Security, Monitoring, and Control of the Re-engineered Hubble Space Telescope Control Center System

Similar documents
GSAW The Earth Observing System (EOS) Ground System: Leveraging an Existing Operational Ground System Infrastructure to Support New Missions

S&OC System Requirements Review: GSRD Traceability Matrix

Lockheed Martin Corporation. All Rights Reserved. 1

Declarative Self-Expand Service Access Framework for NASA Mission Users

Costing Information Assurance

NASA/AFSCN/NOAA/Lockheed Martin Ground Network and Space Network Interoperability Plans

CS SOFTWARE ENGINEERING QUESTION BANK SIXTEEN MARKS

Central Administration Console Installation and User's Guide

IBM Spectrum Protect Version Introduction to Data Protection Solutions IBM

IBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM

F6 Model-driven Development Kit (F6MDK)

WebSphere 4.0 General Introduction

Chapter 6 Architectural Design. Chapter 6 Architectural design

Architectural Design

Architectural Blueprint

Objectives. Architectural Design. Software architecture. Topics covered. Architectural design. Advantages of explicit architecture

Security Fundamentals for your Privileged Account Security Deployment

Software architecture in ASPICE and Even-André Karlsson

System types. Distributed systems

Architectural Design

Course 40045A: Microsoft SQL Server for Oracle DBAs

For presentation at the Fourth Software Engineering Institute (SEI) Software Architecture Technology User Network (SATURN) Workshop.

Sub Phase: High-Level Design. From Requirements Analysis to User Manual. System Design

Architectural Decomposition & Representations Reid Holmes

Refresher: Lifecycle models. Lecture 22: Moving into Design. Analysis vs. Design. Refresher: different worlds. Analysis vs. Design.

Architectural Decomposition Reid Holmes

Client Installation and User's Guide

Flight Software Development and Validation Workflow Management System

Client Installation and User's Guide

Identity Firewall. About the Identity Firewall

MigrationWiz Security Overview

5/9/2014. Recall the design process. Lecture 1. Establishing the overall structureof a software system. Topics covered

Subsystem Development. T&DF Development. LAT Flight Software Testbed. LAT Integration & Test. Mission Systems Integration & Test EGSE TKR EM1 LOF

Chapter 6 Architectural Design. Lecture 1. Chapter 6 Architectural design

CRaTER Scence Operation Center Requirements Document. Dwg. No

Cisco NAC Profiler Architecture Overview

(we call it GMSEC) Dan Smith. Leap Day GSAW 2012 Session 11A Expanding Access to Satellite Information through the Compatible C2 Framework.

Attribute-Driven Design

Installing and Administering a Satellite Environment

Application Notes for Installing and Configuring Avaya Control Manager Enterprise Edition in a High Availability mode.

Netezza PureData System Administration Course

WHAT IS SOFTWARE ARCHITECTURE?

Architectural Design

Support for the HIPAA Security Rule

A Distributed Network Architecture for PC-Based Telemetry Systems

Lecture 1. Chapter 6 Architectural design

Advanced On-board Control Procedure

Architectural Blueprint The 4+1 View Model of Software Architecture. Philippe Kruchten

WFF Pad 0A Universal Ground Fluid Control System

ArcGIS for Server: Administration and Security. Amr Wahba

IBM Data Warehousing Balanced Configuration Unit for AIX, V1.1 accelerates development of data warehouse and business intelligence infrastructures

Synergetics-Standard-SQL Server 2012-DBA-7 day Contents

About the XenClient Enterprise Solution

Report. Middleware Proxy: A Request-Driven Messaging Broker For High Volume Data Distribution

Administration Guide - NetApp File Archiver

Designing Database Solutions for Microsoft SQL Server (465)

Configuring NTP. Information About NTP. Information About the NTP Server. This chapter contains the following sections:

GLAST Large Area Telescope:

Next-Generation Architecture for Virtual Prototyping

Qlik Sense Enterprise architecture and scalability

Data Domain OpenStorage Primer

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Managing Oracle Real Application Clusters. An Oracle White Paper January 2002

Extended Search Administration

ticrypt DEPLOYMENT OVERVIEW AND TIMELINE Information about hardware, deployment, and on-boarding

Rediffmail Enterprise High Availability Architecture

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Failover for High Availability in the Public Cloud

WW HMI SCADA Connectivity and Integration - Multi-Galaxy

SAP Solutions on VMware vsphere : High Availability

Marc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute

CCSDS Space Link Extension (SLE)

NASA/GSFC s Flight Software Architecture: Core Flight Executive and Core Flight System

Actian PSQL Vx Server Licensing

Data Consistency with SPLICE Middleware. Leslie Madden Chad Offenbacker Naval Surface Warfare Center Dahlgren Division

BeOn Security Cybersecurity for Critical Communications Systems

Minsoo Ryu. College of Information and Communications Hanyang University.

