Architecture and Process Design for a Communication Backbone Variant
By: Mike • Essay • 891 Words • November 26, 2009 • 1,220 Views
Essay title: Architecture and Process Design for a Communication Backbone Variant
Architecture and Process Design for a Communication Backbone Variant
This paper will describe a workplace application architecture and process design using the tools of systems analysis. Primarily this paper will cover the system’s architecture in terms of data, processes, interface and network. This paper will focus on the additional implementation discussed in the previous paper wherein a network extension was developed utilizing a pre-existing network as a transmission medium between two geographically displaced locations. The tactical network required extension into a garrison building and it was determined that this “tactical tunnel” was the best method to accomplish this goal. This concept was successful and has since been adapted for further similar usage.
This system architecture in terms of data is comprised of several types. There are two separate classifications of data traversing the network; data that is considered Sensitive But Unclassified (SBU), and information deemed Secret. Each must be kept separated from one another as well as both in their entirety must be separated from any other data on the network tunnel. Each of these tasks is accomplished via In-Line Network Encryptors or INE’s; a type of encryption device. Within the both the SBU and Secret data streams there are multiple individual types of activity; Voice over IP (VoIP) calls are being processed across the links as well as standard FTP and UDP data traffic in the form of Army Battle Command Systems (ABCS) messaging. This messaging is managed at a central point at the brigade main site; all users must subscribe either directly or indirectly to this central server to send and receive certain types of ABCS message data while other types of data can be transferred directly from one user terminal to another.
The interfaces and networks involved in this architecture are of the most important as this is the crux of the project itself. Once the tactical tunneling method was identified as a possible project solution the focus changed to implementation. Both networks have the capability to pass traffic at either the frame or packet level of construction but it was decided that the most efficient way (in addition to the use of INE’s) was to digitally separate the data transmission by the creation of a separate VLAN for all traffic that was to be transmitted between the two locations. Thus the transmission medium of this separate network could be used but there would be no logical interaction between separate networks. This appeared to be a simple solution and both in implementation and its use. Unfortunately the particular INE’s that were in use at the time were not capable of communication with just frames as its only Protocol Data Unit (PDU). These devices required the use of packet PDU’s. This inability was actually determined to be a security benefit that the engineering team implemented during the engineering and design phase of the devices. In the case of the design and use this network however; it became a severe capability limitation. After some searching the project team identified another INE that the brigade had access to that would allow transmission without the use of packet PDU’s. This device has several similarities