Скачать презентацию Service Oriented Acquisition Agile Adaptive Delivery of Net
9c99f211589d997923fd1fe2cdb8b2ca.ppt
- Количество слайдов: 37
Service Oriented Acquisition: Agile, Adaptive Delivery of Net Enabled Capability (NEC) Chris Gunderson Chris. gunderson@w 2 cog. org 831 224 5182 Presented at NECTISE: Realizing Net Enabled Capability October 14, 2008, Leeds, UK DISCLAIMER: This presentation represents the speaker’s opinions and the work of the W 2 COG. Speaker is not representing the US Do. D. 1
#1 Wake up call: It’s time for action! #2 Business model: Competitive market of pre-certified “Net-Enable” components #3 Certification model: Assured Value of Service Qo. S #4: Opportunity: Join the growing federation of expert early adopters 2
NEC “Business” Driver • At home, a Blue Force warfighter can text message his children and trade photos with them using his cell phone. At war he can use a stovepipe circuit to send e-mails without attachments • At home and at war, a terrorist can and does text his associates using Google earth. • How can we apply our vastly superior resources to overcome this asymmetrical disadvantage w/rt information processing? 3
Business Driver: Reuse and continually improve shared computer network infrastructure (routable networks + SOA) to enable NEC LOGISTICS Missiles JIAMD Sensors ISR Sensors Comms. ISR Create Tactical Picture SPECOPS Missiles Guns Missiles STRIKE Guns Routable “cloud” Specialized Front + reusable SOA End Aircraft Guns Process infrastructure Create Aircraft Tactical Assess Alternate Picture Course(s) of Create Action Decoys Tactical Assess Alternate Picture Course(s) of Decide Sensors Action Create Orders Alternate Assess Situational Torpedo Awareness Course(s) of Decide Action Analysis Orders Alternate Assess Mines Course(s) of Decide Action Orders Specialized Back End Sensors. Process ISR Links Comms Links Decoys Aircraft Weapons Platforms Torpedo Decoys Mines Torpedo Units Comms Orient Decide Act Mines Generally executed Orient Decide equipment Act by operators by Define and Develop Value Generally executed Deliver Value Generally executed Orient Decide equipment Consume Act Value by operators by Decide Orders Generally executed Minimize time & cost by operators Invest to develop valuable content by reusing and continuously improving valuable community infrastructure Generally executed by equipment to Invest exploit valuable content 4
But…. • After many years and $B’s spent the promise of SOA is largely unfilled across Do. D…. (Mo. D? ) 5
Observations • • Ø COTS software in government systems is generally out of date at IOC and falls farther behind throughout life cycle. Government requirements process does not intercept new COTS s/w vectors or sunset archaic s/w requirements. Government rapid technology insertion methods use COTS as gap fillers that generally lack sustainment tails. IRT the above, Do. D (Mo. D? ) top-down policy mandates SOA and “best” e-Biz practice (e. g. , NESI, Do. DAF 2. 0, Open Technology Development, NCO/W RM, Multi. Service SOA Consortium, etc. ) YET…. e-Biz un-mandated “best-policy” is to leverage competition in the marketplace… No one is in charge… 6
So…. • How can Do. D (Mo. D? ) leverage the SOA e-Biz value proposition within the constraints of the Acquisition Regulations? 7
Bottom Line • NEC business model = e-Portal for consumable offthe-shelf (OTS) = COTS, GOTS & Open Source Software (OSS) certified net-ready components • Define generic and objective net-ready assessment categories and methods (not universal specifications!) around enterprise business objectives • Use a “logo” to create a federation of qualified, motivated, independent government, industry, and academic “Net-Enable” providers • Base NEC Acquisition on components that can reduce risk re: cost, performance, and schedule and deliver capability faster. – Require logo as “responsive” to NEC procurements – Bake agile COTS process into FAR boilerplate 8
In the open market ecosystem of Moore’s law and ever -evolving technology, “wild life” is always competing The longer Do. D ducks are away from the wild, the less likely they’ll be able to compete when they return… During Do. D (Mo. D? ) “Acquisition” we capture some wild ducks and get them “in a row” and sheltered from competition RFP Source Selection CA SDR PDR CDR TRR Dev Test Opl Test IOP Test C&A ATO Sustain 9
6 - 12 years RFP Source Selection CA SDR PDR CDR TRR Dev Test Opl Test IOP Test C&A ATO Sustain Traditional Procurement • Requirements are large • Risks are treated monolithically and serially 1 – 4 years Mission Thread Market Procurement RFP Use Case Proposal Eval Lab Demo V&V Net-ready C&A Assessment IOP Testing ATO Sustainment • Requirements are small • Risks are treated iteratively and in parallel …ducks get back to the wild sooner 10
Strategy is to treat the four main acquisition risks in parallel – Cost & schedule • Risk managed by continuous competition and frequent deliveries – Interoperability • Risk managed by measurable/testable net-ready criteria – Performance • Risk managed by Mission Threads – Assurance • Risk managed by certified, reusable, high assurance GOTS components missionthread. com Continuous competition for gov’t procurements by COTS vendors RFP Use Case Proposal Eval Lab Demo V&V C&A IOP Testing ATO Sustainment Certified off-the-shelf net-ready components ATO Sustainment Net. Cert Logo 11
Net. Cert Logo Bottom Line: Extend and Expand Pure COTS Competition ! missionthread. com • Publish simple use cases in lieu of traditional solicitation • Furnish pre-approved GOTS components, e. g. accredited security services • Require mission-context prototypes vice paper studies • Shorten delivery cycles and contract review periods • Broker among qualified providers and critical consumers* • Level the playing field for vendors by reducing cost of entry* • Create a literal federation of independent government, industry, and academic “net-ready” certification labs* • Streamline by performing certification concurrently with development and furnish V&V & C&A to put COTS on approved products list* • Provide acquisition artifacts (e. g. spec, SOW, solicitation, source selection criteria, contract incentives) re: all the above* *W 2 COG mission 12
missionthread. com Net. Cert Mission Model-Based Levels of Abstraction Model Effects Model Mission Skill Model Measure Value of Service (Vo. S) Outcomes Measure Net. Cert Logo Execution Measure CCI*Availability = VIRT** CCI* + Thresholds Services Composability Tools & Components Model Value of Info Measure Model Modularity & Interoperability Measure Model Qo. S Measure System Availability Technical Performance Level of Abstraction Transport *Critical Conditions of Interest **Valued Information at the Right Time 13
Net. Cert = System of System “Assurance*” per Mission-Value. Model-Based **T&E, ***V&V, and ****C&A Model Effects Model Mission Skill Model Value of Service (Vo. S) Measure Outcomes Measure Execution Measure CCIAvailability = VIRT CCI + Thresholds Model Value of Info Measure Model Modularity & Interoperability Measure Model Qo. S Measure Composability System Availability *Managed risked through engineering & procurement predictability **Test and Evaluation ***Validation and Verification ****Certification & Accreditation 14
System of System “Assurance” per Mission-Value-Model-Based T&E, V&V, and C&A Model Effects Model Mission Skill Model Value of Service (Vo. S) Measure Outcomes Measure Execution Measure CCIAvailability = VIRT CCI + Thresholds Model Value of Info Measure Model Modularity & Interoperability Measure Model Qo. S Measure Composability System Availability Link families of models & MOE … for systems and processes… at different levels of abstraction via mathematical transforms …e. g… Link “mission model” to “service model” to “acquisition model” 15
“Key Performance Parameters” = Model Transforms Across Levels of Abstraction MTBF = Mean time between failures MTTR = Mean time to repair MLDT = Mean logistics delay time SB = Significant bits IRB = Insignificant Relevant Bits IB = Irrelevant Bits 16
“Key Performance Parameters” = Model Transforms Across Levels of Abstraction MMCT = Mean maintenance cycle time MDT = Mean development time IT = Invention time RT = Reinvention time BT = Bundling time MPDTT = Mean post development test time MPTCT = Mean post test certification time 17
Innovators’ “dating service” to broker customers and providers of net-ready components Net-ready “Consumer Report” format that compares bundles of similar net-ready components Net. Cert Logo e-Portal for consumable COTS, GOTS & OSS certified net ready components missionthread. com Federation (developers’ network) of Net. Cert Logo-Qualified Providers e-Market offerings of certified net-ready COTS, 18 GOTS, and OSS components
World Wide Consortium for the Grid (W 2 COG): Enabling Assured Value of Information Services • Not-for-profit international, research collaborative of information processing technology, procurement, and operational experts from government and industry • Not-for-profit brokering service to put expert providers in touch with consumers • GIGlite* Federation for Agile, Open Technology Development: – Federated design time, build-time, and run-time DT&E per Net. Cert logo – Adaptive, collaborative, V&V beta community – IPR regime exercises government purpose rights to distribute GOTS “open” architecture – Library of certified net-ready reference architectures and implementations *GIG = Global Information Grid, a Do. D conceptual model of a net enabled environment. “GIGlite” is a W 2 COG brand name
W 2 COG studies technology business issues and best practice re: government/industry collaborative development • • • Current technology vectors Intellectual property rights regime COTS competitive incentive model Measurable and testable net-ready criteria Federated governance model Acquisition model including boiler plate artifacts
GIGlite Federation… open technology development across the stovepipes To provide an infrastructure for collaboration and communication among government, academia, and industry to rapidly develop and propagate re-usable and continuously improving tools that facilitate trusted transactions of valued information at the right time, i. e. bundles of net enabled capability. • Single point of contact for Gov’t, industry, & academic members • Distributed major netready test range Best Netcentric Practice • Single POC for Gov’t labs and sponsors $ & IP • Title 10 compliant, Non. FAR < ~90 day S&T & engineering spirals • Distributed, Adaptive, Collaborative, net-ready V&V and certification Net-Ready Certification • Open source/Open Standards IPR model • Rolodex of experts GIGlite Federation Net. Cert. gov Umbrella Cooperative Legal Agreement e-Portal for Gov’t certified, per Net. Cert log, off-the-shelf bundles of net enabled capability • Convenient process for reuse of off-the-shelf components
W 2 COG • Independent not-for-profit governmentindustry net-enabling research project; not a program • Hands dirty in real commercial and government engineering and procurement activity; not a standards body • Brokers government and industry experts for consultation, experiments, and prototypes at cost; i. e. , an altruistic “capability broker”
Backup Detail 23
Net. Cert Logo JITC Net. Cert Logo A business model for Acquiring netenabling capability faster, better and cheaper GIG 24
Executive Dashboard displays quarterly contract performance based on tested criteria in mission context Policy , and funding adjusted quarterly $$$ e Use case c an s ba is rm fo er s P ance Perform Scores Net. Ready Acquisition Artifacts Source selection & contract performance incentives based on testable criteria tied to mission context e Us s se ca Quarterly delivery of improved pre-approved pure COTS & GOTS GFE Pre-deployment V&V of net-enabling capability via Modeling &Simulation and T&E. as-a-service Post deployment audit of capability “on the ground” GIG Measurable and testable criteria tied to mission use cases and audited continuously Net. Cert Logo 25
MTM via Net. Cert Logo Schedule • • • Establish Use cases: Establish lab under JITC/NPS: COTS jamboree: First vendor lab demo: Revise acquisition documents: Second vendor lab demo Second documents revision Third vendor lab demo (TRR) Final documents revision COTS Evaluation (SS) Installation ready products * DAC = Days After Contract 70 DAC* 80 DAC 100 DAC 120 DAC 180 DAC 195 DAC 270 DAC 290 DAC 330 DAC 360 DAC 26
MTM via Net. Cert Logo estimated 1 st year cost • Cost to develop/maintain acquisition documents • Cost W 2 COG to establish & run marketplace first year • Cost to set up lab ($150 K ODC) • Cost to establish C&A/test docs • Cost for jamboree • Cost for 90 day tests (2, 5 days ea) • Cost for final lab demo (TRR) • Cost to update and transfer lab for IOC • TOTAL $445 K $323 K $425 K $289 K $750 K $142 K $55 K $2. 75 M 27
MTM Sustainment • Funded by program for first year • After Source Selection, First Article becomes new lab environment – Program users as usual for development, integration and test – Becomes part of federated lab 28
Net. Cert Logo Strategy • Born Netcentric • • Partner with JITC re: NR-KPP Partner with NSA re: C&A Partner with W 2 COG re: e. Biz & collaborative best practice Objectively define “open” reference architecture for security and semantic interoperability • Learn by doing • Use existing GIGlite infrastructure as ramp up “training wheels” • Build infrastructure iteratively per feedback from “training wheels” • Certify testing-as-a-service capability as first use-case – Certify ~1 X net-ready test case per month thereafter • Feedback & continuous improvement • • Regular customer visits Teach new functionality Collect new use cases Audit performance 29
Net. Cert Logo Lab Requirements • Reference implementation of net-ready SOA – – Routable network backbone Open standard, self described, discoverable interfaces. High assurance GOTS security components (e. g. MILS) Value-based information sharing /communication /management framework (e. g. NPS VIRT**, SPAWAR CIEF***) • Mission-model based measures of effectiveness – (e. g. MITRE Mission Level Model) • Software assurance & performance test tools and trained operators – (e. g. MDA “COTS simplifier” and OMG “Sw. A Ecosystem”) • Network (SOA) functional and performance test tools and trained operators – (e. g. OPNET, HP Mercury Systinet, Pushtotest) • Net-ready Acquisition artifact boiler plate – (e. g. MTM Acquisition Strategy, C&A plan, NR-KPP, T-ISP, TEMP, etc. ) • Clear government purpose rights to software – (Standard license models for GFE s/w re-use across programs) *Multiple Independent Levels of Security **Valued Information at the Right Time ***Cross-domain Information Exchange Framework 30
“Net. Cert Logo” Candidate 1 st Year Objectives • Reference implementation of high-assurance SOA infrastructure • Discoverable, open standard, self describing interfaces • High assurance GFE security services • Value-based information/communication/management framework • Interim Authority to Operate (ATO) SOA test lab • Certified by JITC as qualified to perform net-ready s/w assessment • Cadre of qualified designers, testers, and developers • Suite of SOA design and test tools • Demonstrated three net-ready test cases leading to one certified net-ready service • Prepared to perform one net-ready test case per month going forward 31
MTM Inside Do. D Inst 5000. 2 Vendor Jamborees; published use cases; government furnished GOTS s/w reference implementations; government refereed network T&E lab; M&S; embedded net-ready assessment; ~Analysis of Alternatives (Ao. A) via 90 day s/w bundling demos in lieu of JCIDS paper artifacts These are preapproved “qualified netready” COTS/GOTS s/w bundles Existing GIG policy sufficiently defines requirements for SOA information processing. Policy is enforced by objective NR-KPP criteria, using M&S and other automated test tools EDM via 90 day Agile COTS/GOTS bundling demos, or “sprints”. These can be used as down selects or simply net-ready qualifying opportunities GFE COTS/GOTS software build every ~ 360 days Program IOC ~ 10 years 32
Capability Broker (W 2 COG) Delivers Do. D Acquisition Artifacts Consistent with MTM Process Directive Capability Broker Deliverable JCIDS CJCSI 3170. 01, DODI 4630. 8 Tailored ISP FAR/DFAR DODI 5000 series DODINST 5000. 2 compliant artifacts, e. g. BAA, RFI, RFP, Source Selection Plan, Risk Mitigation Plan, SOA COTS Acquisition Strategy, Contract SLAs IA Compliance, e. g. DIACAP DODI 8500 series Enterprise “Type Accreditation” (Trusted SOA DIACAP certification plan) NR-KPP= (NCOW = IA+ SOA+ Data Strategy) + KIPS + Do. DAF CJCSINST 6212. 01, NCO/W Ref Model, KIPS, NSA GIG IA policy, Do. DAF v 1. 5 Measurable and Testable Net. Ready Parameters, diagnostic Do. DAF views T&E DODI 5010. 4, 4630. 8 Tailored TEMP (latest COTS GFE is tested at DT and goes to OT) 33
Evaluation Criteria: NR-KPP Checklist Net-Ready Parameters and Business Objectives Measurable & Testable Parameters IA => Share & Protect • • • ü Re-useable/Composable* ü Discoverable? Accelerate delivery of netcentric capability Enable netcentric interoperability Enable infrastructure recapitalization Compose C 4 capability on-the-fly Data Strategy => Trusted Discovery in Context • • üSoftware Assurance OK? ü Network Assurance OK? * ü Register dynamic discretionary access policy? ü Latencies OK? ü Reliability OK? ü Generate digital diagnostic architectural artifact. Enable sharing across domains Preserve privacy Protect network SOA => Reuse & Mash Up • • ü Assurance and Performance ü Self describing? ü Open standard interfaces? ü Cross program investment? ü Net-enabling IPR model? ü Generate digital diagnostic architectural artifact. üValue/Bit Exchanged Broker information discovery Create information value chain feedback loop ü COI approved mission thread? üRegister critical conditions of interest ü Meta data registered in context? ü Increased automation? ü Mission based MOE OK (i. e. , compress time line, and/or improve mission outcome)? ** üGenerate digital diagnostic architectural artifact *Bind to Trustworthy SOA Framework, e. g. T-ESB ** Confirm with operational audit 34
35
36
37