Introduction to Robust Net-Centric Services. These are services with a high degree of resilience even when faced with a comprehensive array of faults and/or challenges and inherently capable of reacting gracefully to both internal application changes as well as external environmental changes, all without impacting information exchange.
2. Agenda
The Problem & Challenge with the Status Quo
Solution: Robust Net-Centric Services
Steps to Robustness
Example of Problem & Solution
Some Things To Ponder
Conclusions
2
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
3. Challenge with the Status Quo
Life of an IT System
Build Certify Accredit Deploy
Re-Build Change Monitor
Challenging Factors of the Status quo
- Availability and Robustness of the Network
- Availability (and “Reachability”) of resources to execute a particular function
- Information Assurance (Patching, Access Control, Confidentiality, and Integrity)
- Dynamic Cyber Defense (Monitoring, Implementing Change)
3
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
4. Solution: Robust Net-Centric Services
The Goal
Reactive Proactive Predictive Adaptive
Robust Net-Centric Services are: net-centric services with a high degree of resilience
even when faced with a comprehensive array of faults and/or challenges and
inherently capable of reacting gracefully to both internal application changes as well
as external environmental changes, all without impacting information exchange”
Robust Net-Centric Services - December 2010 (Author Adam Vincent)
Capable of accessing its own particular situation, and taking intelligent action based
on its own situational awareness without impacting the consumer or provider of the
application resource
Capable of providing details about current operating situation to operators (mission or
CND) and allow for administrative changed to be made without impacting the
consumer or provider of the application resource
4
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
5. Requirements of Robust Net-Centric Services
Disconnected,
Intermittent, Low Messaging Monitoring
Situational Awareness
bandwidth (DIL)
Location &
Mission
Physical
Parameters
Awareness
Robustness
Requirements
Intelligent Routing
SLA/QoS
& Variable
Enforcement
Transports
Control through Policy Enforcement
Data
Transformations
Caching and
Compression
Security
5
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
6. Steps to Robustness
Certification &
Accreditation
Monitoring Defense
Mission
Requirements
Policy Monitoring
Business Business
Consumers Policy Enforcement
Services
Change becomes transparent to the
Messaging & Shared Services
User and the Service
Network & Communications
6
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
7. Example – Increasing Complexity and Cost
Business
Requirements Business
Requirements
Transport &
Networking
Requirements
Users Transport &
Networking
Requirements Service
Security
Security Requirements New Security
Requirements New Security Requirements
Requirements
Deploying the Service on another Network
Deploying the Service on another Network
Business
Requirements Business
Transport & Requirements
New Networking
Requirements
Transport &
Networking
Users Service Requirements
New Security
Security Requirements
Requirements Security
Requirements New Security
Requirements
7
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
8. Decoupling Requirements from Services
New Security
Requirements
Security
Requirements
Transport &
Networking
Requirements
Policy
Business
Business Requirements
Requirements
Users Policy Enforcement (Layer 7) Service
Policy
Business
Migration Business
Requirements
Requirements
Users Policy Enforcement (Layer 7) Service
8
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
9. Some Things To Ponder
Policy
- WS-Policy – Policy Framework for building domain specific policy vocabularies and allowing them to
be used in an integrated fashion for run-time enforcement
- Recognized by NIST, and others as way ahead
- XACML – Policy language for access control, specifically Authorization
- An ingredient in decoupling policy - Yes, but the answer to robustness it is not
Policy Management
- Needs to be interoperable across multiple product’s (enforcement points)
- Needs to have integrated capabilities for testing, and certification
- Needs to incorporate lifecycle - Mission owners, operators, and cyber defenders need to manage
without stepping on each others toes. Testers, and Certifiers need to be in the loop as well.
Monitoring
- Monitoring of Policy Enforcement is critical but needs to be provided to both mission operators, and
cyber defenders in different ways across various network deployments.
Testing
- “Run-time testing” when a new policy is added?
9
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
10. Conclusions
Thank you!
We can get there!
Email me if you want to receive the “Robust Net-Centric Services” paper when it is
available.
10
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com