Each US Army unit in OEF has a PASS node at CJTF, BCT, BN HQ
- Also in RC(S) @ 57th SIG, MEB-A
- Co-located with every CPOF Master Repository to enable exchange
-Also planned installation in IJC HQ to enable interoperability services with NATO apps
UK/US Information ExchangesUK US
SharePoint
PASS / DDS
WISEWeb -> Sharepoint
JchatVoIP Phone
Transverse, Jchat, mIRCVoIP Phone
JADOCS
Document/File Exchange and Collaboration(Read, download, post, contribute)
MEDEVAC/CASEVAC, Personnel Recovery,FMV coordination, CAS coordination, TIC
- SIGACTS- BATTLESPACE GEOMETRIES- TARGETS- POSITION REPORTS
-INDICATORS/ WARNINGS-AIR TRACKS-ENEMY SITUATION-ACO
US BC Systems CPOFTAISGCCS-AAFATDSFBCB2
BCS3DCGS-AJADOCSAMDWSCIDNE
TIGR
JOCWATCH
TIGR
JADOCSFire Support Coordination MeasuresCoalition Fires / Effects
SIGACTS
PASS / DDS
JADOCS
Patrol Reporting
MIPOther Coalition Forces
CIDNE CIDNESIGACTS
PASS
PASS
ICS GCCS-J GCCS-ATRACKSTRACKS
IJC COP Flow (as of 15 Nov)
GCCS-J
CPOF MR/DB
PASS
MIP GWMIP GW
NIRIS
COP LM (formerly BOM)
iGeoSITServer
SA Tracks only
SA Tracks only
Full COP CIDNE
JOCWATCH
SIGACTS (-)
SIGACTS (+)
Graphics, non-track POS-RPT
GCCS-A
Graphics, non-track POS-RPT
SIGACTS (+)
Full COP
Full COP (CST)
iGeoSit Viewer
SIGACTS (+)
SA Tracks only
GEO, Full COP
Graphics, non-track POS-RPT
JADOCS
SA Tracks only ?
Full COP
GCCS-J
RM
In theatre Link-16
feed
SIGACTS (+)
CPOF Client
Proposed CXI Architecturewith C2 Interoperability Bus
9
US Integration SolutionsBased on PASS / DDS Server
C2 Interoperability Bus (CUR 355)JC3IEDM / NIIA Canonical Form
JOCWatchB
BOM
NIRIS
COPJOIIS
Intel FS
EVE CIED JISR 1
JADOCSGEO
ICC
IFTS
CORSOM
JADOCS
C2PC
ISRIS
FBCB2CPOF
CIDNE
GCCS
Others
NATO UNCLASSIFIED Releasable to ISAF
IJC MIP Architecture
10
ISAF SecretCENTRIX ISAF
Router
MIP
CPOF
COP LM IGEOSITPASS / DDS
Battle field GeometryNATO and ANA BoundariesFOBSCOPSUNITS (not tracks)NGO/IO LocationsRoad (Planned, under construction and completed)
DDS Uses a Pub-Sub Approach
5. Servers Publish(push data to consumers)
Clients only communicate with a single server
4. Servers match advertisement, subscription and publish metadata4. Servers match advertisement,
subscription and publish metadata
1. Providers Advertise (the data they will publish)
2. Consumers Subscribe(to their server for data)
3. Providers Publish (push data to their server)
There are multiple collaborating servers
within the DDS network
DDS and advertisements• DDS uses advertisements to “tell everyone on the network”
that data exists at a certain node– DoD Discover Metadata Specification (DDMS) version 1.3 is the
standard for the advertisement• What type of data• Data description• Who has access to the data
• Clients subscribe to advertisements– Clients provide the “call back protocol” method to deliver data
• HTPP(s), UDP(s) (DDS version 2.0)
• Publishers, publish data for an advertisement– Once a publisher, injects data, and a match occurs against the
subscription, data is delivered to the client
DDS versus PASS• Data is global
– Unlike PASS which was a application for data dissemination within the TOC, DDS was developed with global data as the main paradigm.
• PASS compatibility– Will keep compatibility with current PASS– Usage of a PASS/DDS bridge to mach advertisement to topic– Not tied to any software baseline because of backward compatibility
• Better security model than PASS – Complies with NCES security policies– Meets DOD guidelines for security.
