Upload
jakreile
View
594
Download
4
Embed Size (px)
DESCRIPTION
Citation preview
Maria A. Medina Voice Services Networks Branch
18 Jul 2011
A Combat Support Agency
Defense Information Systems Agency
NS Mobility EffortsNS Mobility Efforts
A Combat Support Agency
2
• MCEP Architecture Diagram• SME PED support today
• Secure Voice mobility• Mobility components• Mobile Virtual Network Operator Integration• Fish-Bowl plus DISN Networks• Why it makes sense• Way Ahead
AgendaAgenda
A Combat Support Agency
UNCLASSIFIED//FOR OFFICIAL USE ONLY
Current SME-PED MCEP Current SME-PED MCEP Network ArchitectureNetwork Architecture
3
Cingular
Verizon
Sprint
ManagementConsole
Multi-Protocol Router
APN-I
POPROUTER
SWITCH
PREMISE ROUTER
SIPRNet
CAVirus Scan
Web Server
Mail Server
Customer Enclave Managed Service
SME PED MCEP
SME PEDSERVER
HAIPE
FIREWALL
DECC
Post camp site
NIPRNet
Mail Server
Web Server
Virus ScanCA
SME PEDSERVER
Post camp site
SWITCHPREMISE ROUTER
FIREWALL
Tier 0Tier 0
APN-I
DISN Trunk
DHS Trunk
SME PED: Secure Mobile Environment Portable Electronic Device
MCEP: Multi Carrier Entry Point
DHS
DHS
T-Mobile
APN-I
Verizon
APN-I
A Combat Support Agency
4
DISA Multi-Carrier Entry Point (1&2) DISA Multi-Carrier Entry Point (1&2) SME-PEDSME-PED
• Total 671 SME-PED devices Connected to MCEP
* AVG number of traffic from May-10 to May-11 was 1915389096 Bytes
5903
2609
4
1004
7636
14
1397
7162
61
1389
3892
39
1876
4627
28
2415
0954
25
1875
0965
89
1314
7554
99
3734
2407
03
2507
4207
84
3541
5838
00
1599
4832
33
1653
7242
77
0
500000000
1000000000
1500000000
2000000000
2500000000
3000000000
3500000000
4000000000
May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10 Dec-10 Jan-11 Feb-11 Mar-11 Apr-11 May-11
Num
ber o
f Tra
ffic
(Byt
es)
Monthly
Total Monthly Traffic Usages(MAY 2010 - MAY 2011)
99.9
99%
99.9
90%
99.9
99%
99.9
98%
99.9
96%
100.
000%
100.
000%
99.9
98%
99.9
96%
99.9
99%
99.9
99%
99.9
75%
99.9
95%
99.9
98%
99.9
99%
99.9
99%
99.9
96%
100.
000%
100.
000%
100.
000%
100.
000%
99.9
93%
99.9
99%
99.9
99%
99.9
93%
99.9
90%
100.
000%
100.
000%
100.
000%
100.
000%
100.
000%
100.
000%
100.
000%
100.
000%
99.9
98%
100.
000%
100.
000%
100.
000%
100.
000%
90.000%
92.000%
94.000%
96.000%
98.000%
100.000%
May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10 Dec-10 Jan-11 Feb-11 Mar-11 Apr-11 May-11
Up
tim
e in
Per
cen
t
DISA MCEP Uptime
DISA MCEP-1 Overall Uptimes(MAY 2010 - MAY 2011)
MCEP All Devices and Circuits Uptimes MCEP Carrier APN Overall Uptime MCEP OC3 to DECC Uptimes
99.9
99%
99.9
90%
99.9
99%
99.9
99%
99.9
98%
99.9
99%
99.9
99%
99.9
95%
99.9
85%
99.9
97%
99.9
99%
99.9
83%
99.9
98%
99.9
99%
100.
000%
100.
000%
100.
000%
100.
000%
99.9
99%
100.
000%
99.9
76%
99.9
52%
99.9
92%
99.9
99%
99.9
96%
99.9
92%
100.
000%
99.9
99%
99.9
99%
99.9
98%
99.9
86%
100.
000%
99.9
99%
99.9
93%
99.9
95%
99.9
99%
100.
000%
99.9
96%
99.9
94%
90.000%
92.000%
94.000%
96.000%
98.000%
100.000%
May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10 Dec-10 Jan-11 Feb-11 Mar-11 Apr-11 May-11
Up
tim
e in
Per
cen
t
DISA MCEP Uptime
DISA MCEP-2 Overall Uptimes(MAY 2010 - MAY 2011)
MCEP All Devices and Circuits Uptimes MCEP Carrier APN Overall Uptime MCEP OC3 to DECC Uptimes
355
391417
443
411
443468
503533 562
613641
671
100
200
300
400
500
600
700
May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10 Dec-10 Jan-11 Feb-11 Mar-11 Apr-11 May-11
Nu
mb
er
of
De
vic
es
Period
SME PED Devices Connected During Period( MAY 2010 - MAY 2011)
6
35
59
7
1721
3
71
74
13
17
11
40
1013
3
11
1 2
21
49
5
36
28
14
23
69
10
24
41
0
10
20
30
40
50
60
70
80
Site/Command
Nu
mb
er
of
De
vic
es
Devices Connected Per Enclave(MAY 2010 - MAY 2011)
7th SIGCMD AFNIC CENTCOMCERDEC DIA DISA HQDoD IG EUCOM - Patch EUCOM- ShapeFORSCOM HQDA-PENTAGON HQMCJFCOM JS NCISNETCOM NMCI-Hampton Road NMCI-Pearl HarborNMCI-San Diego NMCI-Washington Navy Yard NORTHCOMNSA-FT MEADE NSA-HI OSDRSAC SECDEF SOCCENT-MacDillSOCOM SOCSOUTH SOUTHCOMSTRATCOM
A Combat Support Agency
Secure Voice - MobilitySecure Voice - Mobility
• Working with NSA partners on the next generation of secure mobile phones and the concept of mobility.
