Maria A. Medina Voice Services Networks Branch

18 Jul 2011

A Combat Support Agency

Defense Information Systems Agency

NS Mobility EffortsNS Mobility Efforts

A Combat Support Agency

2

• MCEP Architecture Diagram• SME PED support today

• Secure Voice mobility• Mobility components• Mobile Virtual Network Operator Integration• Fish-Bowl plus DISN Networks• Why it makes sense• Way Ahead

AgendaAgenda

A Combat Support Agency

UNCLASSIFIED//FOR OFFICIAL USE ONLY

Current SME-PED MCEP Current SME-PED MCEP Network ArchitectureNetwork Architecture

3

Cingular

Verizon

Sprint

ManagementConsole

Multi-Protocol Router

APN-I

POPROUTER

SWITCH

PREMISE ROUTER

SIPRNet

CAVirus Scan

Web Server

Mail Server

Customer Enclave Managed Service

SME PED MCEP

SME PEDSERVER

HAIPE

FIREWALL

DECC

Post camp site

NIPRNet

Mail Server

Web Server

Virus ScanCA

SME PEDSERVER

Post camp site

SWITCHPREMISE ROUTER

FIREWALL

Tier 0Tier 0

APN-I

DISN Trunk

DHS Trunk

SME PED: Secure Mobile Environment Portable Electronic Device

MCEP: Multi Carrier Entry Point

DHS

DHS

T-Mobile

APN-I

Verizon

APN-I

A Combat Support Agency

4

DISA Multi-Carrier Entry Point (1&2) DISA Multi-Carrier Entry Point (1&2) SME-PEDSME-PED

• Total 671 SME-PED devices Connected to MCEP

* AVG number of traffic from May-10 to May-11 was 1915389096 Bytes

5903

2609

4

1004

7636

14

1397

7162

61

1389

3892

39

1876

4627

28

2415

0954

25

1875

0965

89

1314

7554

99

3734

2407

03

2507

4207

84

3541

5838

00

1599

4832

33

1653

7242

77

0

500000000

1000000000

1500000000

2000000000

2500000000

3000000000

3500000000

4000000000

May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10 Dec-10 Jan-11 Feb-11 Mar-11 Apr-11 May-11

Num

ber o

f Tra

ffic

(Byt

es)

Monthly

Total Monthly Traffic Usages(MAY 2010 - MAY 2011)

99.9

99%

99.9

90%

99.9

99%

99.9

98%

99.9

96%

100.

000%

100.

000%

99.9

98%

99.9

96%

99.9

99%

99.9

99%

99.9

75%

99.9

95%

99.9

98%

99.9

99%

99.9

99%

99.9

96%

100.

000%

100.

000%

100.

000%

100.

000%

99.9

93%

99.9

99%

99.9

99%

99.9

93%

99.9

90%

100.

000%

100.

000%

100.

000%

100.

000%

100.

000%

100.

000%

100.

000%

100.

000%

99.9

98%

100.

000%

100.

000%

100.

000%

100.

000%

90.000%

92.000%

94.000%

96.000%

98.000%

100.000%

May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10 Dec-10 Jan-11 Feb-11 Mar-11 Apr-11 May-11

Up

tim

e in

Per

cen

t

DISA MCEP Uptime

DISA MCEP-1 Overall Uptimes(MAY 2010 - MAY 2011)

MCEP All Devices and Circuits Uptimes MCEP Carrier APN Overall Uptime MCEP OC3 to DECC Uptimes

99.9

99%

99.9

90%

99.9

99%

99.9

99%

99.9

98%

99.9

99%

99.9

99%

99.9

95%

99.9

85%

99.9

97%

99.9

99%

99.9

83%

99.9

98%

99.9

99%

100.

000%

100.

000%

100.

000%

100.

000%

99.9

99%

100.

000%

99.9

76%

99.9

52%

99.9

92%

99.9

99%

99.9

96%

99.9

92%

100.

000%

99.9

99%

99.9

99%

99.9

98%

99.9

86%

100.

000%

99.9

99%

99.9

93%

99.9

95%

99.9

99%

100.

000%

99.9

96%

99.9

94%

90.000%

92.000%

94.000%

96.000%

98.000%

100.000%

May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10 Dec-10 Jan-11 Feb-11 Mar-11 Apr-11 May-11

Up

tim

e in

Per

cen

t

DISA MCEP Uptime

DISA MCEP-2 Overall Uptimes(MAY 2010 - MAY 2011)

MCEP All Devices and Circuits Uptimes MCEP Carrier APN Overall Uptime MCEP OC3 to DECC Uptimes

355

391417

443

411

443468

503533 562

613641

671

100

200

300

400

500

600

700

May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10 Dec-10 Jan-11 Feb-11 Mar-11 Apr-11 May-11

Nu

mb

er

of

De

vic

es

Period

SME PED Devices Connected During Period( MAY 2010 - MAY 2011)

6

35

59

7

1721

3

71

74

13

17

11

40

1013

3

11

1 2

21

49

5

36

28

14

23

69

10

24

41

0

10

20

30

40

50

60

70

80

Site/Command

Nu

mb

er

of

De

vic

es

Devices Connected Per Enclave(MAY 2010 - MAY 2011)

7th SIGCMD AFNIC CENTCOMCERDEC DIA DISA HQDoD IG EUCOM - Patch EUCOM- ShapeFORSCOM HQDA-PENTAGON HQMCJFCOM JS NCISNETCOM NMCI-Hampton Road NMCI-Pearl HarborNMCI-San Diego NMCI-Washington Navy Yard NORTHCOMNSA-FT MEADE NSA-HI OSDRSAC SECDEF SOCCENT-MacDillSOCOM SOCSOUTH SOUTHCOMSTRATCOM

A Combat Support Agency

Secure Voice - MobilitySecure Voice - Mobility

• Working with NSA partners on the next generation of secure mobile phones and the concept of mobility.

