Download CDCIE - APAN Community

USJFCOM/J9
Cross Domain
Collaborative Information Environment
(CDCIE)
Joint Capability Technology Demonstration
(JCTD)
Overview
COCOM Sponsor: USJFCOM, USTRANSCOM
Supporting COCOMs: USNORTHCOM, USSTRATCOM
Service & Supporting Participants: USN, USAF, NSA, DISA, Coalition
OSD Oversight Executive: DUSD (AS&C), Fritz Schulz
Operational Manager: USJFCOM J9, Jim Clark
Technical Manager: USJFCOM J9, Alyson Miller
Deputy Transition Manager: DISA PEO-GES NCES, Capt. Jason Burroughs
UNCLASSIFIED
Briefing ver. 19
12/01/2009
DISTRIBUTION STATEMENT C
Distribution authorized to U.S. Government Agencies
and their contractors, AUS, NZL, JPN, KOR, SWE,
FIN, and NATO member government representatives
and their contractors.
Other requests for this document must be referred to:
U.S. Joint Forces Command
115 Lake View Parkway
Suffolk, VA 23435
Attention: Alyson Miller, 757.203.3117
USJFCOM/J9
CDCIE JCTD*
• Project started in 2004 at USJFCOM J9
• Obtained JCTD rolling start status in 2008
– COCOM Sponsors: USJFCOM, USTRANSCOM
– Supporting COCOMs: USNORTHCOM,
USSTRATCOM
– Service & Supporting Participants: USN, USAF, NSA,
DISA, UK, AUS
– OSD Oversight Executive: DUSD(AS&C), Mr. Fritz
Schulz
– Implementation Directive (ID) signed in August 2008
• Transitioning to DISA by the end of FY10
*Joint Capability Technology Demonstration
UNCLASSIFIED
2
USJFCOM/J9
CDCIE Capabilities
Web Services
(WSG)
US Classified
Networks
Allied & Coalition
Classified Networks
Unclassified
Networks
Text Chat with
Language
Translation
(CG)
CDCIE
Data Sync
Guard
Whiteboard
with
Language
Translation
(CG)
Whiteboard
with
Language
Translation
(CG)
UNCLASSIFIED
CDCIE Guards
Operational collaboration and
data sharing across security
domains (networks).
Whiteboard
with
Language
Translation
(CG)
Web
Services
(WSG)
Text Chat with
Language
Translation
(CG)
Web Services
(WSG)
Text Chat with
Language
Translation
(CG)
3
USJFCOM/J9
CDCIE Chat 1.1
• CT&E Status:
– Completed NSA CT&E in October 2006
• Key Features:
– Available for deployment now!
– Cross Domain Multi-User Text Chat with Language Translation
– Cross Domain XML Guard
• Components:
– Collaboration Gateway (CG) 1.1.1 - Trident Systems, COTS
– Guards:
• DataSyncGuard (DSG) 2.1 - BAE Systems, COTS
– Clients:
• TransVerse 1.3, GOTS/Open Source
• InfoWorkSpace (IWS) 3.0, Ezenia, COTS
– Language Translation:
• Supports 20+ language pairs using SYSTRAN, Google Translate, and
CyberTrans
4
UNCLASSIFIED
USJFCOM/J9
CDCIE Chat 1.x w/ Language Translation
Transverse
Client
Domain 1
Domain 2
Language
Translation
Server
Language
Translation
Server
CG
AD
XML
Guard
CG
Transverse
Client
AD
AD – Microsoft Active Directory
CG – Collaboration Gateway
UNCLASSIFIED
5
USJFCOM/J9
TransVerse Chat Client
•
•
•
•
•
•
•
•
•
Pure XMPP client
• Key Features
Java based - Supported on Windows,
– Cross Domain Chat
Solaris, Linux, and MacOS X
– Cross Domain Whiteboard
Extensively tested in DOD and
– Tiled, Tabbed, and Cascaded
Coalition Exercises
Windows
Designed specifically to meet the chat
– “mIRC” like user interface
needs of Warfighters
– HyperRooms
Supports NCES Collaborative
– Searchable Chat Logs/History
Services Button 2 Jabber XCP
– Keyword monitoring and
servers
highlighting
Tested with all major XMPP servers
– Language Translation for both
Developed by cleared personnel
Chat and Whiteboard
Approved for use on AF GIG and is on
– File Transfer
the AF Evaluated/Approved Products
– Labeled Chat Messages (uses
List (AF E/APL)
IC ISM)
Approved for use on NMCI SIPRnet
and NIPRnet systems
Available from: https://xmpp.je.jfcom.mil
6
UNCLASSIFIED
USJFCOM/J9
Overview of Chat Interface
My Chat Sessions shows
all your active one-to-one
and group chat (chat
room) sessions.
