Presentation is loading. Please wait.

Presentation is loading. Please wait.

83 NOS Perspective: AFNETOPS and the AFNET Migration

Similar presentations

Presentation on theme: "83 NOS Perspective: AFNETOPS and the AFNET Migration"— Presentation transcript:

1 83 NOS Perspective: AFNETOPS and the AFNET Migration
Lt Col Eric P. DeLange Commander

2 Chain of Command & AFNETOPS Organization
AFSPC AF Network Integration Center (Scott AFB) 24 AF 624 OC 688 Info Ops Wing Info Ops & Net Engineering (Lackland AFB) 67 Net Warfare Wing Net Ops & Monitoring, CND/A (Lackland AFB) 689 Combat Comm Wing Combat Comm & Comm Maint/System Tech Eval (Robins AFB) 26 NOG (Lackland AFB) 26 NOS (Gunter Annex) 33 NWS (Lackland AFB) 26 OSS (Lackland AFB) 352 NWS (Hickam AFB) 426 NWS (Vogelweh GE) 68 NWS (Brooks CB, TX) 690 NSG (Lackland AFB) 83 NOS (Langley AFB) 561 NOS (Peterson AFB) 690 NSS (Lackland AFB) 690 ISS (Lackland AFB) 67 NWG (Lackland AFB) 91 NWS (Lackland AFB) 315 NWS (Fort Meade) 299 NOSS (KS ANG) 310 CF (CO AFR) 622 CF (VA AFR) Base Network Control Ctr’s (NCCs) ---- AFNETOPS C2 Process

3 67th Network Warfare Wing
67 NWW 26 NOG Net Defense 690 NSG Net Ops 67 NWG Full Spectrum Defend Operate Attack Operations Of and On the Network USAF’s Cyberspace Force – Combat Wing, Global Presence Mission: Operate, Manage, & Defend Global AF Networks Train and Ready Airmen to Execute Computer Network Exploitation and Attack Perform Electronic Systems Security Assessments Conducts the Full Range of Network Warfare Network Operations (Establish) Net Defense (Control) Full Spectrum (Use) Depicted are the 3 Groups that comprise our Wing, each responsible for one or more of the previous slide’s major mission areas

4 Mission Command, Control, Operate, Sustain, and Defend assigned Air Force networks to assure global cyber supremacy and enforce Air Force network standards and to develop Airman as cyber warriors.

5 The AFNET Platform Delivering…
Career Address Standardization and Consolidation Single Sign-On Reduced Cost and System Complexity AF-Wide Collaboration Air Force Wide Enterprise Career address User who PCS to an AFNet migrated base will have immediate network access – no more waiting for a new account Increases end user productivity 24/7 access to /applications One address for entire association with AF (military/civil service) Standardization/Consolidation Consistent look/feel; simplified operations, maintenance, and common training procedures Allows 24 AF commander to operate, maintain, and defend a standardized network...increased predictability Provides full visibility across the entire AF infrastructure Enforces standardized security policies, vulnerability scanning, and patch management Users will notice an immediate impact with regards to problem reporting & resolution Tier 0 web-based interface making a debut VIP helpdesk calls tagged and resolved expeditiously Single Sign-On Users can log into any AFNet migrated computer worldwide and access their account and office tools anywhere within Reduced Cost/Complexity By collapsing MAJCOM centric networks, redundant architecture and equipment is eliminated and/or consolidated AF-wide Collaboration Enterprise-wide collaboration and improved security; Operational oversight by a single commander Standardized and Secure!

