No Slide Title

Download Report

Transcript No Slide Title

AF Transformation 2011
Frank Konieczny
AF Chief Technology Officer
SAF/A6
Warfighting Integration
and Chief Information Officer
March 2011
1
Major Drivers
SECURITY

98% of stolen records
linked to criminals
outside orgs (Verizon 2010 Data
FUNDING

Congress budgetary
discussions

$ 1B+ Cut over the
FYDP

AF Efficiency
Initiatives
Breach Investigation Report)

73,000 new malware
strains per day during
the first quarter of 2011
(PandaLabs Q1 Report))
TECHNOLOGY
 Thousands of new
products and
services every year
 Global Providers
 IT Acquisition
Reform
CULTURE

Airman expectations

Social Networking

Mobility
Integrity - Service - Excellence
2
Efficiencies Transformations

Implementing AF-wide enterprise core services (e.g., email)
 Consolidating data centers and associated servers
 Further consolidating AF IT purchases

Reducing the number of AF firewalls, Internet gateways, and
associated infrastructure, while maintaining or improving security

Reducing commercial Satellite Communications (SATCOM) costs
by centralized purchasing and provisioning of services

Migrating current and developmental applications, services, and
data to an AF standardized IT environment

Reducing telecommunications costs by integrating voice, video,
and data services on the network – Unified Communication and
Collaboration
Integrity - Service - Excellence
3
Transforming System Development
As - Is Infrastructure
Servers
Program
Storage
Program
Storage
Program
Services
• Web Services
• Increased Flexibility
• Reduced Duplication
• Enterprise Authentication &
Authorization
• Increased Security
• AF-wide Access
• Virtualization
• Reduced HW Rqmts
• Reduced Facilities Costs
• Blade Processors
• Reduce Data Center Rqmts
• Enterprise SW Licenses
• Increased Standardization
• Reduced Cost
• Virtualized Storage
• Increased Responsiveness
• Enterprise Data
• Authoritative Data Sources
• Data De-duplication
Consolidated Enterprise IT Baseline
Based Configuration
Program
Storage
Program-centric Infrastructure
Client Devices
Servers
To - Be Infrastructure
Transformation
Web
Services
Web
Services
Web
Services
Work Flow
Reliable Messaging
Authentication
Authorization
Windows
Virtualization Layer
Blade
Processors
Metadata
Environment
Virtualized Storage
Enterprise Data
Different development teams in the enterprise, if not properly guided or monitored, may tend to choose the path of least
resistance or resort to technologies that they are familiar with, which can add to integration complexity.
I n t Chaos;
e g rA-G
i tMagazine,
y - S 15e Sep
r v10i
Take Charge of Application Integration
Linux
ce - Excellence
Transformation Cloud Services

Investigating all service layers

IaaS/PaaS architecture specified by the AF
(standards, protocols, GOTS/COTS, web
services, etc.)

AF Consolidated Enterprise IT Baseline
drives specification to ensure system
networthiness
AF determined SLAs

Secured Hypervisor Concerns
Information Services
SaaS -Application Services
PaaS -App Infrastructure Services
IaaS - System Infrastructure Services
Integrity - Service - Excellence
Cloud
Enablers
Management & Security

Business Services
5
Web Services Delivery
Transformation

Web services paradigm for
optimizing development reuse and
cloud performance/ flexibility

Web Services for accessing
authoritative data sources

Security Extensions
 Policy Based Access Controls –
ABAC/RBAC
 Authentication and
Authorization at each access
point for exposed web services

Security challenge to “ensure” a
security (non tampered) path from
user to data source and back
Integrity - Service - Excellence
Depth in Depth Security
Transformation
Full Spectrum Attacks
• Data Stolen/Altered
• Applications Compromised
• Networks Still Targeted
285 million records
compromised in 2009
Verizon 2010 Data
Breach Report
Traditional Focus
Network
Apps
S/W
Data
Shifting Focus
I n“Work”
t e g r i tof
y the
- S eNetwork
r v i c e - in
E Addition
x c e l l e nto
c ethe Network
Securing the
End-End Security [WS-Security]
End-to-End 2-Way Authentication
Service
Invoker
Intermediaries
Service
Provider
Application
SOAP
HTTP
TLS/SSL
Application
Web Services Security
(Authentication, Integrity,
Confidentiality, Non-Repudiation, Access Control (SAML))
SSL
(Integrity, Confidentiality)
SOAP
HTTP
TLS/SSL
TLS/SSL
TCP
TCP
IP
IP
IP
MAC
MAC
MAC
Client
Application
SSL Endpoint
Service
SSL Processor
or HTTP
Service
Implementation
Code
TCP
UNTRUSTED NETWORK
Integrity - Service - Excellence
Communication/Collaboration
Transformation
Rich Presence

Willingness, ability and preference of a users’ communication

Intelligent voice, messaging, time-sensitive task/doc routing
Instant Messaging

One-click access and easy escalation to chat, voice and VTC
Voice and Voice Conferencing

Find contacts quickly, dial and easy escalation to VTC
Unified Messaging

Voicemail to email/vice versa; chat to e-mail
Video P2P and VTC

Simple initiation/easy escalation to conf (desk top and suite)
ATRIX 4G
Video Broadcast

Commanders message, Emergency message, etc
Desktop Collaboration

Desktop sharing, briefings / presentations and file transfer
Dual Persona Playbook
Mobile User Access

Smartphone, LMR, Web, bandwidth tolerant
Cross Domain (security, functional)
Integrity - Service - Excellence
Gesture Recognition
Dual Persona Playbook
Single Integrated Network Environment
MUOS
Commercial
WGS
AEHF
Net Enabled ISR
RQ-4
We must be able to work
High Alt
Gateway Relay
Net Enabled Nuclear
Response
• between layers
• between networks
• between environments
High Capacity Backbone
When required
Link-16
Voice
B-52
SADL
VMF
E-2
C-17
KC-135
Net Enabled MAF
B-52
E-3
MQ-1/9
F-15E
Legacy TDLs
Net Enabled C2 ISR
EC-130
RC-135
B-1
F/A-18
F-22
F-15C
ERMP
E-8
Mid Alt
Gateway
Relay
F-16
A-10
F-35
Net Enabled
Attack / Weapons
Permissive
ADC
TOC
DCGS
JFLCC
Op Net Mgt
F-35
Net Enabled SOF
H-60
ASOC
Tact’l Net Ops
CAOC
DCGS
JFACC
Op Net
Mgt
XX
B-2
Advanced TDLs
CRC
Tact’l Net Ops
JFMCC
II
X
Contested
Anti-access
OptNet
In
e Mgt
grity - Service - Excellence
Joint Aerial Layer Network (JALN)
Initial Capabilities Document (ICD)
AF OV-1
How Do We Get There?

Secure cloud computing solutions

Guaranteed information assurance

Consolidated Enterprise IT Baseline

Library of capability-based services & applications

Commoditization of Edge Devices

Operational applications

Reliability at reduced costs

Industry Partnership
X-37B
Integrity - Service - Excellence
Questions
Integrity - Service - Excellence
12