Iaas Demonstration San Francisco Wildfire V.02

Copyright 2005 Northrop Grumman Corporation0

4/20/2009 12:58 PM

Cloud Computing: Infrastructure-as-a-Service

DemonstrationNorthrop Grumman

Homeland Security Solutions Open HouseApril 14 – 16, 2009

Copyright 2005 Northrop Grumman Corporation

Cloud Computing Infrastructure Demonstration:GOAL

Within a realistic DHS/FEMA scenario:

• Demonstrate the ability to establish a secure and robust collaboration environment that can be quickly and easily scaled at a disruptively low cost.

• Leverage a commercial cloud platforms to host and distribute application suites that enable a robust information sharing capability

• Provide a flexible and robust security frameworks capable of meeting stringent government information assurance and information security requirements

14/20/2009 12:58 PM


4/20/2009 12:58 PM

Scenario:San Francisco Area Wildfires

The Federal Emergency management Agency is working with state officials and other federal agencies engaged in the response to the multiple wildfires burning across The San Francisco bay area.

President Obama issues an emergency disaster declaration for California and orders greater federal aid to supplement state and local response activities in the affected areas.

FEMA mobilizes federal resources and authorizes federal funds to be allocated to reimburse the state for certain costs incurred under FEMA's Fire Management assistance Grant Program.


4/20/2009 12:58 PM

San Francisco Area Wildfire:Emergency Response Organizations

FEMA Joint Field Office in Oakland

Response staging area

Federal Emergency Response Team

Regional Response Coordination Center

Department of the Interior

Bureau of Land Management

National Park Service

U.S. Fish and Wildlife Service

Bureau of Indian Affairs

Department of Transportation

United States Forest Service

United States Army Corps of Engineers

Department of Health and Human Services

Department of Homeland Security's Infrastructure Protection.

National Response Coordination Center

Environmental Protection Agency

FBI

DOJ National Terrorism Task Force

National Interagency Fire Center

DOI Wildland Firefighters

USDA Wildland Firefighters

State Emergency Operations Center in Sacramento

California Wild Land Fire Services in Marin County

California Office of Emergency Services

Department of Defense

Defense Coordinating Officers

Defense Coordinating Elements

Command Assessment Element

US Northern Command

Air Forces North National Guard Bureau

Federal Aviation Administration

U.S. Fire Service

General Services Administration

DHS/ U.S. Coast Guard

Red Cross

Southern Baptists


4/20/2009 12:58 PM

San Francisco Emergency:Incident Action Plan

DesignateIncident

Command

Establish Perimeter

Establish Joint Field

Office

Evaluate Scene

Assign & Manage

Responders

Decommission Joint Field

Office


4/20/2009 12:58 PM

San Francisco Emergency:Modified Incident Action Plan

DesignateIncident

Command

Establish Perimeter


Office


Office

Evaluate Scene

Assign & Manage

Responders

Activate Collaboraton Environment


4/20/2009 12:58 PM

San Francisco Emergency: Modified Incident Action Plan

Deactivate Collaboration Environment

DesignateIncident

Command

Establish Perimeter


Office


Office

Evaluate Scene

Assign & Manage

Responders



Designate Incident Command

74/20/2009 12:58 PM


DesignateIncident

Command

Establish Perimeter

Establish Joint FieldOffice

Decommission Joint Field Office

Evaluate SceneAssign & Manage

Responders


NIMS: Command and Management

Incident Command System (ICS):

Integrates resources from numerous organizations into a single response structure using common terminology and common processes

Operations

Section

Planning

Section

Logistics

Section

Finance and

Admin

Joint Field Office Coordination Group

Technical Staff


Activate Collaboration Environment

84/20/2009 12:58 PM


DesignateIncident

Command

Establish Perimeter




Responders


STEALTH Network Security

Policy Manager

Incident Activator

Em

erg

en

cy D

ata

Ce

nte

r


4/20/2009 12:58 PM

IAAS Specifications

Virtual

Cores

Compute Units 32/64 Bit Memory Storage $/hr

Small 1 1 32 bit 1.7 G 160 G 0.10

High-CPU Medium

2 2.5 32 bit 1.7 G 350 G 0.20

Large 2 2 64 bit 7.5 G 850 G 0.40

Extra Large 4 2 64 bit 15 G 1690 G 0.80

High CPU XL 8 2.5 64 bit 7 G 1690 G 0.80

EC2 Compute Unit = 1.0-1.2 GHz 2007 Opteron or 2007 Xeon Procesor


DesignateIncident

Command

Establish Perimeter




Responders



Establish Perimeter

104/20/2009 12:58 PM


DesignateIncident

Command

Establish Perimeter




Responders


Incident

action plan

Area Commander

Operational Space

Incident Action Plan

Initial W

ind Wind Shift

Incident

action plan

Incident

action plan

Fire station

FIREFIRE


Establish Joint Field Office

114/20/2009 12:58 PM


DesignateIncident

Command

Establish Perimeter




Responders


Department of

Defense

Representative

Defense

Coordinating

Officer

Joint Field Office



124/20/2009 12:58 PM


DesignateIncident

Command

Establish Perimeter




Responders



Policy Manager

Em

erg

en

cy D

ata

Ce

nte

r


4/20/2009 12:58 PM

Evaluate Scene

RespondeToEmergency

Events

Public Affairs

ApproveFMAG

OpenJointFiledOffic

e

IdentifyandEstablish

JointFieldArea

OpenRegionalResponseC

oordinationCenter

ActivateNationalRespon

seCoordinationCenter

SendLiaisonToStateEmer

gencyOperationsCenter

«inherits»

«inherits»

San Francisco CA - Area WildFire

Red Cross

Federal

National Ass. Of State Forresters

Office of Aircraft Services

National Weather Service

Forest Area Safety Task Force (FAST)

National Park Service

US Dept. Of Fish and Wildlife

US Forrest Service

National-Interagency Fire Center

DoD, National Guard Bureau

Customes And Borders

Dept of Interior, Dept of Transportation

HHS

EPA

GSA

FAA

FBI, DOJ National Terrorism Task

Force

California

California Dept. Of Forrestry

Office of Emergency Services

(OES)

Geographical Area

Coordination Center (GAAC)

Emergency Operations Center

(EOC)

Joint Information Center (JIC)

Mountain Area Safety

Taskorce (MAST)

County

Fire Departments

Sheriff’s Department

Municipal

Fire

Departments

Sheriff’s

Department

FEMA

«inherits» «inherits»

State Police


DesignateIncident

Command

Establish Perimeter




Responders



Assign/Manage Responders

144/20/2009 12:58 PM


DesignateIncident

Command

Establish Perimeter




Responders



Policy Manager

Em

erg

en

cy D

ata

Ce

nte

r



154/20/2009 12:58 PM


DesignateIncident

Command

Establish Perimeter




Responders



Policy Manager

Update DHS Datacenter

Em

erg

en

cy D

ata

Ce

nte

r



164/20/2009 12:58 PM


DesignateIncident

Command

Establish Perimeter




Responders



4/20/2009 12:58 PM

San Francisco Emergency Wildfire Scenario

1. Establish an incident command structure

2. Deployed Emergency Data Center from Amazon S3 and activated secure collaboration environment in Amazon EC2

3. Supported Joint Field Office operations

4. Completed Operations

5. Transferred all operational data to DHS

6. Deactivated collaboration environment

7. Decommission Joint Field Office


Cloud Computing Infrastructure Demonstration:Summary

• Demonstrated the ability to establish a secure and robust collaboration environment that can be quickly and easily scaled at a disruptively low cost.

• Leveraged Amazon EC2 to host and distribute application suites that enabled a robust information sharing capability

• Through the use of cryptographic bit splitting technology, provided a flexible and robust security framework capable of meeting stringent government information assurance and information security requirements

184/20/2009 12:58 PM


Additional Information

194/20/2009 12:58 PM


4/20/2009 12:58 PM

Amazon Web Services

Amazon Web Services are a set of services that provide programmatic access the Amazon’s ready-to-use computing infrastructure.

Storage Storage for files, documents, user downloads, or backups. Store anything your application needs in Amazon Simple Storage Service (S3) and take advantage of scalable, reliable, highly available low-cost storage.

ComputingAmazon Elastic Cloud Computing (EC2) provides the ability to scale your Computing resources up or down based on demand and makes provisioning new server instances very easy.

Messaging Decouple your application components by using the unlimited reliable messaging provided by Amazon Simple Queue Service (SQS).

Datasets Amazon SimpleDB (SDB) provides scalable, indexed, zero-maintenance storage, along with processing and querying for datasets.


4/20/2009 12:58 PM

Elastic Compute Cloud (EC2)

Instances

XEN Virtualization

Hardware

Simple Storage

Service

(S3)

Hosting of virtual

machine images

(AMI)

•Web service that lets users requisition virtual machines within minutes and easily scale needed capacity up or down based on demand. •Users pay for only the compute time you use •The EC2 environment itself is built on top of the open source Xen hypervisor•Users create Amazon machine images (AMIs) that act as the templates for y instances.•Access to the instances can be controlled by specifying the permissions.•Provides true Web-scale computing, which makes it easy to scale computing resources up and down. •Five types of servers available; users can pick the ones that fit their application needs. The servers range from commodity single-core x86 servers to eight-core x86_64 servers. •Users can place the instances in different geographical locations or availability zones to ensure resistance to failure. •Elastic IP addresses that can be dynamically allocated to instances•Pay by the hour ($0.10-0.80/hour) + external•Bandwidth ($0.10-0.18/Gbyte)


4/20/2009 12:58 PM

Oracle Technology: SOA Suite and Oracle 11g DB

Oracle SOA Suite The Oracle SOA Suite is a packaged set of standards-based components for enabling web

services-based SOA.

Oracle SOA Suite covers web services development, orchestration, monitoring, and security.

Oracle BPEL Process Manager orchestrates transactions across disparate applications within and across corporate boundaries.

Web-service enabled support a cloud computing model where several low-cost servers can be deployed in a cluster to provide scalability and high availability.

The Oracle SOA suite contains the following components

• Oracle Enterprise Service Bus

• Oracle BPEL Process Manage

• Oracle Technology Adapters

• Oracle BPM Human Workflow

• Oracle B2B

• Oracle Business Activity Monitoring

• Oracle Data Integrator

Oracle SOA Suite Security

http://otn.oracle.com/bpel


4/20/2009 12:58 PM

SF Wildfire Implementation Technology –Oracle Beehive

Oracle Beehive

Software platform for enterprise collaboration. Provides collaborative tools built around a unified collaborative model. These tools help teams to collaborate efficiently across multiple geographies and organizations with:

• Content Management Services

• Discussions Service

• E-mail Service

• Instant Message Services

• Time Management Services

• Voice Message Service

Beehive supported protocols:

• Calendaring Extensions for WebDAV (CalDAV)

• Extensible Messaging and Presence Protocol (XMPP)

• File Transfer Protocol (FTP)

• Internet Message Access Protocol (IMAP)

• Open Mobile Alliance Data Synchronization (OMA-DS)

• Simple Mail Transfer Protocol (SMTP)

• Web-based Distributed Authoring and Versioning


4/20/2009 12:58 PM

SF Wildfire Implementation Technology - Appistry

Appistry’s Enterprise Application Fabric (EAF) provides:

A ―Cloud Application Platform‖ for enabling highly scalable cloud computing

Services/applications on private intranets and external networks.

Scalability and reliability at the application level

Abstracts applications across underlying infrastructure

Simplifies and automates application deployment and management

Essential cloud application services via APIs state, workload mgmt)

Compliments VMWare, Xen deployments


SF Wildfire Implementation Technology:Appistry Cloud IQ

Appistry’s CloudIQ Manager :

Unified application management for the cloud. Enables application migration to cloud/virtualized environment. Provides multi-application, multi-cloud management. Provides application deployment and configuration management.

Appistry’s CloudIQ Engine:

Distributed application container that enables highly scalable cloud computing services/applications on private intranets and external networks. Abstracts applications across underlying infrastructure. Distributes application workload with no single point of failure. Access cloud application services via APIs (workload monitoring, etc.). Compliments virtualized (VMWare, Xen) or non-virtualized commodity hardware deployments.


SF Wildfire Implementation Technology:Appistry Cloud IQ Manager

Amazon EC2

Private Cloud

Tomcat Service

XML deployment scripts

Port applications across “clouds”

Enables choosing the right cloud for the job

Minimize cloud provider lock-in

Drag-and-drop deployment of application between clouds

Geodata

files

CloudIQ Manager in the SF Wildfire Technology

Demonstration


4/20/2009 12:58 PM

SF Wildfire Implementation Technology- Geoserver

GeoServer is an open source software server written in Java.

Designed for interoperability. Allows users to share and edit geospatial data.

Publishes data from any major spatial data source using open standards.

Reference implementation of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, as well as a high performance certified compliant Web Map Service (WMS).

The Gesoserver is deploy on the Appistry servers in the Amazon cloud. It is accessed by users via the Oracle Beehive collaboration tool.

Demonstrate ability to request a map via WMS via GeoServer directly.

Demonstrate ability of Beehive to request the map from GeoServer and create a version-controlled editable document and whiteboard session with it.

Demonstrate Appistry's management and monitoring features through the cloud.

Exported desktop sessions will NOT be accessible on cloud-hosted applications through the Northrop Grumman firewall.


4/20/2009 12:58 PM

SF Wildfire Implementation Technology: Unisys Stealth

Secure Cross-Domain Sharing

Enables the secure share information across domains.

This solution matches communities of interest to specific data access and sharing rights.

A community of interest can be people within the same domain or people from different domains working together on a special project.

Each user can easily access data authorized for that user—wherever the data is — but only that data. Other data remains completely private, safe, and hidden.


4/20/2009 12:58 PM

SF Wildfire Implementation Technology –Unisys Stealth - COI

Communities of Interest (COI) The members of a community of interest are assigned a workgroup key.

Controlled sharing and access to the community of interest’s data is based on the strong authentication via workgroup key and log-on credentials.

Without the correct workgroup key, network packets are ignored.

The workgroup key construct provides a stronger way to control access to data.

Users can belong to more than one workgroup. This facilitates multi-level sharing for agency operations and multi-national information sharing for cooperating partners operations.

Users in different departments, organizations, or projects can work securely on the same network.

The result is a cloaked network that secures data-in-motion and hides servers and PCs in plain sight.

Devices that do not have the same workgroup key remain cloaked from unauthorized eyes. Without the correct key, users cannot ask for the data from the server or send data to the server or workstation. They can’t even ping the server or workstation.


4/20/2009 12:58 PM

SF Wildfire Implementation Technology –Unisys Stealth/SecureParser

Certification The Stealth Solution cryptographic module is FIPS 140-2 certified through the use of

SecureParser by Security First Corp.

EAL4+ ―under evaluation‖ status in the first half of 2008 and full EAL4+ certification by early 2009.

Stealth Solution for Network will enable Multi-Level Security, permitting data classified at different security levels to coexist on a single network.

The Stealth Solution permits the consolidation of NIPR, SIPR, and JWICS-connected LANs into a single IT infrastructure.

The SecureParser security architecture is based on provable security techniques. The techniques implemented include Robust Computational Secret Sharing (RCSS), Perfect Secret Sharing (PSS), and AES block cipher.

Attacking the SecureParser data security can be shown at a minimum to be as difficult as attacking AES.