USJFCOM/J9 UNCLASSIFIED Cross Domain Collaborative Information Environment (CDCIE) Joint Capability Technology Demonstration (JCTD) Overview COCOM Sponsor: USJFCOM, USTRANSCOM Supporting COCOMs: USNORTHCOM, USSTRATCOM Service & Supporting Participants: USN, USAF, NSA, DISA, Coalition OSD Oversight Executive: DUSD (AS&C), Fritz Schulz Operational Manager: USJFCOM J9, Jim Clark Technical Manager: USJFCOM J9, Alyson Miller Deputy Transition Manager: DISA PEO-GES NCES, Capt. Jason Burroughs DISTRIBUTION STATEMENT C Distribution authorized to U.S. Government Agencies and their contractors, AUS, NZL, JPN, KOR, SWE, FIN, and NATO member government representatives and their contractors. Other requests for this document must be referred to: U.S. Joint Forces Command 115 Lake View Parkway Suffolk, VA 23435 Attention: Alyson Miller, 757.203.3117 Briefing ver. 19 12/01/2009
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
USJFCOM/J9
UNCLASSIFIED
Cross Domain Collaborative Information Environment
– Language Translation:• Supports 20+ language pairs using SYSTRAN, Google Translate, and
CyberTrans
12
USJFCOM/J9
UNCLASSIFIED13
DSG2DSG Adapter 1.0• A set of secure gateways that connect two or more DSGs operating
on the same network together so that XML messages can be relayed from domain A to domain C via an intermediate domain B.
• GOTS• Designed to run on a heavily secured RHEL system with a targeted
SE Linux policy in effect• Communications between DSG2DSG adapters is TLS encrypted and
requires mutual PKI authentication. • Setting up a pair of DSG2DSG adapters is a manual (non-dynamic)
process. – A pairing of DSG2DSG Adapters and an associated data flow is called a
peered instantiation– Each DSG2DSG Adapter will support at least 5 peered instantiations– A DSG2DSG Adapter can support at least 5 DSGs or DSG messages
flows.
USJFCOM/J9
UNCLASSIFIED
Two Domain Support in Chat 1.2 using DSG2DSG Adapters
14
CGCG DSGadapterDSG
adapterDSG
adapterDSG
adapter CGCG
Domain 1 - Country A Domain 2 - Bi-lateral Network Domain 3 - Country B
DSGDSG DSGDSG TransverseClient
TransverseClient
TransverseClient
TransverseClient
ADAD ADAD
AD – Microsoft Active DirectoryCG – Collaboration Gateway
USJFCOM/J9
UNCLASSIFIED
CDCIE Chat 2.0• CT&E Status:
– DSG 3.0 started NSA CT&E in 1 March 2009• Initial CT&E results received Mid Oct 2009• Working fixes to go into regression testing – completion planned for April 2010
– CG 2.0 undergoing IV&V – completion planned for early 2010– DIA IA Certification and Accreditation for CG 2.0 planned for mid-March 2010
• Supports freehand drawings• Can import JPEG and PNG images• Support OpenGIS WMS provided images.• In Cross Domain whiteboards, images are
not sent across the guard but are aliased. 18
USJFCOM/J9
UNCLASSIFIED
CG Web Chat Client
• Browser based thin-client chat tool
• Supports most web browsers (Internet Explorer, Firefox, Safari)
• Supports classification markings
• Requires user certificate to be installed in browser.
• Allows room discovery
• Doesn’t support whiteboard or initiating language translation (can receive and display translated chat messages)
• Supports cross domain group chat with language translation and classification labeling
• Supports single domain one-to-one chat.
19
USJFCOM/J9
UNCLASSIFIED
Web Services Gateway• Open standards-based solution that enables secure, bi-directional,
machine-to-machine transfer of XML SOAP-based Web Services data between networks of different classification levels. The WSG 1.0 has the following capabilities:– Supports stateless SOAP 1.1 based Request/Response (synchronous) Web
Services in a manner that is transparent to applications.– Supports multiple concurrent guards with load balancing / failover.– Supports XML Data Flow Configuration File (DFCF) based configuration.– Runs on Red Hat Enterprise Linux 5.1 and uses a strict SE Linux policy.– Implements a classic Type Enforcement based assured pipeline design, and
provides the following fixed order filters:• XML Schema Validation. - XML Normalization.• Classification Check. - UTF-8 Dirty / Clean Word Check.• Virus Check.
– Supports low latency data transfers (0.25-0.5 sec) 553 for small messages.– Supports large files (~ 150MB).– Has high performance (100s-1000s 1KB msgs/sec depending on hardware).– Intended to be part of a Defense-in-Depth cross domain solution architecture,
and is designed to provide boundary protection for the guards.
USJFCOM/J9
UNCLASSIFIED
WSG High Level Architecture
21
Configuration with an XML firewall and multiple domains
Configuration with an XML firewall and multiple domains
• Cross domain text chat and language translation– Crisis Management III (SOUTHCOM)
• Single domain web text chat, whiteboard, and language translation– Noble Resolve 08 (JFCOM/NORTHCOM)
• Cross domain text chat and language translation. • FY07 Events
– CWID07• Cross domain text chat and language translation
– Trident Warrior 07 (Navy)• Cross domain text chat and language translation
– Keen Edge 07 (USFJ)• Single domain text chat, whiteboard, and language translation
– Crisis Management II (SOUTHCOM)• Single domain text chat, whiteboard, and language translation
• FY06 Events– Strong Angel III
• Cross domain text chat and language translation
22
USJFCOM/J9
UNCLASSIFIED
CDCIE JCTD Military Operational Assessment Events
Venue Dates Core Capabilities CDCIE Components
CWID09 6-26 Jun 09
Secure, bi-directional, cross-domain collaboration with language translation using the XML-based XMPP
Secure, bi-directional, cross-domain SOA web services data transfer
DSG CG TransVerse-enabled
Chat/Whiteboard with Language Translation
WSG
TW0922 Jun 09 - 2 Jul 09
Secure, bi-directional, cross-domain collaboration with language translation using the XML-based XMPP
Other XML Guard (Radiant Mercury)
CG TransVerse-enabled
Chat/Whiteboard with Language Translation
EC09 6-31 Jul 09
Secure, bi-directional, cross-domain collaboration with language translation using the XML-based XMPP
DSG and other XML Guard (Radiant Mercury)
CG TransVerse-enabled
Chat/Whiteboard with Language Translation
23
USJFCOM/J9
UNCLASSIFIED
CDCIE Status• The CDCIE project is a FY08 Joint Capability
Technology Demonstration (JCTD)– Transition to DISA in progress
• Certification:– CDCIE Chat 1.1 completed NSA Certification (CT&E) in October
2006 for use in Secret and Below Environments– CDCIE Chat is on the Unified Cross Domain Management
Office’s (UCDMO) baseline version 2.2 (April 2008). Listed as Data Sync Guard (DSG) 2.1
– DSG 3.0 started NSA CT&E in 1 March 2009• Initial CT&E results received Mid Oct 2009• Working fixes to go into regression testing – completion planned for
April 2010
– CG 2.0 undergoing IV&V – completion planned for early 2010
USJFCOM/J9
UNCLASSIFIED
Current Operational CDCIE Component Requests
NORTHCOM - DISA MNIS US-RELCAN (TV/CG1.1.3/DSG 2.1)
Timeframe: TBD
Connects SIPR to RELCAN network (NORTHCOM/NORAD) using CG1.1.2
Originally to connect CENTRIXS GCTF to NATO ISAF using CG1.1.2/DSG2.3. CDCIE system now will be between CENTRIXS ISAF and CENTRIXS GCTF. NOW OPERATIONAL – RECEIVED IATO 11/5/2009
PACOM (TV/CG1.1.2/DSG2.1) Timeframe: Spring 2010
Cross Domain Chat between SIPRnet and NIPRnet.
DISA UK (TV/CG1.1.2/DSG2.1) Timeframe: Unknown
Cross Domain Chat between US and UK national secret networks.
DNI (TV Web Chat/CG 2.0/ Firewall) Timeframe: Spring 2010
Cross Domain Chat system between JWICS and Stone Ghost TS/SCI level networks.
USSOUTHCOM/Joint Interagency Task Force (JIATF) South (TV/ CG 2.0/ ISSE v3.6.1.1)
Timeframe: Spring 2010
Cross Domain Chat between JWICS and SIPRnet. and Cross Domain web services between SIPRNet, NIPRnet, and RELTO Caribbean and RELTO Columbia for classified project supporting anti-drug operations
USJFCOM/J9
UNCLASSIFIED
Current Operational CDCIE Component Requests
DISA (DSG 3.0) Ticket #1385 Timeframe: Spring 2010
Replace existing deployment of DISA Trusted Data eXchange (TDX) guards in the DISA Enterprise Computing Centers (DECC) with DSGs.
USSTRATCOM (WSG/DSG 3.0)one of Servers: DISA
Timeframe: Unknown
Cross Domain Web Services between SIPRnet based SKIWeb system and UK's SKIP system.
NSA (WSG/DSG 3.0) Timeframe: Unknown
Cross Domain Web Services to support classified NSA project. NSA currently testing WSG and DSG in lab
USTRANSCOM (WSG/DSG 3.0/4.x) Timeframe: Unknown
Cross Domain Web Services between NIPRnet, SIPRnet and multiple domains, in support of TCJ 6 COP D2 effort
US Air Force Europe (TV/ISSE v3.6.1, CG v2.0) Timeframe: Unknown
Cross Domain Web Services between NIPRnet, SIPRnet and multiple domains, in support of TCJ 6 COP D2 effort
USJFCOM/J9
UNCLASSIFIED
CDCIE Transition Schedule
CDCIE ComponentTransition to POR date
Function DISA Need FilledRecommended Transition Targets
TransVerse XMPPChat Client 1.5
Feb 2010 (early transition in progress)
Cross Domain Text Chat Client
Cross Domain chat for NCES Collaboration
PEO-GESNCES PMO
Collaboration Gateway (CG) 2.0
Feb 2010Trusted Platform Chat Server
Cross Domain chat for NCES Collaboration
PEO-GESNCES PMO
Web Services Gateway(WSG) 1.0
Oct 2009 (in progress)
Cross Domain Web Services
Enterprise-level Cross Domain Service Oriented Architecture (SOA) and NCES/NECC Web Services
PEO-MAIA32
Data Sync Guard (DSG) 3.0
May 2010
Cross Domain XML and Fixed-Format ASCII Transfer
Enterprise-level Cross Domain Service Oriented Architecture (SOA) and NCES/NECC Web Services
PEO-MAIA32
27
USJFCOM/J9
UNCLASSIFIED
Transition Plans• Enterprise Integration
– Web Services Gateway 1.0 Integration. • DISA PEO-IAN IA32 is merging WSG with the DISA CDWSG. The combined
solution will dramatically reduce complexity and deployment costs and increase scalability and security for cross domain web services, XML, and fixed format ASCII data transfer in the DISA Cross Domain Enterprise Services (CDES).
– DataSync Guard 3.0 Integration. • DSG was designed to integrate into the CDES and because the DSG is faster
than the TDX, the DISA CDES will be able to reduce the number of guards used and increase the number of customers served. Testing is planned for this spring. Deployment of the first DSG is planned for March/April 2010
– Collaboration Gateway 2.0 Integration/ TransVerse Integration. • Transitioning to NCES and will be considered for incorporation into the DISA
Global Collaboration Strategy• CDCIE stand alone installations
– CG/Transverse/XML Guard installations will continue to be supported through AFRL
– WSG and DSG will be considered by PEO-IAN IA32 on a case by case basis