– Will technology refresh our Multi Carrier Entry Point (MCEP) to support not only SME PED, but other NSA approved commercial secure mobile devices using Mobile Virtual Network Operator (MVNO) technology.

–  MVNO approach has received broad NSA and DISA support because it enhances security, management, and performance of secure mobile voice and data solutions.

– Worked with NSA and developed a request for information (RFI) to industry to determine industry's readiness to delivery this capability.

• End goal: Ensure the network connectivity and secure mobile communications for consumption of data and services anywhere, anytime in the network

5

DRSNDRSN

1/2 3/4

1 = SRTP/DTLS2=TLS3= RTP4= TLS5= TDM/PRI6=IP

External NetworksExternal Networks

GWGW

5

6

6

• APN –Wireless Carrier Access Point (multiple as required)• VPN – VPN Server--Serves to terminate VPN from Mobile Handsets• SBC – BBUA--Serves to terminate SRTP/DTLS Session and Generate. RTP

flow• SIP - SIP registration/Session Controller for Mobile Handsets• LSC – To provide IP Telephony connection to classified IP Networks And to establish connection to classified TDM network through Media

Gateway

WirelessCarrier Data

Service

WirelessCarrier Data

Service

UATLS/RTP

UATLS/RTP

Session Border Controller (SBC)

UATLS/SRTP

LSCLSC E

BC

Classified IP Network

@ applicable security level

Classified IP Network

@ applicable security level

APN

VPN

1/21/2

Mobile Secure Voice Enabled

DISA MCEP

SIP Server(LSC)

Legend:

A Combat Support Agency

BridgeBridge

The Cloud

Mobility ComponentsMobility Components

+ Data + Voice

IPIPADAD

TableTablet PCt PC

LaptoLaptopp

3G/4G3G/4G Wi-Fi 802.11Wi-Fi 802.11

7

A Combat Support Agency

Multi Carrier Entry Point (MCEP) /MobileMulti Carrier Entry Point (MCEP) /MobileVirtual Network Operator (MVNO) IntegrationVirtual Network Operator (MVNO) Integration

Centralized, Controlled Access for Mobile DevicesCentralized, Controlled Access for Mobile Devices

DoD Mobile Virtual Network Operator (MVNO) Service

Firewall / Threat Detection

MCEP Key Tenets

• Create IA boundary for wireless interconnects

• Single entry point for DISN wireless extensions

• Supports DoD e-mail and collaboration

• Survivability through backup MCEPs

Commercial Wireless and IP Service Carriers

DoD Users with Mobile Devices

8

UC SessionProcessing

(Voice, Video, Collaboration)

Unified Communications Aware Firewall

MCEP

DISN Core

Security and Application

Services

(VPN, E-mail, etc.)

MCEP Access Point

DoD Mobile Virtual Network Operator

DoD Secure Service Overlay

To DISN UC Services

A Combat Support Agency

Mobile Virtual Network Operator Mobile Virtual Network Operator RFI SummaryRFI Summary

9

• Original drafted/prepared by NSA

• Coordinated within DISA (CTO, CIAE, NS)

• The purpose defined: market research, discovery and information gathering

• DITCO released the RFI

– 19 May 2011

– Closing date was 27 June

• Twenty four vendors responded

• Great input!

A Combat Support Agency

MVNO Requirements/ MVNO Requirements/ CharacteristicsCharacteristics

10

• Support 1 million or more subscribers world wide

• Segregation and isolation from PSTN and internet

• Restricted service offering to a set of particular devices

• Centralized provisioning of end point including SIM card

• Centralized security management; centralized management and deployment

• Reporting on subscriber physical location (GPS)

• Logistics capability (SIM Card/Phone).

• Robust subscriber management and billing capabilities

A Combat Support Agency

11

Why It Makes Sense To Tech Why It Makes Sense To Tech Refresh the MCEP for MobilityRefresh the MCEP for Mobility

• Basic infrastructure for supporting mobility is already on line – NetOps approved (redundant, accredited and 24x7

management)– Current Wireless networks access concepts and experience

• Regardless of who the “carrier” is

• Voice capability already planned for MCEP to provide for lack of CSD

• DISA policy based controls access and network protection for DISN services

• Contract vehicle on-line• Supports on going Unified Capability efforts

11

A Combat Support Agency

12

Way AheadWay Ahead

• DISA leans forward on providing– The MVNO capability– Consolidating MVNO and MCEP service– Implementation of the Voice Capability at the MCEP

after NSA completes the technical approach for mobility (“Fish-Bowl Concept)

– Supporting and actively participating in NSA mobility efforts

• DISA becomes the wireless service provider for the Department of Defense

12