Table of Contents Volume 1 Architecture & Equipment Chapter 1 WIN-T Inc 1 Overview 1 Chapter 2 STT Overview 49 Chapter 3 Equipment Overview & Architecture 85 Chapter 4 JNN-CPN-STT Network Overview 99 Chapter 5 Line of Sight (LOS) Case Overview 111 Volume 2 Network Management Chapter 6 Introduction to Network Management 135 Chapter 7 SNMPc 181 Chapter 8 SolarWinds Engineer’s Toolset 217 Chapter 9 SolarWinds Cirrus Configuration Manager 277 Chapter 10 SolarWinds Orion 303 Chapter 11 NetMRI-Network Analysis 339 Information Assurance Chapter 12 Introduction to Information Assurance 379 Chapter 13 Cisco Security Monitoring Analysis and Response System (CSMARS) 425 Chapter 14 Cisco ASA Adaptive Security Appliance 445 Chapter 15 Cisco Intrusion Prevention System 479 Chapter 16 Cisco Security Manager 523 Chapter 17 eEye Retina Scanner 539 Chapter 18 Hercules Vulnerability Remediation Management 551 Insert TAB Architecture & Equipment WIN-T Inc 1a Overview 2 WIN-T Inc 1 System Overview Increment 1a Increment 1b Increment 1a + + Colorless Core NCW Modem (MPM-1000) WIN-T Increment 1 is a state-of the-art COTS/GOTS communications network that enables the exchange of voice, video, and data throughout the tactical Army unit and into the sustaining base. It leverages commercial satellite technology to provide beyond line of site capabilities and commercial internet networking technology to increase functionality and efficiency while reducing size, weight, and power. WIN-T Increment 1 components reside at the Theater, Corps, Division, Brigade, and Battalion levels and provide interfaces to lower level systems including on the move and soldier platforms. Increment 1a Capabilities: Extended Networking at-the-Halt: Former JNN program with Ka military satellite communications capability. Connectivity: Commercial and military frequency satellite communications (SATCOM) to Theater, Corps, Division, Brigade and Battalion. Equipment: radios, routers, servers, encryption, modems, antennas (transportable). Capability: Enables quality voice, data, and limited video communications at-the-halt. Provides for coordinated actions between geographically separated units. 3 What WIN-T Increment 1 Delivers: Network service to Command Posts and Commanders while at-the-halt. Improved battle command for Modular Force – increased satellite communications, extends to Bn level. The mandatory upgrade to previous fielded systems issued under spirals/Lots 19: AN/TTC-59 Joint Network Node (JNN) AN/TTC- 56 Single Shelter Switch (SSS) AN/TTC-64 Battalion Command Post Node (BnCPN) Baseband Tactical Hub Node (THN) Inc 1a Baseline gives systems the same functionality and hardware baseline as Inc 1 (Lot 10). Items being replaced are end of life and no longer supportable *Operational impact: Declining availability of spare items to replace those that fail in the field. Critical issues with sparing KIV-7s and KIV-19s at CSLA. 4 WIN-T Inc 1 Network Diagram TDMA (IP) FDMA (IP & CKT) STEP Site DISN Services KU-Band Satellite HUB SHF X-band (GMF) EHF (SMART-T) LOS JTF EHF-band Satellite JNN SHF X-Band Satellite XX DMAIN TSC-85 XX JNN XX DMAIN JNN JNN TAC X SSS DIV SMART-T SMART-T TSC-93 II JNN SMART-T JNN X JNN II KU KU II BDE KU II KU KU JNN II KU KU II II KU KU BDE II X II KU II JNN BnCP The WINT Inc 1 network employs a variety of transmission methods to pass voice, data, and video throughout the network. Two primary means of communication (the Ku, Frequency Division Multiple Access (FDMA) and Time Division Multiple Access (TDMA), both satellitebased), are typically used to provide the backbone links between Joint Network Transport Capability – Spiral (JNTC-S) elements. Cable, Line-Of-Sight (LOS) radio, Ground Mobile Forces (GMF), Tactical Satellite (TACSAT), Secure Mobile Anti-Jam Reliable Tactical-Terminal (SMART-T), etc. augment the basic capabilities. 5 WIN-T Inc 1 Architecture GIG ESB DIV/BCT Bn Delivers COTS/GOTS network For the Current Force. Connects the Warfighter to the Global Information Grid. 115 Mbps Internet Based Connectivity Per Division. DISN connectivity down To battalion level. Enhanced mobility and communications At The Quick Halt. Joint and coalition connectivity. Provides Interface to legacy systems. “Black” Internet backbone. SATCOM and terrestrial connectivity. Autonomous Brigade operations. The WIN-T INC 1 Network Satellite Bandwidth: WIN-T INC 1 Network supports TDMA and FDMA satellite communications. Brigades have the capability to communicate via TDMA or FDMA Satellite waveforms. Battalions have TDMA Satellite capability only. Both support LOS. Shared TDMA bandwidth within the Division (Approx 4.3 – 4.7 Mbps per TDMA Carrier) X # of Carriers (# carriers are determined by CENTCOM} TDMA modem limitation is approximately 3.0 Mbps. 6 Battalions are rate shaped to 2 Mbps for uplink (to prevent them from hogging bandwidth). Downlink is not rate shaped. Each FDMA link supports between 2 – 8 Mbps, depending on spectrum allocation and network variables. FDMA SATCOM Latency: One hop to TACHUB or FRHN DISN services. One BCT to another, or BCT to Division, is 2-hop architecture through TACHUB or FRHN. Latency associated with 1 hop = 500 – 600 ms. Latency associated with 2 hops = 1000 – 1200 ms. TDMA SATCOM Latency: Within a BCT, everybody is one hop away from each other. TDMA Mesh with Brigade. One BCT to another, or BCT to Division, is 2-hop architecture. Latency associated with 1 hop = 650 – 800 ms. Latency associated with 2 hops = 1300 – 1600 ms. Other Comms available: UHF SATCOM, L-Band (BFT and INMARSAT), SINCGARS, IRIDIUM, MBITR, GBS, CSS, TROJAN SPIRIT, and HF. 7 BCT/Bn Command Post External Connectivity Ku-Band Satellite TCF TDMA – IP FDMA – IP + CKT LOS TACHUB BCT CP1 SMART-T 2.4 M Ku TSC-85/93 CPPA BCT CP2 CPPB SMART-T TSC-85/93 CPPA 2.4 M Ku CPPB HCLOS HCLOS JNN JNN 2.4 M Ku TERMINAL 2.4 M Ku TERMINAL Battalion CP Battalion CP 2.4 M Ku TERMINAL 2.4 M Ku TERMINAL Battalion CP Battalion CP 8 Battalion CP 2.4 M Ku TERMINAL 2.4 M Ku TERMINAL Battalion CP WIN-T Inc 1 Tunnel Architecture STEP/Teleport Terrestrial Circuits TRC-85/93 Static Tunnel, OSPF routing 2.4 M Ku TERMINAL Unit Hub Dynamic on-demand Tunnel, no OSPF adjacencies JNN DMAIN TRC-85/93 SMART-T TRC-85/93 2.4 M Ku TERMINAL SMART-T HCLOS 2.4 M Ku TERMINAL HCLOS JNN JNN BCT Command Post BCT Command Post 1.5 M Ku TERMINAL 1.5 M Ku TERMINAL Battalion CP Battalion CP 1.5 M Ku TERMINAL 1.5 M Ku TERMINAL Battalion CP Battalion CP 1.5 M Ku TERMINAL 1.5 M Ku TERMINAL Battalion CP 1.5 M Ku TERMINAL Battalion CP 1.5 M Ku TERMINAL Battalion CP Battalion CP Dual hub/spoke design (JNN and Hub) Static “always up” tunnels from BnCPNs to JNN and Hub. Dynamic spoke to spoke tunnels built using DMVPN. DMVPN enables: reduced hub router configuration dynamic spoke-spoke tunnels saves TDMA bandwidth 9 TDMA Tunnel Architecture TACLANE KG-175 TACLANE POWER RUN ALARM BATTERY LOW POWER RUN KG-175 ALARM BATTERY LOW 168 Bytes SIPR GRE Tunnel Necessary to route SIPR dynamically through TACLANE and support multicast. Type 1 Encrypted TACLANE ESP Tunnel Necessary to carry SIPR traffic over NIPR backbone. AES Encrypted GRE Tunnel Necessary to protect NIPR traffic, allow dynamic NIPR routing and protect TACLANE CT headers. 10 WIN-T Inc 1 Echelon Equipment 11 Lot Differences (1) Equipment Block I (Sp1-7) Block II (Lot 8-9) Block III (Lot10+) Shelter S-250 S-250 LMS (Up Armor) Module Configuration V5, V6 Workstation NIPR/SIPR SDS Server NIPR/SIPR SDS Server 2 ea. Go-Book (Server 2003) NIPR/SIPR Routers Cisco 3725 and 2651XM (BnCP) Cisco 3825 2811 Cisco 3825 Integrated Services Router and 2811 Perimeter Router Ethernet Switches Embedded ESW Modules External Cisco 3560Gs 48 port External Cisco 3560Gs 48 port WAN Optimization Comtech TurboIP Comtech TurboIP Citrix WANScaler Lot 8-9 Hardware Changes: Ethernet switches - Cisco 3560 layer 3 switches with GBIC SFP adapters. This upgrade enables removal of Media Converters and allows fiber connectivity throughout JNN to components. Netscreen 25 upgraded to Netscreen 50 Firewalls. User access cases upgraded to Cisco 3560 Switches, GBIC and VG-224. Decreases user access for analog phones from 48 down to 24. INC 1a - Costing changes on NIPR for everything over IP. Lot 10 Inc 1: ASA 5510 Firewall: Anti-Virus upgrade to McAffee. Replaced Netscreen 25 and 50. SMU: SSS(V)3 COMSEC Module AKDC: Automatic Key Distribution Center: MSE asset for Legacy Voice Encryption. KG-175D: Taclane Micro used for TDMA Encryption. KIV-7m: Replaced KIV-7 and KIV-19A. Used for Trunk and Serial Encryption. Citrix Wan Scaler replaced Turbo IP. Anti-Virus Upgrade to MacAfee. Redcom HGX upgraded to Redcom Slice. Promina 400 upgraded to NX-1000. Configuration changes to accommodate equipment upgrades. 12 Lot Differences Information Assurance FW: Netscreen 5XT/25/50 FW: Netscreen 5XT/25/50 FW/IPS: Cisco ASA 5510 w/IPS IDS: Realsecure IDS: Realsecure Antivirus FW (THN and JNN): McAffee Antivirus FW (THN Only): McAffee Antivirus FW (THN Only): McAffee Encryption Taclane E100 (KG-175), KIV-7HSB, KIV-19 Taclane E100 (KG-175), KIV-7HSB, KIV-19a Taclane Micro (KG-175D), KIV-7M BDE Transit Cases Voice and Data Cases Voice Gateway (VG248) User Access Cases Voice Gateway (VG224) User Access Cases Same as Battalion Node BN Transit Cases Bn Case A and Bn Case B Router Cases 2 ea. NIPR/SIPR w / upgraded UPS Router Cases 2 ea. NIPR/SIPR w / upgraded UPS SATCOM Lot 9+ Lot 9+ Lot 10 NETOPS Lot 9 Lot 9 Lot10 Software Components: Operating Systems Windows 2003 Server Software Microsoft Office PuTTY Solar Winds TFTP Server McAfee Antivirus Simple Network Management Protocol console (SNMPc) Cisco Call Manager 4.3 13 CPN Blocks I & III Differences Equipment Block I (Spiral 2-7) Block III (Lot 10+) Transit Cases VPN & SIPR Cases Router Cases (x2) Routers 2651XM 3825 ISR Ethernet Switches Layer 2 2950 – NIPR Layer 2 3750 - SIPR Layer 3 – 3650 (x2) VoIP Capability CME 3.3 & 7940/7960 Phones (SIPR Only) Call Manager 4.3 – Laptop Based SIPR & NIPR – 7941/7961 Phones WAN Optimization Comtech Turbo IP Cisco Web Cache Citrix WANScaler Information Assurance FW: Netscreen 5XT IPS: none FW: Cisco ASA 5510 IDS: Cisco IPS Encryption Taclane Classic KG175 TACLANE Micro KG175D NETOPS LAN Manager CF-29 (XP Based) LAN Manager Go-Book (Server 2003) Hardware Upgrades: NIPR Router – Changes from 2600XM series to 3825. SIPR Router – Changes from 2600XM series to 3825. NIPR Switch – Changes from 2950 (10/100) to 3560G (Gigabit). SIPR Switch – Changes from 3750 PoE to 3560G (Gigabit). Hardware Changes: Firewall – Changes from Netscreen model to Cisco ASA with IPS module. IPS – Changes from none to Cisco IPS. NIPR VoIP – No capability to Laptop-based Cisco Call Manager 4.3. SIPR VoIP – From CME 3.3 to Laptop-based Cisco Call Manager 4.3. Configuration Changes: NIPR Logical Signal Flow – Changes significantly to accommodate voice and data VLAN flows through IA stack. SIPR Logical Signal Flow – Changes significantly to accommodate voice and data VLAN flows through IA stack. Access Lists – Change from administrative (90, 95, and 99) and traffic filtering to administrative-only ACLs configured (traffic filtering on ASA FW and IPS). 14 WIN-T Inc 1: Ka – Upgrade Phase 1: Platform Re-Cap Phase 2: Electronics Upgrade Kits •TDMA Modem Upgrade Kit STT DataPath Version: Lot 1 thru 9 Ku capable Satcom Linkway TDMA 2100 s TFOCA II Interface .IPV4 and IPV6 C130 Transportable Lot 9 plus with 1a and 1b: Ka and Ku capable Satcom Linkway TDMA 2100s or S2 NCW Modem TFOCA II Interface IPV4 and IPV6 C130 Transportable Lot 9 + Increment 2 Ka and Ku capable Satcom FDMA NCW Modem TFOCA II Interface IPV4 and IPV6 C130 Transportable 15 STT General Dynamics Version: Lot 10 Increment 1 and 2 Ka and Ku capable Satcom FDMA NCW Modem TFOCA II Interface IPV4 and IPV6 C130 Transportable Increment 3 and 4 QT-LA Quad-Band Terminal Large Aperture 4.6 Meter Dish C, X, Ka and Ku Band, capable Satcom TDMA and NCW Modems Node Management TFOCA II Interface IPV4 and IPV6 and Manet Routing Local Colorless interface for WIN-T elements Dynamic Link Management C130 Transportable 16 System Overview Tactical Hub Node (LOT 10) Tactical Hub- Sat. Vans (2) 3.9M Antenna User Access Cases Tactical Hub- Baseband The HUB consists of a Tactical Hub Baseband Van Vehicle and two TDMA/FDMA Satellite Vans. Extends GIG Ethernet services down to Warfighter. Traditionally co-located with a DISN PoP. Designed to support 16 FDMA and 16 TDMA links. Configured to provide multiplexing of Voice (Black PBX), SIPR and NIPR Data and video interfaces for transport over the FDMA network using Cable, line-of-sight, GMF / SMART-T / PHOENIX and Ku SATCOM links. Provides SIPR and NIPR IP voice and data traffic to distant JNN s and Battalion Command Posts using the Ku TDMA network. NIPRNET, SIPRNET, and DSN are the primary services extended to the tactical users. However, it is technically feasible to extend DRSN and DISN Video Service – Global (DVS-G) services. The FRHN will be configured to provide two DRSN circuits per Division enclave (via the FDMA/Promina network links). The DVS-G is expected to have completed the migration from H.320 serial connectivity to H.323 IP connectivity by the time the first FRHN is operational. Therefore, serial circuits will not be planned or provisioned for H.320 based DVSG service. The IP-based DVS-II service will be carried over the NIPRNET and SIPRNET links. Cable can be galvanic and optical. 17 Diagram is the Spiral 2-4 HUB. Division HUB normally supports 11 JNNs 4 BCT = 2 JNN EACH =>8 2 Aviation Bde = 1 JNN each =>2 1 Sustainment Bde = 1 JNN each => 1 8+2+1=11 JNNs, so surplus of five links which gives Planner option to task organize other BCTs and connect to STEP/REGIONAL HUB. The JNNs are designed for three FDMA (i.e., Promina multiplexed) links apiece. Several factors must be taken into account by commanders and Signal planners regarding the best location for a MRHN and/or THN. The amount of time available for mission planning and the required proximity of the JNN-N Hub Node to the warfighter may result in tradeoffs where DISN connectivity is not available at the start of an operation, if at all. Ideally, all deployed JNN-N Hub Nodes will have direct terrestrial DISN connectivity for redundant and robust communications. However, at a minimum the FRHN will be DISN connected. Capabilities Ku/Ka FDMA and TDMA SATCOM ATH Interface to LOS Interface to Centrix, Joint, SMART-T / Phoenix / TSC-85/93s Node Mgmt (S, SI) Interface to Commercial Office Interface to Current Force DTG Support for 2-Wire Analog STEs Supports SI and S LAN extension (for user LAN VOIP, video, or data devices) User Services (, DHCP, Voice) Serial and Ethernet Interface to BVTC Initial QoS External Boundary Protection Enclave Protection IPv4 / v6 when HAIPE V3 is available Baseband Border Router (S, N) Tier 2 Router (S,N) Ethernet Switch (S, N) Management Laptops (S, N) TCP Proxy (S, N) Call Control (Call Manager) (S, N) Terminal Server (S, N) HAIPE (v 1.3.5) (Quantity 2) Perimeter Firewall / IPS (S, N) Host LAN Firewall / IPS (S,N) Antivirus (S,N) 18 Promina NX-1000 KIV-7M PBX (Redcom HDX) CTM-100s FECs Pairgain Modems Flex Mux GPS Receive and GPS antenna 2 User Access Cases (S, N) User Access Case 3560 Ethernet Switch Cisco VG224 Analog Gateway Packaging/SWAP LMS on 5 Ton FMTV 18K ECU 10 KW Generator on FMTV with Auto Transfer GFE/GFS FMTV CHS-III Components COMSEC Employment Division HQ GUIDELINES: C17 Transportable (2 trucks per C-17) Movable assemblages Provide TDMA/FDMA Fiber Interface to Baseband Vehicle. ARCHITECTURE PARAMETERS: Support 16 TDMA Nets per Hub 4Mbps per TDMA Net Support 16 FDMA links w/a total aggregate b/w of 36MHz per Hub ~2Mbps to all medium/JNN nodes ~4Mbps to DMAIN medium node 19 TACHUB SATCOM Trucks 2 ea. 8x8 TDMA/FDMA SATCOM Trucks per Unit Hub 3.9M auto acquire and tracking Fully redundant RF electronics and ECU (MAC-62) 2 X 20Kw Generators/Dual 6KVA UPS Traffic capability (depending on loading) – WITH LINEARIZERS TDMA – 24Mbps FDMA –48Mbps Modem Compliment Redundant MRT and 8 TDMA modems FDMA – 8 active modems; 1 hot spare Provides Joint Interoperability (i.e. Circuit Switch Voice / Promina Traffic) Each SATCOM truck contains approximately 140 RU (4 ea, 5ft high, and 19-inch racks) of equipment MRT – Master Reference Terminal RU – Rack unit 20 System Overview JNN (Lot 10) STT JNN User Access Cases 10K TQG Capabilities: Ku/Ka FDMA and TDMA SATCOM ATH (STT) Interface to LOS Interface to Centrix, Joint, SMART-T / Phoenix / TSC-85/93s Node Mgmt (S, SI) Interface to Commercial Office Interface to Current Force DTG Support for 2-Wire Analog STEs Supports SI and S LAN extension (for user LAN VOIP, video, or data devices) Serial and Ethernet Interface to BVTC Initial QoS External Boundary Protection Enclave Protection IPv4 / v6 when HAIPE V3 is available C-130 Transportable Baseband: Border Router (S, N) Tier 2 Router (S, N) Ethernet Switch (S, N) Management Laptops (S, N) TCP Proxy (S, N) Call Control (Call Manager) (S, N) 21 Terminal Server (S, N) HAIPE (v 1.3.5) (Quantity 2) Perimeter Firewall / IPS (S, N) Host LAN Firewall / IPS (S, N) Antivirus (S, N) Promina NX-1000 KIV-7M PBX (Redcom Slice) CTM-100s FECs Pairgain Modems Flex Mux GPS Receive and GPS antenna User Access User access switches (S, N) 2 wire IP Gateways (S, N) Packaging/SWAP LMS on 2.5 Ton FMTV or M1152HMMWV with B2 Armor Kit 18K ECU 10 KW Towed Generator GFE/GFS HMWWV or FMTV CHS-III Components COMSEC Employment ESB (4), Corps/Div HQ (3), SBCT/BCT (2), Bde (1) 22 Major Assemblages – The JNN KU trailer FDMA/TDMA Joint Network Node JNN Signal Flow between assemblages: FDMA / TDMA V5,V6 V5 The WINT Inc 1 JNN consists of a JNN Vehicle and a Ku Satellite Trailer. The connection from the JNN to its STT is via a single redundant connector off JNN using TFOCA II. Therefore, TDMA and FDMA is just a simple plug-in. The work comes in insuring all satellite and IP components, NX-1000 or other FDMA systems are planned out and configured correctly. 23 WIN-T Inc 1 Module Sets A 3 UPS/TACLANE A 14 NIPR A 5 SIPR HUB A 8 MODEM A 12 TRANSMISSION HUB A 9 ROUTER A 13 STEP HUB A 5 SIPR HUB A 14 NIPR WIN-T INC1 Assemblage Modules: 24 Equipment design is composed of a mixture from a common module set representing functional groups. Employs common module design between different assemblages to enforce common internal architectures. Module design removes most of the complex patch panel configurations inherent in earlier designs. JNN (v)4/5/6, SSS(v)4 and Tactical Hub built from modules to meet their respective network requirements. WIN-T INC1 JNNs have three versions offering specific architecture requirements. Performance Enhancement Proxy (Pep) PEP is designed to alleviate Transmission Control Protocol /Internet Protocol bottlenecks in an impaired environment (where high delay, high bit error rate, or both, occur) while preserving interoperability with any TCP device. 25 Antivirus Server The McAfee Antivirus Server platform is used to screen incoming and outgoing files between host and perimeter networks. 26 Call Manager Call Manager is the software based call processing component-providing signaling and call control services to IP endpoints, IP gateways, and POTS subscribers via analog voice gateways. 27 Tier 1 Router 28 Perimeter router that provides links for connections to networks external to the protected network. Provides first line of defense in IA Architecture. Access Control Lists provide security filtering. Firewall PERIMETER HOST Two firewalls per security domain (SIPR/NIPR) within the shelter. Border Firewall – Positioned between T1 and T2 routers to form a boundary between trusted network (TDMA cloud/T2 routers) and untrusted network (T1 routers/STEP). Host Firewall – Positioned between T2 router and Host LAN to form a boundary between host networks and the T2 route. 29 Tier 2 Router 30 Provides default gateway and routing functions for locally connected hosts and shelter components. NIPR T2 provides voice gateway for BLACK voice network between VoIP and PBX. SIPR T2 provides voice gateway for RED voice network between VoIP and Vantage for legacy MSE connectivity. Taclane A3 UPS-TACLANE MODULE Inline network encryptor for deployment in DOD tactical and strategic networks. Provides security for tunneling of one network through another (i.e. SIPR through NIPR and vice versa). 31 KIV-7M Transec/Comsec 32 National Security Agency (NSA) endorsed dual channel encryptor. Channels individually configurable. Different security levels per channel possible. Compatible with different encryption equipment through personality selection. Terminal Server Linux based secure console standalone unit. 32 RS232 RJ45 physical ports (NIPR module). 16 RS232 RJ45 physical ports (SIPR module). 1 Diagnostic/Management port (connected to Management Laptop Com Port). 2 Ethernet ports (Port #1connected to the Ethernet switch). 33 NX1000 34 Replacement for Promina. Redcom Slice REDCOM Slice provides 2 T-1 s, 24 Plain Old Telephone Service (POTS) lines and 2 Basic Rate Interfaces (BRI). It allows POTS phones access to the VOIP network. 35 GPS Based-Trak 9000S GPS Pulses Per Second Pushbutton Keypad Liquid Crystal Display (LCD) Keyload (Fill Port) Zeroize LED Power Switch Diagnostic / Management Port System Timing: GPS Based-Trak 9000S GPS Multiplexers: Tactical Flexible Multiplexer (FLEXMUX) Similar to previous version Flexible Multiplexer Ports 2-4 of MUXs 1 and 2 are brought to P/P (JNN,SSS,Hub) Port 1 of each MUX is cabled to VANTAGE Non Return to Zero (NRZ) ports (JNN V4,Hub only) Forward Error Correction (FEC) Blade 4 FEC functions per blade Configuration Console port interface to NIPR Terminal Server Patch Panel: Transmission Module Patch Panel 18 Slot ADC Patchmate P/P (with RS-530 modules) Allows patching of: 6 Transmission Module CDIM Patch Panel Ports 6 FMUX Patch Panel Ports 4 TRC URD/HSD Ports (JNN(V4), 5, SSS, Hub) 2 KIV-7M Encrypted SA Trunks (JNN(V)4, 5, SSS, Hub) 2 KIV-7M Encrypted NIPR Tier 2 Router Ports 4 KIV-7M Encrypted and FEC capable NIPR Tier 2 Router Ports 2 NIPR Tier 2 Router Ports 2 SIPR Tier 1 KIV-7M Encrypted Router Ports 2 SATCOM CDIMS (Hub only) 2 SATCOM Router KIV-7M Encrypted Serial Ports (Hub only) 3 SMU Module KIV-7M Cipher Text (CT) Ports 36 User Access Case Components Front View Rear View 48-port Ethernet Switch Provides user IP connectivity Provides Power Over Ethernet (PoE) for IP phones VG224 Analog Voice Gateway Provides POTS to IP conversion for 24 subscribers 37 Major Components – User Access Case (UAC) BLOCK DIAGRAM FUNCTIONAL DIAGRAM 4 4 The User Access Case (UAC) provides Data, Voice over Internet Protocol (VoIP), and Plain Old Telephone System (POTS) subscribers’ connectivity into network Standardized building block design provides scalability. Movement of UAC to other than home JNN requires modification to standard fielded configuration (change management IP address). Connect directly off the CPP (first preferred by spec/conops) and then JNN. Allows subscriber access to JNTC-S at Brigade level. VoIP and DATA, SIPR and NIPR choices by cabling to appropriate input. User access case replaces pre-LOT 8 telephony case, albeit smaller capability. Tradeoff is less analog line capability for small transit case. Can be used directly off JNN or Router Case. A Router case is part of the BnCP LOT 8, and is provided to a fielded JNN in place of old BDE cases. A user access case can plug into router, JNN, or TacHub. 38 HBCT JNN(V)5 (LOT 10) Inter-connectivity of JNN resources. 39 Battalion Command Post Node NIPR Call Manger SIPR Call Manager 10K TQG The BnCPN provides: Enhanced voice and data capabilities at support Battalions. SIPR/NIPR and devices and access (up to 20 data and IP telephony users). Capability to interface directly to Ku/Ka satellite or Line-of-Sight radio. Transmission resources. The BnCPN suite of communications equipment is housed in transit cases: SIPR/NIPR data interface transit case w/ TACLANE. Red voice interface using Cisco IP phones. LAN/Network management resources capabilities. Ku/Ka TDMA SATCOM ATH (STT). Interface to LOS. Node Mgmt (S, SI). Support for 2-Wire Analog STEs. Supports SI and S LAN extension (for user LAN VOIP, video, or data devices). Serial and Ethernet Interface to BVTC. Initial QoS. Enclave Protection. IPv4 / v6 when High Assurance Internet Protocol Interoperability (HAIPE) V3 is available. C-130 Transportable. 40 Equipment Changes: Replacement of Netscreen Fire/Wall (F/W) with CISCO Adaptive Security Appliance (ASA)-5500 Series. Replacement of Call Manager Express (CME) with full Call Manager. New TACLANE micro (KG-175D), replacement of Key Interface Variable (KIV)-19 with KIV-7M. Minor connector changes. Battalion Command Post Node Equipment Allocations: Packaging/SWAP 18K ECU 10 KW Towed Generator GFE/GFS CHS-III Components COMSEC Employment ESB (24), Corps/Div HQ (18), SBCT/BCT (12), Bde (6) Baseband Tier 2 Router (S,N) Ethernet Switch (S, N) Management Laptops (S, N) TCP Proxy (S, N) Call Control (Call Manager Laptops) (S, N) HAIPE (v 1.3.5) (Quantity 1) Host Lan Firewall / IPS (S,N) NIPR/SIPR Router Cases: Components: Micro TACLANE ASA 5510 Firewall Citrix WANScaler PEP Cisco 3825 Router Cisco 3560G Ethernet Switch Patch Panels Signal Entry Panel Power Entry Panel Case Dimensions: 22.47 W x 19.40 H x 34.50 D Estimated Case Weight: 154 lbs. Estimated Power: 813 W 41 Additional Components: 8 Cisco 7940G Voice over IP telephone sets with Cat5 cables. NetOps Package includes 1 ea. SIPR/NIPR LAN Management Go-Books. LOS Transit case. TFOCA-II – 300 Meter and 100 Meter cable reels. Ethernet Cables Console Cables. Equipment Grounding/Accessory Bag. Ground Straps Ground Rods 42 Major Assemblages – CP Platform The Command Post Platform (CPP) provides the network interface to the lower Tactical Internet (TI) Interface capability to SINCGAR, EPLRS, AN/TRC-103, NTDR, AN/VRC-104, AN/PSC5, INMARSAT, and JTRS. Four shelter versions: V1, V2, V3, and V4 V2 contains C2 assembly, SIPR, TOCNET V4 contains C2 assembly, SIPR, NIPR, TOCNET Option to provide small network capability when stand-alone (w/o JNN). 43 Satellite Transportable Terminal (STT) The Satellite Transportable Terminal (STT) is a satellite terminal system providing two-way digital communications in support of the WIN-T architecture. The STT is located at the Corp/Division and Brigade Combat Team (BCT) level. The terminal consists of a 2.4 meter Ku antenna mounted on a trailer. The electronic components that provide two-way digital communications are mounted in two electronic equipment racks located in a cooled electronics equipment compartment on the rear of the trailer. The STT is designed to provide voice and data connectivity from worldwide forward locations for intra/inter-theater operations. The terminal has many features that make it ideal for either short or long-term deployment, providing high capacity reach-back services. The terminals can be operated in continuous, uninterrupted operations either manned or unmanned as required. The STT uses Time Division Multiple Access (TDMA) and Frequency Division Multiple Access (FDMA) transmission technology to support a high throughput data handling capability for the Army’s IP based data networks. Two versions of the STT are used: The STT version 1 supports the JNN and provides both TDMA and FDMA satellite communication. The STT version 2 supports the BnCPN and only operates in the TDMA mode. 44 The difference in the two versions is the additional equipment (satellite modem) mounted in version 1 necessary to implement the FDMA communications capability. Ku RF/Modem Specifications: EIRP:79 dBW (min. saturated) G/T: 31.0 dB/K (min.) SATCOM Transmit Frequency: 14.0-14.50 GHz SATCOM Truck Receive Frequency: 10.95-12.75 GHz FDMA Modem TX/RX Frequency: 950 MHz – 2050 MHz Data Rate: 9.6 kbps – 10 Mbps Modulation: BPSK / QPSK / 8PSK CODEC: Reed Solomon and Turbo Code TDMA Modem TX Frequency: 950-1525 MHz RX Frequency: 950-1750 MHz Symbol Rate: 312, 625, 1250, 2500, 5000 ksps Modulation: BPSK / QPSK CODEC: Reed Solomon, Viterbi 45 CWAN Components Server Case P/N 022800994-2 Router Case P/N 02-2801535-2 User Access Case P/N 02-2800994-2 UPS Case P/N 02-2800986-1 CWAN Interconnection Diagram Host LAN FW - 5510 Admin 43X FW Mgt. IPS Mgt. 44X E0/1.58 VLAN 58 E0/1.222 VLAN 222 E0/1.224 VLAN 224 E0/1.233 VLAN 233 233 233 ROUTER CASE Tier 2 Switch E0/1 Trusted 47X 802.1q Trunk 58, 222, 224, 233,… 224 E0/2 222 MGT 322 58 VOICE 358 224 DATA 324 59 233 IA 333 SPARE Loopback L3 E0/3 E0/0 E0/0.358 VLAN 358 E0/0.322 VLAN 322 E0/0.324 VLAN 324 E0/0.333 VLAN 333 Untrusted 58 46X CALL MANAGER LAPTOP 41X 802.1q Trunk 322, 324, 333, 358,… 48X 802.1q Trunk 322, 324, 333, 358,… G0/0 G0/1 TACLANE 46X 802.1q Trunk 475 CT PT 175 aPB.1 222 49-52X User Access Case 49-52X 222 VG-224 58 59 (24X) Admin 222 45X Primary aPA.2 aPB.1 40X (47X) Element Manager Generic Server Server Case 46 aPB.2 Citrix WAN Scaler T2 Router NIPR Firewalls With VLANS SIPR Firewalls With VLANS 47 This Page Intentionally Left Blank 48 STT Overview 50 Warning (1) Warning- 240 Volts- Contact may cause electrical shock and injury. Disconnect power before servicing. Warning- RF radiationRemain clear of region between antenna feed and reflector while radiating. Warning- Establish and maintain proper earth ground. Warning- Extended antenna hazard- Antenna must be lowered prior to vehicle operation. 