– Will technology refresh our Multi Carrier Entry Point (MCEP) to support not only SME PED, but other NSA approved commercial secure mobile devices using Mobile Virtual Network Operator (MVNO) technology.
– MVNO approach has received broad NSA and DISA support because it enhances security, management, and performance of secure mobile voice and data solutions.
– Worked with NSA and developed a request for information (RFI) to industry to determine industry's readiness to delivery this capability.
• End goal: Ensure the network connectivity and secure mobile communications for consumption of data and services anywhere, anytime in the network
5
DRSNDRSN
1/2 3/4
1 = SRTP/DTLS2=TLS3= RTP4= TLS5= TDM/PRI6=IP
External NetworksExternal Networks
GWGW
5
6
6
• APN –Wireless Carrier Access Point (multiple as required)• VPN – VPN Server--Serves to terminate VPN from Mobile Handsets• SBC – BBUA--Serves to terminate SRTP/DTLS Session and Generate. RTP
flow• SIP - SIP registration/Session Controller for Mobile Handsets• LSC – To provide IP Telephony connection to classified IP Networks And to establish connection to classified TDM network through Media
Gateway
WirelessCarrier Data
Service
WirelessCarrier Data
Service
UATLS/RTP
UATLS/RTP
Session Border Controller (SBC)
UATLS/SRTP
LSCLSC E
BC
Classified IP Network
@ applicable security level
Classified IP Network
@ applicable security level
APN
VPN
1/21/2
Mobile Secure Voice Enabled
DISA MCEP
SIP Server(LSC)
Legend:
A Combat Support Agency
BridgeBridge
The Cloud
Mobility ComponentsMobility Components
+ Data + Voice
IPIPADAD
TableTablet PCt PC
LaptoLaptopp
3G/4G3G/4G Wi-Fi 802.11Wi-Fi 802.11
7
A Combat Support Agency
Multi Carrier Entry Point (MCEP) /MobileMulti Carrier Entry Point (MCEP) /MobileVirtual Network Operator (MVNO) IntegrationVirtual Network Operator (MVNO) Integration
Centralized, Controlled Access for Mobile DevicesCentralized, Controlled Access for Mobile Devices
DoD Mobile Virtual Network Operator (MVNO) Service
Firewall / Threat Detection
MCEP Key Tenets
• Create IA boundary for wireless interconnects
• Single entry point for DISN wireless extensions
• Supports DoD e-mail and collaboration
• Survivability through backup MCEPs
Commercial Wireless and IP Service Carriers
DoD Users with Mobile Devices
8
UC SessionProcessing
(Voice, Video, Collaboration)
Unified Communications Aware Firewall
MCEP
DISN Core
Security and Application
Services
(VPN, E-mail, etc.)
MCEP Access Point
DoD Mobile Virtual Network Operator
DoD Secure Service Overlay
To DISN UC Services
A Combat Support Agency
Mobile Virtual Network Operator Mobile Virtual Network Operator RFI SummaryRFI Summary
9
• Original drafted/prepared by NSA
• Coordinated within DISA (CTO, CIAE, NS)
• The purpose defined: market research, discovery and information gathering
• DITCO released the RFI
– 19 May 2011
– Closing date was 27 June
• Twenty four vendors responded
• Great input!
A Combat Support Agency
MVNO Requirements/ MVNO Requirements/ CharacteristicsCharacteristics
10
• Support 1 million or more subscribers world wide
• Segregation and isolation from PSTN and internet
• Restricted service offering to a set of particular devices
• Centralized provisioning of end point including SIM card
• Centralized security management; centralized management and deployment
• Reporting on subscriber physical location (GPS)
• Logistics capability (SIM Card/Phone).
• Robust subscriber management and billing capabilities
A Combat Support Agency
11
Why It Makes Sense To Tech Why It Makes Sense To Tech Refresh the MCEP for MobilityRefresh the MCEP for Mobility
• Basic infrastructure for supporting mobility is already on line – NetOps approved (redundant, accredited and 24x7
management)– Current Wireless networks access concepts and experience
• Regardless of who the “carrier” is
• Voice capability already planned for MCEP to provide for lack of CSD
• DISA policy based controls access and network protection for DISN services
• Contract vehicle on-line• Supports on going Unified Capability efforts
11
A Combat Support Agency
12
Way AheadWay Ahead
• DISA leans forward on providing– The MVNO capability– Consolidating MVNO and MCEP service– Implementation of the Voice Capability at the MCEP
after NSA completes the technical approach for mobility (“Fish-Bowl Concept)
– Supporting and actively participating in NSA mobility efforts
• DISA becomes the wireless service provider for the Department of Defense
12