Management Tools Network Account Management Security Policy Enforcement/Management Application Monitoring Network Monitoring Security/Authentication Directory (AD) Anti-Virus Security Patching (SCCM) CAC Certification Capabilities Mobile Devices ESD AFNET MANAGED AF Enterprise Forest C2 and Functional Systems Functional Services SharePoint MS Office Communication Server List Servers Fax Servers Project Management Servers FTP Servers Enterprise–wide VPN Storage <…our ultimate goal is to shut down legacy domains across the AF.> To do this, the capabilities and services listed here must migrate to the AFNET We migrated many of the services listed on the right prior to the first base migration. In some cases, we established a new instance in the AFNET Includes key capabilities that allow AFNetOps to Patch, Scan, and Monitor the systems in their Areas of Responsibility and allow the AETC MCCC key SA on their AOR Management of Core Services are also moving under the operational control of AFNetOps as part of the AFNet migration We are diligently working with the managers for C2 and Functional systems that will be impacted by the AFNet migration to ensure that all critical services remain fully functional before, during and after the migration. We will do everything in our power to maintain this functionality, while at the same time upholding the security posture of the network.

7 What the AFNET Migration is NOT!
AFNet is not a “full” tech refresh of base equipment AFNet does not “reprogram” PMO systems AFNet does not provide C&A of base enclaves AFNet Enterprise Service Desk (ESD) was not not established to handle all communication issues (LMR, IPTV, etc) AFNet does not provide Continuity of Operations (COOP) AFNet does not “restructure” AF boundaries; Completely separate but related effort AFNet does not remove Single Points of Failure (SPOF) AFNet does not “fix” existing network issues AFNet does not physically “move” base level functional systems to the APC

8 Components of Migration
Initial Coordination Programmatic Coordination Begins 210 days prior to migration / Duration ~15 days Infrastructure Preparation Circuit Upgrades, Facility Improvements, AQ processes Begins ~180 days prior to migration / Duration up to 150 days (or more) Source Environment Preparation Prepare the legacy environments for migration (Administrative & Technical) Begins ~90 days prior to migration / Duration ~60 days Target Environment Preparation Prepare AFNET to support migration of site Begins ~60 days prior to migration / Duration ~60 days Migration Move Legacy Active Directory resources to AFNet Duration varies from 15 days - up to 150 days (or more) Post Migration Environment Clean up, Legacy Func App Transition & Shutdown Begins ~180 prior to migration / Duration up to 150 days (or more) Legacy shutdown actions occur concurrently during migration/post migration actions -- The actual Migration is only one aspect of the total program. Multiple vendors have experience doing Active Directory and Exchange migrations. -- MAJCOM and base-level preparation that takes significant effort. The current process starts 210-days prior to a migration to allow for site surveys, base communication/boundary upgrades, server/storage equipment upgrades/purchases, facility improvements (allied support), and client/user preparation. Initial Coord Infrastructure Prep Source Env Prep Target Migration Post Migration Legacy Shutdown

9 Migration Organizational Roles/Responsibilities
‘Key’ stakeholders and what each contributes to the migration of an organization MAJCOM Coordinate Base Support Coordinate Migration Schedule Facilitate Strategic Communication AFSPC Funding for Hardware and Allied Support Contracting Support This is a TEAM Sport! Core Migration Team O&M for the AFNet Operational Issue Resolution 24 AF/67 NWW (Includes 690 NSG, 83 NOS, 561 NOS) Project Management Operations Legacy Shutdown AFNIC Approximate amount of time spent planning/executing Base Executes Checklist Coord Local Support/Info Dissemination Provides Dedicated CST Support 10% 40% 35% Note most prep accomplished by the legacy owners

