Iaas Demonstration San Francisco Wildfire V.02

Cloud Computing Infrastructure Demonstration: GOAL Within a realistic DHS/FEMA scenario: • Demonstrate the ability to establish a secure and robust collaboration environment that can be quickly and easily scaled at a disruptively low cost. • Leverage a commercial cloud platforms to host and distribute application suites that enable a robust information sharing capability • Provide a flexible and robust security frameworks capable of meeting stringent government information assurance and information security requirements 1 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Scenario: San Francisco Area Wildfires The Federal Emergency management Agency is working with  state officials and other federal agencies engaged in the response to the multiple wildfires burning across The San Francisco bay area. President Obama issues an emergency disaster declaration  for California and orders greater federal aid to supplement state and local response activities in the affected areas. FEMA mobilizes federal resources and authorizes federal  funds to be allocated to reimburse the state for certain costs incurred under FEMA's Fire Management assistance Grant Program. 2 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

San Francisco Area Wildfire: Emergency Response Organizations National Interagency Fire Center  FEMA Joint Field Office in Oakland   DOI Wildland Firefighters Response staging area   USDA Wildland Firefighters Federal Emergency Response Team  State Emergency Operations Center in  Regional Response Coordination Center  Sacramento Department of the Interior  California Wild Land Fire Services in Marin   Bureau of Land Management County  National Park Service California Office of Emergency Services   U.S. Fish and Wildlife Service Department of Defense   Bureau of Indian Affairs  Defense Coordinating Officers Department of Transportation   Defense Coordinating Elements United States Forest Service   Command Assessment Element United States Army Corps of   US Northern Command Engineers Air Forces North  Department of Health and Human   National Guard Bureau Services  Federal Aviation Administration Department of Homeland Security's   U.S. Fire Service Infrastructure Protection.  General Services Administration National Response Coordination Center   DHS/ U.S. Coast Guard  Environmental Protection Agency  Red Cross   FBI Southern Baptists  DOJ National Terrorism Task Force 3 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

San Francisco Emergency: Incident Action Plan Establish Designate Decommission Establish Joint Field Joint Field Incident Perimeter Office Office Command Assign & Evaluate Manage Scene Responders 4 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

San Francisco Emergency: Modified Incident Action Plan Designate Establish Decommission Establish Incident Joint Field Joint Field Perimeter Command Office Office Activate Assign & Evaluate Collaboraton Manage Scene Environment Responders 5 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

San Francisco Emergency: Modified Incident Action Plan Designate Establish Decommission Establish Incident Joint Field Joint Field Perimeter Command Office Office Activate Assign & Deactivate Evaluate Collaboraton Manage Collaboration Scene Environment Responders Environment 6 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Designate Incident Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Command Office Command Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment  NIMS: Command and Management  Incident Command System (ICS):  Integrates resources from numerous organizations into a single response structure using common terminology and common processes Joint Field Office Coordination Group Operations Planning Logistics Finance and Section Section Section Admin Technical Staff 7 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Activate Collaboration Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Command Office Environment Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment Emergency Data Center STEALTH Network Security Policy Manager Incident Activator 8 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Command Office IAAS Specifications Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment Virtual Compute Units 32/64 Bit Memory Storage $/hr Cores Small 1 1 32 bit 1.7 G 160 G 0.10 High-CPU 2 2.5 32 bit 1.7 G 350 G 0.20 Medium Large 2 2 64 bit 7.5 G 850 G 0.40 Extra Large 4 2 64 bit 15 G 1690 G 0.80 High CPU XL 8 2.5 64 bit 7G 1690 G 0.80 EC2 Compute Unit = 1.0-1.2 GHz 2007 Opteron or 2007 Xeon Procesor 9 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Establish Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Command Office Perimeter Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment Incident Action Plan Operational Space Area Commander FIRE FIRE Incident Incident action plan action plan Incident action plan Fire station Wi ind nd al W S ti hif Ini t 10 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Establish Joint Field Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Command Office Office Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment Joint Field Office Department of Defense Representative Defense Coordinating Officer 11 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Designate Incident Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Command Office Command Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment Emergency Data Center STEALTH Network Security Policy Manager 12 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Evaluate Scene Command Office Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment San Francisco CA - Area WildFire Federal Public Affairs National Ass. Of State Forresters Office of Aircraft Services National Weather Service Forest Area Safety Task Force (FAST) «inherits» «inherits» National Park Service ApproveFMAG US Dept. Of Fish and Wildlife US Forrest Service State Police National-Interagency Fire Center OpenRegionalResponseC DoD, National Guard Bureau oordinationCenter Customes And Borders Dept of Interior, Dept of Transportation IdentifyandEstablish HHS JointFieldArea EPA GSA FAA FEMA FBI, DOJ National Terrorism Task Force RespondeToEmergency «inherits» Events «inherits» OpenJointFiledOffic e Municipal Fire California Departments California Dept. Of Forrestry Sheriff’s ActivateNationalRespon Office of Emergency Services seCoordinationCenter Department (OES) Geographical Area SendLiaisonToStateEmer Coordination Center (GAAC) County gencyOperationsCenter Emergency Operations Center Fire Departments (EOC) Sheriff’s Department Joint Information Center (JIC) Mountain Area Safety Taskorce (MAST) Red Cross 13 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Assign/Manage Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Command Office Responders Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment Emergency Data Center STEALTH Network Security Policy Manager 14 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Designate Incident Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Command Office Command Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment Update DHS Datacenter Emergency Data Center STEALTH Network Security Policy Manager 15 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Decommission Joint Designate Establish Joint Establish Decommission Joint Incident Field Perimeter Field Office Command Office Field Office Activate Deactivate Assign & Manage Collaboraton Evaluate Scene Collaboration Responders Environment Environment 16 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

San Francisco Emergency Wildfire Scenario 1. Establish an incident command structure 2. Deployed Emergency Data Center from Amazon S3 and activated secure collaboration environment in Amazon EC2 3. Supported Joint Field Office operations 4. Completed Operations 5. Transferred all operational data to DHS 6. Deactivated collaboration environment 7. Decommission Joint Field Office 17 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Cloud Computing Infrastructure Demonstration: Summary • Demonstrated the ability to establish a secure and robust collaboration environment that can be quickly and easily scaled at a disruptively low cost. • Leveraged Amazon EC2 to host and distribute application suites that enabled a robust information sharing capability • Through the use of cryptographic bit splitting technology, provided a flexible and robust security framework capable of meeting stringent government information assurance and information security requirements 18 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Amazon Web Services Amazon Web Services are a set of services that provide programmatic access the Amazon’s ready-to-use computing infrastructure.  Storage Storage for files, documents, user downloads, or backups. Store anything your application needs in Amazon Simple Storage Service (S3) and take advantage of scalable, reliable, highly available low-cost storage.  Computing Amazon Elastic Cloud Computing (EC2) provides the ability to scale your Computing resources up or down based on demand and makes provisioning new server instances very easy.  Messaging Decouple your application components by using the unlimited reliable messaging provided by Amazon Simple Queue Service (SQS).  Datasets Amazon SimpleDB (SDB) provides scalable, indexed, zero-maintenance storage, along with processing and querying for datasets. 20 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Elastic Compute Cloud (EC2) Instances Simple Storage Service (S3) XEN Virtualization Hosting of virtual machine images Hardware (AMI) •Web service that lets users requisition virtual machines within minutes and easily scale needed capacity up or down based on demand. •Users pay for only the compute time you use •The EC2 environment itself is built on top of the open source Xen hypervisor •Users create Amazon machine images (AMIs) that act as the templates for y instances. •Access to the instances can be controlled by specifying the permissions. •Provides true Web-scale computing, which makes it easy to scale computing resources up and down. •Five types of servers available; users can pick the ones that fit their application needs. The servers range from commodity single-core x86 servers to eight-core x86_64 servers. •Users can place the instances in different geographical locations or availability zones to ensure resistance to failure. •Elastic IP addresses that can be dynamically allocated to instances •Pay by the hour ($0.10-0.80/hour) + external •Bandwidth ($0.10-0.18/Gbyte) 21 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Oracle Technology: SOA Suite and Oracle 11g DB Oracle SOA Suite The Oracle SOA Suite is a packaged set of standards-based components for enabling web  services-based SOA. Oracle SOA Suite covers web services development, orchestration, monitoring, and security.  Oracle BPEL Process Manager orchestrates transactions across disparate applications within and  across corporate boundaries. Web-service enabled support a cloud computing model where several low-cost servers can be  deployed in a cluster to provide scalability and high availability. The Oracle SOA suite contains the following components  • Oracle Enterprise Service Bus • Oracle BPEL Process Manage • Oracle Technology Adapters • Oracle BPM Human Workflow • Oracle B2B • Oracle Business Activity Monitoring • Oracle Data Integrator  Oracle SOA Suite Security 22 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

SF Wildfire Implementation Technology – Oracle Beehive Oracle Beehive  Software platform for enterprise collaboration. Provides collaborative tools built around a unified collaborative model. These tools help teams to collaborate efficiently across multiple geographies and organizations with: • Content Management Services • Discussions Service • E-mail Service • Instant Message Services • Time Management Services • Voice Message Service  Beehive supported protocols: • Calendaring Extensions for WebDAV (CalDAV) • Extensible Messaging and Presence Protocol (XMPP) • File Transfer Protocol (FTP) • Internet Message Access Protocol (IMAP) • Open Mobile Alliance Data Synchronization (OMA-DS) • Simple Mail Transfer Protocol (SMTP) • Web-based Distributed Authoring and Versioning 23 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

