Date post: | 23-Dec-2015 |
Category: |
Documents |
Upload: | peter-nash |
View: | 231 times |
Download: | 1 times |
A Combat Support Agency
Defense Information Systems Agency
DoD Enterprise E-Mail
A Combat Support AgencyA Combat Support Agency
Enterprise User Target StateEnterprise User Target State
Enterprise UserEnterprise User
“I can go anywhere in the DOD, login, and be productive.”“I can go anywhere in the DOD, login, and be productive.”
• DoD Visitor• Automatic account provisioning on
any NIPR computer• Being installed on all DoD domain
controllers now• NIPR (FY11) and SIPR (FY12)
•Basic Web Services•E-Mail (FY11)•SharePoint (FY12)•Office Web Applications (FY12)•Directory Services (GAL & White Pages) (FY12)•File Storage Service (MyStuff) (FY12)•Content Management Service (FY12)
• Enterprise Identity• Persona Username, Display Name & E-
Mail Address (FY11)• Enterprise Authentication and Access
Control (FY11)
• Enterprise User Data• Personnel Portal at DMDC (FY11)• Enterprise Identity & Contact Data
Synchronization (FY11)
“My CAC works at any base I go to – I just put it in a DoD computer and get an
account.”
“Wherever I am, I can get to my e-mail, files & content, use office apps
and find people.”
“I can always be sure people can find me because there’s just one place to
enter my info.”
“I never have to make up a username, because its always the same everywhere
– NIPR & SIPR.”
2
A Combat Support AgencyA Combat Support Agency
3
Person versus PersonaPerson versus Persona
PERSON DATAIdentity: EDI PI (EUN)Contact: Home PhoneAccess: Citizenship
PERSONA DATA - 1Identity: EDI PI + Persona Type Code (Persona Username)Contact: PDN, Work Phone, Email AddressAccess: PKI Certificates, Clearance, OUID
PERSONA DATA - 2
PERSONA DATA - X
“Smith, John E CAPT USN PACOM MIL (US)”
• DOD Persona Display Name (PDN)• Persona based• Changes as data changes• Data from DMDC• Implemented by DMDC in FY10• Mandatory when accounts with display names
used (such as DCO, E-Mail)• Orgs may append local fields
DEERS
Data Update Interfaces
Attribute Services
“john.e.smith34.mil”
• DOD Persona Username (PUN) – (EUN) + Persona Extension
• Persona based• Permanently assigned (assigned another if
name changed)• Data from DMDC• Implemented by DMDC – Apr 10• Seeded from AKO/DKO and NMCI• Mandatory when accounts used
• One account per Persona• Access control will need to convert from
Person-based to Persona-based
A Combat Support AgencyA Combat Support Agency
Identity & Access ControlIdentity & Access ControlFY 11 Architecture*FY 11 Architecture*
Accountable Data Sources
Data Wholesalers
· Users
· Component Manpower & Personnel Systems
· GFM-DI
· Federal Networks
· Foreign Allies
· NGOs
· Certificate Authorities
· Other Sources
Data Consumers
without accounts
Access Control
Data Retailers
User Account Services
Enterprise
Local Component
A. Basic Web ServicesB. Information Sharing ServicesC. File StorageD. Edge Services
AccountProvisioning
EdgeServices Management
End-UserDevices
LocalApps, Services,& Edge Services
Users
Persons& Personas
Organizational
Non-personentities
CertificateIdentificationCredentials
Whole
sale
Attri
bute
Servi
ces
1
2
3
Limited Number of Interfaces Many Interfaces
Enter
prise
App
licati
ons &
Servi
ces
AccountProvisioning
EdgeServices Management
EnterpriseAttribute Services
(EAS)
EnterpriseSynchronization Services (ESS)
A. Basic Web Services: E-Mail, White Pages, Office Automation, etc.B. Information Sharing Services: Search, Collaboration, Wikis, Blogs, etc.C. File Storage: For Individuals and OrganizationsD. Edge Services: Replication for disconnected operations
1. End-User device access2. Access to Local Applications3. Access to Enterprise Services
EASF
Others
GNEC
AFNET
IdSSEASF
BBS
* Architecture based on Enterprise User Data Management Plan for Persons and Personas (approved by DoD CIO, DMDC, & DISA)
indicates Identity Synchronization, and Account Provisioning & Access Control components being implemented now; other components in various stages of planning and/or implementation
(DMDC)
(GDS)
Personnel Portal
4
A Combat Support AgencyA Combat Support Agency
Identity SynchronizationIdentity SynchronizationService (IdSS) – Near TermService (IdSS) – Near Term
5
Enterprise Synchronization Services (ESS)
Identity Data Directory (IDD)
Interface
Bulk Load
Web ServiceInterface
DMDC
EDS-LiteInterface
GDSInterface
GNEC
WholesaleAttributeServices
Access ControlUser Account Services
DOD Enterprise
Local Component
A. Basic Web ServicesB. Information Sharing ServicesC. File StorageD. Edge Services
Ente
rpris
e A
pplic
atio
ns &
Ser
vice
s
End-UserDevices
LocalApps, Services,& Edge Services
1
2
BBSDownloader
WhitePages
JEDSInterface
1. End-User device access
2. Access to Local Applications
3. Access to Enterprise Services
3
AFNET
OthersOthers
Data RetailersData Sources Data Consumers Users
Wholesalers
LDAPInterface
Staging &Transformation
Database
USA
USAF
DON
GDS
Others
GNEC
AFNET
Identity Data Directory (IDD)
EASF
A Combat Support AgencyA Combat Support Agency
Enterprise E-Mail Service
• DoD Enterprise Focus• Enterprise Data & Scaling• US Army first
• DISA Managed Service• DISA DECC Hosted • Fully Redundant; Highly Available• Globally Distributed• 24 X 7 Operations• NIPRNet first, then SIPRNet
Classes of Service• Outlook Web Access (all users)• Outlook (business class users)• Blackberry Service (select users)
PAC
SATX
OKC
EUR
MECH
MONT
STL
OGD
Application Level
Replication
MailboxServerMailboxServer
ADAD
DMZSMTP*@mail.mil
Replication
NIPRNet
EdgeServerEdge
Server
MailboxServerMailboxServer
ADAD
DMZEdge
ServerEdge
Server
MailboxServer
MailboxServer
ADAD
DMZEdge
Server
EdgeServer
COLS
MailboxServer
MailboxServer
ADAD
DMZEdge
Server
EdgeServer
MailboxServer
MailboxServer
ADAD
DMZEdge
Server
EdgeServer
MailboxServer
MailboxServer
ADAD
DMZEdge
Server
EdgeServer
MailboxServer
MailboxServer
ADAD
DMZEdge
Server
EdgeServer
MailboxServer
MailboxServer
ADAD
DMZEdge
Server
EdgeServer
MailboxServer
MailboxServer
ADAD
DMZEdge
Server
EdgeServer
1st Pods• OKC 77K users• COLS 77K users
6
• Initial implementations all are consolidations of already-purchased Microsoft capability
• This will be the largest Microsoft Exchange capability ever implemented (by about a factor of 4)
• Microsoft made code changes to Exchange, Outlook, Vista, Windows 7, & Windows Server for direct Common Access Card (CAC) authentication (no Active Directory trusts required)
A Combat Support AgencyA Combat Support Agency
Customer Provides• Tier 1 Helpdesk• Windows Vista, Outlook 2007 with Microsoft DCR desktops or
Windows 7, Outlook 2010 desktops• Exchange Licenses• Migration Support (Current)• Handheld Devices and Client Access Licenses
DISA Provides• Exchange (Outlook Anywhere and Outlook Web Access)• Blackberry Support• Winmobile, iPhone, Android, SMEPED Support (Future) • Tier 2 and Tier 3 Helpdesk/Support• Migration Support (Future)
7
Service OfferingService Offering
A Combat Support AgencyA Combat Support Agency
8
Email InfrastructureEmail Infrastructure
8
IdSS(DECC Infrastructure only)
Exchange(in Pod & mini-Pod)
Active Directory(in Pod & mini-Pod)
Long-Term Storage(in Pod)
DMZ/EMSGDMZ/EMSG
Modular, Scalable, Flexible, and Repeatable
A Combat Support AgencyA Combat Support Agency
Deployment ProgressDeployment Progress
9
Site
18-F
eb
-11
25-F
eb
-11
4-M
ar-
11
11-M
ar-
11
18-M
ar-
11
25-M
ar-
11
1-A
pr-
11
8-A
pr-
11
15-A
pr-
11
22-A
pr-
11
29-A
pr-
11
6-M
ay-1
1
13-M
ay-1
1
20-M
ay-1
1
27-M
ay-1
1
3-J
un
-11
10-J
un
-11
17-J
un
-11
24-J
un
-11
1-J
ul-
11
8-J
ul-
11
15-J
ul-
11
22-J
ul-
11
29-J
ul-
11
5-A
ug
-11
12-A
ug
-11
19-A
ug
-11
26-A
ug
-11
2-S
ep
-11
9-S
ep
-11
16-S
ep
-11
23-S
ep
-11
30-S
ep
-11
7-O
ct-
11
14-O
ct-
11
21-O
ct-
11
28-O
ct-
11
4-N
ov-1
1
11-N
ov-1
1
18-N
ov-1
1
25-N
ov-1
1
2-D
ec-1
1
NIPR Pod
DECC OKC 24-FEB
DECC COL 24-FEB
DECC MECH-ITA 5-MAY
DECC EUR 6-JUN
DECC MECH 13-JUN
DECC SATX 13-JUN
DECC PAC 02-MAR 30-JUL
DECC OGD 02-MAR 30-JUL
DECC RITA 19-AUG
DECC MONT 02-MAR 9-SEP
DECC STL 16-MAR 9-SEP
DECC EUR 2 TBD NIPR Mini-Pod
Raven Rock 6-JUN
Huntsville 16-MAR 31-AUG
Bragg 04-APR 15-SEP
Wainwright 8-MAR 30-SEP
Camp Walker 17-OCT
Yokota 2-MAY 17-OCT
Eustis 15-MAR 28-OCT
Knox 17-MAR 17-NOV
A Combat Support AgencyA Combat Support Agency
• Service Performance is a combination of Platform Performance, Network Performance, and Local Environment Performance.
• Troubleshooting is very complex and requires coordination between the various tiers of support.
• Local Desktop Configuration is just as important as any other part of the system.
10
Lessons LearnedLessons Learned
A Combat Support AgencyA Combat Support Agency
Customer Management Executives
Name Job Title Phone Email
Col Donald Morgan CD2 Customer Relationship Management Division Chief (Fort Meade MD) (301) 225-7209 DSN 375 [email protected]
Ron Roberson (Acting) CD2 Deputy, Customer Relationship Management Division (Denver) (303) 224-1768 DSN 926
Mark Foster CD21 DFAS / DLA / BTA / TRANSCOM Support Branch Chief (Mech) (717) 605-1492 DSN 430 [email protected]
Mark McSorley CD22 Army Support Branch Chief (Fort Meade MD) (301) 225-7214 DSN 375 [email protected]
Scott Baker CD23 MHS / TRICARE Support Branch Chief (Montgomery) (334) 416-5894 DSN 596 [email protected]
Robert PlummerCD24 Joint Staff / COCOM / OSD-DoD / Classified Branch Chief (Fort Meade MD) (301) 225-7228 DSN 375 [email protected]
Kimberly Schneider CD25 Air Force Support Branch Chief (Fort Meade MD) (301) 225-7205 DSN 375
Paul Crumbliss CD26 Navy/Marine Corps Support Branch Chief (Fort Meade MD) (301) 225-7210 DSN 375 [email protected]
Jason Martin CD28 DISA Support Branch Chief (Fort Meade MD) (301) 225-7013 DSN 375 [email protected]
11
A Combat Support Agency
Questions?
12