10 Entrance Criteria AFNIC/ECSO 690 NSG
UNCLASSIFIED Entrance Criteria Complete all pre-migration checklists Key servers in-place, configured, and operational Proper, documented certification and accreditation Support orgs prepared to accept responsibility <1% user accts over mailbox size limit XP machine POA&M Cyber Readiness Review (CRR) AFNIC/ECSO Programmatic 690 NSG Operations CRR represents formal hand-off from programmatic actions to operations FACILITATION LESSONS LEARNED CRR Technical Checklists Execution Feedback Pre-Migration Administrative Checklists Prior to beginning the migration, certain criteria must be met. These entrance criteria are tracked through checklists and fall into two main categories: Environmental/Technical and Administrative. Environmental/Technical Criteria Checklists: All pre-migration checklists will be completed and validated by the AFNet migration team. Checklists will be complete for ALL migrating environments Services: The following Services will be in-place (installed, powered and connected to the operational network), configured (includes core operating systems, assigned ADX applications and services with vulnerability scans complete) and operational (communicating and passing traffic with appropriate core systems in the AFNet): Directory Resource Administrator (DRA) Group Policy Administrator (GPA) Application Manager (AppMgr) Anti-virus (SAV/McAffee) Patch Management (SCCM/SMS/SUS) Administrative Criteria The following support organizations must be informed and prepared to accept technical and administrative responsibility for the migrating site: INOSC-E/INOSC-W Enterprise Service Unit (as assigned by the INOSC) Enterprise Service Desk (ESD) or other Help Desk Entity if the ESD is not ready to assume responsibility for the site Accredited Enclaves Connection to the AFNet constitutes an assumption of risk on the part of all participating enclaves. As such the enclave joining the AFNet must have a proper and documented certification and accreditation. In lieu of a proper and documented certification and accreditation, the risk of connecting to an un-accredited enclave must be documented and approved by the system Designated Approval Authority (DAA) Key servers in-place, configured, and operational Proper, documented certification and accreditation Support organizations prepared to accept responsibility

11 Exit criteria will be reviewed during outbrief
Migrate user/machine accts, , public folders & other services All mission systems operational pre-migration are still operational post-migration Accessible via trust or in the AFNet <1% minor (user-level) tickets and no major (exec/base-level or higher mission impact) tickets related to MIGRATION Outstanding Help Desk tickets related to Other Services will transfer to the ESU/ESD Prior to the migration, the onsite CSA team will assist with migration readiness of the base pre-migration, direct the local CSAs in resolving issues during the migration, and assist as needed during the 2-week post-migration clean up period. Before they leave, they will ensure the following All user accounts, machine accounts, and accounts migrated into the AFNET All mission systems operational pre-migration are still operational and can be accessed via the trust or in the AFNET if it was migrated Reduce trouble tickets to a reasonable number. This number will be determined based upon the criticality and complexity of the remaining outages Un-migrated Object Resolution Un-migrated AD objects that remain in the legacy environment after official migration actions are complete will be migrated by the appropriate ESD/ESU. Un-migrated AD objects that remain in the legacy environment after migration systems and agents have been removed from the site will be migrated manually by the appropriate ESD/ESU. Un-migrated SIPR environments will be revisited at a later point in the migration process. In most cases this will require an additional visit to the site by a migration team and will be executed in similarly to the NIPR migration. Site Decommissioning: The 690 NSG is responsible for decommissioning existing servers in the legacy domain at <Base> AFB that will not be migrated to the AFNet (DC, DHCP, and Exchange). The servers will not be decommissioned until the migration team and CS agree the servers are no longer needed to support the legacy domain. The decommissioned servers will be made available to the ADX PMO for possible reuse of the hardware and server licenses where feasible. Exit criteria will be reviewed during outbrief

12 Post Migration Support Environment
Tier 0 Tier 1 Tier 2 Tier 3 User ESD I-NOSC/ESU/APC MCCC/NCC/CFP “Self-service” TT Submission/Status Load own printer Load appr S/W apps Etc. Tier 1 Create/assign/track TTs Initial troubleshooting AD User Acct Mgmt Tier 2 Admin/Assist EITSM Acct Mgmt Etc. More complex HW/SW problems Requires specific construct attention Netwk Transport, Server, Boundary issues Local Touch MX req’d Highly specialized expertise required - Engineers - System integrators - 3rd-party providers - Vendors - FSEs/SMEs PMO-managed systems - AFPKI - AFDS - ADLS - AFNet Response Ctr When AFNetOps migration efforts are complete, core services ( , file shares, web services, etc.) will be managed within the I-NOSC’s ESUs and end-user issues and problems will be addressed through a central Enterprise IT Service Desk (ESD). The ESD will publish a standard level of service describing how it will resolve issues using a four-tier system for trouble ticket resolution. The items listed in Blue have been implemented in the AFNet Tier 0: Users will consult a knowledge base repository to solve their own problems (i.e., loading printers, updating Global Access List entries, resetting passwords). Any problem not resolved through user self-help will reach Tier 1. Tier 1: The ESD will generate a trouble ticket and will be responsible for it until the problem is resolved. This trouble ticket will consist of a standard list of required information concerning the problem and customer. It will be routed by the ESD staff to one of two levels depending on the severity. - Tier 1 Level 1 is contained within the ESD and is used for basic troubleshooting with a turnaround goal of 20 minutes, or less, for priority problems. - Tier 1 Level 2 is also within the ESD, but is for advanced situations that cannot meet the 20 minute turnaround Tier 2: If a problem cannot be solved by the ESD through remote desktop administration or other network tools, it will be escalated to Tier 2, where another entity will be assigned the problem. These entities might utilize other resources (such as the CSA or MCCC) that have physical access to the equipment. Tier 3: Any problem not resolved by the lower tiers, will be passed to Tier 3, where specialized expertise (such as engineers or vendors), will be responsible for resolving the issue). Enterprise Service Desk DSN 510-HELPDESK ( ) “owns” lifecycle management

13 Lessons Learned Adherence to Checklist Completion
Dedicated Migration CSTs Security Permissions for Mapped Drives Strategic Communications Identifying Network Bandwidth Issues Selecting Pilot Users Adherence to checklist completion Dedicate the resources to ensure timely completion of preparation checklist activities Lack of attention to detail on checklist items will have a negative impact on migration activities Strategic Communication Get word out about the migration to the populace Use various media (base paper, flyers, , etc.) to get the word out Identify Network Bandwidth Issues Identify any network bandwidth issues early to allow lead time for mitigation AD Groups and Exchange Ensure computers and users are correctly placed in the legacy OU structure Clear out stale objects Ensure users are categorized correctly and within mailbox limits Personal distro lists may be lost during migration, user awareness Identify all Alt Token users, Blackberry/Good Mobile users, VIPs Need justification for Alt Token users to retain in the AFNet Need to validate licenses for Blackberry/Good Mobile users Request trusted agents for alt tokens in the AFNet Dedicate CSTs to Migration Ensure enough CSTs to cover migration activities AFNIC CSTs will conduct training sessions the week prior to migration Ensure AFNIC CSTs have rights in legacy and Remedy  Security permissions for mapped drives Assign permissions via groups vs. users Use FQDN  Select Pilot Users Select from various agencies and unique missions No VIPs or critical users Ensure ATO and CR process Maintain a current ATO Complete request for change request agents within the AFNet Ensure a viable change request submission capability/process Identifying Alt Token, Blackberry/Good Mobile, VIP Users AD Groups and Exchange Ensuring ATO and CR Process

14 Success Continued Mission Accomplishment
UNCLASSIFIED Keys to Success Leadership Support Success Continued Mission Accomplishment Active Base Participation Operational Focus Strategic Communications Based on our experience with previous bases, we’ve learned there are some keys to a successful migration Dedicated CST support - Your CSTs are critical to success pre, during, and post migration. We ask that you establish a dedicated Client Support Technician team to support the migration. We will provide the training, but if they are not available at all time during migrations, implementation will suffer. Continued support keeping base users informed throughout the migration using targeted messages, base newspaper articles, and other Strategic Communications tools available here at XXX Help us stay on schedule - By doing this we complete the migration in the shortest amount of time and minimize impact to your operations If you have mission concerns that will delay any migrations, address them with the migration team so they can be channeled to the approval authority By continuing to work together, we will migrate XXX into the AFNet as quickly as possible with the least impact to the Wing mission.

15 Questions?

Download ppt "83 NOS Perspective: AFNETOPS and the AFNET Migration"

Similar presentations

Ads by Google