83rd NETWORK OPERATIONS SQUADRON 83 NOS Perspective: AFNETOPS and the AFNET Migration Lt Col Eric P. DeLange Commander This Briefing is: UNCLASSIFIED Chain of Command & AFNETOPS Organization AFSPC AF Network Integration Center (Scott AFB) 24 AF 624 OC 689 Combat Comm Wing 67 Net Warfare Wing 688 Info Ops Wing Combat Comm & Comm Maint/System Tech Eval (Robins AFB) Net Ops & Monitoring, CND/A (Lackland AFB) Info Ops & Net Engineering (Lackland AFB) 26 NOG 690 NSG 67 NWG (Lackland AFB) (Lackland AFB) (Lackland AFB) 26 NOS (Gunter Annex) 33 NWS (Lackland AFB) 26 OSS (Lackland AFB) 352 NWS (Hickam AFB) 426 NWS (Vogelweh GE) 68 NWS (Brooks CB, TX) 83 NOS (Langley AFB) 561 NOS (Peterson AFB) 690 NSS (Lackland AFB) 690 ISS (Lackland AFB) 91 NWS (Lackland AFB) 315 NWS (Fort Meade) 299 NOSS (KS ANG) 310 CF (CO AFR) 622 CF (VA AFR) Base Network Control Ctr’s (NCCs) UNCLASSIFIED Standards = Success ---- AFNETOPS C2 Process 67th Network Warfare Wing 67 NWW 690 NSG Net Ops • • • 26 NOG Net Defense 67 NWG Full Spectrum USAF’s Cyberspace Force – Combat Wing, Global Presence Mission: • Operate, Manage, & Defend Global AF Networks • Train and Ready Airmen to Execute Computer Network Exploitation and Attack • Perform Electronic Systems Attack Security Assessments Conducts the Full Range of Network Warfare • Network Operations (Establish) • Net Defense (Control) • Full Spectrum (Use) UNCLASSIFIED Standards = Success Operate Operations Of and On the Network Defend Mission Command, Control, Operate, Sustain, and Defend assigned Air Force networks to assure global cyber supremacy and enforce Air Force network standards and to develop Airman as cyber warriors. UNCLASSIFIED Standards = Success The AFNET Platform Delivering… Career Email Address Standardization and Consolidation Single Sign-On Reduced Cost and System Complexity Air Force Wide Enterprise Standardized and Secure! UNCLASSIFIED Standards = Success AF-Wide Collaboration UNCLASSIFIED Services in the AFNET Management Tools Network Account Management Security Policy Enforcement/Management Application Monitoring Network Monitoring Functional Services C2 and Functional Systems • • • • • • • • SharePoint MS Office Communication Server List Servers Fax Servers Project Management Servers FTP Servers Enterprise–wide VPN Storage AF Enterprise Forest Capabilities E-mail Mobile Devices ESD UNCLASSIFIED Standards = Success Security/Authentication Directory (AD) Anti-Virus Security Patching (SCCM) CAC Certification What the AFNET Migration is NOT! AFNet is not a “full” tech refresh of base equipment AFNet does not “reprogram” PMO systems AFNet does not provide C&A of base enclaves AFNet Enterprise Service Desk (ESD) was not not established to handle all communication issues (LMR, IPTV, etc) AFNet does not provide Continuity of Operations (COOP) AFNet does not “restructure” AF boundaries; Completely separate but related effort AFNet does not remove Single Points of Failure (SPOF) AFNet does not “fix” existing network issues AFNet does not physically “move” base level functional systems to the APC UNCLASSIFIED Standards = Success 7 Components of Migration • Initial Coordination • • Programmatic Coordination Begins 210 days prior to migration / Duration ~15 days • Infrastructure Preparation • • Circuit Upgrades, Facility Improvements, AQ processes Begins ~180 days prior to migration / Duration up to 150 days (or more) • Source Environment Preparation • • Prepare the legacy environments for migration (Administrative & Technical) Begins ~90 days prior to migration / Duration ~60 days • Target Environment Preparation • • Prepare AFNET to support migration of site Begins ~60 days prior to migration / Duration ~60 days Legacy shutdown actions occur concurrently during migration/post migration actions • Migration • • Move Legacy Active Directory resources to AFNet Duration varies from 15 days - up to 150 days (or more) • Post Migration • • Initial Coord Environment Clean up, Legacy Func App Transition & Shutdown Begins ~180 prior to migration / Duration up to 150 days (or more) Infrastructure Prep Source Env Prep Target Env Prep Migration Post Migration Legacy Shutdown Migration Organizational Roles/Responsibilities ‘Key’ stakeholders and what each contributes to the migration of an organization MAJCOM AFSPC 24 AF/67 NWW (Includes 690 NSG, 83 NOS, 561 NOS) AFNIC Base •Coordinate Base Support •Coordinate Migration Schedule •Facilitate Strategic Communication •Funding for Hardware and Allied Support •Contracting Support •Core Migration Team •O&M for the AFNet •Operational Issue Resolution This is a TEAM Sport! • Project Management • Operations • Legacy Shutdown • Executes Checklist • Coord Local Support/Info Dissemination • Provides Dedicated CST Support UNCLASSIFIED Standards = Success UNCLASSIFIED Entrance Criteria • • • • • • • Complete all pre-migration checklists Key servers in-place, configured, and operational Proper, documented certification and accreditation Support orgs prepared to accept responsibility <1% user accts over mailbox size limit XP machine POA&M Cyber Readiness Review (CRR) AFNIC/ECSO FACILITATION Programmatic Pre-Migration Administrative Checklists Feedback CRR Technical Checklists Execution Feedback CRR represents formal hand-off from programmatic actions to operations LESSONS LEARNED 690 NSG Operations UNCLASSIFIED Standards = Success Exit Criteria • • • Migrate user/machine accts, E-mail, public folders & other services All mission systems operational pre-migration are still operational post-migration • Accessible via trust or in the AFNet <1% minor (user-level) tickets and no major (exec/base-level or higher mission impact) tickets related to MIGRATION • Outstanding Help Desk tickets related to Other Services will transfer to the ESU/ESD Exit criteria will be reviewed during outbrief UNCLASSIFIED Standards = Success Post Migration Support Environment • • • • • Tier 0 Tier 1 Tier 2 User ESD I-NOSC/ESU/APC MCCC/NCC/CFP “Self-service” TT Submission/Status Load own printer Load appr S/W apps Etc. Tier 1 • Create/assign/track TTs • Initial troubleshooting • AD User Acct Mgmt Tier 2 • Admin/Assist • EITSM Acct Mgmt • Etc. • More complex HW/SW problems • Requires specific construct attention • Netwk Transport, Server, Boundary issues • Local Touch MX req’d Enterprise Service Desk DSN 510-HELPDESK (510-435-7337) “owns” lifecycle management Tier 3 • Highly specialized expertise required - Engineers - System integrators - 3rd-party providers - Vendors - FSEs/SMEs • PMO-managed systems - AFPKI - AFDS - ADLS - AFNet Response Ctr Lessons Learned Adherence to Checklist Completion Dedicated Migration CSTs Security Permissions for Mapped Drives Strategic Communications Selecting Pilot Users Identifying Network Bandwidth Issues AD Groups and Exchange UNCLASSIFIED Identifying Alt Token, Blackberry/Good Mobile, VIP Users Standards = Success Ensuring ATO and CR Process Questions? UNCLASSIFIED Standards = Success