Theater Deployable Communications (TDC) and Virtualization

1
Theater Deployable Communications (TDC)and
Virtualization

• Charles Jaglinski
• TDC NCC-D Lead Engineer
• 753 ELSG/TD
• 11 Dec 08

2
Agenda

• What is TDC
• NCC-D Packages
• NCC-D Requirements
• Virtualization

3
TDC Overview

• TDC system provides a tactical extension of the
  Global Information Grid (GIG). GIG services
  included
• Defense Information Systems Network (DISN)
  elements
• Non-classified Internet Protocol Routing Network
  (NIPRNET)
• Secret Internet Protocol Routing Network
  (SIPRNET)
• Defense Switched Network (DSN)
• There are three major elements to TDC
• Integrated Communications Access Packages (ICAP)
• On-base transmission, multiplexing, voice, data,
  system kits, multi-purpose kits
• SATCOM Terminals
• Long Haul Transmission
• Network Control Center Deployed (NCC-D)
• Network operations, Information Assurance,
  Network User Services

TDC provides the warfighter flexible,
lightweight, modular, scalable, and integrated
deployable communications
4
TDC Implementation Tenets

• TDC Mission To select, integrate, field, and
  support communications equipment for deployed AF
  operations
• COTS/GOTS, standards-based solutions
• Approved Product List (JITC Approved
  Hardware/Software)
• Evolving baseline
• TDC baseline evolves annually to incorporate
• Feedback from users
• Fixes for reliability issues
• Replacement of obsolete parts
• Field common fixed/deployed equipment
• Two-version rule
• ICAP and NCC-D subdivided into series of modules
  and kits
• To minimize training and support issues - no more
  than two versions of any ICAP/NCC-D module in the
  field simultaneously

5
TDC Notional Base
6
Network Control Center - Deployed
Provides network management, information
assurance, and network core services for
NIPRNET/SIPRNET

• NCC-D Light
• MS Windows 2003 Server
• MS Exchange 2003
• MS Outlook 2003
• Kiwi Cat_Tools
• Symantec Anti Virus
• Symantec Mail Security
• Sidewinder Security Appliance w/Smart Filter

7
Network Control Center - Deployed
Provides network management, information
assurance, and network core services for
NIPRNET/SIPRNET

• NCC-D Heavy
• MS Windows 2003 Server
• MS IIS 2003
• MS Exchange 2003
• MS SQL Server
• Kiwi Cat_Tools
• Symantec Anti Virus Corporate Edition
• Symantec Mail Security
• Symantec Enterprise Security Manager (ESM)
• WhatsUp Gold Professional
• Sidewinder Security Appliance
• Blue Coat Security GatewayWebfilter
• Veritas Backup Exec Server
• Veritas Exchange with Open File Option
• Remedy
• Misc. (Adobe, IE, MS Readers, etc.)

8
Dell NCC-D Package
Server 2
HP OpenView
CAT Tools
SQL Server Standard
PERL
Remedy
Enterprise Security Management (ESM) Manager
Case 1 -- 11U 261 Lbs
Server 1
DC-1
DNS Internal
9
Dell NCC-D Package
Server 1
DC-2
DNS Internal
Exchange Server Enterprise Edition
IIS
Case 2 -- 11U 261 Lbs
10
Dell NCC-D Package
Two other cases
Case 3 110 Lbs
Monitor Flat Panel, 17-Inch (3)
Computer Mouse, Optical (3)
Keyboard (3)
Case 4 110 Lbs
Hard Disk Drives for Servers (22)
Support 1200 People Support 1200 People
Case1 261
Case 2 261
Case3 110
Case 4 110
Total 742 lbs

Support 3000 People Support 3000 People
Case1 261
Case 2 261
Case3 110
Case 4 110
Total 742 lbs
Grand Total 1484 lbs
11
NG NCC-D Package
Case 1 -- 11U 275 Lbs
Server 1
HP OpenView
Enterprise Security Manager
CatTools
Server 2
Remedy
SQL Server
12
NG NCC-D Package
Server 1
DC 1
Internal DNS
Case 2 -- 11U 275 Lbs
Server 3
File and Print
Server 2
DC 2
Exchange Server Enterprise Edition
Server 4
Backup Exec
13
NG NCC-D Package
Case 3 110 Lbs
Monitor Flat Panel, 17-Inch (3)
Computer Mouse, Optical (3)
Keyboard (3)
Support 1200 People Support 1200 People
Case1 275
Case 2 275
Case3 110
Total 660 lbs

Support 3000 People Support 3000 People
Case1 275
Case 2 275
Case3 110
Total 660 lbs
Grand Total 1320 lbs
14
DoD IA Regulations
CJCSI 6510.01D, Information Assurance and
Computer Network Defense, 15 Jun 2004 DoDD
8500.1, Information Assurance (IA), 24 Oct
02 DoDI 8500.2, Information Assurance (IA)
Implementation, 6 Feb 03 STRATEGIC COMMAND
DIRECTIVE 527.1, Information Operations
Conditions Systems Procedures, 27 Jan 06 JTF-GNO
WARNORD 07-003 DoD STIG DoD IA Enterprise
Solutions STIG
15
IA Solution
I A Case 9U
HBSS (Host Based Intrusion Detection (HIDS) Network Intrusion Detection (NID))
Rem/Retina (being replaced)
McAfee Remediation Manager
IntruShield


Adds Approx 7 Cubic Feet Space
Adds Approx 275 lbs
16
Issues

• Expensive IA requirements
• Mostly in hardware
• Two different NCC-D Packages in the field
• Training issues
• Logistics Issues
• Current NCC-D Packages 4 years old
• Need to field replacement in 2 years

17
RFP Requirements
The purpose of the NCC-D is to allow the deployed
communications personnel to proactively and
reactively manage and protect the network
infrastructure, and to protect sensitive data
transported over the WAN via state-of-the-art
COTS products that will satisfy the Air Forces
need for standardization and reduced life cycle
costs.   The NCC-D package is defined to support
100, 500, 1000 and 3000 personnel incrementally
with a connected ratio of 1 to 3 or 10 to 1000
devices utilizing the network at the same time.
It shall provide for a logical transfer of
services without disruption to either NIPRNET or
SIPRNET. The NCC-D shall be broken down into
manageable components. It shall be packaged along
functions i.e. edge devices (proxy servers,
firewalls, IDS, etc), switching, servers and
storage. This is an effort to reduce unneeded
duplication of service when robusting a specific
item, for example if more servers are needed we
do not want more firewalls, proxies or IDS
equipment. This package is the point of entry
and egress for all NIPRNET and SIPRNET and shall
protect the network from intrusion while
maintaining services to the base personnel.   All
Information Assurance (IA) hardware and software
shall be listed on the Common Criteria page on
DISAs website at the time of contract award.
18
RFP Requirements (cont.)
The integrator shall provide software images and
appropriate VMware scripts to automate the
reloading of all Windows-based servers to include
applications. These images shall provide the
capability to choose (change) the system NetBIOS
name, System Fully Qualified Domain Name (FQDN)
(DNS name), IP address, and the system SID
(Microsoft Security Identifier). This will speed
up frequent re-installations of all NCC-D servers
in the field and reduce the amount of time needed
for deployment. The integrator shall provide one
CD with the software image for each server type
for each package.
19
Solution

• Through Virtualization
• we solved
• IA Issues
• Different NCC-D packages
• Weight
• Size

20
Transit Cases
21
Weight
Support 3000 People IA Requirements Support 3000 People IA Requirements
Case 1 edge 166 lbs
Case 2 switch 114 lbs
Case 3 servers 119 lbs (times 2)
Case 4 storage 115 lbs
Total 633 lbs


VS 1759 lbs
22
Added Benefit
The biggest benefit to TDC and the Government.
Virtualization Saved Approximately
16,000,000 Over a separate IA solution and
future NCC-D replacement
23
Virtualization Software
1.  VMWare Infrastructure - Enterprise
Edition        - ESX Server         - ESX "i"
Server (firmware integrated)         -
VMotion         - StorageMotion         - High
Availability         - Distributed Resource
Scheduler         - Consolidated Backup         -
Distributed Power Management         - Update
Manager   2.  Virtual Center
24
iSCSI NAS
25
Summary

• Virtualization Allowed
• TDC to meet its IA requirements while reducing
• Weight
• Space
• Cost
• Logistics Tail
• Training Requirements

26
Questions?