Firstly, Id like to thank everyone attending, taking the time out of their day, and allowing me to present This methodology was developed for military application, and therefore this presentation is the theory of applying this same methodology to a more consumer based model
Security Implications
Such as, in any network access structure, the more perpetual time, users, and traffic in/out of even a contained network unit increases the possibility of penetration and/or intrusion, either by an internal, or external entities.
Best Practices
Methodology Architecture
Solution: XXX
Software
Stack Architecture
Hardware
Vendor Blade Servers
HP, IBM, Cisco choices, the original theory was to utilize HP equipment, i.e. 3 pools, consisting of, 24 (8 per chassis per pool) C series HP Blade Servers, in a (3) NetApp 500 TB Flexpod Configurations
Software
Orchestration and Server Automation Access Management, Identity Management Management Portal User Authentication Portal User Environment
Distributed Fabrics
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Management Environment
Administration Portal
Controls Orchestration
Creation of Flows Delivery of Special Purpose Infrastructure
Access Control
Management of Access Control
Identity Management
Control and input of Identity Management Environment
Fabric Administrators
Admin
Distributed Fabrics
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Package retrieval
Golden (or Root) images, originally a mission protocol, built into image form, with precise locations, mission status, mission scope, so on
Package Instantiation
Flow would be initialized and executed, based on predetermined requirements Authentication keys are generated, based on prerequisites
Fabric Administrators
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Identity Management
Access Rights
Keys would then be assigned to mission handlers, i.e. mission stakeholders, or in this case project stakeholders
Identity Management
Keys would then be assigned to mission executors, i.e. operatives, in this case project managers
Fabric Administrators
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Pass-through or pass-off
Administrators would then be reassigned, and ownership passed off to the mission, or in this case project, stakeholders
Although the pass-off has take place, administrators still have some authority for break/fix scenarios
Fabric Administrators
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Authentication Process
Mission, or in this case project, stakeholders take control of the Special Purpose Computing environment
Fabric Administrators
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
At this point the half life of the authentication process has been initiated
Fabric Administrators
User
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Access Rights
Mission (project) stakeholders initiate operators requested identities
Access is granted to operators
Fabric Administrators
User
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Fabric Administrators
User
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Repetition
The same protocols and procedures would be executed, in order, subsequent to further instantiations After each mission, or in this case project, concludes, the fabrics data is warehoused, and the core destroyed, taking with it all keys associated, as well as access rights granted
Pass-off is then given back to the administrators, to access raw data collected
Event correlation, data mining, so on, is initiated Depending on the department and/or organization, internal handling of the data will differ
Fabric Administrators
User
Owner
User
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Fabric Administrators
User
Owner
User
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Fabric Administrators
User
Owner
User
Owner
User
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Fabric Administrators
User
Owner
User
Owner
User
Owner
Admin
Orchestration Service Oriented Architecture Process Management Access Control Identity Management Provisioning Element Management Event Correlation
Data Warehouse
Middleware Clients
Application Servers/Middleware
Storage Management
Compute Provisioning
NAS
Pool 1
NAS
Pool 2
NAS
Pool 3
Physical Infrstructure
POOLS
Conclusion
As stated, at the beginning, of this presentation, originally this methodology was created for purely military application However I have seen the necessity to carry it forward to more of a consumer application, such as fabrics that further more of a compliancy driven model. This being said, there would be a need for business and use cases to determine sustainability within that model, and subsequent configuration changes, if need be.
Presentation End
Q & A Ladies and Gentlemen, thank you for your time and consideration I look forward to working with you all, in the near future. Please feel free to contact me, with any questions Jonathan Spindel Email: jspindel@ieee.org Phone: (954) 299-2132