Tabs for My Place, Chat,
Group Chat, etc…
Name Italics
and in red
means
participant is
in remote
domain.
My Contact contains
your Contact or Buddy
List for single domain.
-NOT ENABLED
FOR CROSS DOMAIN
USERS
UNCLASSIFIED
Translation
capability
Chat
classification
selection drop
down
Chat Session Windows.
Chat input area
USJFCOM/J9
Language Translation Client Capabilities
• TransVerse supports three modes of translation
1.
Automatic Translation of Sent Messages
•
•
2.
The client automatically determines the recipients’ languages and automatically
translates outbound messages to the recipients’ languages
The client always sends the original and translated text
Automatic Translation of Received Messages
•
•
3.
The client automatically determines the senders’ languages and automatically translates
inbound messages to the user’s language
The client also displays the original and translated text
Manual Translation with Software Assist of Sent Messages
•
–
Allows the user to translate to one or more languages with language translation software
assistance and then edit messages prior to sending.
Typically, TransVerse communicates with the language translation via
HTTPS/SOAP or a direct TCP/IP Socket connection
• Uses XMPP Extension Protocol “XEP-171: Language Translation”
• Web Chat supports displaying original and translated text and the ability
to set the language preference for sending/receiving messages.
8
UNCLASSIFIED
USJFCOM/J9
Language Translation Support
•
Supported Language Translation Engines
–
–
–
–
SYSTRAN via HTTPS/SOAP
Language Weaver via HTTPS/SOAP
Google Translate (if on Internet) via HTTP
NSA/CAMT’s CyberTrans via HTTPS/SOAP
• This middleware software provides access to a wide range of classified and unclassified
language translation servers.
– Almost any language translation engine that supports either a HTTP, SOAP, or
TCP/IP socket interface can be supported in about a week.
• Supported Languages
– All languages supported by SYSTRAN (over 20). Most major world
languages are supported.
– All languages supported by CyberTrans. List and number are classified.
• Localization of TransVerse GUI
– Localizing an application means the text in the graphical user interface (i.e.
menus, dialog boxes, prompts) are translated into the user’s language.
– The User Interface is currently localized for English, Spanish, and
Japanese.
– Adding other localizations is simply a translation effort and takes on
average 1-2 days.
9
UNCLASSIFIED
USJFCOM/J9
TransVerse with Automated Language Translation
Name Italics and in
red means
participant is in
remote domain.
() after name
indicates language
of participant
Original Text
Translated Text for
this participant's
language
Translated Text for
other participant’s
languages
Classification of the
chat messages
10
UNCLASSIFIED
USJFCOM/J9
TransVerse with Manual Translation
11
UNCLASSIFIED
USJFCOM/J9
CDCIE Chat 1.2
• CT&E Status:
– Based on CG 1.1.1 which completed NSA CT&E in October 2006.
• Key Features:
– Minor updates to CG 1.1 software
– Minor updates to DSG 2.1 software
– DSG-to-DSG adapters for bilateral networks.
• Components:
– Collaboration Gateway (CG) 1.1.2 - Trident Systems, COTS
– DSG-to-DSG adapter 1.0, Trident Systems, COTS
– Guards:
• DataSyncGuard (DSG) 2.1/2.3 - BAE Systems, COTS
– Clients:
• TransVerse 1.3+, GOTS/Open Source
• InfoWorkSpace (IWS) 3.0, Ezenia, COTS
– Language Translation:
• Supports 20+ language pairs using SYSTRAN, Google Translate, and
CyberTrans
12
UNCLASSIFIED
USJFCOM/J9
DSG2DSG Adapter 1.0
• A set of secure gateways that connect two or more DSGs operating on
the same network together so that XML messages can be relayed
from domain A to domain C via an intermediate domain B.
• GOTS
• Designed to run on a heavily secured RHEL system with a targeted
SE Linux policy in effect
• Communications between DSG2DSG adapters is TLS encrypted and
requires mutual PKI authentication.
• Setting up a pair of DSG2DSG adapters is a manual (non-dynamic)
process.
– A pairing of DSG2DSG Adapters and an associated data flow is called a
peered instantiation
– Each DSG2DSG Adapter will support at least 5 peered instantiations
– A DSG2DSG Adapter can support at least 5 DSGs or DSG messages
flows.
13
UNCLASSIFIED
USJFCOM/J9
Two Domain Support in Chat 1.2 using
DSG2DSG Adapters
Domain 1 - Country A
Transverse
Client
CG
AD
Domain 2 - Bi-lateral Network
DSG
DSG
adapter
DSG
adapter
Domain 3 - Country B
DSG
CG
AD
AD – Microsoft Active Directory
CG – Collaboration Gateway
UNCLASSIFIED
Transverse
Client
14
USJFCOM/J9
•
CT&E Status:
CDCIE Chat 2.0
– DSG 3.0 started NSA CT&E in 1 March 2009
• Initial CT&E results received Mid Oct 2009
• Working fixes to go into regression testing – completion planned for April 2010
– CG 2.0 undergoing IV&V – completion planned for early 2010
– DIA IA Certification and Accreditation for CG 2.0 planned for mid-March 2010
•
Key New Features:
– Cross Domain Whiteboard
– Enhanced Cross Domain Chat
• Web-based Chat
• Multi-domain (>2) & Cascaded Domain Support
• No per user cost
– Enhanced Cross Domain XML Guard
•
Components:
–
–
–
–
Collaboration Gateway (CG) 2.0 - Trident Systems, COTS
DSG-to-DSG adapter 1.0, Trident Systems, COTS
Web Services Gateway 1.0 - GOTS
Guards:
• DataSyncGuard (DSG) 2.1/2.3 and 3.0 - BAE Systems, COTS
• Radiant Mercury (RM) 4.5 - SPAWAR/Lockheed Martin, GOTS
• ISSE 3.6.1 - AFRL/ITT AES, GOTS
– Clients:
• TransVerse 1.4+, GOTS/Open Source
– Language Translation:
• Supports 20+ language pairs using SYSTRAN, Google Translate, and CyberTrans
15
UNCLASSIFIED
USJFCOM/J9
Multi-Domain Support in Chat 2.0
Domain 2
Web
Browser
Transverse
Client
AD
CG
Domain 1
Web
Browser
Web
Browser
CG
XML
Guard
CG
Transverse
Client
Transverse
Client
AD
AD
CG
Domain 3
AD
Domain N
Transverse
Client
Web
Browser
16
UNCLASSIFIED
USJFCOM/J9
Cascaded Domain Support in Chat 2.0
Domain 3 - Country 2
AD
Domain 2 - Coalition Network
Web
Browser
Domain 1 - Country 1
CG
Transverse
Client
XML
Guard
Transverse
Client
CG
Web
Browser
Transverse
Client
CG
XML
Guard
CG
AD
Web
Browser
AD
Transverse
Client
Web
Browser
AD
Web
Browser
CG
XML
Guard
Transverse
Client
CG
Web
Browser
Transverse
Client
Domain n - Country N
AD – Microsoft Active Directory
CG – Collaboration Gateway
UNCLASSIFIED
17
USJFCOM/J9
TransVerse Whiteboard
Text is automatically
translated
•
•
•
•
•
•
Supports multiple pages and layers
Uses Scalable Vector Graphics (SVG) for
drawing objects (text, lines, oval, rectangles,
etc…).
Supports freehand drawings
Can import JPEG and PNG images
Support OpenGIS WMS provided images.
In Cross Domain whiteboards, images are
not sent across the guard but are aliased.
UNCLASSIFIED
18
USJFCOM/J9
CG Web Chat Client
•
Browser based thin-client chat tool
•
Supports most web browsers
(Internet Explorer, Firefox, Safari)
•
Supports classification markings
•
Requires user certificate to be
installed in browser.
•
Allows room discovery
•
Doesn’t support whiteboard or
initiating language translation (can
receive and display translated chat
messages)
•
Supports cross domain group chat
with language translation and
classification labeling
Supports single domain one-toone chat.
•
19
UNCLASSIFIED
USJFCOM/J9
Web Services Gateway
• Open standards-based solution that enables secure, bi-directional,
machine-to-machine transfer of XML SOAP-based Web Services data
between networks of different classification levels. The WSG 1.0 has the
following capabilities:
– Supports stateless SOAP 1.1 based Request/Response (synchronous) Web
Services in a manner that is transparent to applications.
– Supports multiple concurrent guards with load balancing / failover.
– Supports XML Data Flow Configuration File (DFCF) based configuration.
– Runs on Red Hat Enterprise Linux 5.1 and uses a strict SE Linux policy.
– Implements a classic Type Enforcement based assured pipeline design, and
provides the following fixed order filters:
• XML Schema Validation.
• Classification Check.
• Virus Check.
–
–
–
–
- XML Normalization.
- UTF-8 Dirty / Clean Word Check.
Supports low latency data transfers (0.25-0.5 sec) 553 for small messages.
Supports large files (~ 150MB).
Has high performance (100s-1000s 1KB msgs/sec depending on hardware).
Intended to be part of a Defense-in-Depth cross domain solution architecture,
and is designed to provide boundary protection for the guards.
UNCLASSIFIED
USJFCOM/J9
WSG High Level Architecture
Configuration with an XML firewall
and multiple domains
XML Firewall
Domain N
Web Service
Provider
(Server)
WSG
Web Service
Consumer
(Client)
WSG
XML
Guards
Web Service
Provider
(Server)
WSG
Domain 1
Domain 1
Domain 2
21
UNCLASSIFIED
USJFCOM/J9
Experiments & Exercises
• FY09 Events/Operational Utility Assessments (OUA) –
Green rating
•
– CWID 09 (Joint/Coalition/Homeland Security)
– Trident Warrior 09 (Navy)
– Empire Challenge 09 (Joint/Coalition ISR)
FY08 Events
– JEFX 08 (Air Force)
•
Cross domain text chat and language translation
•
Single domain web text chat, whiteboard, and language translation
•
Cross domain text chat and language translation.
– Crisis Management III (SOUTHCOM)
– Noble Resolve 08 (JFCOM/NORTHCOM)
•
FY07 Events
– CWID07
•
Cross domain text chat and language translation
•
Cross domain text chat and language translation
•
Single domain text chat, whiteboard, and language translation
•
Single domain text chat, whiteboard, and language translation
– Trident Warrior 07 (Navy)
– Keen Edge 07 (USFJ)
– Crisis Management II (SOUTHCOM)
•
FY06 Events
– Strong Angel III
•
Cross domain text chat and language translation
22
UNCLASSIFIED
USJFCOM/J9
CDCIE JCTD Military Operational
Assessment Events
Venue
Dates
CWID09
6-26 Jun 09
TW09
EC09
22 Jun 09 2 Jul 09
6-31 Jul 09
Core Capabilities
 Secure, bi-directional,
cross-domain
collaboration with
language translation
using the XML-based
XMPP
 Secure, bi-directional,
cross-domain SOA web
services data transfer
 Secure, bi-directional,
cross-domain
collaboration with
language translation
using the XML-based
XMPP
 Secure, bi-directional,
cross-domain
collaboration with
language translation
using the XML-based
XMPP
CDCIE Components
 DSG
 CG
 TransVerse-enabled
Chat/Whiteboard with
Language Translation
 WSG






Other XML Guard (Radiant
Mercury)
CG
TransVerse-enabled
Chat/Whiteboard with
Language Translation
DSG and other XML Guard
(Radiant Mercury)
CG
TransVerse-enabled
Chat/Whiteboard with
Language Translation
23
UNCLASSIFIED
