Enterprise Online Help for GCCS-J and JC2CUI: An example of
Transcription
Enterprise Online Help for GCCS-J and JC2CUI: An example of
Enterprise Online Help for GCCS-J and JC2CUI: An example of Enterprise Software Engineering 2 April 2014 Ross Adjei Mike Nguyen Agenda • Background • Architecture • Implementation/Demo • Performance • Challenges • Where are we now? • Q&A 2 Background Background • Online help exists as part of the Defense Information Systems Agency (DISA) Global Command & Control Systems - Joint (GCCS-J) • DISA is modernizing GCCS-J systems and capabilities and looking to reduce costs – so our team is providing an Enterprise-level deployment of Online Help to meet these goals – Alleviates the need for local deployment of a help server for each GCCS-J enclave (54 critical sites) – Leverages mature and proven open source software components • BaseX, Apache Tomcat, etc. – Will support existing GCCS-J systems first • Designed to have ZERO impact to developers, MINIMAL impact to content developers – Can support Joint Command & Control Common User Interface (JC2CUI) and Agile Client, as well as additional DISA programs that wish to take advantage of EHELP 4 Background (cont.) • Requirements: – Support user online help access via Jobs Tree, Table of Contents, context-sensitive help, or keyword search • XML schema provided to developers; schema provides uniform look and feel for content, as well as ability to display data from a number of access points – Provide ability to categorize online help in the database by system • For example, a CENTCOM GCCS-J system online help can be separated from a PACOM GCCS-J system’s online help • Done via eHelp Domains – Provide system administrator functions, access control • Current GCCS-J online help has no access control • Allow admins to create domains, upload content, backup/restore data – Provide controls for DISA DAA/DIACAP SIPR accreditation • eHelp is intended for the SIPR network; however, the content it contains is largely Unclassified 5 Architecture Architecture Help Enclave (DECC) Web Server (VM) Accreditation Boundary Apache HTTPD mod-proxy Help Server (VM) Accreditation Boundary Apache Tomcat Enterprise Help System Application BaseX Database Red Hat Enterprise Linux 7 Red Hat Enterprise Linux Architecture (cont.) Help Enclave (DECC) Help Server Web Server Apache HTTPD mod-proxy Existing JC2CUI Enclave Client Workstation JC2CUI User Web Browser Help Widget HTTPS HTTPS 8 Widget Server HTTPS SSL Apache Tomcat Tomcat Existing GCCS-J Enclave Client Workstation I3 App Server Apache Tomcat Oracle WebLogic Widget Packages Existing-App Requiring-Help EnterpriseHelp-Proxy Enterprise Help System Application EnterpriseHelp-Proxy GCCS-J User Web Browser HTTPS HTTPS Help Web App Architecture (cont.) • Admin Access – Username and Password authentication – Admin capabilities • Account Management • Domain management • Archive Management • User Access – Anonymous access is allowed for users 9 Implementation/Demo Performance Average response time in seconds Performance Number of concurrent users 12 Challenges Challenges • Meeting strict Information Assurance (IA) controls – ASD STIG, DB STIG as guidance – OWASP a good resource for implementation guidelines – Static code analysis tools (Sonar, Fortify, Coverity) can help • Many differences among potential systems using eHelp – OS, Web Servers, etc. • Different platforms require creative architecture – Access/Authorization control • GCCS-J not yet using PKI, JC2CUI using PKI – eHelp can implement a more stringent (user-based) access control method once the systems are aligned – Security controls, restrictions • Ports, protocols, communication mechanisms, etc. – Schedules • Each system (GCCS-J, JC2CUI, even eHelp) following different schedules for development, test, etc. 14 Where are we now? Where are we now? • eHelp is about to support GCCS-J test events, for operational release in the fall of 2014 • Moving forward – Support for Public-Key Infrastructure (PKI) certificates – Clustering/Load balancing 16 Q&A Backup Enterprise Help Admin Login 19 Enterprise Help Account Manager 20 Create Domain 21 Enterprise Help Domain Domain name and description 22 Enterprise Help Domain 23 Enterprise Help Domain The list of documents that are uploaded successfully 24 Enterprise Help Archive The documents view The archive view 25 Enterprise Help Archive 26 Enterprise Help Archive 27 Enterprise Help Keyword Search User runs a keyword search for “Coastal Defense” 28 Enterprise Help Search Results 29 Enterprise Help System Index 30 Enterprise Help Viewer 31 Enterprise Help Training Videos 32 Enterprise Help Training Videos 33 Acronyms 34 ASD CENTCOM DAA DB DECC DIACAP DISA DMI DMICL DMISVR DTD EHELP GCCS-J HTTP HTTPD HTTPS IA I3 JC2CUI OWASP PACOM PDF PKI RAM RHEL SIPR SSL STIG VM XML Application Security & Development United States Central Command Designated Approving Authority Database Defense Enterprise Computing Center Defense Information Assurance Certification and Accreditation Process Defense Information Systems Agency Document Management Infrastructure Document Management Infrastructure Client Document Management Infrastructure Server Document Type Definition Enterprise Online Help Global Command & Control System - Joint Hypertext Transfer Protocol Hypertext Transfer Protocol Daemon Hypertext Transfer Protocol Secure Information Assurance Integrated Imagery & Intelligence Joint Command & Control Common User Interface Open Web Application Security Project United States Pacific Command Portable Document Format Public-Key Infrastructure Random-Access Memory Red Hat Enterprise Linux Secret Internet Protocol Router Secure Sockets Layer Security Technical Implementation Guide Virtual Machine Extensible Markup Language Q&A