NOAA TICAP. Robert Sears NOAA/OCIO/SDD/N-Wave

Similar documents
Capabilities Statement. CITEC 317 Edward Street Brisbane, QLD

Never Drop a Call With TecInfo SIP Proxy White Paper

Networks

Network Service Description

Deployments and Network Topologies

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

How Cisco ASR 1000 Enables Cisco Business Strategies by Providing Capacity and Resiliency for Collaborative Applications

IP Mobility Design Considerations

New Zealand Government IbM Infrastructure as a service

OpenFlow: What s it Good for?

SD-WAN Transform Your Agency

How to Configure a Hybrid WAN in Parallel to An Existing Traditional Wan Infrastructure

N-Wave Overview. Westnet Boulder, CO 5 June 2012

DISN Evolution. TDM Elimination. Mr. Jessie L. Showers, JR., SES Infrastructure Executive (IE) 15 June 2017 UNITED IN SERVICE TO OUR NATION

3.4 NON-DOMESTIC SERVICES (L )(C.2.1.9)

Team Capabilities and Specializations

Securely Access Services Over AWS PrivateLink. January 2019

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

Configuration for Juniper SRX Series 6300-CX

Trends in Data Centre

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

21ST century enterprise. HCL Technologies Presents. Roadmap for Data Center Transformation

Contact Center SIP Migration SYNERGY DRIVES SUCCESS

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

How Cisco IT Deployed Cisco Firewall Services Modules at Scientific Atlanta

Cloud Leased Line (CLL) for Enterprise to Branch Office Communications

CLOUD COMPUTING. A New Era of Business Opportunity. Matthew Maderios, CA Enterprise. IT Roadmap Conference & Expo San Jose, CA.

SCTE Event. Metro Network Alternatives 5/22/2013

Enterprise SM VOLUME 1, SECTION 4.3: COLLOCATED HOSTING SERVICES

Connectivity FastConnect Level 200. Jamal Arif November 2018

NC Education Cloud Feasibility Report

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

F5 DDoS Hybrid Defender : Setup. Version

New Zealand Government IBM Infrastructure as a Service

CSC Network Security

Architecture Overview

Concord Fax Network Architecture. White Paper

Earth Science Data Delivery

QUIACLE TECHNOLOGY SOLUTIONS, INC. CLOUD SERVICES MANAGED SECURITY SERVICES

China Unicom Global MPLS-VPN. China Coverage. Core

Changing the Voice of

SD-WAN Deployment Guide (CVD)

Federal Aviation Administration. FTI-2 Update. Prepared for: Program Manager Date: December 8, 2016

MiCollab Engineering Guidelines

Our Virtual Intelligent Network Overlay (VINO) solutions bring next-generation performance and efficiency to business networks throughout North

Campus network: Looking at the big picture

Truffle Broadband Bonding Network Appliance

EXAM Core Solutions of Microsoft Lync Server Buy Full Product.

App Gateway Deployment Guide

Service Description Safecom Customer Connection Version 3.5

Virtualized Network Services SDN solution for enterprises

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop. Scalability: Dimensions for PACS System Growth

Atmosphere Fax Network Architecture Whitepaper

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Small Enterprise Design Profile(SEDP) WAN Design

Innovation & GTM Engine

Security

Campus Network Design

VPN Cloud. Mako s SD-WAN Technology

What To Ask Your SD-WAN Vendor

Vol. 1 Technical RFP No. QTA0015THA

Global IP Network (GIN) Connects You to the World

3/10/2011. Copyright Link Technologies, Inc.

High Availability WAN

From Zero Touch Provisioning to Secure Business Intent

Case Study Parc de Vilgénis College

Global Security Operation Center GSOC

Data Center Interconnect Solution Overview

Mission Critical MPLS in Utilities

Data Centre & Colocation in Birmingham. Flexible. Secure. Accredited.

IPv6 Switching: Provider Edge Router over MPLS

Deploying the BIG-IP LTM with Microsoft Skype for Business

TXU Energy. Key Considerations for Managed & Cloud Services

West AT&T TXT Power Service Guide

Shim6: Network Operator Concerns. Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI

Cisco Exam Questions & Answers

Providing premium colocation and networking solutions to end user clients

Customer Managed Connectivity - Milan

Update on Hong Kong Open exchange (HKOX) APAN Mar 2018

Infrastructure Security Overview

AWS Direct Connect Deep Dive

Corente Cloud Services Exchange

Selling the Total Converged Solution Module #1: Nortel Enterprise Networking Overview of the 4 Pillars and Why Nortel Tom Price Nortel HQ Sales

Move, manage, and run SAP applications in the cloud. SAP-Certified Infrastructure from IBM Cloud

Campus IT Modernization OPERATIONAL CONTINUITY FLEXIBLE TECHNOLOGY MODERNIZED SYSTEMS

Network Visibility and Segmentation

Executive Report. Using the CyrusOne IX for Active-Active, Active-Passive and Active-DR Interconnection

Industrial Network Trends & Technologies

Virtualisierung nur im RZ? Werden Netzwerke immer komplexer? Göran Friedl Senior Network Consultant, Avaya Deutschland GmbH

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

Brocade. The New IP. Riccardo Bernasconi Territory account manager 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY

Next Generation Networking and The HOPI Testbed

Knowall Cloud. Performance Hosting Delivered

Network Configuration Example

Accelerate Your Enterprise Private Cloud Initiative

Cisco WebEx Cloud Connected Audio Subscription Service

Seven Criteria for a Sound Investment in WAN Optimization

Politecnico di Torino Network architecture and management. Outline 11/01/2016. Marcello Maggiora, Antonio Lantieri, Marco Ricca

Transcription:

NOAA TICAP Robert Sears NOAA/OCIO/SDD/N-Wave

N-Wave Program N-Wave is a program of Federal and contract staff that manage the NOAA Enterprise Network known as N-Wave, and also supports/aligns and executes on projects outlined in the NOAA Strategic Plan for Network Optimization and Transport Services. Strategic plan: Deliver Enterprise Transport Services, Enhance NOAA s Network Security, Scale Network Capabilities, and Optimize Network Services.

