NOAA IT Review Board System Review NOAA Enterprise Network NOAAnet October 10, 2006

1
NOAA IT Review Board System Review NOAA
Enterprise Network (NOAAnet)October 10, 2006
2
Purpose/Agenda

• Purpose
• System/Control Review
• Last briefings to NITRB/CITRB
• Program Review 3/30/2005
• Agenda
• Introduction
• Basis for Investment
• Project Management
• Risk Management
• IT Security
• Architectural Compliance
• Administrative/Departmental Goals and Initiatives

3
IntroductionNOAAnet One NOAA Requirements

• Common NOAA Communications Infrastructure
• To reuse and share common services
• Email
• Videoconferencing
• Administrative and Desktop Applications
• Corporate and Programmatic Operations
• Intranet
• To collaborate, share data and resources across
  the enterprise
• To centrally manage NOAA network
• Standardize SLA, router and firewall
  configurations
• Facilitate security policy implementation
• Manage network access, transparent to Line Office
  
• To disseminate NOAA information and services to
  the public
• Common Security Infrastructure
• To support with single CA
• To provide virtually closed, isolated, secure
  environments for user communities

4
IntroductionNOAAnet Addresses NOAA Needs

• Problems
• Legacy networks approaching EOL
• Gartner Most carriers will likely discontinue
  Frame Relay and ATM from 2006-2009.
• Uncoordinated redundancy at shared locations
  increases costs.
• Loss of connectivity at a hub location disables
  connectivity at dependent remote locations
• Complete COOP failover is difficult or impossible
  when backup sites rely on dedicated or separate
  networks
• Video conferencing across Line Offices requires
  extraordinary manual coordination
• Solutions
• Every location on NOAA network is able to connect
  and exchange data
• Consolidates 9 legacy networks into single
  network
• Provide any-to-any connectivity between any NOAA
  locations
• Replaces numerous Point-to-Point circuits
• Extensible for and compatible with Satellite
  operations
• NOAAnet plans do not currently include
• RD high performance requirements
• Satellite broadcast networks
• Replacement of standard voice communications

5
IntroductionNOAAnet Technical Features

• NOAAs Enterprise Network Target Architecture
  specified Multi-Protocol Label Switching (MPLS)
  technology
• Private Backbone Network using MPLS
• Eliminates risk of single points of failure
• Enables any-to-any connectivity between any NOAA
  locations
• Better services, performance management, and ease
  of management
• 24x7 Monitoring
• Incident Management (Fault Isolation, Problem
  Resolution)
• Centralized Patch Management
• Configuration Management
• Security Management
• Performance Management
• Change Management

6
IntroductionNOAAnet Logical View
7
Introduction NOAAnet Phase I NWS Consolidation

• Consolidated Wide Area Network
• Implements and extends NOAAs Target Architecture
• 136 locations including 11 of 14 shared LO sites
• Centralized Network Management
• 24x7 Tier 1 Support
• Ubiquitous Automated Proactive Monitoring
• Centralized Configuration Management
• Centralized Performance Management

8
IntroductionNOAAnet Implementation Strategy

• Phase 1
• NWS WAN Consolidation
• Establish 24x7 Network Operations Center (Primary
  Back Up)
• Next Phases
• Establish NOAAnet major Campuses
• Silver Spring
• Boulder
• Seattle
• Kansas City
• Norman
• Integrate existing additional NOAA WANS into
  NOAAnet
• NMFS
• Admin
• CLASS
• NESDIS Operations
• NOS
• NCEP Operations

9
Basis For InvestmentBackground

• Developed from Enterprise Network Target
  Architecture (ENTA)
• Moves from program based network infrastructure
  to a single NOAA utility
• Leverages existing resources
• NWS Telecommunication Gateway
• NOAA NOC

10
Basis for Investment NOAAnet Budget Context

• No new funding
• Initial deployment accomplished with one-time NWS
  reprogramming, and cost recovery from circuit
  consolidation
• Reprogrammed funds applied to
• Engineering for consolidation (parallel ops,
  design)
• Edge routers/firewall
• Network Mgt Tools, staff, and facilities
• Network Management Infrastructure and OM funded
  through circuit consolidation
• Other legacy networks transitioned supported
  once Network Management Infrastructure build out
  is complete

11
Basis For Investments - ROI

• Conservative FY2004 assumptions and calculations
  projected 32.1M cost avoidance over first 7
  years
• Applies all projected requirements to nearly
  obsolete legacy infrastructure
• Network Transport Only
• Assumes 40 aggregate annual requirements growth
• Based on experience and stated program
  requirement
• Assumes Three year implementation
• Leverages earlier cost avoidance to fund build
  out
• Contributing Cost Factors
• Shared Access
• Reliance on Metro Area Networks (MANs)
• More economical technology
• Economies of Scale
• Internal
• Internet Access
• Examples Transport Only
• NWS Frame Relay Networks - 850K/year FY 2007
  savings increase as requirements increase
• Administrative WAN 75 savings for DC sites

12
Basis For Investments - Benefits

• Meets NOAAs requirements and supports NOAAs
  mission performance
• Cost avoidance applied to needed enhancements
• Funds Applied to Increased Capacity, Centralized
  Management
• Improved Management
• Fault Isolation, Problem Resolution,
  Configuration Mgt
• Improved Performance
• Eliminates many network based single points of
  failure
• Supports geographic failover/Critical
  Infrastructure Protection e.g. BTG
• Integrates NOAAs Security Architecture
• Extends Defense-in-Depth strategy throughout the
  enterprise
• Establish a Certified and Accredited Network
  Infrastructure w/ distinct boundaries
• Standardizes Management Structure

13
Basis for InvestmentNOAAnet Phase I NWS
Consolidation
14
Project Management NOAA Framework

• Phased Implementation Lead by National Weather
  Service
• Oversight from the NOAA CIO
• Strategic Guidance, Coordination NOAA CIO Council
  
• Technical Architecture Developed by NOAA Network
  Advisory Committee (NAC)
• Detailed Architecture Developed by NWS
• Broad Architectural Compliance Review NAC
• Configuration Change Board (CCB) established
• Major Milestones Reported through the NOAA
  Operational Plan
• NOAA-wide Exhibit 300 (Internal)
• Under Development for CY 2006
• Governance Issues pending resolution

15
Project Management NWS Phase 1 Project Charter
Team
16
Project Management Roles Responsibilities

• NWS
• Network Engineering Support
• Incident Problem Management
• Accounting and Management Support
• Administration of Edge Routers and Firewalls
• Development of CA
• NOAA CIO
• Oversight
• Co management of Network Mgt Tools
• Implement Cost Allocation System
• Other NOAA Line Offices
• Manage LANs
• Participate in Campus Support
• Specify requirements
• Fund transport and management proportional to
  usage.

17
Project Management Management/Business Model

• Fee for service business model
• Full Cost Distribution
• Management
• Network transport
• Equipment
• CA

18
Project Management FY2005 Accomplishments

• Baseline Specified
• High Level Target Architecture Completed
• Cost Analysis Completed
• FY2005 Milestones

19
Project Management FY2006 Accomplishments

• Network Management Architecture Completed
• Support SLA Drafted
• SSMC Campus (Open Campus Network) Connected
• Initial WAN Monitoring Capability Established
• NWS Initial Operations
• Regional HQs Connectivity Established
• SSMC2
• Field Site Router/Firewalls Procured
• Back Up Telecommunications Gateway.
• AWIPS Pilot initiated
• NMFS Pilot Design and Procurement Completed

20
Project Management Milestones

• Back Up NCF Connected Oct 2006
• NOC IOC Nov 2006
• NMFS Pilot Nov 2006
• NWS WAN Consolidation Nov 2006 Apr 2007
• AWIPS
• Regional WAN
• Implement NWS Extranet Access Points December
  2006
• CA Completed February 2007
• NOC FOC March 2007
• NMFS WAN transition completed April 2007
• Full Convergence of NWS Gov, International, May
  2007
• Commercial Customers
• NWS VTC transitioned to NOAAnet Sep 2007

21
Risk Management

• Risk Management Plan
• Industry best practice and plan, November 2006
• Risk Assessment and Tracking
• Within Weather Service, from beginning
• Incorporating strategy of phased implementation
• Network Services acquired through the FTS2001
  contracts provides flexibility
• Across LOs, as of October 2006

22
Risk Management
23
IT Security - Program Overview

• Incorporates and Supports NOAA IT Security
  Architecture
• Isolates and Manages Outside Access Points
• Will provide for Security-in-depth including
  common firewall strategy and Intrusion Protection
  Systems (IPS)
• Provides isolation and varying performance
  standards as required by systems and requirements
  supported by the network
• Will assure a broader, unified Certification and
  Accreditation for NOAA network resources
• Enables automated discovery across the enterprise
  to help assure policy compliance
• Supports Enterprise-wide failover and recovery

24
IT SecuritySummary FISMA Compliance

• Systems Security Plan (SSP) NOAA8204
• Draft Plan completed September 29, 2006
• Final SSP at IOC (Final eval of AWIPS Pilot)
  -11/16/2006
• Security Profile Medium Sensitivity
• Technology budget support medium availability
  .999
• Higher requirements supported by encryption, dial
  or satellite backup
• Plan Of Action and Milestones (POAMs) Initial
  set October 6, 2006
• IATO from NWS CIO based on POAMs
• CA Funding In process of identifying
• Estimated costs - 300,000

25
IT SecurityContinuity of Operations

• Network Operations
• Tools duplicated in failover mode at NCEP
• 24x7 Monitoring Tier 1 support at Back Up
  Telecommunications Gateway (BTG)
• Back Up NOC Initial Capabilities 12/2006

26
IT SecurityConfiguration Management

• Centralized Configuration Management using
  Opsware
• Enforces Security Policy
• Alerts of any changes
• Standards now set to CIS/NIST 800-70 guidelines
• Final strategy complete at IOC
• Router patch management based on NOAA standard
  Secure Elements
• Logs aggregation and analysis using CSMARS/syslog

27
Enterprise Architecture Convergence

• Complies with NOAA and FEA Architecture Model
• Included in NOAA EA submission
• Developed
• Baseline Requirements Target Architecture Gap
  Analysis
• Infrastructure View
• Keystone for integrating overall NOAA technology
  architecture
• Validated with Pilots
• NWSnetAWIPSNMFS

28
Enterprise Architecture

• Reuse
• Leverages infrastructure and staff at
  Telecommunications Gateway NOAA NOC
• Available as a resource for all NOAA wide area
  communications
• Network Management tools also used to monitor NWS
  Telecom Gateway
• Standards
• RFC 4364 VPNS over MPLS
• Standard IP protocols
• Standardized configuration applied across
  enterprise

29
Support for Secretarial/Departmental Goals
NOAA Strategic Goal Provide Critical Support for
NOAAs Mission

• Strategy
• Develop and maintain an Information Technology
  Enterprise to
• fully support the life cycle of NOAAs programs
• be secure, reliable and cost effective
• encourage information sharing
• comply with all applicable policies