Title: NOAA IT Review Board System Review NOAA Enterprise Network NOAAnet October 10, 2006
1NOAA IT Review Board System Review NOAA
Enterprise Network (NOAAnet)October 10, 2006
2Purpose/Agenda
- Purpose
- System/Control Review
- Last briefings to NITRB/CITRB
- Program Review 3/30/2005
- Agenda
- Introduction
- Basis for Investment
- Project Management
- Risk Management
- IT Security
- Architectural Compliance
- Administrative/Departmental Goals and Initiatives
3IntroductionNOAAnet One NOAA Requirements
- Common NOAA Communications Infrastructure
- To reuse and share common services
- Email
- Videoconferencing
- Administrative and Desktop Applications
- Corporate and Programmatic Operations
- Intranet
- To collaborate, share data and resources across
the enterprise - To centrally manage NOAA network
- Standardize SLA, router and firewall
configurations - Facilitate security policy implementation
- Manage network access, transparent to Line Office
- To disseminate NOAA information and services to
the public - Common Security Infrastructure
- To support with single CA
- To provide virtually closed, isolated, secure
environments for user communities
4IntroductionNOAAnet Addresses NOAA Needs
- Problems
- Legacy networks approaching EOL
- Gartner Most carriers will likely discontinue
Frame Relay and ATM from 2006-2009. - Uncoordinated redundancy at shared locations
increases costs. - Loss of connectivity at a hub location disables
connectivity at dependent remote locations - Complete COOP failover is difficult or impossible
when backup sites rely on dedicated or separate
networks - Video conferencing across Line Offices requires
extraordinary manual coordination - Solutions
- Every location on NOAA network is able to connect
and exchange data - Consolidates 9 legacy networks into single
network - Provide any-to-any connectivity between any NOAA
locations - Replaces numerous Point-to-Point circuits
- Extensible for and compatible with Satellite
operations - NOAAnet plans do not currently include
- RD high performance requirements
- Satellite broadcast networks
- Replacement of standard voice communications
5IntroductionNOAAnet Technical Features
- NOAAs Enterprise Network Target Architecture
specified Multi-Protocol Label Switching (MPLS)
technology - Private Backbone Network using MPLS
- Eliminates risk of single points of failure
- Enables any-to-any connectivity between any NOAA
locations - Better services, performance management, and ease
of management - 24x7 Monitoring
- Incident Management (Fault Isolation, Problem
Resolution) - Centralized Patch Management
- Configuration Management
- Security Management
- Performance Management
- Change Management
6IntroductionNOAAnet Logical View
7Introduction NOAAnet Phase I NWS Consolidation
- Consolidated Wide Area Network
- Implements and extends NOAAs Target Architecture
- 136 locations including 11 of 14 shared LO sites
- Centralized Network Management
- 24x7 Tier 1 Support
- Ubiquitous Automated Proactive Monitoring
- Centralized Configuration Management
- Centralized Performance Management
8IntroductionNOAAnet Implementation Strategy
- Phase 1
- NWS WAN Consolidation
- Establish 24x7 Network Operations Center (Primary
Back Up) - Next Phases
- Establish NOAAnet major Campuses
- Silver Spring
- Boulder
- Seattle
- Kansas City
- Norman
- Integrate existing additional NOAA WANS into
NOAAnet - NMFS
- Admin
- CLASS
- NESDIS Operations
- NOS
- NCEP Operations
9Basis For InvestmentBackground
- Developed from Enterprise Network Target
Architecture (ENTA) - Moves from program based network infrastructure
to a single NOAA utility - Leverages existing resources
- NWS Telecommunication Gateway
- NOAA NOC
10Basis for Investment NOAAnet Budget Context
- No new funding
- Initial deployment accomplished with one-time NWS
reprogramming, and cost recovery from circuit
consolidation - Reprogrammed funds applied to
- Engineering for consolidation (parallel ops,
design) - Edge routers/firewall
- Network Mgt Tools, staff, and facilities
- Network Management Infrastructure and OM funded
through circuit consolidation - Other legacy networks transitioned supported
once Network Management Infrastructure build out
is complete
11Basis For Investments - ROI
- Conservative FY2004 assumptions and calculations
projected 32.1M cost avoidance over first 7
years - Applies all projected requirements to nearly
obsolete legacy infrastructure - Network Transport Only
- Assumes 40 aggregate annual requirements growth
- Based on experience and stated program
requirement - Assumes Three year implementation
- Leverages earlier cost avoidance to fund build
out - Contributing Cost Factors
- Shared Access
- Reliance on Metro Area Networks (MANs)
- More economical technology
- Economies of Scale
- Internal
- Internet Access
- Examples Transport Only
- NWS Frame Relay Networks - 850K/year FY 2007
savings increase as requirements increase - Administrative WAN 75 savings for DC sites
12Basis For Investments - Benefits
- Meets NOAAs requirements and supports NOAAs
mission performance - Cost avoidance applied to needed enhancements
- Funds Applied to Increased Capacity, Centralized
Management - Improved Management
- Fault Isolation, Problem Resolution,
Configuration Mgt - Improved Performance
- Eliminates many network based single points of
failure - Supports geographic failover/Critical
Infrastructure Protection e.g. BTG - Integrates NOAAs Security Architecture
- Extends Defense-in-Depth strategy throughout the
enterprise - Establish a Certified and Accredited Network
Infrastructure w/ distinct boundaries - Standardizes Management Structure
13Basis for InvestmentNOAAnet Phase I NWS
Consolidation
14Project Management NOAA Framework
- Phased Implementation Lead by National Weather
Service - Oversight from the NOAA CIO
- Strategic Guidance, Coordination NOAA CIO Council
- Technical Architecture Developed by NOAA Network
Advisory Committee (NAC) - Detailed Architecture Developed by NWS
- Broad Architectural Compliance Review NAC
- Configuration Change Board (CCB) established
- Major Milestones Reported through the NOAA
Operational Plan - NOAA-wide Exhibit 300 (Internal)
- Under Development for CY 2006
- Governance Issues pending resolution
15Project Management NWS Phase 1 Project Charter
Team
16Project Management Roles Responsibilities
- NWS
- Network Engineering Support
- Incident Problem Management
- Accounting and Management Support
- Administration of Edge Routers and Firewalls
- Development of CA
- NOAA CIO
- Oversight
- Co management of Network Mgt Tools
- Implement Cost Allocation System
- Other NOAA Line Offices
- Manage LANs
- Participate in Campus Support
- Specify requirements
- Fund transport and management proportional to
usage.
17Project Management Management/Business Model
- Fee for service business model
- Full Cost Distribution
- Management
- Network transport
- Equipment
- CA
18Project Management FY2005 Accomplishments
- Baseline Specified
- High Level Target Architecture Completed
- Cost Analysis Completed
- FY2005 Milestones
19Project Management FY2006 Accomplishments
- Network Management Architecture Completed
- Support SLA Drafted
- SSMC Campus (Open Campus Network) Connected
- Initial WAN Monitoring Capability Established
- NWS Initial Operations
- Regional HQs Connectivity Established
- SSMC2
- Field Site Router/Firewalls Procured
- Back Up Telecommunications Gateway.
- AWIPS Pilot initiated
- NMFS Pilot Design and Procurement Completed
20Project Management Milestones
- Back Up NCF Connected Oct 2006
- NOC IOC Nov 2006
- NMFS Pilot Nov 2006
- NWS WAN Consolidation Nov 2006 Apr 2007
- AWIPS
- Regional WAN
- Implement NWS Extranet Access Points December
2006 - CA Completed February 2007
- NOC FOC March 2007
- NMFS WAN transition completed April 2007
- Full Convergence of NWS Gov, International, May
2007 - Commercial Customers
- NWS VTC transitioned to NOAAnet Sep 2007
21Risk Management
- Risk Management Plan
- Industry best practice and plan, November 2006
- Risk Assessment and Tracking
- Within Weather Service, from beginning
- Incorporating strategy of phased implementation
- Network Services acquired through the FTS2001
contracts provides flexibility - Across LOs, as of October 2006
22Risk Management
23IT Security - Program Overview
- Incorporates and Supports NOAA IT Security
Architecture - Isolates and Manages Outside Access Points
- Will provide for Security-in-depth including
common firewall strategy and Intrusion Protection
Systems (IPS) - Provides isolation and varying performance
standards as required by systems and requirements
supported by the network - Will assure a broader, unified Certification and
Accreditation for NOAA network resources - Enables automated discovery across the enterprise
to help assure policy compliance - Supports Enterprise-wide failover and recovery
24IT SecuritySummary FISMA Compliance
- Systems Security Plan (SSP) NOAA8204
- Draft Plan completed September 29, 2006
- Final SSP at IOC (Final eval of AWIPS Pilot)
-11/16/2006 - Security Profile Medium Sensitivity
- Technology budget support medium availability
.999 - Higher requirements supported by encryption, dial
or satellite backup - Plan Of Action and Milestones (POAMs) Initial
set October 6, 2006 - IATO from NWS CIO based on POAMs
- CA Funding In process of identifying
- Estimated costs - 300,000
25IT SecurityContinuity of Operations
- Network Operations
- Tools duplicated in failover mode at NCEP
- 24x7 Monitoring Tier 1 support at Back Up
Telecommunications Gateway (BTG) - Back Up NOC Initial Capabilities 12/2006
26IT SecurityConfiguration Management
- Centralized Configuration Management using
Opsware - Enforces Security Policy
- Alerts of any changes
- Standards now set to CIS/NIST 800-70 guidelines
- Final strategy complete at IOC
- Router patch management based on NOAA standard
Secure Elements - Logs aggregation and analysis using CSMARS/syslog
27Enterprise Architecture Convergence
- Complies with NOAA and FEA Architecture Model
- Included in NOAA EA submission
- Developed
- Baseline Requirements Target Architecture Gap
Analysis - Infrastructure View
- Keystone for integrating overall NOAA technology
architecture - Validated with Pilots
- NWSnetAWIPSNMFS
28Enterprise Architecture
- Reuse
- Leverages infrastructure and staff at
Telecommunications Gateway NOAA NOC - Available as a resource for all NOAA wide area
communications - Network Management tools also used to monitor NWS
Telecom Gateway - Standards
- RFC 4364 VPNS over MPLS
- Standard IP protocols
- Standardized configuration applied across
enterprise
29Support for Secretarial/Departmental Goals
NOAA Strategic Goal Provide Critical Support for
NOAAs Mission
- Strategy
- Develop and maintain an Information Technology
Enterprise to - fully support the life cycle of NOAAs programs
- be secure, reliable and cost effective
- encourage information sharing
- comply with all applicable policies