Try the all-new QuickBooks Online for FREE.  No credit card required.

IPAM Project and Service Update

Document Sample
IPAM Project and Service Update Powered By Docstoc
					IPAM Project and Service Update
NISN Customers’ Forum August 27, 2008

IPAM Agenda
• Project Overview • Project Status

• Migration Planning
• Training • Procedure Guidance • Closing

Thirteenth NISN Customers’ Forum


IPAM Project Description
• • • • Project Name: Program Executive: Project Sponsor: Purpose of Project: IP Address Management (IPAM) Michael Hecker Betsy Edwards Develop and deploy IP Address management architecture for the Agency to support enterprise IP address management 4.3 million IPv4, 79 octillion IPv6 addresses (/32) and 30+ ASNs None 1.0

• Current Scope: • Current Version: • Proposed Version:

Thirteenth NISN Customers’ Forum


IPAM Project Drivers
• Address the four primary weaknesses identified in the OIG Material Weakness report:
– – – – – – – – – – – Lack of Effective IT Management Lack of CIO IT Oversight of Program Systems Lack of Effective IT Operations Lack of Adequate Technical Controls Standardized Reporting Restricting Administrative access Separation of duties Realtime monitoring Agency IPv6 Transition NASA Consolidated Active Directory (NCAD) Other network access mechanisms
Thirteenth NISN Customers’ Forum 4

• Support the NASA Corrective Action Plan (CAP):

• Provide infrastructure for other Agency initiatives, such as:

IPAM Project Initiation
• Problem Statement
NASA does not manage the Autonomous System Numbers (ASNs), IPv4 and IPv6 addresses allocated to it by the Regional Internet Registries (RIRs) in a manner that: – Minimizes risk of security compromises – Allows for effective response to security incidents – Enables efficient management of IT resources

• Directive
– Provide a standardized, comprehensive tool set to support online IP address management, DNS resolution, dynamic host assignment, and reporting for all NASA-registered IP addresses and Internet names. – Develop Agency-wide IPAM, DNS, and DHCP policies and procedures to standardize NASA’s IP address assignment processes and configuration policy

Thirteenth NISN Customers’ Forum


IPAM Assumptions
• Within scope:
– All DNS within the Agency (excludes e-root) – All DHCP within the Agency – All IP address management within the Agency

• Out of scope:
– 802.1x (Network Admission/Access Control [NAC]) – Defining and policing the NASA security perimeter (will provide supporting data)

• IPAM solution will be a mandatory requirement for use by all NASA organizations, by policy mandate. • NISN to perform centralized IPAM operations • The IPAM solution will integrate with, not replace, Agency-wide:
– – – – – IT Security Plan / Risk Assessment database, if available Identity database Account management database Asset Management (make/model of node) Active Directory (NCAD)

• IPAM shall improve the security risk posture of the Agency
Thirteenth NISN Customers’ Forum 6

IPAM Roles and Responsibilities
Meets at milestone reviews

Project Steering Committee

Betsy Edwards Project Sponsor


Meets bi-weekly

Advisory Group

Carol Bryant Chief Engineer


NISN Support

Tracy Willett Security Engineer
Johnny Busby Project Manager

Alice Ann Ellis Operations Lead

Ralph Bischof Technical Lead

Pat Patterson Network Engineer

Operations Brian Bollard

Operations Sherry Taylor

Dawn Bedard Architect

Josh Banks Engineer

David Dionne System Admin

Michael Steele Engineer
Thirteenth NISN Customers’ Forum

Ted Vanbeck System Admin

IPAM Requirements Development Process
• Problem Statement
– Document Number: IPAM-008 – Signed by Scott Santiago on 2006-10-18

• Objectives
– Document Number: IPAM-010 – First baseline signed by Scott Santiago on 2006-12-13 – Updated baseline as a result of 2007-01 Technical Team meeting on requirements – Second baseline approved on 2007-03-28

• Site Surveys • Requirements
– Document Number: IPAM-011

– Signed by Scott Santiago on 2007-03-28
Thirteenth NISN Customers’ Forum 8

IPAM Supporting Documentation
• IPAM-001 - Policy • IPAM-002 - Customer Outreach Plan • IPAM-003 - Memorandum of Agreement • IPAM-017 - Continuity of Operations Plan • IPAM-019 - System Implementation Plan • IPAM-020 - Contingency Plan • IPAM-021 - Disaster Recovery Plan

