Beruflich Dokumente
Kultur Dokumente
Agenda g
Enterprise Reference Architecture Cell (ERAC) Overview T Terry Hagle H l Reference Architecture (RA) Steve Ring
Principles Technical Positions Patterns
Enterprise-wide p Access to Network and Collaboration Services (EANCS) RA Norm Minekime DoD Information Enterprise Architecture (IEA) Al Mazyck
Purpose/Background p g Content Application of the DoD IEA
Example a p e EANCS CS RA
ERAC OVERVIEW
Purpose:
Develop the reference architecture (artifacts) Assist IT Decision Makers/Components/Programs/Solution Architects as directed
Work as an advisor to the functional architect Assist in the proper application of the DoD IEA, DoDAF and DARS
Management:
ERAC funded by and resources managed by EA&S Taskings and guidance from the EGB/ASRG
4
Principles
Technical Positions
Patterns/Templates P tt /T l t
Introduction ( (Content from AV-1) ) Context and Relationships (Resulting Principles) Term Definitions Architectural Patterns Generic Standards and p profiles p policy y Use Case/Use Case Analysis o Implementation Specifics o Specific Technical Standards and Profiles p y and Performance Considerations o Deployment
8
REFERENCE ARCHITECTURE
10
Purpose
DoD CIO intends to use Reference Architecture as a means to provide D Department-wide t t id Guidance G id for f architectures hit t and d solutions l ti Reference Architecture, as currently used within DoD : Is defined at different levels of detail and abstraction (from specific to generalized) with : Has little agreement and much confusion : Has multiple meanings relative to the context of the environment To support the DoD CIO intent, a common definition of Reference Architecture is needed that ; Provides policy and direction to the DoD enterprise (commands, services, agencies) that guides and constrains architectures and solutions ; Can be equally applied across the wide spectrum of DoD environments IT/ Business and Service (SOA) domains Warfighter domains
11
To direct, guide and constrain architectures and solutions within a domain To serve as a reference foundation of concepts components and their concepts, relationships May be used for comparison and alignment purposes
12
Reference Architecture is
anauthoritative th it ti sourceof funambiguous bi architectureinformationwithinadomain environment thatg guides andconstrains multiple p architecturesandsolutions byprovidingpatterns ofabstract architecturalelements,basedonastrategic purpose principles, purpose, principles technicalpositions positions,together withacommonvocabulary. 13
Technical Positions
Architecture/ Solution A
Architecture/ Solution B
14
AV-1 Overview & Summary Information CV-1: Vision overall strategic concept and high level scope OV-1 High Level Operational Concept Graphic what solution architectures are intended to do and how they are supposed to do it OV-6a Operational Rules Model SvcV-10a Services Rules Model StdV-1 Standards Profile
SV-10a Systems Rules Model OV-4 Organizational Relationships Chart architectural stakeholders
DoDAFModels UtilizedinRA
Technical Positions
Operational Patterns OV-2 Operational Resource Flows OV-5 {a,b} Activity diagrams
Patterns
Service Patterns S V 1 Service SvcV-1 S i I Interfaces t f SvcV-2 Service Resource Flows SvcV-4 Service Functionality SvcV-10b Service State Transitions
System Patterns SV-1 System Interfaces SV-2 System Resource Flows SV-4 System Functionality SV-10b System State Transitions E Event-Based tB dS Scenario i Patterns P tt of f Dynamic D i Behavior OV-6c Event-Trace Description SvcV-10c Services Event-Trace Description SV-10c Systems y Event-Trace Description p
Benefits
Authoritative source of architecture information within a problem space that guides and constrains architectures and solutions Simplifies and standardizes solutions for complex problems by providing common repeatable patterns Provides early, focused guidance at a sufficient level of abstraction and detail before concrete implementation decisions are known A tool to ensure interoperable architectures and solutions based on common guidance g
16
FirstUsage:
EANCSReferenceArchitecture
Department of Defense Enterprise-wide Access to Network and Collaboration Services (EANCS)
Reference Architecture
Version 3.0 30
December 2009
Enterprise-wide Access to Networks and Collaboration Services (EANCS) Reference Architecture (RA)
18
EANCS RA
Background
Operational Requirements
GIG 2 2.0 0 Operational Reference Architecture (ORA) describes requirement for Global Authentication, Access Control, and Directory Services Vice Chairman Joint Chiefs of Staff (VCJCS) directed ability to go anywhere [in ], login, g , and be productive p DoD],
19
EANCS RA
Purpose and Scope
Purpose
Gain Department-wide consensus on requirements for authenticating users and authorizing user access to DoD Information Enterprise (IE) and, more specifically, to representative collaborative services, to include portals and enterprise e-mail Describe architectural patterns to guide, standardize, and enable the most rapid and cost-effective implementations of an authentication and authorization capability in support of secure information sharing across DoD
Scope
To Be Architectural Description Document requirements, activities, and information for authentication and authorization and access control Document standard/common authentication and authorization and access control processes
20
EANCS RA
Development Approach
Architecture Owner organized Working Group (WG)
Composed of SMEs from ASD (NII)/CIO, (NII)/CIO Military Services Services, Joint Staff/J6 Staff/J6, Defense Manpower Data Center (DMDC), Defense Information Systems Agency (DISA), and National Security Agency (NSA) Team members represented their stakeholder organizations
Architecture Owner worked with ERAC to establish RA purpose, perspective, and scope WG developed d l d Concept C t of f Operations O ti (CONOPS) for f context t t WG provided necessary architecture data/information
Existing documents served as knowledge baseline SME knowledge and experience provided rest of information
ERAC organized collected data into DoDAF-compliant RA description WG approved RA content (Dec 2009) Submitted to Architecture and Standards Review Group (ASRG) for approval and federation into DoD EA 21
EANCS RA
Sources
Process & Function Operational Requirements
Federal ICAM
Legend
ESSF Enterprise Security Services Framework ESM Enterprise Security Management ICAM Identity, Credential, and Access Management ORA -Operational Reference Architecture
ESM
ESSF
Service Descriptions
EANCS RA
EANCS CONOPS
- Operational Requirements - Implementation Considerations -6t to 9 months th - Longer Period - Impacts - Metrics - Guidance
- NIPRnet et - SIPRnet - Deployed User USE - Unanticipated User CASES - Maritime User - VPN - ???
Provide Analysis
What To Do
How To Do It
22
EANCS RA
Architecture Artifacts
Architecture Federation
Enterprise-wide Access to Network and Collaboration Services Reference Architecture Overview and Summary Information (AV-1)
Strategic Purpose
Principles
1 Architecture Product Identification 1.1 Name: Enterprise-wide Access to Network and Collaboration Services (EANCS) 1.2 Lead Organization: Department of Defense Deputy Chief Information Officer. The Enterprise Services Review Group (ESRG), as the architecture owner, is responsible for architecture content and will provide overall coordination to ensure appropriate stakeholders and subject-matter experts are available; the Enterprise Reference Architecture Cell (ERAC), with oversight from the Architecture and Standards Review Group (ASRG), will support the development of appropriate architecture artifacts. 1.3 Approval Authority: DoD CIO Enterprise Guidance Board (EGB) 2 Purpose and Perspective 2.1 Purpose. A Reference Architecture (RA) abstracts and normalizes the institutional understanding of capabilities at the enterprise level, and provides a common set of principles, technical positions, and patterns for use within the DoD to guide development of Enterprise, Segment, or Solution architectures.
EANC CS RA Document
P tt Patterns
Technical Positions
OMB
Policy
M-05-05
OMB OMB
Policy Policy
M-05-24 M-06-18
Presidential Directive
Policy
HSPD-12
Version 3.0
December 2009
NIST
Guidance
SP 800-87
Vocabulary
23
25
Purpose p
Unify the concepts embedded in the DoDs netcentric strategies into a common vision Drive common solutions and promote consistency Describe the integrated Defense Information Enterprise and the rules for information assets and resources that enable it Foster alignment of DoD architectures with the enterprise net-centric vision
DoD Net-centric Vision T function To f ti as one unified ifi d DoD D D Enterprise, E t i creating ti an information i f ti advantage d t for our people and mission partners by providing:
A rich information sharing environment in which data and services are visible, accessible, understandable, and trusted across the enterprise. An available and protected network infrastructure (the GIG) that enables responsive information-centric operations using dynamic and interoperable communications and computing capabilities.
26
Background
Major Net-Centric Strategies
Data (9 May 2003) Services (4 May 2007) Information Assurance (26 April 2006) Computing Infrastructure (September 2007) Spectrum Management (3 Aug 2006) NetOps (February 2008) Communications/Transport Information Sharing (4 May 2007)
28
29
30
Understand Net-Centric Concepts Align with Net-Centric Vision Identify Net-Centric Assumptions
Net-Centric Assumptions Portable identity credentials will be used to support user authentication Authorization attributes have already been defined, collected, regularly updated, and made available through standard interfaces from reliable attribute sources
Identify DoD IE Perspective for Architecture Develop Net Net-Centric Centric Operational Concept
31
Align Operational Activities and Processes with related DoD IEA Activities
Constrain
Manage Authentication Processes
A2.8.4.1
DoD IEA Terminology DoD Net-Centric Vision DoD IE Perspective User/Consumer U /C Producer/Provider Priority Areas Data and Services Deployment Secured Availability
32
23221 2.3.2.2.1
Q13 - Which i DoD IEA A Principles apply to your Program? Q14 - How do the Principles apply to your Program? Q15 - How are the applicable Principles addressed in your architecture/program documents?
34
Filled out Tab A Compliance Matrix for RA Developed eISP excerpt for RA
Used G Guidance idance for DoD Information Enterprise Architect Architecture re in EISP 2.0 to identify and locate DoD IEA questions to be answered Incorporated information and text from RA document Generated compliance matrix using Xml2PDF 2007 application and ISP_DoD_IEA_Compliance_Table style sheet
35
DoD IEA
Comment C Adj Adjudication di i ( (v1.2) 1 2) f for DCIO A Approval l Work on future versions of the DoD IEA
EANCS RA
Delivered to owner; now in FAC/ASRG approval process
Q Questions? ?
37
BACKUP SLIDES
38
DRAFT
Discovery
People/Service P l /S i Discovery Di Content Discovery Metadata Discovery Geospatial Visualization
Enterprise Management
S i Services Management M t Resource Management Content Handling
NetOps Infrastructure
Enterprise Management Content Management Net Assurance
40
41
42
Development Approach
Describe the components p of the context diagram g Build use cases based on GIG 2.0 Attributes to establish relationships between its functional components (Mandatory Core & Shared Enterprise Services)
Global Authentication, Access Control, and Directory Services Information and Services From The Edge Joint Infrastructure Common Policies and Standards Unity of Command
Analyze use cases through identification, sequencing, and prioritization of functional components p to develop p key y or foundational Services first Apply analysis to prioritize and manage:
Reference Architecture Development (Principles, Technical Positions, Patterns) Sequence and Monitor Initiatives, Projects, and Programs Identify Issues, Gaps, and Shortfalls
43
Apply Enterprise Services & Infrastructure to GIG 2.0 Requirements through Use Cases
Enterpr rise Services Foun ndation
Collaboration Services
Enterprise Directory
Desktop/ Browser
Document Sharing
Printer Capability
OfficeAutomation Applications
+Authentication Factors
Portal
Collaboration
Storag e
ESSFAuthentication
Credential Validation Response
ESSFAuthorization &AccessControl
Environmental DataResponse
MissionManager
ESSFCredentialing
IdentityUpdates
ESSFDigital Identity
Indicates Dependency
45
User
Porta l
2
Mediation
8 7
Content Delivery
Content Mgmt
5
I f t t Infrastructure
Enterprise Management g
DRAFT
Discovery
People/Service P l /S i Discovery Di Content Discovery Metadata Discovery Geospatial Visualization
Enterprise Management
S i Services Management M t Resource Management Content Handling
EANC S RA
EU
AD Opt Arch
NetOps Infrastructure
Enterprise Management Content Management Net Assurance
47