SF Wildfire Implementation Technology - Appistry Appistry’s Enterprise Application Fabric (EAF) provides:  A ―Cloud Application Platform‖ for enabling highly scalable cloud computing  Services/applications on private intranets and external networks.  Scalability and reliability at the application level  Abstracts applications across underlying infrastructure  Simplifies and automates application deployment and management  Essential cloud application services via APIs state, workload mgmt)  Compliments VMWare, Xen deployments 24 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

SF Wildfire Implementation Technology: Appistry Cloud IQ Appistry’s CloudIQ Manager : Unified application management for the cloud.  Enables application migration to cloud/virtualized environment.  Provides multi-application, multi-cloud management.  Provides application deployment and configuration management.  Appistry’s CloudIQ Engine:  Distributed application container that enables highly scalable cloud computing services/applications on private intranets and external networks.  Abstracts applications across underlying infrastructure.  Distributes application workload with no single point of failure.  Access cloud application services via APIs (workload monitoring, etc.).  Compliments virtualized (VMWare, Xen) or non-virtualized commodity hardware deployments. Copyright 2005 Northrop Grumman Corporation

SF Wildfire Implementation Technology: Appistry Cloud IQ Manager CloudIQ Manager in the SF Wildfire Technology Amazon EC2 Demonstration  XML deployment scripts  Port applications across “clouds”  Enables choosing the right cloud for the job  Minimize cloud provider lock-in  Drag-and-drop deployment of application between clouds Private Cloud Tomcat Service Geodata files Copyright 2005 Northrop Grumman Corporation

SF Wildfire Implementation Technology- Geoserver GeoServer is an open source software server written in Java.  Designed for interoperability. Allows users to share and edit geospatial data.  Publishes data from any major spatial data source using open standards.  Reference implementation of the Open Geospatial Consortium (OGC) Web Feature Service (WFS)  and Web Coverage Service (WCS) standards, as well as a high performance certified compliant Web Map Service (WMS). The Gesoserver is deploy on the Appistry servers in the Amazon cloud. It is accessed by users  via the Oracle Beehive collaboration tool. Demonstrate ability to request a map via WMS via GeoServer directly.  Demonstrate ability of Beehive to request the map from GeoServer and create a version-  controlled editable document and whiteboard session with it. Demonstrate Appistry's management and monitoring features through the cloud.  Exported desktop sessions will NOT be accessible on cloud-hosted applications through the  Northrop Grumman firewall. 27 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

SF Wildfire Implementation Technology: Unisys Stealth Secure Cross-Domain Sharing  Enables the secure share information across domains.  This solution matches communities of interest to specific data access and sharing rights.  A community of interest can be people within the same domain or people from different domains working together on a special project.  Each user can easily access data authorized for that user— wherever the data is — but only that data. Other data remains completely private, safe, and hidden. 28 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

SF Wildfire Implementation Technology – Unisys Stealth - COI Communities of Interest (COI) The members of a community of interest are assigned a workgroup key.  Controlled sharing and access to the community of interest’s data is based on the strong  authentication via workgroup key and log-on credentials. Without the correct workgroup key, network packets are ignored.  The workgroup key construct provides a stronger way to control access to data.  Users can belong to more than one workgroup. This facilitates multi-level sharing for agency  operations and multi-national information sharing for cooperating partners operations. Users in different departments, organizations, or projects can work securely on the same  network. The result is a cloaked network that secures data-in-motion and hides servers and PCs in plain  sight. Devices that do not have the same workgroup key remain cloaked from unauthorized eyes.  Without the correct key, users cannot ask for the data from the server or send data to the server or workstation. They can’t even ping the server or workstation. 29 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

SF Wildfire Implementation Technology – Unisys Stealth/SecureParser Certification  The Stealth Solution cryptographic module is FIPS 140-2 certified through the use of SecureParser by Security First Corp.  EAL4+ ―under evaluation‖ status in the first half of 2008 and full EAL4+ certification by early 2009.  Stealth Solution for Network will enable Multi-Level Security, permitting data classified at different security levels to coexist on a single network.  The Stealth Solution permits the consolidation of NIPR, SIPR, and JWICS-connected LANs into a single IT infrastructure.  The SecureParser security architecture is based on provable security techniques. The techniques implemented include Robust Computational Secret Sharing (RCSS), Perfect Secret Sharing (PSS), and AES block cipher.  Attacking the SecureParser data security can be shown at a minimum to be as difficult as attacking AES. 30 4/20/2009 12:58 PM Copyright 2005 Northrop Grumman Corporation

Iaas Demonstration San Francisco Wildfire V.02

by Kevin Jackson on Apr 20, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 60

Statistics

Iaas Demonstration San Francisco Wildfire V.02 — Presentation Transcript