Central Administration Console Installation and User's Guide

IT Services IT LOGGING POLICY

This chapter describes how to configure the Network Time Protocol (NTP) on Cisco NX-OS devices. This chapter includes the following sections:

Architectural Design. Architectural Design. Software Architecture. Architectural Models

Spitzer Heritage Archive

IBM Proventia Management SiteProtector Installation Guide

EMC Business Continuity for Microsoft Applications

Software Architectures. Lecture 6 (part 1)

MySQL Database Administrator Training NIIT, Gurgaon India 31 August-10 September 2015

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

MySQL for Database Administrators Ed 4

WebSphere Application Server, Version 5. What s New?

Configuring NTP. Information About NTP. Information About the NTP Server. This chapter contains the following sections:

Quick Start Guide TABLE OF CONTENTS COMMCELL ARCHITECTURE OVERVIEW COMMCELL SOFTWARE DEPLOYMENT INSTALL THE COMMSERVE SOFTWARE

Space Robotics. Lecture #23 November 15, 2016 Robotic systems Docking and berthing interfaces Attachment mechanisms MARYLAND U N I V E R S I T Y O F

Micro Focus Studio Enterprise Edition Test Server

I&T&C Organization Chart

GoAhead Software NDIA Systems Engineering 2010

IBM Tivoli Storage Manager for AIX Version Installation Guide IBM

T22 - Industrial Control System Security

Software Quality. Richard Harris

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

PROCESSING MANAGEMENT TOOLS FOR EARTH OBSERVATION PRODUCTS AT DLR-DFD

Transcription:

Security, Monitoring, and Control of the Re-engineered Hubble Space Telescope Control Center System Caleb Principe, NASA Goddard Space Flight Center Larry Barrett, Orbital Sciences Corporation Thomas Buchanan, QSS Group Inc. Jay Lockwood, Lockwood Software

CCS Overview Hubble Space Telescope (HST) Control Center System (CCS) is one component of a larger, more complex spacecraft management system CCS provides the following functions: Spacecraft Communications Coordination Spacecraft Commanding Spacecraft Health and Safety Analysis CCS does not perform: Scheduling of Spacecraft Observations or Resources Processing or Distribution of Downlinked Science Data February 25, 1998 2

CCS Overview HST Communications Shuttle HST Test Facilities JSC Electrical Simulation VEST VSTIF WSC/ TDRS NCC DSN Flight S/W Science Instrument Core SM DASDF ESTIF SITS SEER SMOR UTC UPS Control Center System CCS HSTNet HST Contingency HST Users UTC HST Customer GSFC Center Network Environment (CNE) WSC DSN JSC Backup CCS STScI Planning & Scheduling Remote Users Internet NCC Science Data Processing UPS P&S Local Users Public Users February 25, 1998 3

Goals of CCS Re-engineering Significantly Reduce Cost of Operations by: streamlining business processes for normal operations automating routine and repetitive operational procedures providing secure, remote access to system resources maximizing utilization of spacecraft resources Reduce Maintenance Costs by: utilizing state-of-the-practice technologies and methods adhering to government and industry standards in development cost-effective use of off-the-shelf (OTS) components building fault-tolerance into the system architecture February 25, 1998 4

System Concept Drivers Architectural modular and extensible to facilitate maintenance and reuse scaleable to allow deployment of functional subsets Operational automate ground-system operations, provide manual override engineering expertise captured in on-line knowledge-bases Developmental integrated development environment established to maximize productivity integrated product team (IPT) based organization instituted to minimize implementation errors February 25, 1998 5

Target Environments Operational Environments Highly distributed, server-class processors used for: Spacecraft control and monitoring CCS system maintenance Test Facilities Small number of co-resident processors used for: Flight software development Spacecraft anomaly isolation and resolution Stand-alone Configurations Single processor configuration used for: Science instrument development and check-out February 25, 1998 6

