Post on 29-Dec-2015
A Combat Support Agency
Defense Information Systems Agency
Enterprise User Enterprise User Enabling Warfighter CapabilityEnabling Warfighter Capability
16 August 2011
UNCLASSIFIED
A Combat Support Agency
DisclaimerDisclaimer
The information provided in this briefing is for general information purposes only. It does not constitute a commitment on behalf of the United States Government to provide any of the capabilities, systems or equipment presented and in no way obligates the United States Government to enter into any future agreements with regard to the same. The information presented may not be disseminated without the express consent of the United States Government.
2UNCLASSIFIED 2UNCLASSIFIED
A Combat Support Agency
4
• Enterprise User – DoD-wide implementation initiative– Concept of Operations (CONOPS) defines the end-state set of
capabilities required for secure net-centric information sharing:
• On-Demand Global Access
• Assured Identity Management
• Adaptive Virtual Workspace
– Enterprise User increments increase maturity
• Near Term (FY2011-12): Enterprise-wide access using DoD PKI hard token credentials from connected DoD End User Devices
• Mid Term (FY2013-15): Enterprise-wide access via connected and wireless networks to fully functional virtual workspaces
• End State (FY2016+): Device and location independent access to cloud computing, personal data stores and full collaborative tools
– Enterprise User Integrated Master Plan – Orchestrates the integrated/synchronized delivery of Enterprise User
Enterprise UserEnterprise User
UNCLASSIFIED
A Combat Support Agency
5
Secure Net-Centric Information Sharing
Enterprise U
ser -
Incre
asing W
arfighter E
nablement
CapabilitiesCapabilities
On Demand Global Access
Assured Identity Management
Adaptive Virtual Workspace
Mobile Warriorsaccessing secure networks globally
Verified Warriorsaccurately identified, individually authorized
Connected Warriors accessing data and applications for mission
Enterprise User Capabilities –
Foundation for Mission Success
• Networking Services
• Infrastructure Services
• Application and Data Services
“… go anywhere in the DoD, login, and be productive” ~ VCJCS ~
UNCLASSIFIED
A Combat Support Agency DoD Visitor OverviewDoD Visitor Overview
•DoD Visitor Supports Enterprise User Concept
– Enables DoD users to access NIPR when away from home station using local organization resources
–DoD Visitor designed to work on existing systems and capabilities. No software or hardware purchases required.
–Supports DoD objectives for PK enablement–Consistent with DoD Policies and Doctrine–Supports both user needs and local organization mission
“…go anywhere in the DoD, login, and be productive.”6UNCLASSIFIED
A Combat Support Agency
Accessing Enterprise ServicesAccessing Enterprise Services
“. . . enable secure net-centric information sharing”
DoD Networks
Enterprise Active Directory Service
Forest (EASF)
Policy StorePolicy Decision Point (PDP)
Identity Synchronization Service (IdSS)
DoD Enterprise/COI Attribute Services
DMDC GFM DI ResourceAttributes
Deployed Attribute Services Cache
Enterprise/COIAttributes Cache
ResourceAttributes Cache
DoD Attribute Broker
Policy Enforcement Point (PEP)
Domain Controller With
DoD Visitor Software Loaded
Non-DoD Identity
Management
Web ServiceInterface
BBSDownloader
Enterprise Services/Applications/Information
Sources
DMDC
Wholesalers
Attribute Sources
• Enterprise Collaboration• Machine-to-Machine Messaging• Data Services Environment• Enterprise Search/Enterprise
Catalog• Enterprise Email• Enterprise SharePoint
UNCLASSIFIED 7
A Combat Support Agency
8
Operational Concept Operational Concept
Concept of Operations – Capabilities that enable WarfightersUNCLASSIFIED
A Combat Support Agency
9
• Current: DoD Visitor
• Candidates: Non-DoD Visitor Traveling Devices –
Enterprise Mobile & Wireless Access Pilot
Multi-level Security (MLS) End-User Device Pilot
Enterprise Attribute Delivery Service – Tactical Edge
• Current: DoD Visitor
• Candidates: Non-DoD Visitor Traveling Devices –
Enterprise Mobile & Wireless Access Pilot
Multi-level Security (MLS) End-User Device Pilot
Enterprise Attribute Delivery Service – Tactical Edge
Candidate InitiativesCandidate Initiatives
DoD-wide synchronization initiative enabling Warfighters to “…go anywhere in the DoD, login, and be productive.”
• Current: PKI Authentication Enterprise Identity Attribute Service (EIAS) Identity Synchronization Service (IdSS)
• Candidates: Integrated DEERS/Global Force Management Enterprise
Attribute Service Identity and Access Management/Attribute Based
Access Control Reference Implementation
• Current: PKI Authentication Enterprise Identity Attribute Service (EIAS) Identity Synchronization Service (IdSS)
• Candidates: Integrated DEERS/Global Force Management Enterprise
Attribute Service Identity and Access Management/Attribute Based
Access Control Reference Implementation
• Current: Enterprise Email
• Candidates: Universal Web 2.0
Interface for Legacy Application
Hosting Environment for Enterprise Services Validation
Virtual Workspace Pilot
• Current: Enterprise Email
• Candidates: Universal Web 2.0
Interface for Legacy Application
Hosting Environment for Enterprise Services Validation
Virtual Workspace Pilot
A Combat Support Agency
10
Implementation ApproachImplementation Approach
DoD scale, system dependencies add complexity
Operational Concept• Required Capabilities• Enterprise-level Increments and Milestones• Driven by Tactical Edge (GIG 2.0; DISA Campaign Plan / GIG
Convergence Master Plan)
Capabilities Generation
• Objective Capabilities• Deliverable Timelines
Key Enablers• Enterprise Policy and Standards• Requisite Operating Environment (network connectivity, PKI, cloud computing, etc)• Partnership – DoD CIO, VCJCS, DMDC, NSA, DoD Components
Incremental Implementation
• Enterprise User Capability Maturity Increments
• Integrated Implementation Roadmap
Engineered SolutionAligned Development
Synchronized ImplementationCapability Development
Measured Success
PEO-GES
ENTERPRISE USER Operational Concept DoD Partnership
Current Capabilities:(DoD Visitor, NCES, PKI, etc)
Mid-Term Capabilities
End State Capabilities
Near-Term Capabilities
UNCLASSIFIED