USJFCOM/J9
CDCIE Status
• The CDCIE project is a FY08 Joint Capability
Technology Demonstration (JCTD)
– Transition to DISA in progress
• Certification:
– CDCIE Chat 1.1 completed NSA Certification (CT&E) in October
2006 for use in Secret and Below Environments
– CDCIE Chat is on the Unified Cross Domain Management
Office’s (UCDMO) baseline version 2.2 (April 2008). Listed as
Data Sync Guard (DSG) 2.1
– DSG 3.0 started NSA CT&E in 1 March 2009
• Initial CT&E results received Mid Oct 2009
• Working fixes to go into regression testing – completion planned for
April 2010
– CG 2.0 undergoing IV&V – completion planned for early 2010
UNCLASSIFIED
USJFCOM/J9
Current Operational CDCIE Component Requests
NORTHCOM - DISA
(TV/CG1.1.3/DSG 2.1)
MNIS
US-RELCAN Timeframe: TBD
Connects SIPR to RELCAN network (NORTHCOM/NORAD) using CG1.1.2
USCENTCOM - CENTRIX ISAF – CENTRIX Timeframe: Winter 2009
GCTF (TV/CG1.1.3/DSG 2.1)
Originally to connect CENTRIXS GCTF to NATO ISAF using CG1.1.2/DSG2.3. CDCIE system
now will be between CENTRIXS ISAF and CENTRIXS GCTF. NOW OPERATIONAL –
RECEIVED IATO 11/5/2009
PACOM (TV/CG1.1.2/DSG2.1)
Timeframe: Spring 2010
Cross Domain Chat between SIPRnet and NIPRnet.
DISA UK (TV/CG1.1.2/DSG2.1)
Timeframe: Unknown
Cross Domain Chat between US and UK national secret networks.
DNI (TV Web Chat/CG 2.0/ Firewall)
Timeframe: Spring 2010
Cross Domain Chat system between JWICS and Stone Ghost TS/SCI level networks.
USSOUTHCOM/Joint Interagency Task Force Timeframe: Spring 2010
(JIATF) South (TV/ CG 2.0/ ISSE v3.6.1.1)
Cross Domain Chat between JWICS and SIPRnet. and Cross Domain web services between
SIPRNet, NIPRnet, and RELTO Caribbean and RELTO Columbia for classified project
supporting anti-drug operations
UNCLASSIFIED
USJFCOM/J9
Current Operational CDCIE Component Requests
DISA (DSG 3.0) Ticket #1385
Timeframe: Spring 2010
Replace existing deployment of DISA Trusted Data eXchange (TDX) guards in the DISA
Enterprise Computing Centers (DECC) with DSGs.
USSTRATCOM (WSG/DSG 3.0)
one of Servers: DISA
Timeframe: Unknown
Cross Domain Web Services between SIPRnet based SKIWeb system and UK's SKIP system.
NSA (WSG/DSG 3.0)
Timeframe: Unknown
Cross Domain Web Services to support classified NSA project. NSA currently testing WSG and
DSG in lab
USTRANSCOM (WSG/DSG 3.0/4.x)
Timeframe: Unknown
Cross Domain Web Services between NIPRnet, SIPRnet and multiple domains, in support of
TCJ 6 COP D2 effort
US Air Force Europe (TV/ISSE v3.6.1, CG v2.0)
Timeframe: Unknown
Cross Domain Web Services between NIPRnet, SIPRnet and multiple domains, in support of
TCJ 6 COP D2 effort
UNCLASSIFIED
USJFCOM/J9
CDCIE Transition Schedule
CDCIE Component
Transition to POR
Function
date
TransVerse XMPP
Chat Client 1.5
Feb 2010
Cross Domain Cross Domain chat for
(early transition in
Text Chat Client NCES Collaboration
progress)
Collaboration Gateway
Feb 2010
(CG) 2.0
DISA Need Filled
Trusted Platform Cross Domain chat for
Chat Server
NCES Collaboration
Recommend
ed Transition
Targets
PEO-GES
NCES PMO
PEO-GES
NCES PMO
Web Services Gateway Oct 2009
(WSG) 1.0
(in progress)
Cross Domain
Web Services
Enterprise-level Cross
Domain Service Oriented
PEO-MA
Architecture (SOA) and
IA32
NCES/NECC Web Services
Data Sync Guard
(DSG) 3.0
Cross Domain
XML and FixedFormat ASCII
Transfer
Enterprise-level Cross
Domain Service Oriented
PEO-MA
Architecture (SOA) and
IA32
NCES/NECC Web Services
May 2010
27
UNCLASSIFIED
USJFCOM/J9
Transition Plans
• Enterprise Integration
– Web Services Gateway 1.0 Integration.
• DISA PEO-IAN IA32 is merging WSG with the DISA CDWSG. The
combined solution will dramatically reduce complexity and deployment costs
and increase scalability and security for cross domain web services, XML,
and fixed format ASCII data transfer in the DISA Cross Domain Enterprise
Services (CDES).
– DataSync Guard 3.0 Integration.
• DSG was designed to integrate into the CDES and because the DSG is
faster than the TDX, the DISA CDES will be able to reduce the number of
guards used and increase the number of customers served. Testing is
planned for this spring. Deployment of the first DSG is planned for
March/April 2010
– Collaboration Gateway 2.0 Integration/ TransVerse Integration.
• Transitioning to NCES and will be considered for incorporation into the DISA
Global Collaboration Strategy
• CDCIE stand alone installations
– CG/Transverse/XML Guard installations will continue to be supported
through AFRL
– WSG and DSG will be considered by PEO-IAN IA32 on a case by case
basis
UNCLASSIFIED
USJFCOM/J9
Transition Management Team
Alyson Miller, CDCIE JCTD Technical Manager (TM), MITRE,
757.203.3117, [email protected]
Jim Clark, CDCIE JCTD Operational Manager (OM), USJFCOM J9,
757.203.3386, [email protected]
Capt. Jason Burroughs, CDCIE JCTD Deputy Transition Manager (XM),
DISA PEO-GES NCES, 703.882.2525, [email protected]
29
UNCLASSIFIED
USJFCOM/J9
Backup
UNCLASSIFIED
CWID09 Architecture
USJFCOM/J9
CTF-High Network
Chat
Client
Web
Chat
Client
Chat
Client
Lang
Tran
Server
HTTPS
DSG
3.0
#1
CG
2.0
HTTPS
Web
Chat
Client
HTTPS &
XMPP
HTTPS
HLS/HLD Network
CTF Network
Lang
Tran
Server
HTTPS &
XMPP
DSG
2.3
#1
CG
2.0
LDAP
CDCIE
CTF-High
AD Server
LDAP
CDCIE
HS/HD
AD Server
LDAP
MLWIKI
CID
HTTPS
WSG
1.0
UNCLASSIFIED
MLWIKI
DSG
3.0
#2
HTTPS
CG
2.0
CDCIE
CTF-Low
AD Server
LDAP
Web
Chat
Client
HTTPS &
XMPP
HTTPS
LDAP
Lang
Tran
Server
Chat
Client
HTTPS
LDAP
CID
HTTPS
WSG
1.0
MLWIKI
AWACS
DSG
2.3
#2
AWACS
HTTPS
WSG
1.0
TW09 Architecture
USJFCOM/J9
SIPR Network
CENTRIX CMFP
Chat
Client
HTTPS
Chat
Client
HTTPS
Web
Chat
Client
Lang
Tran
Server
Lang
Tran
Server
HTTPS &
XMPP
HTTPS &
XMPP
Web
Chat
Client
HTTPS
HTTPS
CG
2.0
LDAP
CDCIE
SIPRnet
AD Server
UNCLASSIFIED
CG
2.0
RM
4.5.2
LDAP
CDCIE
CENTRIX
AD Server
EC09 Architecture
USJFCOM/J9
JWICS
SIPR Network
Web
Chat
Client
JWICS
AD Server
CFBL Network
HTTPS
CG 2.0
LDAP
Chat
Client
Chat
Client
Web
Chat
Client
HTTPS &
XMPP
HTTPS &
XMPP
RM
HTTPS
HTTPS
CG
2.0
CG
2.0
LDAP
LDAP
SIPRnet
AD Server
HTTPS
Web
Chat
Client
LDAP
HTTPS
DDTE
AD Server
HTTPS &
XMPP
Chat
Client
UNCLASSIFIED
CFBL
AD Server
CG 2.0
DDTE Network
Web
Chat
Client