Enterprise Online Help for GCCS-J and JC2CUI: An example of

Enterprise Online Help for
GCCS-J and JC2CUI:
An example of Enterprise
Software Engineering
2 April 2014
Ross Adjei
Mike Nguyen
Agenda
• Background
• Architecture
• Implementation/Demo
• Performance
• Challenges
• Where are we now?
• Q&A
2
Background
Background
• Online help exists as part of the Defense Information Systems Agency
(DISA) Global Command & Control Systems - Joint (GCCS-J)
• DISA is modernizing GCCS-J systems and capabilities and looking to
reduce costs – so our team is providing an Enterprise-level
deployment of Online Help to meet these goals
– Alleviates the need for local deployment of a help server for each GCCS-J enclave
(54 critical sites)
– Leverages mature and proven open source software components
• BaseX, Apache Tomcat, etc.
– Will support existing GCCS-J systems first
• Designed to have ZERO impact to developers, MINIMAL impact to content
developers
– Can support Joint Command & Control Common User Interface (JC2CUI) and Agile
Client, as well as additional DISA programs that wish to take advantage of EHELP
4
Background (cont.)
• Requirements:
– Support user online help access via Jobs Tree, Table of Contents, context-sensitive
help, or keyword search
• XML schema provided to developers; schema provides uniform look and feel
for content, as well as ability to display data from a number of access points
– Provide ability to categorize online help in the database by system
• For example, a CENTCOM GCCS-J system online help can be separated from
a PACOM GCCS-J system’s online help
• Done via eHelp Domains
– Provide system administrator functions, access control
• Current GCCS-J online help has no access control
• Allow admins to create domains, upload content, backup/restore data
– Provide controls for DISA DAA/DIACAP SIPR accreditation
• eHelp is intended for the SIPR network; however, the content it contains is
largely Unclassified
5
Architecture
Architecture
Help Enclave (DECC)
Web Server (VM)
Accreditation Boundary
Apache HTTPD
mod-proxy
Help Server (VM)
Accreditation Boundary
Apache Tomcat
Enterprise Help
System Application
BaseX Database
Red Hat Enterprise Linux
7
Red Hat Enterprise Linux
Architecture (cont.)
Help Enclave (DECC)
Help Server
Web Server
Apache HTTPD
mod-proxy
Existing JC2CUI Enclave
Client Workstation
JC2CUI User
Web Browser
Help Widget
HTTPS
HTTPS
8
Widget Server
HTTPS
SSL
Apache Tomcat
Tomcat
Existing GCCS-J Enclave
Client Workstation
I3 App Server
Apache Tomcat
Oracle WebLogic
Widget
Packages
Existing-App
Requiring-Help
EnterpriseHelp-Proxy
Enterprise Help
System Application
EnterpriseHelp-Proxy
GCCS-J User
Web Browser
HTTPS
HTTPS
Help Web
App
Architecture (cont.)
• Admin Access
– Username and Password authentication
– Admin capabilities
• Account Management
• Domain management
• Archive Management
• User Access
– Anonymous access is allowed for users
9
Implementation/Demo
Performance
Average response time in seconds
Performance
Number of concurrent users
12
Challenges
Challenges
• Meeting strict Information Assurance (IA) controls
– ASD STIG, DB STIG as guidance
– OWASP a good resource for implementation guidelines
– Static code analysis tools (Sonar, Fortify, Coverity) can help
• Many differences among potential systems using eHelp
– OS, Web Servers, etc.
• Different platforms require creative architecture
– Access/Authorization control
• GCCS-J not yet using PKI, JC2CUI using PKI – eHelp can implement a more
stringent (user-based) access control method once the systems are aligned
– Security controls, restrictions
• Ports, protocols, communication mechanisms, etc.
– Schedules
• Each system (GCCS-J, JC2CUI, even eHelp) following different schedules
for development, test, etc.
14
Where are we now?
Where are we now?
• eHelp is about to support GCCS-J test events, for operational release
in the fall of 2014
• Moving forward
– Support for Public-Key Infrastructure (PKI) certificates
– Clustering/Load balancing
16
Q&A
Backup
Enterprise Help Admin Login
19
Enterprise Help Account Manager
20
Create Domain
21
Enterprise Help Domain
Domain name and
description
22
Enterprise Help Domain
23
Enterprise Help Domain
The list of documents that
are uploaded successfully
24
Enterprise Help Archive
The documents view
The archive view
25
Enterprise Help Archive
26
Enterprise Help Archive
27
Enterprise Help Keyword Search
User runs a keyword search for
“Coastal Defense”
28
Enterprise Help Search Results
29
Enterprise Help System Index
30
Enterprise Help Viewer
31
Enterprise Help Training Videos
32
Enterprise Help Training Videos
33
Acronyms
34
ASD
CENTCOM
DAA
DB
DECC
DIACAP
DISA
DMI
DMICL
DMISVR
DTD
EHELP
GCCS-J
HTTP
HTTPD
HTTPS
IA
I3
JC2CUI
OWASP
PACOM
PDF
PKI
RAM
RHEL
SIPR
SSL
STIG
VM
XML
Application Security & Development
United States Central Command
Designated Approving Authority
Database
Defense Enterprise Computing Center
Defense Information Assurance Certification and Accreditation Process
Defense Information Systems Agency
Document Management Infrastructure
Document Management Infrastructure Client
Document Management Infrastructure Server
Document Type Definition
Enterprise Online Help
Global Command & Control System - Joint
Hypertext Transfer Protocol
Hypertext Transfer Protocol Daemon
Hypertext Transfer Protocol Secure
Information Assurance
Integrated Imagery & Intelligence
Joint Command & Control Common User Interface
Open Web Application Security Project
United States Pacific Command
Portable Document Format
Public-Key Infrastructure
Random-Access Memory
Red Hat Enterprise Linux
Secret Internet Protocol Router
Secure Sockets Layer
Security Technical Implementation Guide
Virtual Machine
Extensible Markup Language
Q&A