51 Warning (2) Warning- Do not connect power cables until equipment is grounded. Warning- Electric shock hazard- Main disconnect switch does not remove UPS output power. Turn off UPS before servicing. Warning- Radio frequency radiation- This unit operates at high voltage. Personnel should not be exposed to the microwave energy that may radiate from the device. All input and output RF connections, waveguide flanges and gaskets must be leakproof. Never operate this device without a microwave energy-absorbing load attached. Never look into an open wave-guide of antenna while the device is energized. 52 Danger Danger- Tip over hazard- Stow antenna if wind speed may exceed 60 MPH. Danger- Tip over hazard- Jacks must be properly installed and deployed before system operation. Danger- Crush hazard- Parking brakes must be enabled before system operation. Danger- RF power and High Voltage 15,000 volts service by authorized personnel only. 53 Attention Attention- Do not overdrive- Do not exceed 45 watts rated output power. Input frequency 950 MHz to 1450 MHz overdriving or wrong frequency input may permanently damage amplifier. Attention- Air intake and exhaust clearance 4 inches minimum. 54 Attention- Dangerous Voltage. Do not handcrank antenna clockwise or counter clockwise past 130 degrees from the center of travel! Caution Caution: Hearing Protection required when the generator is operating with panels opened. 55 Purpose and Types of STT (1) The STT is a Ku or Ka band satellite terminal used to support the BnCPN with connectivity into the Warrior Information Network-Tactical Increment 1 Node Network (WIN-T Inc 1 Node-N). The STT comes in two versions: 1. Version 1 (V1) supports the WIN-T Inc 1 Node using TDMA and FDMA. 2. Version 2 (V2) supports the BnCPN with TDMA only. Both versions of the STT can be supported by the Master Reference Terminal (MRT) used to control the TDMA network. 56 Purpose and Types of STT (2) The STT is a satellite terminal system providing two-way digital communications in support of the WIN-T architecture. The STT functionally fits in the WIN-T Inc 1 Node at the Corp/Division and Brigade Combat Team (BCT) level. The terminal consists of a 2.4M Ku/Ka Antenna mounted on a trailer. The electronic components that provide communications are mounted in two racks located in a cooled electronics equipment compartment on the rear of the trailer. 57 Purpose and Types of STT (3) The STT is designed to provide voice and data connectivity from worldwide forward locations for intra/inter-theater operations. The terminal has many features that make it ideal for either short or long term deployment, providing high capacity reach-back services. The terminals can be operated in continuous, uninterrupted operations either manned or unmanned as required. The STT uses Multi-Frequency Time Division Multiple Access (MF-TDMA) and Frequency Division Multiple Access (FDMA) transmission technology to support a high throughput data handling capability for the IP based data networks. 58 STT Components - Roadside Composite Antenna Reflector Straight Feed Boom Cable Drive Helicopter Lift Points Access Panel Modular Feed System / High Power Amplifier (HPA) Electronic Enclosure Units (EEU) GenSet Battery Fire Extinguisher and Stabilizer mounting Main Storage Box 59 STT Components - Curbside Generator Fuel Nozzle And Tank Power Distribution Assembly I/O Panel / TFOCA-II Connectors 7.5 kW Onan Generator Shore Power Input Heli Lift Point Fork Lift Access Point 60 STT Components (1) Fluxgate Compass GPS Antenna Weatherstation 61 STT Components (2) Stow Pads HPA Drive motors Cable Drive Straight Feed Boom 62 EEU Rack 1 Components System Patch Panel Rack Mount Reference (RMR) Antenna Control Unit (ACU) Ethernet Switch Power Drive Unit (PDU) Environmental Control Unit (ECU) Controller Monitor & Control (M&C) Laptop 63 Uninterruptible Power Supply Space for MRT UPS Front Panel 64 EEU Rack 2 Components Ethernet Fiber Optic Converters CTM-100C Protocol 2811 AES IP router FDMA Modem (not installed in V2) TDMA Modem EEU Rack 2, located in the trailer’s rear equipment compartment, houses the components used for the TDMA traffic processing, routing, fiber optic conversion, FDMA traffic processing. 65 ECU The ECU is used to cool the components during adverse temperature conditions. 66 M&C Computer The M&C is used to remotely configure, control, troubleshoot, and operate equipment. 67 Input / Output Panel J1 J2 The TFOCA-II fiber optic cable connectors are located on the curbside of the trailer. These provide the connection point for the supported WIN-T Inc 1 Node or BnCPN node. 68 Shore Power Input The primary power input to the STT. 69 Power Distribution Assembly (PDA) On the curbside, the PDA has the circuit breakers and indicators for Voltage and power draw, fuel level, generator temperature as well as Oil temperature. 70 Automatic Transfer Switch ITS-50R • Provides automatic switchover between commercial power and Genset. • Located behind PDA (hidden). 71 Oil-Mate and Battery Oil-Mate 12VDC generator battery with cover removed. • Oil-Mate injects used generator oil into the diesel fuel tank and injects an equal amount of fresh oil into the generator every 36 minutes to extend time between servicing. • The Alternate Power Unit (APU) battery is used to provide power to the starter to start the 7.5 KW Genset. 72 Main Storage Box - Roadside TFOCA-II Reels Grounding bag AC Power cable and Static ground cable Ku HPA (Ka pallet goes back into transit case) Storage for stabilizer feet 73 Grounding Bag Ground Kit Hammer Grounding cables with clamps. 74 Lift Points Secure all tie downs when not in use. Front Curbside Rear Curbside Front Roadside Rear Roadside 75 Fuel Tank - Curbside Filler tube and cap. The STT will run for 48-52 hours on a 26 gallon tank of fuel. 76 External Fuel Connection External fuel quick connection (capped). External fuel filter / water separator. 77 Global Positioning System (GPS) • The GPS antenna mounted at the base of the antenna is connected via coaxial cable to the GPS receiver module in the ACU. • The GPS receiver modules function is to locate three or more GPS satellites, figure out the distance to each, and use this information to triangulate the terminal latitude and longitude position. 78 Flux Gate Compass The Fluxgate Compass mounted on the rear of the antenna reflector is used to obtain the terminal’s heading by sensing the orientation of the trailer in relation to the earth's magnetic field. 79 Weatherstation Reports: •Wind direction & speed •Humidity •Dewpoint 80 Chassis Components Heavy duty tie down points Hand brakes Trailer electrical cable for signal lights Tongue jack with swivel 81 Specifications Ku Transmit Frequency: 14.00 – 14.50 GHz Ku Receive Frequency: 10.95 – 12.75 GHz Ka Transmit Frequency: 30.00 – 31.00 GHz Ka Receive Frequency: 20.20 – 21.20 GHz TDMA Data Rates: FDMA Data Rates: 4.6 Mbps / 5 Msps 2.4 Kbps - 52 Mbps TDMA (De)Modulation: QPSK, 8PSK FDMA (De)Modulation: BPSK, QPSK, QPSK, OQPSK, and 8PSK Power: 82 Commercial Power and onboard generator power Receive Block Diagram The highlighted path in red arrows depicts the receive signal from a remote site to the locally connected WIN-T Inc-1 Node. 83 Transmit Block Diagram The highlighted path in red arrows depicts the transmit signal from the locally connected WIN-T Inc-1 Node to a remote site STT or Hub truck. 84 Equipment Overview and Architecture 86 ESB BnCPN Network Example X Band EHF Band Ku Band Step Site DISA TDMA FDMA JNN ESB Hub Node SSS TSC-85 STT V3 ESB Heavy Signal Platoon TDMA TDMA STT TDMA FDMA STT Signal Platoon Element TSC-93 STT JNN Signal Platoon Element TDMA HCLOS LOS Back-Up Link TDMA STT HCLOS V3 ESB Expeditionary Signal Platoon STT Signal Platoon Element V1 Signal Platoon Element The above figure is an example of an Area Signal posture and the basic interconnectivity of Signal assets. Mission Statement: Warfighter Information Network – Tactical (WIN-T) is the Army’s current and future tactical network that will provide seamless, assured, mobile communications for the warfighter along with advanced network management tools to support implementation of commander’s intent and priorities – incrementally. Increment 1 provides “Networking At-The-Halt” capability down to battalion level with a follow-on “Enhanced Networking At-The-Halt” (Inc 1b) to improve efficiency and encryption to divisions, brigades and battalions. WIN-T Increment 1 components reside at the division, brigade, and battalion levels. Description State of The Art COTS/GOTS For The Current Force. Connects The Warfighter To The Global Information Grid. DISN Connectivity Down To Battalion Level. Enhanced Mobility And Communications At The Quick Halt. Joint And Coalition Connectivity. Provided Interface To Legacy Systems. Encrypted SIPRNET Traffic Through the NIPRNET. SATCOM & Terrestrial Termination. Autonomous Brigade Operations. 87 Benefits/Capabilities Supports Modularity by allowing a Brigade Combat Team to have selfsustaining reach back communications. Provides internet infrastructure connectivity directly to the Battalion level. Transitions Army Networks from proprietary protocols to “EVERYTHING OVER IP” (EOIP). Allows independent mobility of command posts and centers unconstrained by Line of Sight radio ranges. Incorporates industry standards for network operations and intrusion detection. The Bn CPN has a single radio link into the JNN network via the TDMA satellite. Permanent or static VPNs are built into the JNNs and Hub Node. Dynamic VPNs are built on demand to other Bn CPN systems. The establishment of these demand VPNs are based on user requirements to transfer information between Bn CPNs. Establishing VPNs between CPNs on an as needed basis decreases the amount of satellite resources required to support the network. The THN is a Division asset that provides connectivity to the Defense Information Systems Network (DISN) and the Global Information Grid (GIG). The THN utilizes both FDMA and TDMA satellite connectivity. The THN also serves as the master hub node for TDMA mesh networks of the BCTs and their associated Bn CPN. The JNN is located at the Brigade Combat Team (BCT) element. It serves as both a distribution point for the various systems within the BCT and provides direct network services for the Brigade headquarter elements. The JNN can utilize both TDMA and FDMA satellite connectivity and has a single FDMA link that is usually reserved for connectivity to the THN. Regional Hub Node The RHN is the largest of the four JNN-N Hub Node types, and can provide the following capabilities: Provide primary hub node connectivity (FDMA and TDMA) and services for tactical users during reception, staging, onward movement, and integration (RSOI) operations. Provide TDMA management support enabling intra-theater Brigade-toBrigade level routing and network services. Provide continuity of operations (COOP) for MRHNs and THNs. Provide primary hub node connectivity and services to expeditionary units (e.g., BCT) not deploying with a THN. Provide support to Expeditionary Signal Battalions (ESBs)/Integrated Theater Signal Battalion-Joint Network Node (ITSB-J) that are task organized to support Division and below units. Provide a server sanctuary supporting the delivery of theater level services and a stable location for Division or Brigade units to host services for their tactical users. 88 Provide JNN-N Hub Node connectivity and services for mounted battle command on the move (MBCOTM) users. Support up to three JNN-N equipped Divisions, or reconfigurable to support two JNN-N equipped Divisions, four BCTs, and one separate (non-BCT) mission. Extend DISN voice, data, and video services to the warfighters. Provide assured, low latency reachback to the TNCCs for Top Secret/Sensitive Compartmented Information (TS/SCI) users using JNNs or CPNs as their transport connection to the RHN. The RHN system is designed to support 3 separate JNN-enabled Army Divisions and up to 4 stand alone BCTs through satellite connectivity to other JNN Network systems: the THN, the JNN, and the Bn CPN. The RHN will support both Frequency Division Multiple Access (FDMA) and Time Division Multiple Access (TDMA) satellite links. Equipment is grouped into enclaves within the FHRN facility as shown. Each enclave will operate independently of the others. 89 (WIN-T Inc 1) Systems Architecture Overview NIPR Call Manger SIPR Call Manager 10K TQG 90 NIPR/SIPR Router Case Front View Rear View NIPR/SIPR Router Cases: Components: Micro TACLANE ASA 5510 Firewall Citrix WANScaler PEP Cisco 3825 Router Cisco 3560G Ethernet Switch Patch Panels Signal Entry Panel Power Entry Panel Case Dimensions: 22.47 W x 19.40 H x 34.50 D Estimated Case Weight: 154 lbs. Estimated Power: 813 W 91 BnCPN Signal Flow LOS CASE To LOS This diagram illustrates component connections. The VPN Case provides direct connectivity to the Ku Satellite trailer for connectivity into the TDMA satellite network. The VPN Case can be configured to support NIPR users though this is not part of the standard configuration. The LOS case is intended to provide connectivity for the Bn CPN to a legacy system with a TRI-TAC CDI interface such as an MSE LOS system. When using the LOS Case, DMVPN operation is not possible. The Router Case directly supports the SIPR user, data and voice and is connected to the VPN Case via fiber. The BnCPN provides direct network access to users within a Battalion element for secure data and voice services. It utilizes only Time Division Multiple Access (TDMA) satellite connectivity. Line of sight inter-connectivity is provided through the use of the LOS Transit Case. It has permanent links to the THN and JNN and can establish on demand connections to other CPNs within the meshed network. The BnCPN provides LAN and WAN firewall protection. 92 Routing & Switching ROUTING & SWITCHING: Two 3825 Routers 1. SIPR Router 2. NIPR Router. Cisco Catalyst 3650 Ethernet Switch: The switch terminates IP Phones, and Computers. The switch can be stacked with other switches. Provides 48 ports with Power Over Ethernet (POE), for VOIP Telephones. 93 ASA 5510 Firewall ASA 5510 Firewall: 94 Console port, for connecting to serial terminal emulation programs such as HyperTerminal. A modem port, used for remote console sessions using dial-up connections. Four Ethernet ports, for connecting the ASA 5510 device to your LAN or local workstation and to the internet. TACLANE Micro Model KG-175D TACLANE MICRO Model KG-175D: The TACLANE provides encryption over DOD IP networks and ATM networks (ATDNET & WIN-T). The TACLANE provides security over legacy tactical IP networks (MPN) and strategic IP networks (SIPRNET). The SVNs support the logical grouping of users at a common security level in a common community of interest. Although multiple SVNs can operate at different security levels, they can share common transmission and switching elements because they are isolated from each other via cryptography. SVNs encrypt data prior to passing it over the Ku network. 95 TACLANE Micro Capabilities: Supports IP datagram encryption over Ethernet 10/100 Base-TX or 100 Base-FX physical Interface. 200 Mbps aggregate throughput, full duplex. HAIPE IS v1.3.5 compliant IP encryption. 512 security associations supported user traffic. One security association protects all user traffic between a pair of TACLANEs. Automated peer TACLANE discovery using SDD (Secure Dynamic Discovery). PPK and FFVS for each security association. Up to 16 PPK Chains. Up to 11 changeover PPKs in each chain. IP TFS controls. Over the Network Software Download and Field Software Upgrade. Up to 9 simultaneous network managers. Other Characteristics: TACLANE can communicate at multiple security levels, one level at any given time. The operator selects the security level. The CIK protects one FIREFLY vector set and up to 48 PPKs, all filled using a DTD. An operator can create 2 user CIKs, for a total of 3 CIKs, to allow shift operators access to the same key material. Physical access control is provided by removing the CIK, which locks the TACLANE. TACLANE is NSA-certified to provide Type 1 encryption and decryption for information classified TOP SECRET codeword and below. When a valid CIK is inserted, the TACLANE is classified at the highest classification level of the key it contains (but never less than UNCLASSIFIED/CCI). When the CIK is removed, the TACLANE is UNCLASSIFIED/CCI and the CIK is UNCLASSIFIED. 96 Citrix WANScaler Citrix WANScaler: The WANScaler appliance will optimize WAN links, which gives the network maximum throughput at any distance, making the WAN behave like a LAN. This appliance works transparently on your network; there is no need to reconfigure servers, clients, applications, or your network infrastructure. The WANScaler becomes a virtual gateway that controls the TCP traffic on the link. Normally, TCP is controlled by the endpoint devices, which have no visibility into the state of the link or the amount of other traffic on the link. This situation makes TCP less than advantageous over WAN links. The WANScaler appliance supplies the intelligence that is missing in the network and the TCP connections. It is configured as a virtual gateway with only one parameter – the bandwidth limit – that configures the link speed. By overcoming the inherent limitations of TCP/IP over impaired links (high delay and/or high error), it improves performance of TCP/IP based applications such as web browsing (HTTP), file transfer (FTP), etc. 97 Uninterruptible Power Supply (UPS) Front View Rear View The UPS will provide emergency power for 12 minutes to the cases in the event of a prime power loss. Power Output: Amps: Backup Time With Full Load: Total Number of Outputs: Surge Suppression: Transfer Time: Operating Temperature: Automatic Shutdown Audible Alarm 98 1005 Watts 13 at 115VAC / 6.5 at 230VAC 12 Minutes 4 480 Joules Zero, True online design 0oC to 40o C JNN/CPN/STT Network Overview 100 STT Network Overview The AN/TSC-167B (V) Satellite Transportable Terminal (STT) is a Satellite terminal system providing two-way digital communications in support of the WINT network architecture. The STT functionally fits in at the Corp/Division and Brigade Combat Team (BCT) level. The STT uses Multi-Frequency Time Division Multiple Access (MF-TDMA) and Frequency Division Multiple Access (FDMA) transmission technology to support a high throughput data handling capability for the Army’s IP based data networks. Two versions of the STT are used: 1. The STT version that supports the JNN provides both TDMA and FDMA satellite communication. 2. The STT version that supports the BnCPN only operates in the TDMA mode. The difference in the two versions is the additional equipment (satellite modem and fiber-optic modem) on the JNN version necessary to implement the FDMA communications capability. 101 BCT CP X-Band Satellite – – UHF TACSAT TDMA FDMA Ku-Band Satellite STEP/Teleport EHF-Band Satellite IP IP + CKT EHF via SMART - T -X Band via GMF UHF TACSAT LOS Surrogate Teleport Other Comms available: UHF SATCOM, L-Band (BFT & INMARSAT), SINCGARS, IRIDIUM, MBITR, GBS, CSS, TROJAN SPIRIT, and HF 2.4 M Ku TERMINAL 2.4 M Ku TERMINAL TSC-85/93 Battalion CP Battalion CP SMART-T 2.4 M Ku TERMINAL HCLOS JNN BDE Command Post 2.4 M Ku TERMINAL 2.4 M Ku TERMINAL Battalion CP External Connectivity Battalion CP The STT is designed to provide voice and data connectivity from worldwide forward locations for intra/inter-theater operations. The terminal has many features that make it ideal for either short or long-term deployment, providing high capacity reach-back services. The terminals can be operated in continuous, uninterrupted operations either manned or unmanned as required. The voice and data connectivity as part of the Global Information Grid (GIG) can be in the form of NIPR (Non-secure Internet Protocol), Secure Internet Protocol (SIPR), VTC (Video Teleconferencing), VoIP (Voice over IP), ISDN (Integrated Service Digital Network (ISDN), Defense Service Network (DSN), Private Branch exchange (PBX), 102 External Connectivity Battalion External Connectivity ESB TDMA – IP UHF TACSAT FDMA – IP + CKT EHF via SMART - T X-Band Satellite Ku-Band Satellite X-Band via GMF UHF TACSAT LOS STEP/Teleport Other Comms available: UHF SATCOM, L-Band (BFT & INMARSAT), SINCGARS, IRIDIUM, MBITR, GBS, CSS, TROJAN SPIRIT, and HF TRC-85/93 2.4 M Ku TERMINAL Surrogate Teleport HCLOS JNN EHF-Band Satellite UEx MAIN SMART-T SMART-T SMART-T UA Command Post UA Command Post The connection to the GIG/DISN (Defense Information Services Network) or commercial assets can be located at a STEP (Standardized Tactical Entry Point) site or a Regional Hub Node. 103 Overview Sanctuary TDMA 37-40 Shared FDMA 16-20 Mbps Fixed 3.9m GIG/DISN Division Hub Node 3.9m TDMA 37-40 Shared FDMA 16-20 Mbps Fixed Baseband Existing Equipment JNN Network Equipment Brigade DIV (TAC 1&2) Node BDE (Multiple per Div) Ku Fixed Regional Hub Node FDMA – IP + CKT TDMA – IP 2.4m Red Voice SIP R LOS TRC -190 V(3) SMART-T 1.544 Mbps NIPR Black Voice NET OPS PKGS WAN LAN DPEM (NIPR) (NIPR) (Planning) (SIPR) (SIPR) BN (Multiple per BDE) TDMA Shared Among Bns Battalion Command Post Node Ku 2.4m LAN MGT NIPR SIPR Each STT consists of a 2.4M SM-LT Ku antenna mounted on a trailer. The electronic components provide 2-way digital communications via two racks of equipment located in a cooled electronic equipment compartment on the rear of the trailer. In each example, the trailer connects to some form of data package either in transit cases or CPNs (Command Post Nodes) or BSN (Brigade Subscriber Node). 104 JNN System - Components A complete JNN system consists of several subcomponents: JNN shelter mounted on HMMWV. Ku satellite trailer towed by JNN shelter HMMWV. Two HMMWV support vehicles each towing 10 kw generators. AN/TRC-190(V)3 HCLOS system consisting of: - AN/TRC-190(V)3 shelter - HMMWV (shelter carrier) towing 10 kw generator. - HMMWV support vehicle towing support trailer. BVTC/BITS transit case. Three each SIPR data transit cases. Two each NIPR data cases. Two each red voice transit cases. Two each black voice transit cases. Three each SIPR & NIPR laptops for Nodal, LAN, & WAN management. UNIX Tadpole computer for WAN planning. Two JNN spares cases. One NMS transit case. 105 Typical JNN Interfaces The above diagram depicts the various interfaces on the JNN shelter and typical devices that may be interfaced to the connections. 106 BnCPN Signal Flow JNN SEP MC1 CT KG-175 TACLANE PT VLAN 175 PORTS -142 FOR USER ACCESS GE 0/45 VLAN VLAN VLAN 58 175 6 59 CISCO 3560 ETHERNET SW * Ports 46 -52 for access cases GE 0/44 GE 0/43 VLAN 6 * + 175 VPN RTR VLAN 59 VLAN 58 PORT 1 GE 0/0 NETSCREEN 50 dot1q TRUNK SERIAL PORT TO SIPR TACLANE PORT 3 CISCO 3825 ROUTER VLAN 59 GE 0/1 VPN RTR SEP MC GE 0/49 SFP 1 GE 0/51 SFP 2 PORTS 1 - 42 FOR USER ACCESS SIPR dot1q TRUNK VLAN 6 TURBO IP SEP MC STT TRAILER WAN LAN VLAN 175 CISCO 3560 ETHERNET SW VLAN 58 59 * Ports 46 -48,50, and 52 for user case GE 0/44 GE 0/43 VLAN 6 + 175 GE 0/45 VLAN 59 VLAN 58 ALT. to TACLANE (optional) LOS CASE HCLOS LOS PORT 1 NETSCREEN 50 GE 0/0 PORT 3 dot1q TRUNK CISCO 3825 ROUTER LAN VLAN 59 GE 0/1 WAN TURBO IP NIPR Signal flows through the LOS cases, BnCPN cases, STT to the Satellite in orbit eventually to the JNN networked equipment. Notice that the LOS cases are supported by the LOS (v) series shelters either by legacy or by HCLOS. 107 WIN-T Network Architecture Hub Node (Div/Corps) Regional Hub Node DISN/GIG (cable) DISN/GIG JNN Ku TDMA BN CPN BN CPN (Battalion level unit) Ku FDMA Currently, WIN-T Inc 1 and legacy JNN Hub Nodes using commercial Ku and Kaband satellite capabilities are providing the transport using Time Division Multiple Access (TDMA) and Frequency Division Multiple Access (FDMA) technologies. The WIN-T network architecture (Figure 1-1) is composed of four primary nodes that provide support to various elements within the Army and Joint Forces: 1. 2. 3. 4. Regional Hub Node (RHN) Unit Hub Node (UHN) Joint Network Node (JNN) Battalion Command Post Node (BnCPN) The UHN is a Division asset that provides connectivity to the Defense Information Systems Network (DISN) and the Glob al Information Grid (GIG). The UHN utilizes both FDMA and TDMA satellite connectivity. The UHN also serves as the master hub node for TDMA mesh networks of the Brigades and their associated BnCPNs. The JNN is located at the Brigade element. It serves as both a distribution point for the various systems within the Brigade and provides direct network services for the Brigade headquarter elements. The JNN can utilize both TDMA and 108 FDMA satellite connectivity and has a single FDMA link that is usually reserved for connectivity to the UHN. The BnCPN provides direct network access to users within a Battalion element. It utilizes only TDMA satellite connectivity. It has permanent links to the UHN and JNN and can establish on demand connections to other CPNs within the Brigade. The RHN enables the deployment of WIN-T Inc 1 and legacy JNN equipped units into a theater where they can immediately begin to draw their satellite services from a fully provisioned hub node operating in sanctuary. RHNs allow satellite, voice, and data services to be provisioned and pre-positioned to support deploying forces as they flow into a theater of operation. The RHN will activate satellite carriers prior to the flow of forces into the theater, as well as provide connectivity for deployed force access to national networks. The RHN is the primary hub node when a UHN is not in-theater, or it can provide backup services in support of a Division, even if their UHN is operational. Five Regional Hub Nodes will be deployed at fixed operational base locations to provide near worldwide coverage. They will be located in the European, Southwest Asia, and Western Pacific theaters, as well as on the United States east and west coasts. The RHN can be divided logically into three subcomponents: satellite communications, baseband services, and network operations and user services. The RHN is the largest of the four WIN-T Increment 1 and legacy JNN Hub Node types, and can provide the following capabilities: Provide primary hub node connectivity (FDMA and TDMA) and services for tactical users during reception, staging, onward movement, and integration (RSOI) operations. Provide TDMA management support enabling intra-theater Brigade-toBrigade level routing and network services. Provide primary hub node connectivity and services to expeditionary units not deploying with a UHN. Provide support to Echelon Above Corps (EAC), such as Expeditionary Signal Battalion (ESB), or Echelon Corps and Below (ECB), which are task organized to support the entire entity. Provide a server sanctuary supporting the delivery of theater level services and a stable location for Division or Brigade units to host services for their tactical users. Provide WIN-T Inc 1 and legacy JNN Hub Node connectivity and services for mounted battle command on the move (MBCOTM) users. Extend DISN services to the tactical user. 109 Transit Cases BnCPN Transit Cases The BnCPN is contained in three transit cases: Router Case VPN Case LOS Case The above diagram shows the interconnectivity between the cases. The Router Case directly supports the SIPR user, data and voice and is connected to the VPN Case via fiber through media converters. The VPN Case provides direct connectivity to the Ku Satellite trailer for connectivity into the TDMA satellite network. The VPN Case can be configured to support NIPR users though this is not part of the standard configuration. The LOS case is intended to provide connectivity for the BnCPN to a legacy system with a TRI-TAC CDI interface such as an MSE LOS system. When using the LOS Case, DMVPN operation is not possible. 110 Line of Sight Case (LOS) 112 BnCPN LOS Case Front View Rear View Diphase Modem Line Of Sight Interface Case: The LOS case is intended to be used in conjunction with either the Battalion Command Post NIPR case or the Battalion Command Post SIPR case. It accepts a serial interface from the NIPR or SIPR case and applies Forward Error Correction (FEC), encrypts via KIV-7M, and modulates signals using a CTM-100C diphase modem. It supports 2 LOS links. 113 CTM-100/C CTM-100/C: The CDIMs have two modem functions: 114 Converts data between Non Return to Zero (NRZ) and Conditioned Diphase signaling types [Cat5 and CX-11230 cables]. Converts between Fiber Optic and NRZ [TFOCA-II and Cat5 cables]. The purpose of the dual port CDIMs is to convert the NRZ data into CDI or fiber. Allows interfaces to be extended from the shelter using either CX-11230 cable or fiber optic cable. Supports rates up to 4608 kb/s using CX-11230, 18720 using fiber. Transports data up to 2 miles using CX-11230 depending on the transmission rate. Transports data up to 10 miles using fiber optical cable for all data rate. Can support loopbacks on the NRZ, CDI, or fiber side of the selected port. CDIM A> ALARMS * >> A,B • The purpose of the dual port CDIM is to convert NRZ (RS-530) data into CDI or fiber • Allow interfaces to be extended from the shelter using either CX-11230 cable or fiber optic cable • Support rates up to 4608 Kbps using CX-11230, 18720 Kbps using fiber The major engineering goal of the optional CTM-100/C multiplexer mode was to interface THSDN Digital Trunk Groups (DTGs). The CTM-100/C can break out the voice and data circuits of a High Speed DTG. This allows for Small Extension Node, SEN-like capabilities to be performed in a much smaller form factor. The basic operation is that the CTM-100/C receives the High Speed DTG and breaks out the separate voice and data streams. The voice portion of the DTG is delivered to an RMC or LTU and the data portion of the DTG is delivered to a router. The CTM-100/C can move circuits at distances up to 16 km and rates up to 18720 kbs utilizing tactical fiber cable such as CX-13295, or at distances up to 3.2 km and at rates up to 4608 kbs via legacy copper cables such as CX-11230. The CTM-100/C optical transceivers can drive circuits 16km over single or multimode cable. The loopbacks are digital loopbacks, which allow the data to pass through the CTM-100/C internal circuitry before being looped back. Transport data up to 2 miles using CX-11230 depending on the transmission rate. Transport data up to 10 miles using fiber optical cable for all data rates. Can support loopbacks on the NRZ, CDI, or Fiber side of the selected port. 115 J-1 TERM Interface to Terminal Server and for external configuration. PORT Select the desired port (A/B). ENTER Accepts entered selection such as data rate. ESC Returns to the default top-level menu (alarms display). Up and down arrows scroll through menu options available. LCD Left and right arrows scroll through available menu option settings. Status and configuration display. Upon power-up, the CDIM will display software version and then the system level Alarms status. From the alarms status, the user can configure the CDIM using the panel buttons. Configurations are automatically saved in NVRAM (Non Volatile Random Access Memory) after eight seconds of no menu activity. Three types of available commands: 1. Normal: Contain options selectable by the user Different options available for Fiber and CDI 2. Status Only: Statuses that can not be changed 3. Re-Settable: Status items that may be reset 116 CDIM Rear Panel Controls & Indicators J3/J7 DB-50 female connectors for ports A and B, used for CDI signals. J4/J8 DB-25 female connectors, used for NRZ signals J5/J9 Port A and B fiber optic transmit connections J6/J10 Port A and B fiber optic receive connections 117 CDIM Tests and Loops CDIM Test CDIM Loopback Tests and loopbacks will help troubleshoot the CDIM links whenever they are not working properly. 118 CDIM tests can be applied on any of the CDIM ports. Port selection will be done through the Test Mode menu option. Different ports will be available depending on what CDIM mode is selected. For tests to function, the network device will have to be put in loopback. CDIM loops can also be put on any of the CDIM ports. Port selection will be done through the loops menu option. (HSFEC) HSFEC: High Speed Forward Error Correction card- corrects Bit Error rates. Automatically senses data rates. Located in the LOS Interface case, inside the FEC box. Houses 1 HSFEC-5 card. 119 (HSFEC) Controls and Indicators 1 2 3 4 1 M (MODE) LED: Green Yellow Red FEC ON + INTERLEAVER ON FEC only No FEC 2 B (BER) LED: Red The bit error rate is higher than 2x10-6 (only BER Test Mode or Loopback Mode) The bit error rate is lower than 2x10-6 (only BER Test Mode or Loopback Mode) Green 3 S (SYNC) LED: Red Green Off The FEC cards on the sending and receiving end are out of sync The FEC cards on the sending and receiving end are in sync FEC is turned off. 4 HOT SWAP LED Red Card can be removed and reinserted without shutting off power HSFEC Loopback Test • This procedure loops back the HSFEC network element in a NIPR Tier 1 serial channel. The HSFEC card in the FLEXMUX front panel toggle switches are used to set the loopback. – Check the mode (M) LED for the channel under test on the HSFEC front panel. If the LED is green or yellow, the HSFEC circuit is activated: proceed with this procedure. If the LED is red, the HSFEC function is bypassed and loopback testing does not apply. – Set the channel’s Loopback-Normal-BER Test switch to the Loopback position. – Check the port status using SNMPc and verify that the port is Up indicating a successful loopback test. – Set the Loopback-Normal-BER Test switch back to the Normal position when the test is complete. 120 KIV-7M KIV-7M: Provides digital data encryption/decryption. Operates in full duplex synchronous operation employing identical key generators for transmission and reception. 121 KIV-7M Functions The KIV-7M is a Type-1 encryption device which will be used in the SSS for the purpose of encrypting DTG links between the SMU and other circuit switches, encrypting SA-TRK links between Prominas, and for encrypting router to router links. Each KIV-7M will have two independently configurable channels that may be keyed at different security levels if needed. They will operate in one of four modes or personalities. Which mode we use will depend on what the distant end COMSEC equipment is. One of the modes we use will be the KIV-7 mode that will communicate with older KIV-7 models. This mode will probably be used for encrypting router circuits. The second mode we will use is the KG-194 mode that will be compatible with KIV-19 and KG-194 type encryptors. We will probably use this mode for encrypting SMU DTGs, Promina SA-TRK links, and even some routerto-router links. The final mode that we will be using is the Suite-A mode. This mode will be used for communicating between two KIV-7Ms. You can store up to four configurations per each channel. These are handy if you interface to different equipment that requires different settings in your device. One example is that you set up the KIV with certain settings for communication with another KIV-7 M, store that config in one of the four storage locations, and store a config for communication with a legacy KG-194 in another location. These two configs can be stored on the same channel and recalled into use as necessary. This will be the normal operations for us during training. 122 The KIV will be able to run at speeds of up to 2048 Kb when we re using it in KIV-7 mode. If we use it in KG-194 mode then we can run up to 13.5 Mb but most of the equipment we will be interfacing does not go that high. Suite-A can go even higher, but we will probably be using the EIA-530 connectors for all communications. To break it down again, the KIV-7M is a dual channel encryptor. These two channels are independently configurable. They can be set up in one of four modes for use with differing distant end encryption devices. The fact that the two channels are independently configurable means you can set up one of the channels as a KG-194 with a secret key and the other channel as a Suite-A device with a top-secret key if needed. The possible data rates depend on device configuration as far as mode and data connector type. 123 Controls and Indicators (1) Channel Display Command and Status Display Before starting to configure the KIV, we need to familiarize with the controls and indicators of the device. The fill port on the front panel will be used for loading COMSEC keys into the KIV. We will go over how to load keys later. This port will normally be configured as a DS-102 port that will make it compatible with KYK-13s, KYX-15s, and AN/CYZ-10s. The CIK port is where the CIK or Crypto Ignition Key is inserted for operating the KIV. The KIV will not function without a CIK or with an incorrect CIK. Only one valid CIK may be existing for each KIV. If the CIK that was prior initialized for the device is lost or damaged, then a new CIK may be initialized. However, since only one valid CIK may exist, the old CIK, which was lost or damaged, is no longer valid. Not a problem if it was damaged, but if it was lost and then found, it will no longer work with this or any other KIV. Be sure to properly label and store CIK keys when not in use. The purpose of the CIK key is to encrypt keys that are loaded in the KIV. Once a CIK is installed and initialized, it will be valid only in the KIV for which it was initialized. During operations, any COMSEC keys that are loaded into the KIV will only be valid as long as the associated CIK is installed. The CIK may be removed and stored without zeroing the KIV. If the CIK is lost, then the keys that are loaded in the KIV will not be operational. If a new CIK is installed and initialized in the KIV, then any loaded keys will be zeroized since they were only valid with the prior initialized CIK. 124 The channel display will be used to notify the operator that is the current valid channel on the KIV. On the other hand, more precisely, it will notify the operator of which channel is currently being displayed and configured on the KIV. There will either be a 1 for channel one, a 2 for channel two, or a – signifying that system or KIV itself is being configured and not either of the channels. The command and status display will be used for displaying statuses of the KIV. We will also use it for scrolling through commands and options of the KIV and then selecting the desired command and/or setting/option. FILL Connector: Used for loading keys into the KIV-7M. Programmable by personality as either DS-101 for DTD type devices, DS-102 for common fill devices, or RS-232. CIK Port: Used for Crypto Ignition Key insertion which is used to initialize the KIV-7M. If no CIK key, then the KIV-7M is inoperable. Channel Display: Single character display that signifies which channel of the KIV-7M is currently being configured. If a – is displayed then you are in system configuration. Command and Status Display: Displays command options and status messages to the operator. 125 Controls and Indicators (2) The CH button will be used for selecting which channel of the KIV to configure. Pressing this button will cause the channel display to scroll between either channel 1, 2, or – for system configuration. The up and down arrow buttons will scroll through the commands and options of the KIV for the selected channel or system. The commands will display at the command and status display screen. When accessing the command menu from a status display, it may be necessary to first press the down arrow before the command menu displays. The INIT button will be used to initiate an action, depending on the operational status of the KIV. This action may be to select the current command, select the current setting for the command, to load a key, to update or resync a key. The ESC button will be used to back up one level in the menu tree. The ON LINE button will place the selected channel into an on-line or operational status. The channel will only go on-line as long as valid keys have been loaded for the channel. The channel may also be brought off-line with this button. 126 When the INIT and ESC buttons are pressed simultaneously, the KIV will be zeroized. All keys will be zeroed and the CIK will be initialized to a blank state. If this is done, it will be necessary to reset the KIV. This may be accomplished by removing and reinserting the CIK key or by cycling power to the KIV. CH Button Used to select channel to configure. Either 1, 2, or – for system. ▲ Button Scrolls up through the command and status messages in the command/status display. INIT Button Initiates an action for the requested channel, depending on operational state of the KIV-7M. Examples are command initialization, option selection, or crypto synchronization. ▼ Button Scrolls down through the command and status messages in the command/status display. ESC Button Back up one level in the menu tree. ON LINE Button Transfers the selected channel from off-line to on-line and reverse. Also initiates header bypass when enabled. 127 Controls and Indicators (3) The HDR BYP indicator will indicate when the selected channel is in header bypass mode. We will probably not ever use header bypass but it can be used to transmit up to 512 bits of data from the connected data device to any equipment between your KIV and the distant end KIV or to the distant end, data device before secure operations is established. This data will not be encrypted even if keys are loaded in the KIV. After the 512 bits of data are transmitted, the KIV will go to secure on-line operations and start encrypting. The ALARM indicator will indicate when an alarm with the selected channel or system has occurred. If the alarm and zeroize indicators are steadily lit at the same time and the display reads “LOAD JK0”, then the device must be turned in for re-initialization. The PARITY indicator will light continuously whenever there is a parity error with the key or there are no keys loaded. It will flash momentarily when the operation such as key loading was successful. The ZEROIZE indicator will indicate when the KIV is completely zeroized or when it is being zeroized. If completely zeroed, the LED will be constantly lit. It will flash when a key or keys are being zeroed. 128 The ON LINE indicator will indicate when the selected channel is operational and encrypting/decrypting data. It will flash when the channel is trying to sync or resync. HDR BYP indicator Green LED indicates when the selected channel is bypassing header data. When channel indicates “–” LED illuminates if either channel in header bypass mode. ALARM indicator Red LED indicates an alarm with the selected channel or with the system. PARITY indicator Red LED lights continuously if parity error during key loading, selection, transfer, or OTAR operations or no keys are loaded. Indicator blinks if operation successful. ZEROIZE indicator Red LED lights when KIV-7M zeroized. Blinks during zeroization. ON LINE indicator, Green LED indicates when selected channel is operational and encrypting/decrypting data. Off if channel is in standby or header bypass. Blinks during synchronization. Lights up if either channel operational when channel indicates “–”. 129 KIV-7M Connectors One thing to point out is the HCI. This port would normally allow configuring the KIV through a web interface. However, NSA does not allow connecting of the KIVs to a LAN. HAIPE = High Assurance Internet Protocol Encryptor. RED CHANNEL 1 J3 68-pin connector for RED Plain Text channel 1 data. RED CHANNEL 2 J5 68-pin connector for RED Plain Text channel 2 data. BLACK CHANNEL 1 J4 68 pin connector for BLACK Cipher Text channel 1 data. BLACK CHANNEL 2 J6 68 pin connector for BLACK Cipher Text channel 2 data. +5V DC J1 7 pin DC power input and ground HCI J2 RJ-45 Host Control Interface for remote connection to the device. Not connected in SHELTER. RED CH 3 J8 High Assurance Internet Protocol Encryptor (HAIPE) port. Not used. BLACK CH 3 J7 HAIPE port. Not used. 130 DED Operations DED (Dedicated Encryption Device) operations are how we refer to setting up a KIV-7M for communicating with a KIV-7 family device or the older KG-84 family of devices. As the diagram shows, we will mostly be using this mode of operations for encrypting router circuits. However, this is only a representation of one of the possible scenarios for using this mode and what is shown here will not always be the case. The X-MSN may be any of the transmission or modem devices in the CPN such as a CDIM. We already saw how to set a personality for a channel earlier. We will now start configuring the channels for operations. We are first going to go over how to set up a channel for operation as a DED or KIV-7. Remember than in order to do this we must have the channel select set to either one or two. What we see on the slide is pretty much, what needs to be done in order to communicate between a KIV-7M and a KIV-7. There are many settings associated with SETUP A through C. We will go over these and the recommended settings in a few slides. The key selection and loading is also very important since you need to have the same key loaded at both ends in order to talk. 131 132 Select correct channel personality KIV-7 Set Security Level Configure port options for personality SETUP A SETUP B SETUP C Load Keys Select Keys to use Bring channel on-line for link communications TED OperationS The TED mode or personality is used for communicating with the KIV-19 and/or KG-194 family of encryptors. This mode will allow us to encrypt SMU, router, and Promina SA-TRK links. We just went over most of the configurations for a channel set up with a KIV-7 personality. There were many options available and the same is the case for the KG-194 mode. We are now going to go over the KG-194 personality options for the channels of a KIV-7M. This shown on the slide is what we need to do to configure the KIV-7M channel to operate as a KG-194. Main thing of course is to select the personality. Select correct channel personality KG-194 Set Security Level Configure port options for personality SETUP A SETUP B Load Keys Bring channel on-line for link communications 133 Suite-A Operations We will be using the Suite-A personality for communicating with other KIV7M devices. Since only SSS (V) 3 shelters currently have these KIV-7Ms, we will mostly be using this personality for communicating with other SSS (V) 3 shelters such as during our training. Setting all these personalities is mostly the same. There are some differences in the options available, but if you can set one personality, you should be able to set them all. The main thing is to follow the menu trees and there will be some cut sheets (more or less) at the end of the lesson. With cut sheets and a menu tree for understanding where to go for configuring desired options, the students should not have a problem. We will now go over the Suite-A mode. 134 Select correct channel personality Suite A Set Security Level Configure port options for personality SETUP A SETUP B SETUP C Load Keys Bring channel on-line for link communications For comments or suggestions on this book, please email us at: itfsb.cecom@us.army.mil Subject Line: Books