No Slide Title
Download
Report
Transcript No Slide Title
AF Transformation 2011
Frank Konieczny
AF Chief Technology Officer
SAF/A6
Warfighting Integration
and Chief Information Officer
March 2011
1
Major Drivers
SECURITY
98% of stolen records
linked to criminals
outside orgs (Verizon 2010 Data
FUNDING
Congress budgetary
discussions
$ 1B+ Cut over the
FYDP
AF Efficiency
Initiatives
Breach Investigation Report)
73,000 new malware
strains per day during
the first quarter of 2011
(PandaLabs Q1 Report))
TECHNOLOGY
Thousands of new
products and
services every year
Global Providers
IT Acquisition
Reform
CULTURE
Airman expectations
Social Networking
Mobility
Integrity - Service - Excellence
2
Efficiencies Transformations
Implementing AF-wide enterprise core services (e.g., email)
Consolidating data centers and associated servers
Further consolidating AF IT purchases
Reducing the number of AF firewalls, Internet gateways, and
associated infrastructure, while maintaining or improving security
Reducing commercial Satellite Communications (SATCOM) costs
by centralized purchasing and provisioning of services
Migrating current and developmental applications, services, and
data to an AF standardized IT environment
Reducing telecommunications costs by integrating voice, video,
and data services on the network – Unified Communication and
Collaboration
Integrity - Service - Excellence
3
Transforming System Development
As - Is Infrastructure
Servers
Program
Storage
Program
Storage
Program
Services
• Web Services
• Increased Flexibility
• Reduced Duplication
• Enterprise Authentication &
Authorization
• Increased Security
• AF-wide Access
• Virtualization
• Reduced HW Rqmts
• Reduced Facilities Costs
• Blade Processors
• Reduce Data Center Rqmts
• Enterprise SW Licenses
• Increased Standardization
• Reduced Cost
• Virtualized Storage
• Increased Responsiveness
• Enterprise Data
• Authoritative Data Sources
• Data De-duplication
Consolidated Enterprise IT Baseline
Based Configuration
Program
Storage
Program-centric Infrastructure
Client Devices
Servers
To - Be Infrastructure
Transformation
Web
Services
Web
Services
Web
Services
Work Flow
Reliable Messaging
Authentication
Authorization
Windows
Virtualization Layer
Blade
Processors
Metadata
Environment
Virtualized Storage
Enterprise Data
Different development teams in the enterprise, if not properly guided or monitored, may tend to choose the path of least
resistance or resort to technologies that they are familiar with, which can add to integration complexity.
I n t Chaos;
e g rA-G
i tMagazine,
y - S 15e Sep
r v10i
Take Charge of Application Integration
Linux
ce - Excellence
Transformation Cloud Services
Investigating all service layers
IaaS/PaaS architecture specified by the AF
(standards, protocols, GOTS/COTS, web
services, etc.)
AF Consolidated Enterprise IT Baseline
drives specification to ensure system
networthiness
AF determined SLAs
Secured Hypervisor Concerns
Information Services
SaaS -Application Services
PaaS -App Infrastructure Services
IaaS - System Infrastructure Services
Integrity - Service - Excellence
Cloud
Enablers
Management & Security
Business Services
5
Web Services Delivery
Transformation
Web services paradigm for
optimizing development reuse and
cloud performance/ flexibility
Web Services for accessing
authoritative data sources
Security Extensions
Policy Based Access Controls –
ABAC/RBAC
Authentication and
Authorization at each access
point for exposed web services
Security challenge to “ensure” a
security (non tampered) path from
user to data source and back
Integrity - Service - Excellence
Depth in Depth Security
Transformation
Full Spectrum Attacks
• Data Stolen/Altered
• Applications Compromised
• Networks Still Targeted
285 million records
compromised in 2009
Verizon 2010 Data
Breach Report
Traditional Focus
Network
Apps
S/W
Data
Shifting Focus
I n“Work”
t e g r i tof
y the
- S eNetwork
r v i c e - in
E Addition
x c e l l e nto
c ethe Network
Securing the
End-End Security [WS-Security]
End-to-End 2-Way Authentication
Service
Invoker
Intermediaries
Service
Provider
Application
SOAP
HTTP
TLS/SSL
Application
Web Services Security
(Authentication, Integrity,
Confidentiality, Non-Repudiation, Access Control (SAML))
SSL
(Integrity, Confidentiality)
SOAP
HTTP
TLS/SSL
TLS/SSL
TCP
TCP
IP
IP
IP
MAC
MAC
MAC
Client
Application
SSL Endpoint
Service
SSL Processor
or HTTP
Service
Implementation
Code
TCP
UNTRUSTED NETWORK
Integrity - Service - Excellence
Communication/Collaboration
Transformation
Rich Presence
Willingness, ability and preference of a users’ communication
Intelligent voice, messaging, time-sensitive task/doc routing
Instant Messaging
One-click access and easy escalation to chat, voice and VTC
Voice and Voice Conferencing
Find contacts quickly, dial and easy escalation to VTC
Unified Messaging
Voicemail to email/vice versa; chat to e-mail
Video P2P and VTC
Simple initiation/easy escalation to conf (desk top and suite)
ATRIX 4G
Video Broadcast
Commanders message, Emergency message, etc
Desktop Collaboration
Desktop sharing, briefings / presentations and file transfer
Dual Persona Playbook
Mobile User Access
Smartphone, LMR, Web, bandwidth tolerant
Cross Domain (security, functional)
Integrity - Service - Excellence
Gesture Recognition
Dual Persona Playbook
Single Integrated Network Environment
MUOS
Commercial
WGS
AEHF
Net Enabled ISR
RQ-4
We must be able to work
High Alt
Gateway Relay
Net Enabled Nuclear
Response
• between layers
• between networks
• between environments
High Capacity Backbone
When required
Link-16
Voice
B-52
SADL
VMF
E-2
C-17
KC-135
Net Enabled MAF
B-52
E-3
MQ-1/9
F-15E
Legacy TDLs
Net Enabled C2 ISR
EC-130
RC-135
B-1
F/A-18
F-22
F-15C
ERMP
E-8
Mid Alt
Gateway
Relay
F-16
A-10
F-35
Net Enabled
Attack / Weapons
Permissive
ADC
TOC
DCGS
JFLCC
Op Net Mgt
F-35
Net Enabled SOF
H-60
ASOC
Tact’l Net Ops
CAOC
DCGS
JFACC
Op Net
Mgt
XX
B-2
Advanced TDLs
CRC
Tact’l Net Ops
JFMCC
II
X
Contested
Anti-access
OptNet
In
e Mgt
grity - Service - Excellence
Joint Aerial Layer Network (JALN)
Initial Capabilities Document (ICD)
AF OV-1
How Do We Get There?
Secure cloud computing solutions
Guaranteed information assurance
Consolidated Enterprise IT Baseline
Library of capability-based services & applications
Commoditization of Edge Devices
Operational applications
Reliability at reduced costs
Industry Partnership
X-37B
Integrity - Service - Excellence
Questions
Integrity - Service - Excellence
12