• IPAM-004 - Training Plan
• IPAM-005 - Project Plan • IPAM-006 - Risk Management Plan • IPAM-007 - Concept of Operations • IPAM-008 - Problem Statement

• IPAM-022 - System Test Plan
• IPAM-023 - System Design Document • IPAM-026 - Detailed Implementation Plan • Project Schedule • IT Security Plan (ITSC) • Baseline NIST/C&A Classification • Test results • Local procedure templates • Lessons learned

• IPAM-009 - Discovery Questionnaire
• IPAM-010 - Objectives • IPAM-011 - Requirements • IPAM-012 - System Engineering Management Plan • IPAM-014 - Hardware Development Plan • IPAM-015 - Software Development Plan

• Migration checklist
• All presentations

Thirteenth NISN Customers’ Forum

IPAM Project Life Cycle
• System Requirements Review (SRR): 2007-03-23 • Preliminary Design Review (PDR): 2007-05-30

• Critical Design Review (CDR): 2007-08-23
• EA Project Review (EAPR): 2007-08-27 • Operational Readiness Review (ORR): 2008-03-27

-------• Deployments: January 2008 - November 2008 • Separate Migration Readiness Reviews (MRR) held with Centers • Project Completion Review planned for November 2008
Thirteenth NISN Customers’ Forum 10

IPAM Project Status
• Interim Authority to Operation (IATO) granted 2008-03-28 • NISN CCB approval for IPAM service granted 2008-03-31

• Authority to Operation (ATO) signed on 2008-06-20
• IPAM Core in full production operations • NDC/IEM in full production operations (including NCAD)

• NDC/IEM follow-on activities
– Collaborating with CBACS on final design – IEM AD-integrated DNS remains to be split (IEM task, scheduled for 8/15/08)

• NISN in full production operations (IPAM, DNS, DHCP)
Thirteenth NISN Customers’ Forum


IPAM Scheduling
IPAM Preparation IPAM Testing IPAM Transition NCAD

07/08 08/08

09/08 10/08

11/08 12/08

01/09 02/09


04/09 04/09

05/09 06/09 08/09

Thirteenth NISN Customers’ Forum

IPAM Migration Planning
Weekly meetings begin

Migration Kick-Off Meeting

Receive Critical Site Data

Complete Process Setup

Complete Customer Validation

Migration Weekend

Migration Completion Review (MCR)

Migration Readiness Review (MRR)

Migration Check-Out (MCO)

Thirteenth NISN Customers’ Forum


IPAM Migration Status

NISN Mission Support






Thirteenth NISN Customers’ Forum


IPAM Migration Status (Cont)




Thirteenth NISN Customers’ Forum


IPAM Training
• SATERN course
– Five modules
• • • • • IPControl IP Address Management Administrator Training IPControl DHCP Administrator Training IPControl DNS Administrator Training IPControl Reporting Functionality Training **NEW** NASA-specific IPControl site administrator training video

– Access to training
• Log in to SATERN ( • Search Catalog for “IPControl” or “IPAM”

• Product manuals are available on IPAM SharePoint
– Documentation > Technical Documentation > IPControl Manuals – Not all features may be enabled/implemented in production

Thirteenth NISN Customers’ Forum


IPAM Procedure Guidance
• Procedure Templates
– Purpose:
• Provides step-by-step how-to for performing certain common tasks • Provides additional training opportunities to administrators and users • Serves as a communication tool for future interface changes and/or clarifications by Agency IPAM Operations organization

– IPAM SharePoint > Controlled Documentation
• IPAM-030: DNS
• IPAM-031: IPAM • IPAM-032: Report Generation • IPAM-033: Administrator Roles

• IPAM-034: DHCP

Thirteenth NISN Customers’ Forum


IPAM Closing
• Breakout session for Q&A held yesterday • Additional information:
– Carol S. Bryant, NASA PM – Johnny E. Busby, UNITeS PM

Thirteenth NISN Customers’ Forum


Shared By: