Title: NetOps Implementation Update
1Track Four LandWarNet Network Operations (NetOps)
NetOps Implementation Update (CMDB, SMS/MOM, SCTS)
Session 5 22 August 2007/1100-1200
Mr. Tim Ash and Mr. Mike Spragg NETCOM/9th
SC(A), ESTA/OSCI/ENPD
2Track 4, Session 5 NetOps Implementation Update
- PURPOSE To present an overview of emerging Army
Enterprise capabilities that are being deployed
throughout the LandWarNet. - OBJECTIVES By the end of this brief you will
obtain a general understanding, implementation
strategy and timelines for the Enterprise - Configuration Management Database/Service Support
(CMDB/SS) capability. - Systems Management Capability
- Secure Configuration (Patch) Management
- IP Network Vulnerability Scanner
3CMDB/SS
4(No Transcript)
5Army Enterprise CMDB/SS Implementation
Mission
Establish a standard Army Enterprise
Configuration Management Database/Service Support
(CMDB/SS) capability based on the Army Enterprise
NetOps Integrated Architecture (AENIA) which
include the standardization of Operational
Concepts, Training, Business Processes using ITIL
Best Practices and Tactics, Techniques, and
Procedures (TTP) to be deployed across all Army
theaters to enhance C2, Service Management and
Situational Awareness (SA) support to the
Warfighter, Business, and Intelligence mission
areas.
Benefits
- Improved support to tactical formations/Signal
units. - Enhanced situational awareness through the
instantiation of a single, federated data source
for configuration items (CIs), through
relationships between CIs, and through related
incidents, problems, and change requests. - Integrated service desks to support the Armys
Information Technology (IT) Service
Consolidation, Area Processing Centers and
transformed tactical units. - Integrated and managed incidents, problems,
changes, and service requests across distributed
mission, technology, and organizational
boundaries. - Enterprise Configuration Management of services
and Army IT assets and enforcement of enterprise
asset management policies - Optimization of investments and the management of
mission support services.
6Army Enterprise CMDB/SS Implementation
Design Implementation Tenets
- Enterprise Approach
- Focused on support for the entire Army, including
sustaining base, tactical, fixed, and mobile
components and is intended to be used throughout
all theaters of operations - Implement a standard solution
- Standardize and synchronize IT configuration to
support deploying units and force generation
units - Standardize the training TTPs to maintain and
operate IT assets - ITIL BMC Remedy ITSM Best Practices
- Incorporate industry best practice guidance for
IT service management. This requires that Army
organizations incorporate ITIL best practices
into their respective processes for the
management of services. - Configuration, Not Customization
- Avoid custom development of code to reduce the
TCO and recurring maintenance cost. - Redundancy and Continuation of Operation Planning
- This design must support high availability,
redundancy and continuity of operations planning
(COOP) requirements.
7Army Enterprise CMDB/SS Implementation
The Solution
The Army is leveraging the BMCs Remedy ITSM tool
suite to establish the Enterprise Standard
CMDB/SS capabilities. Remedy ITSM is heavily
based on ITIL and has been designed to support
organizations in provisioning, and managing
services using ITIL described best practices.
The Remedy ITSM is an integrated and
complimentary suite of modules that addresses
most ITIL service delivery and service support
processes. The Remedy ITSM/CMDB suite of tools
includes
BMC Remedy ITSM Service Desk1. Supports
incident and problem management processes as
described in ITIL. BMC Remedy ITSM Asset
Management (AM). Supports several ITIL service
delivery and service support processes through
asset lifecycle, inventory, contract, and cost
control management. BMC Remedy ITSM Change
Management (CM). Implements ITIL change
management and some ITIL release management
processes enforces change policies and supports
the planning and management of changes. BMC
Remedy ITSM Service Level Management (SLM).
Supports ITIL SLM process and the automation,
monitoring, management of Service Level
Agreements (SLA), Operational Level Agreements
(OLA) and Underpinning Contracts. BMC Atrium
CMDB Provides a common view of CIs (hardware,
software, configurations, relationships,
services, users, and process models) and their
relationships.
Service Desk1 Formally, Help Desk.
Includes Incident and Problem Management
8Army Enterprise CMDB/SS Implementation
The high-level system design for the fielding of
the Remedy ITSM suite of tools will follow a
centralized methodology. This methodology has
been selected to support consistency and to
minimize custom data transfer development and
maintenance requirements. The centralized
approach is also recommended by BMC and is
consistent with the Army Global NetOps vision.
- One primary instance of ITSM and one secondary
instance of ITSM (to support COOP). - Both primary and secondary ITSM instances will be
fielded as Action Request System server groups. - Each will contain a single CMDB and single
logical Oracle database.
COOP strategy not illustrated in this drawing
9Army Enterprise CMDB/SS Implementation
Project Milestones
10Interim Guidance
Army Enterprise CMDB/SS Implementation
- Technical Authority is being been drafted to
provide interim guidance to the field - Army will leverage current investments to deploy
Remedy ITSM and Atrium CMDB as the standard for
the Army Enterprise CMDB/SS solution - This centralized solution will support local
Service Desk/Trouble Ticket requirements
minimizing localized system administration and
development - ESTA will coordinate Requirements and Site
Specific Implementation Plans with each Theater,
Functional NOSC, DOIMs, and Units - All tenant organizations must coordinate their
service desk requirements with their supporting
DOIM - Organizations should contact ESTA OSCI prior to
making Service Desk/Trouble Ticketing system
acquisitions and/or renewals - For the electronic version of this brief and
other related information go to the CMDB/SS AKO
site https//www.us.army.mil/suite/page/245600
11SMS
12Army Enterprise Systems Management (SysMan)
The Army CIO/G6 has established Microsoft SMS as
the standard for Systems Management for the
Armys Microsoft Computing Platforms
SMS provides the capability to manage large
groups of systems in an organized, efficient, and
automated fashion. SM automates many activities
and processes associated with managing an
organization's servers, desktops, and laptops. SM
capabilities that enable the automation of these
activities are categorized in the following
sub-paragraphs.
- Software Distribution Stages, distributes,
installs, and removes software integrates with
Army Golden Master (AGM) program - Inventory and Configuration Management
Identifies, collects, processes and manages
information about system hardware, firmware,
software configuration, licensing and passes
information to central authoritative source
control - Patch Remediation - Automated patch remediation
tool that takes vulnerabilities discovered by the
Retina Network Security Scanner and pushes
patches to affected machines in an automated
fashion - Remote Access Provides all of the functionality
associated with a local log on via the interface
on the management system - Event Management Filters, aggregates,
correlates, and responds to events. - Account Management Creates, modifies and
deletes user accounts on one or more systems.
User groups are also managed in a similar fashion - Availability Monitoring Monitors and records
the availability and usage of system resources,
such as disk space, memory, and processes - Service Management Provides base platform for
management of Windows Services such as Active
Directory, Exchange, Domain Name Server (DNS),
SQL, etc. - Situational Awareness status of servers and
services IT Asset SA, including compliance
status.
13Army Enterprise Systems Management (SysMan)
Design Implementation Tenets
The hierarchical design of SMS facilitates asset
management and patch compliance since all data
flows upward to a central location, which can
then be used for reporting. The Enterprise
Central Site can be used for package
distribution the intended architecture creates a
balance between centralized and de-centralized
management of SMS.
- Enterprise Approach
- Initial focus on support for sustaining base
organizations on NIPR and SIPRNET as resources
allow - Implement a standard solution
- Standardize Training TTPs to operate, manage,
and defend IT assets - Standard Interfaces/Integration
- Army Enterprise CMDB/SS
- AVTR
- Reduce TCO and recurring maintenance cost.
- Support Single DOIM
- IT Services/Server Consolidation
- Survivable Architecture
- Redundancy and Continuation of Operation Planning
- Leverage APC
14Conceptual SMS Layout
15Interim Guidance
Army Enterprise Systems Management (SysMan)
- Technical Authority is being been drafted to
provide interim guidance to the field - Army will leverage current investments to deploy
SMS/MOM as the standard for the Army Enterprise
SysMan solution - ESTA will coordinate Requirements and Site
Specific Implementation Plans with each Theater,
Functional NOSC, RICOs and DOIMs - All tenant organizations must coordinate their
SMS/MOM requirements with their supporting DOIM - A process has been established to resolve
conflicts for site codes, and to register new
site codes to maintain uniqueness. - The process of integrating existing SMS Sites
into this design includes - Ensure the existing site code is unique.
- Ensure all site components meet product level,
patch and configuration requirements - Join the existing site as a child of the
appropriate Rollup site. - For the electronic version of this brief and
other related information go to the SysMan AKO
site
16SMS Schedule for Deployment
- Conceptual Army-Wide Deployment Schedule
4thQ-FY07 - Europe Theater 1stQ-FY08 -
Pacific Theater 1stQ-FY08 - Korea SWA
Theater 2ndQ-FY08 - CONUS Theater 4thQ-FY08 -
Functional NOSCs
17SCCVI
18DoD IA Enterprise Tool Summary
- DoD has provided an enterprise solution to ensure
all systems have a secure configuration. - Sustain a secure configuration by using a
compliance checking tool. - Secure Configuration Compliance Validation
Initiative (SCCVI) - Network scanner (Audit)
- Retina / REM eEye Digital Security (vendor)
- Automate the remediation process to ensure the
system is returned to a secure configuration. - Secure Configuration Remediate Initiative (SCRI)
- Patch Configuration (Remedies Policies)
- Hercules - Citadel (vendor)
19Secure Configuration Tool Suite
- Secure Configuration Compliance Validation
Initiative (SCCVI) - Vulnerability Assessment Capability (Discovery
Audit) - Discovers assets and identifies known security
vulnerabilities on a number of different
platforms and technologies including servers,
databases, switches, routers and wireless access
points. - DoD ESSG selected eEye Retina and REM as the
SCCVI solution. - Secure Configuration Remediation Initiative
(SCRI) - Vulnerability Remediation Capability
- Implements corrective action to eliminate or
mitigate an identified vulnerability. - DoD ESSG selected Citadel Hercules as the SCRI
solution. - Army looking at SysMan (SMS/MOM) for the SCRI
solution.
DoD SCTS initiatives include a DOD wide
acquisition for the software suites, providing
the Enterprise License Agreement (ELA) for Retina
and Hercules, training, helpdesk software
licenses, compliance management, and reporting at
no cost to the Services.
20SCTS
Army Solution
DoD Solution
- SCCVI
- eEye Retina
- REM
- SCRI
- SysMan (SMS/MOM)
- Citadel Hercules
- SCCVI
- eEye Retina
- REM
- SCRI
- Citadel Hercules
21Armys Notional Vision - SCCVI
AVTR will report all Army status to VMS. The
AGNOSC will have situation awareness into the
TNOSC REM server
22Conceptual SCCVI Layout
A-GNOSC
23Support
- DISA
- Lead DOD implementation effort
- Configuration management
- Train the trainers
- Make Audits and Remedies available DoD-wide
- Contract management
- Software Life Cycle Support
- Deploy to Combatant Command and DISA
organizations - Hardware Life Cycle Support
- Army
- Develop acquisition/implementation strategy
- Purchase necessary HW/SW
- Deploy and operate
- Download site for software, documentation and
online training - URL NIPRNET https//powhatan.iiie.disa.mil/tool
s/sccvi/ - Secure Tool Suite Help Desk
24Conceptual SCCVI Deployment Schedule
1stQtr-FY08 - European Theater 2ndQtr-FY08 -
Southwest Asian Theater 2ndQtr-FY08 - CONUS
Theater 3rdQtr-FY08 - Pacific
Theater 3rdQtr-FY08 - Korean Theater
25ESTA NetOps POCs
- Tim Ash, CMDB/SS Project Lead
- Comm 520-538-8167
- DSN 879-8167
-
- Cathleen Vetter, HBSS Project Lead
- Comm 520-538-8026
- DSN 879-8026
-
- Mike Spragg, NIPS/SCTS Project Lead
- Comm 520-533-5379
- DSN 821-5379
-
- Paul Gignac, SMS/MOM Project Lead
- Comm 520-538-1253
- DSN 879-1253
-
- LTC Richard Turner, Chief, NetOps Implementation
- Comm 520-538-8903 DSN 879-8903
-