PASS to DDS EvolutionPASS – Local Service
DDS – Federated Service
SOA / SOAP Interface SOA / SOAP Interface
Payload independent Payload independent
Data Caching Data Caching
Publish and SubscribeAdvertise, Publish &
Subscribe, Query
Limited Metadata filtering
(Topic, AOI, Time)
Enhanced metadata and Content filtering
(Keywords, Content, AOI, Time)
Local interchange Net-Centric Interchanges
Hand-Jammed static PASS forwarding relationships
Dynamic Peer node Discovery
<advertise commandDateTime="2006-02-15T11:04:16.765-05:00" userID="mcsuser" xmlns="http://mitre.org/DDS">- <metadata> <ns1:title ns2:classification="U" ns2:ownerProducer="USA" xmlns:ns1="http://metadata.dod.mil/mdr/ns/DDMS/1.3/" xmlns:ns2="urn:us:gov:ic:ism:v2">MCS_DEMO</ns1:title> <ns3:description ns4:classification="U" ns4:ownerProducer="USA" xmlns:ns4="urn:us:gov:ic:ism:v2" xmlns:ns3="http://metadata.dod.mil/mdr/ns/DDMS/1.2/">MCS_Desc</ns3:description> <ns5:creator ns6:classification="U" ns6:ownerProducer="USA" xmlns:ns5="http://metadata.dod.mil/mdr/ns/DDMS/1.3/" xmlns:ns6="urn:us:gov:ic:ism:v2">- <ns5:Organization> <ns5:name>MCS</ns5:name> </ns5:Organization> </ns5:creator>- <ns7:subjectCoverage xmlns:ns7="http://metadata.dod.mil/mdr/ns/DDMS/1.3/">- <ns7:Subject> <ns7:category ns7:label="Ground" /> <ns7:keyword ns7:value=“FBCB2" /> </ns7:Subject> </ns7:subjectCoverage>- <ns8:temporalCoverage xmlns:ns8="http://mitre.org/DDS/metadata">
<ns8:start>2006-02-15T11:03:55-05:00</ns8:start> <ns8:end>2006-02-15T16:03:55-05:00</ns8:end>
</ns8:temporalCoverage>- <ns9:geospatialCoverage xmlns:ns9="http://mitre.org/DDS/metadata">
<ns9:lowerCorner>-170.0 16.0</ns9:lowerCorner> <ns9:upperCorner>-169.0 17.0</ns9:upperCorner>
</ns9:geospatialCoverage> <ns10:security ns11:classification="U" ns11:ownerProducer="USA" ns11:releasableTo=“MCSGroup FBCB2Group" xmlns:ns11="urn:us:gov:ic:ism:v2" xmlns:ns10="http://metadata.dod.mil/mdr/ns/DDMS/1.3/" /> </metadata> </advertise>
Sample metadata
How DDS Works
DDS
NCES ServicesSecurityDiscovery
•DDS Nodes
Sub 1
Sub 2
Overlap in subscriptions from same DDS node are only sent once
DDS
Publisher
Sub 1
Sub 2
Advertise
Publish
Subs
crib
eAd
verti
se
1.DDS client, discovers DDS node location through the use of discovery services
2.Publisher• Advertise their data, DDS server to server
protocol propagates advertisements to other nodes
• Publish data to local DDS node. DDS node merges subscribers of published data from save DDS node and send data to node then DDS nodes stores based on TTL
3.Subscribers• Subscriber, specify advertisement and data
filters• DDS node will match subscriptions to
advertisements and forward subscription to owning DDS nodes
• When DDS node receives published data, it sends to subscribers
4.NCES Security• Authenticates and authorizes DDS nodes,
publishers & subscribers
KeyAdvertisementsSubscriptionsPublished data
ABCS Data Dissemination Service (DDS) Security Model
Tactical Services Security System (TS3)
NOTES:• All connections are SSL using HTTPS• All transactions are digitally signed and validated• Client Cert Validation Handler connects to the Cert Validation Service (not shown)
(2) C
lient
App
Dig
ital S
ig.
(0) User provides credentials (Username/PW)
(1) Digitally Signed SOAP Request with SAML Assertion
(10) Digitally Signed SOAP Response with filtered data
(3) C
ert v
alid
ated
(4) P
rese
nt U
N/P
W
(5) U
ser D
N re
ceiv
ed
(6) P
rese
nt U
ser D
N
(7) U
ser A
ttrib
utes
(e.g
. Ro
le/G
roup
s) re
turn
ed
(8) P
rese
nt U
ser R
ole
(9) U
ser i
s au
thor
ized
User Directory (AD / LDAP / etc.)(roles, clearances,
citizenship)
UserAuth.
Service
Cert Validation
Service
PrincipalAttributeService
PolicyDecisionService
NCES Component
SignatureHandler
CertValidationHandler
DDS Client
SecurityHeaderHandler
UserAuthentication
Handler
PrincipalAttributeHandler
PolicyDecisionHandler
SignatureHandler
Cert ValidationHandler
DDS Web ServiceSecurityHeaderHandler
SEC Developed Component
SAML
Summary• PASS / DDS are used by US Army Battle Command
systems to share ‘common operational picture’ data at tactical echelons
• XML payloads with metadata to enable appropriate AOI/temporal queries and identify releasability
• HTTPS-based with soft certificate-based security model
• Supporting initial coalition interoperability with UK (JADOCS) and ISAF (CPOF, JOCWATCH, COP LM)
Backup
Security policyDDS has a comprehensive security model
• Functional Validation– Users have privileges to functionality based on their group membership
• Clearance Classification– Users have privileges to publish or subscribe based on their security
classification and releasibility for data.– Users have privileges to publish or subscribe based on the rights associated
with the advertisements.– Advertisements carry security classification
• Need to know– All functionality for access is based on users being members of groups – Advertisements carry need to know– Advertisement is only available to subscribers who are in the groups which are
specified in ‘Releasable To’ field of the Advertisement• Single Sign On under Windows (clients)
MIP Deployment Summary
21
MIP Ver 09_4_4_22 is installed on the BCS server at IJC HQ. MIP is receiving data from CPO LM (formally BOM) and publishing it to PASS. We have tested it with CPOF and CPOF is subscribing to PASS and displaying the data. There is one issue with Road graphics they are a point to point line, but they are displaying as an icon. Joel Varanda is sending Venis the unclass PDU for the road. COPLM is sending the following data through MIP:
Battle field GeometryNATO and ANA BoundariesFOBSCOPSUNITS (not tracks)NGO/IO LocationsRoad (Planned, under construction and completed)
COP LM is not sending the following dataSIGACTS (JOC Watch) Ground Tracks (GCCS-J)Air Tracks (TBMCS)Fires (JADOCS)LOG (NIRIS)