Mission The N-Wave program is committed to providing innovative networking capabilities with integrity, transparency, and flexibility, to enable NOAA's missions through the implementation of: Quality, advanced, stable connectivity both internally and externally to NOAA Secure, private, flexible, high-bandwidth virtual circuit capabilities Retention and recruitment of exceptional operations and engineering staff

N-Wave the Network N-Wave is an enterprise network that supports operations and research consisting of a private carrier class backbone that enables NOAA's mission of science, stewardship and service through highly available, high speed networking services delivered to NOAA customer sites, programs, line offices, and research facilities Built on partnerships and relationships among NOAA and the Academic and State scientific network communities As of 1 October 2015, managed and operated within the NOAA OCIO

NOAA TICAP Locations

The I-TIC Comprised of inline components. Directly processes inbound and outbound traffic. Firewalls. Services Ethernet switches. Web gateways. DNS resolvers.

The O-TIC Comprised of out of line components. Port mirrors on both aggregation routers feed to an active tap. The active tap distributes the traffic to the various security systems. All O-TIC systems are managed via dedicated network infrastructure that exists behind the TICAP management firewalls. The management firewalls have dedicated uplinks to N-Wave via the agg routers and reside inside the local tic virtual router. (e.g. pacific-tic)

TICAP 1.0 Internet Border Router Local Campus Network Internet Access Port Mirror Port mirror of egress/ingress traffic to security analysis systems. Completely passive to user traffic. Very easy to deploy just build a mirror port. Currently in use TICAP 1.0 Stack End User

TICAP 2.0 Initial Design Internet Border Router Stateful Firewall Aggregation Router Local Campus Network Port Mirror Web GW TIC 2.0 Stack Port mirror of egress/ ingress traffic to security analysis systems. Inline Firewall and web Gateway. More complex to install, requires in-depth network engineering to meet NOAA mission requirements End User

TICAP Deployment Considerations Design must be standardized across all TICAPs Design must be supported by NOC and NCSC Design must be scalable (from IRC->DC) Hardware failure is expected Customer impacts must me minimized Redundancy must extend north and south of the TICAP firewalls Design must account for symmetric flow across firewalls

High Available TICAP 2.0 Internet Border Router Border Router Stateful Firewall Stateful Firewall Switch Switch Web GW Web GW Aggregation Router Aggregation Router I-TIC O-TIC Redundant Network Hardware Redundant Security Hardware Local Campus Network End User Port Mirror TIC 2.0 Stack

NOAA TIC Architecture Engineering Resilient TICAPs DC Metro

NOAA TIC Architecture Engineering Resilient TICAPs Denver

NOAA TIC Architecture Engineering Resilient TICAPs Dallas/Seattle Dallas Seattle

Trusted Internet Connection (TIC) Partnership between CSD and N-Wave Two Areas of Responsibility : Security, Network Two Reportable Metrics % Security Controls Implemented, % Traffic Consolidated Cyber Security Functions Security Operations Security tools Network N-Wave Network Security Facilities Infrastructure Build Network 15

Internet Provider A Regional Provider Internet2 Internet Provider B Other External Seattle Denver Dallas DC Metro internal internal internal

X-Wave Provide a peering infrastructure for network redundancy and failover between TICAP sites Enforce symmetrical IP traffic routing through the TIC Consolidate and share ISP connections and R&E network connectivity External networks (providers, cloud, other direct partners) can land in X-Wave, for routing to NOAA via TIC X-Wave can provide locations for Science DMZs and lowrisk public data delivery X-Wave and N-Wave need to be operated in a tightly coordinated manner to ensure policy and configuration synchronization.

Project Status TICAP Infrastructure Deployed (hardware/intra TICAP component networking (O- TIC/ITIC) and wide area communications and peering services) 100 50 0 Campus, sites and program network migration to the new TICAP Infrastructures (will have O-TIC) 100 50 0

Project Status Campus, sites and program full in-line TICAP migration (Firewall Web Proxy) 100 50 0 Community TICAP Offer Services to other Federal Agencies Establish cost model - Draft was outlined 3/18/17, being refined and sent for management review Establish CONOPS for on boarding other agencies DHS annual assessment and assessment of required multi-agency controls (begins mid Q3 and carries through mid Q4) MAX partnership for Federal Agency transport

Schedule Milestone Q3-16 Q4-16 Q1-17 Q2-17 Q3-17 Q4-17 TICAP -IRC, Seattle, Dallas, Migrating & In-line -Denver and DC Migration -Denver and DC In-line X-Wave -Seattle, Dallas, Denver, DC Metro integration Legend Delayed On Schedule Start Risk of Delay New Target Date Complete

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback