DISA MCEP Overall Uptimes: Up to the month of May 2011 the performance has remained remarkable maintaining our goal of component availability for both MCEPs. Total Monthly Traffic Usages: The majority of all the traffic is high side data usage. SME PED Enclave Added per Location: None of new enclave was connected to the network in May 2011. SME PED Devices Added/Disconnected per Period: 30 new devices were added to the network in May 2011. DIA: 4 devices EUCOM Patch: 19 devices NMCI Hampton Road: 1 devices NSA Meade: 1 device SOCSOUTH: 2 devices SOCOM: 2 devices STRATCOM: _ 1 device - 17 devices were disconnected from the network in May 2011. AFNIC: _ 1 device DIA: _ 1 device EUCOM Patch: 4 devices SOCSOUTH: _ 1 device NSA Meade: _9 devices STRATCOM: _ 1 device
Maria A. Medina Voice Services Networks Branch 18 Jul 2011 A Combat Support Agency Defense Information Systems Agency NS Mobility Efforts
Current SME-PED MCEP Network Architecture Cingular Verizon Sprint Management Console Multi-Protocol Router APN-I POP ROUTER SWITCH PREMISE ROUTER SIPRNet CA Virus Scan Web Server Mail Server Customer Enclave Managed Service SME PED MCEP SME PED SERVER HAIPE FIREWALL DECC Post camp site NIPRNet Mail Server Web Server Virus Scan CA SME PED SERVER Post camp site SWITCH PREMISE ROUTER FIREWALL Tier 0 Tier 0 APN-I DISN Trunk DHS Trunk SME PED: Secure Mobile Environment Portable Electronic Device MCEP: Multi Carrier Entry Point DHS T-Mobile APN-I Verizon APN-I
Working with NSA partners on the next generation of secure mobile phones and the concept of mobility.
Will technology refresh our Multi Carrier Entry Point (MCEP) to support not only SME PED, but other NSA approved commercial secure mobile devices using Mobile Virtual Network Operator (MVNO) technology.
MVNO approach has received broad NSA and DISA support because it enhances security, management, and performance of secure mobile voice and data solutions.
Worked with NSA and developed a request for information (RFI) to industry to determine industry's readiness to delivery this capability.
End goal: Ensure the network connectivity and secure mobile communications for consumption of data and services anywhere, anytime in the network
APN –Wireless Carrier Access Point (multiple as required)
VPN – VPN Server--Serves to terminate VPN from Mobile Handsets
SBC – BBUA--Serves to terminate SRTP/DTLS Session and Generate. RTP flow
SIP - SIP registration/Session Controller for Mobile Handsets
LSC – To provide IP Telephony connection to classified IP Networks
And to establish connection to classified TDM network through Media Gateway
Wireless Carrier Data Service UA TLS/RTP Session Border Controller (SBC) UA TLS/SRTP LSC E B C Classified IP Network @ applicable security level APN VPN 1/2 1/2 Mobile Secure Voice Enabled DISA MCEP SIP Server (LSC) Legend:
Mobility Components + Data + Voice Wi-Fi 802.11 Bridge The Cloud IPAD Tablet PC Laptop 3G/4G
Multi Carrier Entry Point (MCEP) /Mobile Virtual Network Operator (MVNO) Integration Centralized, Controlled Access for Mobile Devices DoD Mobile Virtual Network Operator (MVNO) Service Firewall / Threat Detection Commercial Wireless and IP Service Carriers DoD Users with Mobile Devices UC Session Processing (Voice, Video, Collaboration) Unified Communications Aware Firewall MCEP Security and Application Services (VPN, E-mail, etc.) MCEP Access Point DoD Mobile Virtual Network Operator DoD Secure Service Overlay To DISN UC Services