CCS System Architecture System partitioned into three functional segments: Command and Communications Engineering Data Processing User Workstations Logical Processor concept used to enable scaleability highly cohesive set of functions decoupled through use of middleware independent of physical nodes Data Driven architecture supports tailoring and reuse configuration database drives most system functionality February 25, 1998 7

CCS System Architecture WS Data Server WS Data Server Front End Processor Core Network Firewall Backbone Network Firewall Application Server GUI Server Application Server GUI Server Spacecraft Commanding Communications Management Spacecraft Monitoring Analysis and Trending Engineering Data Archive Ground System Management Public Web Server Internet Firewall HSTNet Test Facilities WS February 25, 1998 8

Development Methodology Hybrid methodology established using best of: Business Process Re-engineering Top-Down Functional Decomposition with Data-Flow Analysis Thread-based Dynamic Behavior Models Object-Oriented Analysis/Design Entity-Relationship Modeling Methods adopted with elements from waterfall, incremental, and spiral approaches Applied method that best fit the development of the target product Development Environment/Tools tailored to support project specific needs February 25, 1998 9

Technological Enablers Middleware Encapsulates interprocess communication methods Nameserver provides directory of software applications Security Firewalls Applications unaware of Firewall in communication path Unnecessary for reduced configurations Web Servers and Browsers Common user interface across multiple workstation platforms Automated System Monitors Distributed resource monitoring and failover support February 25, 1998 10

OTS Component Integration Functional prototyping used to assess candidate products Provided method of identifying best-of-breed Primary selection criteria included: adherence to appropriate standards scaleability maintainability compatibility with other products Encapsulation used to insulate applications from OTS product features Rogue Wave libraries and custom software used February 25, 1998 11

Security Considerations Security built-in from the beginning Guideline: Prohibit what is not explicitly allowed Drove network topology and functional allocation Eliminated some OTS products from consideration Implementing security concurrently with applications simplified system integration process Stateful-inspection firewall technology supported scaleability Security concerns detected and corrected immediately Functional access controls implemented at application level February 25, 1998 12

Functional Security Architecture - Restricts Source of Connection - Initiates Login/Logout Processing - Passes only Recognized Protocols - Performs User Requested Function - Restricts User Functional Access - Supports Strong Authentication - Queries ACP about User Privileges Mechanisms - Supports Secured Link CCS Application System Function Request and Response GUI Server Security Firewall Secured LInk (via Encryption) User Workstation Validate Access to Privileged Sub-functions Validate Login and Logout Requests Access Control Process (ACP) User Security Profile Information - Establishes User Sessions at Login - Manages User Security Profiles - Provides User Privilege Information to Specific Applications February 25, 1998 13

System Management Approach Application dependency information used to automate startup and failover sequences allows system to operate in multiple valid configurations Local monitoring of each resource performed COTS products used to monitor system resources and applications Centralized analysis engine used to identify and recover from suspected failure conditions Knowledge-base integrates system-wide monitoring information to determine probable source of detected error conditions Recovery measures range from simple application restart to full processor failover February 25, 1998 14

System Management Architecture Startup/Recovery Commands Component Status CCS Host Processors Automated System Manager Physical Host Configuration System Configuration and Status Information Application Layer System Executable b Executable k Host A... Host N Executable a Application Status and Heartbeat Startup/Shutdown Requests Logical Proc 1 Logical Proc 2 Application Monitor CPU Utilization Executable a Executable b... Executable k Network I/F Utilization System Resource Monitor Potential Problem February 25, 1998 15

Current Status Preparing for sixth incremental Release in 18 months CCS has been successfully delivered in operational, test facility, and single processor configurations Preparing for switchover to CCS for Servicing Mission 3 from shadow mode operation to primary spacecraft control system Independent Assessment of Security Architecture pending System Management architecture is finalized system dependency analysis complete knowledge-base population and validation in progress February 25, 1998 16

Conclusions A configurable, extensible ground system architecture can be developed Use of OTS products reduces development time and costs Design based on Logical Processors can facilitate scalability Early emphasis on security drives other architectural decisions Browser-based user interface provides flexibility Automated System Management functions are reaching maturity Tailored methodology and tools are critical to meeting development goals February 25, 1998 17

Contact Information URL http:\\ccs.hst.nasa.gov e-mail caleb.principe@gsfc.nasa.gov larry.barrett@gsfc.nasa.gov February 25, 1998 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback