Professional Documents
Culture Documents
Prism Docs Made Public
Prism Docs Made Public
Agenda
Enterprise Reference Architecture Cell (ERAC) Overview Terry Hagle Reference Architecture (RA) Steve Ring
Principles Technical Positions Patterns
Enterprise-wide Access to Network and Collaboration Services (EANCS) RA Norm Minekime DoD Information Enterprise Architecture (IEA) Al Mazyck
Purpose/Background Content Application of the DoD IEA
Example EANCS RA
ERAC OVERVIEW
Purpose:
Develop the reference architecture (artifacts) Assist IT Decision Makers/Components/Programs/Solution Architects as directed
Work as an advisor to the functional architect Assist in the proper application of the DoD IEA, DoDAF and DARS
Management:
ERAC funded by and resources managed by EA&S DunlapTattler.com public docs made public Taskings and guidance from the EGB/ASRG
4
Principles
Technical Positions
Patterns/Templates
Vocabulary
Contract between Architecture Owner and Architect Guides development of the RA Executive level presentation of RA DM2: Vocabulary and Semantics Introduction (Content from AV-1) Context and Relationships (Resulting Principles) Term Definitions Architectural Patterns Generic Standards and profiles policy Use Case/Use Case Analysis o Implementation Specifics o Specific Technical Standards and Profiles o Deployment and Performance Considerations
8
REFERENCE ARCHITECTURE
10
Purpose
DoD CIO intends to use Reference Architecture as a means to provide Department-wide Guidance for architectures and solutions Reference Architecture, as currently used within DoD Is defined at different levels of detail and abstraction (from specific to generalized) with Has little agreement and much confusion Has multiple meanings relative to the context of the environment To support the DoD CIO intent, a common definition of Reference Architecture is needed that Provides policy and direction to the DoD enterprise (commands, services, agencies) that guides and constrains architectures and solutions Can be equally applied across the wide spectrum of DoD environments IT/ Business and Service (SOA) domains Warfighter domains
11
To direct, guide and constrain architectures and solutions within a domain To serve as a reference foundation of concepts, components and their relationships May be used for comparison and alignment purposes
Diagram derived from: The Importance of Reference Architecture, Architecture and Change (A&C), 2007, http://www.architectureandchange.com/2007/12/29/the-importance-of-reference-architecture
12
Reference Architecture is
an authoritative source of unambiguous architecture information within a domain environment that guides and constrains multiple architectures and solutions by providing patterns of abstract architectural elements, based on a strategic purpose, principles, technical positions, together with a common vocabulary.
DunlapTattler.com public docs made public
13
Technical Positions
Architecture/ Solution A
Architecture/ Solution B
14
AV-1 Overview & Summary Information CV-1: Vision overall strategic concept and high level scope OV-1 High Level Operational Concept Graphic what solution architectures are intended to do and how they are supposed to do it OV-6a Operational Rules Model SvcV-10a Services Rules Model StdV-1 Standards Profile
SV-10a Systems Rules Model OV-4 Organizational Relationships Chart architectural stakeholders
Technical Positions
Operational Patterns OV-2 Operational Resource Flows OV-5 {a,b} Activity diagrams
Patterns
Service Patterns SvcV-1 Service Interfaces SvcV-2 Service Resource Flows SvcV-4 Service Functionality SvcV-10b Service State Transitions
System Patterns SV-1 System Interfaces SV-2 System Resource Flows SV-4 System Functionality SV-10b System State Transitions Event-Based Scenario Patterns of Dynamic Behavior OV-6c Event-Trace Description SvcV-10c Services Event-Trace Description SV-10c Systems Event-Trace Description
Benefits
Authoritative source of architecture information within a problem space that guides and constrains architectures and solutions Simplifies and standardizes solutions for complex problems by providing common repeatable patterns Provides early, focused guidance at a sufficient level of abstraction and detail before concrete implementation decisions are known A tool to ensure interoperable architectures and solutions based on common guidance
16
First Usage:
EANCS Reference Architecture
DRAFT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Prepared by the Office of the DoD CIO December 2009 Version 3.0
Enterprise-wide Access to Networks and Collaboration Services (EANCS) Reference Architecture (RA)
18
EANCS RA
Background
Operational Requirements
GIG 2.0 Operational Reference Architecture (ORA) describes requirement for Global Authentication, Access Control, and Directory Services Vice Chairman Joint Chiefs of Staff (VCJCS) directed ability to go anywhere [in DoD], login, and be productive
19
EANCS RA
Purpose and Scope
Purpose
Gain Department-wide consensus on requirements for authenticating users and authorizing user access to DoD Information Enterprise (IE) and, more specifically, to representative collaborative services, to include portals and enterprise e-mail Describe architectural patterns to guide, standardize, and enable the most rapid and cost-effective implementations of an authentication and authorization capability in support of secure information sharing across DoD
Scope
To Be Architectural Description Document requirements, activities, and information for authentication and authorization and access control Document standard/common authentication and authorization and access control processes
20
EANCS RA
Development Approach
Architecture Owner organized Working Group (WG)
Composed of SMEs from ASD (NII)/CIO, Military Services, Joint Staff/J6, Defense Manpower Data Center (DMDC), Defense Information Systems Agency (DISA), and National Security Agency (NSA) Team members represented their stakeholder organizations
Architecture Owner worked with ERAC to establish RA purpose, perspective, and scope WG developed Concept of Operations (CONOPS) for context WG provided necessary architecture data/information
Existing documents served as knowledge baseline SME knowledge and experience provided rest of information
ERAC organized collected data into DoDAF-compliant RA description WG approved RA content (Dec 2009) Submitted to Architecture and Standards Review Group (ASRG) for 21 approval DunlapTattler.com and federation into DoD EA public docs made public
EANCS RA
Sources
Process & Function Operational Requirements
Federal ICAM
Legend
ESSF Enterprise Security Services Framework ESM Enterprise Security Management ICAM Identity, Credential, and Access Management ORA -Operational Reference Architecture
ESM
ESSF
Service Descriptions
EANCS RA
EANCS CONOPS
- Operational Requirements - Implementation Considerations - 6 to 9 months - Longer Period - Impacts - Metrics - Guidance
- NIPRnet - SIPRnet - Deployed User - Unanticipated USE User CASES - Maritime User - VPN - ???
Provide Analysis
22
EANCS RA
Architecture Artifacts
Architecture Federation
Enterprise-wide Access to Network and Collaboration Services Reference Architecture Overview and Summary Information (AV-1)
Strategic Purpose
Principles
1 Architecture Product Identification 1.1 Name: Enterprise-wide Access to Network and Collaboration Services (EANCS) 1.2 Lead Organization: Department of Defense Deputy Chief Information Officer. The Enterprise Services Review Group (ESRG), as the architecture owner, is responsible for architecture content and will provide overall coordination to ensure appropriate stakeholders and subject-matter experts are available; the Enterprise Reference Architecture Cell (ERAC), with oversight from the Architecture and Standards Review Group (ASRG), will support the development of appropriate architecture artifacts. 1.3 Approval Authority: DoD CIO Enterprise Guidance Board (EGB) 2 Purpose and Perspective 2.1 Purpose. A Reference Architecture (RA) abstracts and normalizes the institutional understanding of capabilities at the enterprise level, and provides a common set of principles, technical positions, and patterns for use within the DoD to guide development of Enterprise, Segment, or Solution architectures.
DRAFT 1 2
EANCS RA Document
3 4 5 6 7 8 9
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Prepared by the Office of the DoD CIO December 2009 Version 3.0
Patterns
Technical Positions
OMB
Policy
M-05-05
OMB OMB
Policy Policy
M-05-24 M-06-18
Presidential Directive
Policy
HSPD-12
NIST
Guidance
SP 800-87
Vocabulary
23
25
Purpose
Unify the concepts embedded in the DoDs netcentric strategies into a common vision Drive common solutions and promote consistency Describe the integrated Defense Information Enterprise and the rules for information assets and resources that enable it Foster alignment of DoD architectures with the enterprise net-centric vision
DoD Net-centric Vision To function as one unified DoD Enterprise, creating an information advantage for our people and mission partners by providing:
A rich information sharing environment in which data and services are visible, accessible, understandable, and trusted across the enterprise. An available and protected network infrastructure (the GIG) that enables responsive information-centric operations using dynamic and interoperable communications and computing capabilities.
26
Background
Major Net-Centric Strategies
Data (9 May 2003) Services (4 May 2007) Information Assurance (26 April 2006) Computing Infrastructure (September 2007) Spectrum Management (3 Aug 2006) NetOps (February 2008) Communications/Transport Information Sharing (4 May 2007)
28
29
30
Relevant Relevant JCAs JCAs Net-Centric/Enterprise Net-Centric/Enterprise Align with JCA Taxonomy Services/Core Services/Core Enterprise Enterprise Services/User Access Services/User DunlapTattler.com public Access docs made
31
public
Align Operational Activities and Processes with related DoD IEA Activities
Constrain
DoD DoD IEA IEATerminology Terminology DoD DoD Net-Centric Net-Centric Vision Vision DoD IE Perspective DoD IE Perspective User/Consumer User/Consumer Producer/Provider Producer/Provider Priority Priority Areas Areas Data Data and and Services Services Deployment Deployment Secured Availability Secured Availability
32
2.3.2.2.1
Q13 - Which DoD IEA Principles apply to your Program? Q14 - How do the Principles apply to your Program? Q15 - How are the applicable Principles addressed in your architecture/program documents?
34
Filled out Tab A Compliance Matrix for RA Developed eISP excerpt for RA
Used Guidance for DoD Information Enterprise Architecture in EISP 2.0 to identify and locate DoD IEA questions to be answered Incorporated information and text from RA document Generated compliance matrix using Xml2PDF 2007 application and ISP_DoD_IEA_Compliance_Table style sheet DunlapTattler.com public docs made public
35
DoD IEA
Comment Adjudication (v1.2) for DCIO Approval Work on future versions of the DoD IEA
EANCS RA
Delivered to owner; now in FAC/ASRG approval process
Questions?
37
BACKUP SLIDES
38
DRAFT
NetOps NetOps
Discovery
People/Service Discovery Content Discovery Metadata Discovery Geospatial Visualization Credentialing Configuration Management
Enterprise Management
Services Management Resource Management Content Handling Authentication Computer Network Defense Authorization & Access COOP/CIP
NetOps Infrastructure
Enterprise Management Content Management Net Assurance
40
41
42
Development Approach
Describe the components of the context diagram Build use cases based on GIG 2.0 Attributes to establish relationships between its functional components (Mandatory Core & Shared Enterprise Services)
Global Authentication, Access Control, and Directory Services Information and Services From The Edge Joint Infrastructure Common Policies and Standards Unity of Command
Analyze use cases through identification, sequencing, and prioritization of functional components to develop key or foundational Services first Apply analysis to prioritize and manage:
Reference Architecture Development (Principles, Technical Positions, Patterns) Sequence and Monitor Initiatives, Projects, and Programs Identify Issues, Gaps, and Shortfalls
43
Apply Enterprise Services & Infrastructure to GIG 2.0 Requirements through Use Cases
Collaboration Services
Enterprise Directory
Desktop/ Browser
Document Sharing
Printer Capability
Authorizatio n Authentication Decision Decision Response Request Secondary Authenticati on (if required) ESSF
Policy
Portal
Collaboration
Storag e
Authentication
Credential Validation Response
ESSF Authorization Environmental & Access Data Resource Response Control Access
Policy Response Mission Manager
Identity Informatio n
Identity Updates
ESSF Credentialing
Policy Management
Indicates Dependency
45
User
Porta l
2
3 9
Mediation
8 7
Content Delivery
Content Mgmt
5
Infrastructure
Enterprise Management
DRAFT
NetOps NetOps
Discovery
People/Service Discovery Content Discovery Metadata Discovery Geospatial Visualization Credentialing Configuration Management
Enterprise Management
Services Management Resource Management Content Handling Authentication Computer Network Defense Authorization & Access COOP/CIP
EANC S RA
EU
AD Opt Arch
NetOps Infrastructure
Enterprise Management Content Management Net Assurance
47