Gzim Ocakoglu European Commission DG Enterprise

1
Lithuania IDA Info-Day April 20, 2004
IDA Secure Communications Platforms TESTA and
PKI

• Gzim OcakogluEuropean Commission - DG Enterprise
• Vilnius, 20 April 2004

2
Outline

• TESTA at a glance
• Sectoral projects using TESTA
• What is TESTA? How to connect ?
• TESTA today
• The PKI service
• The future of TESTA

3
TESTA at a glanceVocabulary...
4
Sectoral Projects using TESTA

• Justice and Home Affairs
• EURODAC
• Dublinet
• Trade
• SIGL
• Statistics
• Datashop
• Statel
• Financial Intelligence
• FIUNET
• Humanitarian aid
• HOLIS (14 points)
• Environment
• ProcivNet-CECIS
• General applications
• IntraComm
• Circa

• Employment and Social Affairs
• EURES
• TESS
• Agriculture
• CATS/STATEL
• Transport
• Care II
• SafeSeaNet
• Tachonet
• Fisheries
• Fides
• Regional Policy
• Structural funds (SFC)
• Health and consumer protection
• Eudra projects
• Euphin

• New users coming soon .. - Justice and Home
  Affairs (VISA,SIS II) - ...

5
(No Transcript)
6
What is TESTA ?. . . How to connect ?
7
TESTA principles

• Trans European Services for Telematics between
  Administrations
• IP protocol on MPLS
• Separation from the Internet
• Registered but non-Internet routable address
  range
• Private domain-names (eu-admin.net)

8
TESTA a domain-based approach
9
TESTA a domain-based approach
10
Generic services
11
Architecture 62.62 addressing NAT
12
TESTA architecture DNS
bxl-vpn.cec.eu-admin.net A 62.62.69.14
care.eu-admin.net A 62.62.70.22
curia.webmail.eu-admin.net A 62.62.71.250
emcdda.eu-admin.net A 62.62.81.166
emea.eu-admin.net A 62.62.13.83
europaplus.eu-admin.net A 62.62.70.12 europarl-
ns.eu-admin.net A 62.62.72.96 nap01.dac.lu.eu-adm
in.net MX 62.62.0.17
Spain
13
Architecture DNS how it works
www.ai.mit.edu
14
Architecture DNS how it works
testa.eu-admin.net
Server
Local DNS Slave of eu-admin.net DNS
15
Connected Countries

• ? Luxembourg
• ? Netherlands
• ? Austria
• ? Portugal
• ? Finland
• ? France in the process
• ? Sweden in the process
• ? Iceland
• ? Norway

• ? Belgium
• ? Denmark
• ? Germany
• ? Greece
• ? Spain
• ? Ireland
• ? United Kingdom
• ? Italy

16
Connected Acceding Countries (with encryptors)

• ? Czech Republic - 01 03 2004
• ? Estonia - 18 03 2004
• ? Malta - 25 08 2003
• ? Poland - 13 01 2004
• Slovenia - 28 11 2003
• Cyprus 04 12 2003
• Slovakia 16 12 2003
• Hungary 23 02 2004
• Lithuania 16 03 2004
• Latvia 30 03 2004

17
Connected EU institutions

• ? Council of the European Union
• ? European Parliament
• ? European Commission
• ? Court of auditors
• ? Court of Justice
• ? European Economic and Social Committee

• ? Committee of the regions
• Expected
• ? European Investment Bank

18
Connected EU agencies

• ? CEDEFOP European Centre for the Development of
  Vocational Training
• ? EUROFOUND European Foundation for the
  Improvement of Living and Working Conditions
• ? EEA European Environment Agency
• ? ETF European Training Foundation
• ? EMCDDA European Monitoring Centre for Drugs and
  Drug Addiction
• ? EMEA European Agency for the Evaluation of
  Medicinal Products
• ? OHIM Office for Harmonisation in the Internal
  Market (Trade Marks and Designs)
• ? EU-OSHA European Agency for Safety and Health
  at Work
• ? CPVO Community Plant Variety Office
• ? CdT Translation Centre for the Bodies of the
  European Union
• ? EUMC European Monitoring Centre on Racism and
  Xenophobia
• ? EAR European Agency for Reconstruction
• ? EUROJUST

19
Architecture Site Install
20
Site location

• Concentration point for national agencies
• Security (physical protection, site security
  officer)
• SLA (availability, helpdesk)
• In function of projects of immediate interest
• Sectoral projects
• ...

21
Cost sharing

• All costs covered by IDA for
• National administrative networks
• EU institutions and EU agencies
• Cost sharing for
• Direct to TESTA connected local administrations
• Back-bone costs are covered by IDA
• Local loop costs not covered by IDA (Leased line,
  router, monitoring, installation)

22
TESTA how to connect
Request connection
Request contacts
Send contact info Site info
Request installation
Send technical questionnaire start installation
Send technical data ( Unisys assist)
Site configuration test Request
acceptance Invoice
Acceptance
Payment
23
Sectoral request for direct TESTA link
Request connection
Request for possible integration national
network request price connection
Price Offer
Inform sector assistance
YES
NO
Inform sector
Order direct link
24
TESTA today
25
Activities on Network Extension

• Connect national networks in all Member States
• Connect Acceding and Candidate Countries
• Integrate new users
• Environmental protection (PROCIV NET) on-going
• Energy and Transport (SafeseaNet, TachoNet)
  on-going

26
Activities on Security Enhancements
Lithuania IDA Info-Day April 20, 2004

• On the Eurodomain
• Finalise installation of line-encryption
• TESTA security accreditation on-going through
  the TESTA SAP
• For the border to local domains
• TESTA security accreditation for LDCPs (Local
  Domain Connection Points) on-going through the
  TESTA SAP
• TESTA MoU code of connection between TESTA and
  local domains (includes quality, SLA, security)

27
Activities on Quality Enhancements

• On TESTA services and TESTA environment
• Enhance resiliency of generic services
• Portal and newsletter new database function
• Workbook and applications guidelines
• With end to end approach
• Promote SLAs in local domains through TESTA MoU

28
Resiliency Component

• Primary Site
• Managed Resilient Firewall
• Managed SMTP Messaging Service
• Managed Intranet DNS
• 99.9 Monthly Service Availability (99.5 on
  mailbox hosting)
• Secondary Site
• Managed Firewall
• Managed SMTP Messaging Service
• Managed Intranet DNS
• 99.8 Monthly Service Availability (99.5 on
  mailbox hosting)
• Management and Support 365x7x24

29
Resiliency
30
(No Transcript)
31
(No Transcript)
32
The PKI Service
33
IDA PKI Services

• Provisioning of personal and/or functional
  certificates (X.509v3 electronic certificates)
  within closed user groups (the IDA sectoral
  networks)
• Provisioning of server certificates
• Related services registration procedures, CRLs,
  etc.

34
IDA PKI services

• Objectives
• ready to use by all sectoral networks of the IDA
  programme
• adaptable or extensible to the specific
  requirements of some networks
• Set-up steps for each user community
• requirements analysis
• definition of organisation and services
• service set-up
• routine management of the infrastructure

35
Where can networks use the IDA PKI ?

• Web-based applications (SSL)
• protection of web-based information repositories
  and client/server communications (server
  authentication, client authentication, security
  of communications)
• Secure messaging (S/MIME)
• secure e-mail
• electronic signatures
• authentication
• Integrity
• Confidentiality (encryption)

36
IDA PKI solutions

• Standard IDA PKI
• Normalised certificates
• Medium level of guarantee for the binding between
  Functional Mailbox identity and public key
• For sectoral networks only (as defined in IDA
  legal basis)
• Based on LRAO concept with remote registration
  of users
• LRAO training and accreditation
• Tailor-made IDA PKI
• For other types of Certificate Policies (e.g.
  higher levels of guarantee)
• Possibility of Face-to-face registration
• For qualified certificates (allowing advanced
  electronic signature)

37
IDA PKI Implementations

• In 2002 many mostly on PKI interoperability
  testing
• PKI test projects for ECA, DG FISH, DG JAI
• Council Pilot PKI CUG
• In 2003
• DG JAI 2 PKI CUG
• DG TRADE server certificates
• SG Greffe2000 PKI project
• ECA standard IDA PKI
• DG COMP standard IDA PKI (with eTokens)
• In 2004 some planned projects
• DG REGIO standard PKI CUG
• DG TREN server certificates for SafeSeaNet and
  TachoNet
• JRC server certificate

38
TESTA the future
39
Post 2004 Objective s-TESTA

• To define what TESTA will become after 2004 as an
  IDA communication platform
• To define the needs of communication at the
  European level
• the growing need for the exchange of information
  between European administrations
• the growing need of a secure and resilient
  platform
• gt new Call for Tender s-TESTA

40
Functional needs

• Service levels
• between local the access gates
• application awareness service level
• Ease of use
• Support
• Consolidation of networks
• Subsidiarity
• Budgetary stability
• Sustainability

41
s-TESTA post 2004 Working method

• TESTA Steering Committee
• Participants IDA, EC DI, Major Sectors (DG JAI,
  DG TAXUD), the Council,
• TESTA Expert Group Meetings
• The group meets 3 to 5 times and give regular
  feedback to the TAC WHAM and the TAC
• previous meetings held on 01/10/2003
• TESTA Project Management Board
• Participants like TESTA Steering Committee

42
Further information

• TESTA web site
• http//testa.eu-admin.net (via TESTA access)
• IDA web site
• http//europa.eu.int/ISPO/ida/
• TESTA CIRCA interest group
• http//forum.europa.eu.int/Members/irc/ida/testa/h
  ome (restricted access)
• IDA project management
• European Commission, DG Enterprise D.2
• Entr-IDA_at_cec.eu.int

43
Thank you

• Gzim Ocakoglu
• European Commission
• e-mail Gzim.Ocakoglu_at_cec.eu.int