Date post: | 15-Dec-2015 |
Category: |
Documents |
Upload: | athena-gerald |
View: | 219 times |
Download: | 3 times |
NATO UNCLASSIFIED
IEG Portfolio (Scenario A and B)
US-NATO Information Sharing (UNIS) TEM62 December 2009
Leon SchenkelsNC3A Core Applications
Core Enterprise Services (CAT7)
2
Manages and secures information services in between NATO and external organisations. (Supports multiple interoperability scenarios).
Supports core and functional AIS services interoperability based on agreed standards.
Provides flexibility, scalability and high availability.
Complies with NATO policies, Major references: Infosec Technical and Implementation Directive for the Interconnection of Communication and
Information Systems. NATO interoperability Directive (chapter 7) Guidance document on the implementation of gateways for information exchange between
NATO and external CIS communities.
NATO USER
NATO DOMAIN OTHER DOMAIN
OTHER USER
IEGINFORMATION EXCHANGE
NATO IEG
What is the IEG
NATO UNCLASSIFIED
3
What are the IEG scenarios
• NATO standardised approach to cross domain information exchange
• Several scenariosA: NS ↔ NS (Enclave)B: NS ↔ NATO Nation SecretC: NS ↔ Mission SecretD: NS ← (↔) NNN/IO
• Supports Core and Functional services
NNN/IO
NNN/IO
NATO-led CRO/DJSE
NATO Nation
NATO Restrictedor Unclassified
NATO enclave
NATO Classifiedor Secret
IEG Scenario A
Appendix 2, Case A
IEG Scenario B Appendix 2, Case B
IEG Scenario C
Appendix 1, Case A
PAN
Appendix 3, Case A
Data D
iode
Appendix 3, Case B
Data D
iodeA
ppendi x 3, Case B
IEG Scenario C+
Appendix 1, Case B
NATO UNCLASSIFIED
4
IEG Architectural Approach
IEG developed as discrete components supported by generic infrastructure.
Advantages: Re-uses the core
services infrastructure Accreditation tasks are
simplified (fewer components).
Maintainable (minimises the number of additional proxies)
InfoSec
IEG Infrastructure
IEG Functional Services
Generic IEG-FS proxy
GuardFSconv
FSconv
IEG Core
Link-1Link-11Link-16Link-22OTH-GoldNFFIADatP-3 B11CUSMTFXMPPMIP-DEM
Link-1Link-11Link-16Link-22OTH-GoldNFFIADatP-3 B11CUSMTFXMPPMIP-DEM
WEBE-MailDirectoryMMHS
MSG Proxies
WEBProxy
Dir.Proxy
WEBE-MailDirectoryMMHS
NATO UNCLASSIFIED
NATO UNCLASSIFIED 5
Information Exchange Gateway case A+BSymmetric IEGs
NATO
MTA
WEB
Proxy
IDS
MTA
WEB
Proxy
IDS
Z Z NATONation
DSADSA
BPD
BPD
NATO UNCLASSIFIED 7
Phased approach to NATO RIEGs
Phased increase in security protection Step 1 (Scenario A implementation)
Build network level infrastructure (Firewall, IDS) Local/central management as required Add web proxy services first, then email (through
Email Upgrade project). May require some waivers for IATO
Step 2, 3 etc (Scenario B Implementation) Add formal messaging and directory services
Directory Services for Email may be added by Email Upgrade project (GAL Sync)
Add other services when authorised e.g. TDL
NATO UNCLASSIFIED 8
Case A IEG Project Status
Case A IEG Project - Authorisation for 6 NATO Regional IEGs & 18 National IEGs Stage 2 Authorisation Request 3Q07 Contract award 2Q08 Regional IEGs installation completed 2Q09 National Site Surveys commence 3Q09 National IEGs installation begins 1Q10 Final Acceptance Test 4Q10
NATO UNCLASSIFIED 9
Scenario B IEG Planning Project
Future Milestones
Validation of technical solution – 3Q09 TBCE developed – 4Q09 TBCE screened by WGNTE – 1Q10 Contract Signed – 4Q10 Service Transition/Installation Commences – 1Q11 Project Completion – 4Q13
NATO UNCLASSIFIED 10
Email Upgrade
Email Upgrade – Programmatic Proposals received – Oct 2007 Price evaluation completed – Dec 2007 Technical evaluation commencement – Mar 2008 Contract award - 2Q09 Compliance Tests – 4Q09 Commence deployment in – 2Q10 Complete deployment in – 3Q10
NATO UNCLASSIFIED 11
NATO Messaging System - Phase 1
NMS Phase 1 Factory Acceptance Testing complete – Feb 2006 Certification Testing complete – Oct 2006 Alternate Solution Evaluation
Compliance Testing complete – Feb 2007 Usability Testing complete – Mar 2007 Evaluation report – Jul 2007 NMS Phase 1 contract amended - April 2009 Phase 1 Amendment coordination
Award Amendment contract –1Q09 Regression testing of upgrades – 1Q10 Site surveys and preparations – 3Q09 - 4Q09 Begin Phase 1 deployment (surveys and installation) – 2Q10 – 4Q10 IOC (System Acceptance for Phase 1) – 2Q11
NATO Messaging System – Phase 2
Phase 2 coordination commencement – 4Q09 Minimize gap between Ph 1 and Ph 2 Subject to successful initial deployment of Ph 1 Replace PKI with NATO PKI, ACP145, Integration into
IEG B, Interoperability tests with Nations Identification of Phase 2 Sites Successful system testing of Phase 1 sites
Phase 2 Authorization – 3Q10 ACP145 inclusion (if joint standard ratified) ACP133 Edition C inclusion (latest ratified version) IEG Scenario B integration NATO PKI deployment
FOC (end Phase 2) – 2Q12
12NATO UNCLASSIFIED
NATO UNCLASSIFIED 13
NATO Enterprise Directory Service (NEDS)
NEDS Project Status Phase 1 completed – Sep 2008 Phase 2 Authorization Request – Nov 2008 Information for Bidders release – 3Q09 Contract Award – 1Q10 Site Surveys – 2Q10 Initial Operational Concept commencement – 1Q11 Final System Acceptance – 2Q11
IEG A project milestones
NATO UNCLASSIFIED 14Now
R-IEG
N-IEGS.S
2009 2010 2011 2012
N-IEGD’ploy
N-IEGFOC
IEGWeb NEDS*
* Information Provider Only
NMS Ph 1
NMS Ph 2ARH
BMTA
PTC Enhancements
IEG-B
IEMSEmail
DS
IEMSEmail
DS
IEG-C KFOR
IEG-C+ KFOR
IEG B project milestonesIEG C project milestonesThe IEG portfolio
NATO UNCLASSIFIED 16
CONTACTING NC3A
NC3A Brussels
Visiting address:
Bâtiment ZAvenue du Bourget 140B-1110 BrusselsTelephone +32 (0)2 7074111Fax +32 (0)2 7078770
Postal address:NATO C3 AgencyBoulevard Leopold IIIB-1110 Brussels - Belgium
NC3A The Hague
Visiting address:
Oude Waalsdorperweg 612597 AK The Hague
Telephone +31 (0)70 3743000Fax +31 (0)70 3743239
Postal address:NATO C3 AgencyP.O. Box 1742501 CD The HagueThe Netherlands