department of veterans affairsdepartment of veterans ...auspextech.com/vaipv6//5-pirzchalski va ipv6...
TRANSCRIPT
Department of Veterans AffairsDepartment of Veterans AffairsIPv6 Transition Progress
2011 and Be ond2011 and Beyond
February 2 2011February 2, 2011
Steven PirzchalskiVA IP 6 T iti MVA IPv6 Transition Manager
AgendaAgenda
USG USG IPv6 –
Then and Now
VA IPv6 2011 and
VA IPv6
2011 and Beyond
VA IPv6 2005 –2010
USG IPV6 – THEN AND NOWUSG IPV6 THEN AND NOW
12/13/2010 3
USG IPv6 USG IPv6 –– The HistoryThe History
2010
New OMB IPv6
FAR Changed to Require IPv6 for IT
USGv6 Product Profile & Testing
2008
2009 Policy
OMB IPv6 Transition
USGv6 Testing Milestone
IPv6 for IT Acquisitions
gProgram
200510/28/2010
DoD IPv6 Transition Memo R l d
Memo Released2003
Released
4
OMB IPv6 2010 OMB IPv6 2010 –– The DriversThe Drivers
Enable Key Federal IT Enable Key Federal IT Modernization Initiatives
Reduce Complexity/Increase Transparency
B i Enable Ubiquitous Security S iBusiness
ContinuityServices
5
OMB IPv6 2010 OMB IPv6 2010 –– Acquisitions Acquisitions
• Comply with FAR requirements
• Use of the USGv6 P fil d T Profile and Test ProgramE • Ensure completeness/quality of IPv6 capabilitiesof IPv6 capabilities
6
OMB IPv6 2010 OMB IPv6 2010 –– 2012 Milestone2012 Milestone
• External Services:– Public/external facing
servers and servicese g web email DNS – e.g. web, email, DNS, ISP services, etc
– Operationally use p ynative IPv6
– End of FY 2012 (September 30 2012)(September 30, 2012)
7
OMB IPv6 2010 OMB IPv6 2010 –– 2014 Milestone2014 Milestone
• Internal Services:– Applications that
communicate with public Internet serverspublic Internet servers
– Supporting enterprise networks
– Operationally use native IPv6End of FY 2014 – End of FY 2014 (September 30 2014)
8
VA IPV6 2005 - 2010VA IPV6 2005 2010
12/13/2010 9
VA IPv6 Transition Timeline VA IPv6 Transition Timeline -- HistoricalHistorical
VA IPv6 Transition
Office E t bli h d
VA IPv6 Transition
Office E t bli h d
VA June 2008 IPv6
Testing C l t d
VA June 2008 IPv6
Testing C l t d
VA IPv6 Transition
Plan
VA IPv6 Transition
Plan
VA IPv6 Lab
E t bli h d
VA IPv6 Lab
E t bli h d
Interagency IPv6
M ti
Interagency IPv6
M ti
Interagency IPv6
Meeting
Interagency IPv6
MeetingVA IPv6
C ti itVA IPv6
C ti it
UpdatingIPv6
Transition Plans
UpdatingIPv6
Transition PlansEstablishedEstablished
VA IPv6 Working Groups
VA IPv6 Working Groups
VA IPv6 Addresses VA IPv6
Addresses
CompletedCompletedPlanPlan EstablishedEstablished MeetingMeeting
Interagency IPv6
Interagency IPv6
MeetingMeeting
VA Designated
Level 1
VA Designated
Level 1
VA IPv6 Core
Network
VA IPv6 Core
Network
VA EA & Exhibit
300s Updated
VA EA & Exhibit
300s Updated
VA Scores 5 on OMB
IPv6 Transition
VA Scores 5 on OMB
IPv6 Transition
VA Scores 5 on OMB
IPv6 Transition
VA Scores 5 on OMB
IPv6 Transition
ConnectivityConnectivity PlansPlans
pFormed
pFormed AllocatedAllocated MeetingMeetingAgencyAgency TestingTesting
pwith IPv6
pwith IPv6 RatingRating RatingRating
2005 2006 2007 2008 2009 2010 2011
OMB 05-22 Memo
OMB 05-22 Memo
VA IPv6 Steering
Committee Established
VA IPv6 Steering
Committee Established
VA Chairs Federal
IPv6 Training
Group
VA Chairs Federal
IPv6 Training
Group
Internet2 Connectivity
Internet2 Connectivity
Interagency IPv6
Meeting
Interagency IPv6
Meeting
VA IPv6 Training Launched
VA IPv6 Training Launched
VA IPv6 Case StudyVA IPv6
Case StudyInternet2
Pilots Identified
Internet2Pilots
Identified
Planned Interagency
IPv6 Meeting
Planned Interagency
IPv6 Meeting
VA IPv6 PM
Identified
VA IPv6 PM
Identified
VA IPv6 Policy
Released
VA IPv6 Policy
Released
VA IPv6 Awareness
Video
VA IPv6 Awareness
Video
VA IPv6 Pilots
Identified
VA IPv6 Pilots
Identified
VA Scores 5 on OMB
IPv6 Transition
VA Scores 5 on OMB
IPv6 Transition
Interagency IPv6 TestingInteragency IPv6 Testing
IPv6 Incorporated into Strategic
Plan for
IPv6 Incorporated into Strategic
Plan for
New OMB IPv6 Memo
Released
New OMB IPv6 Memo
Released
RatingRating OneVAEnterprise
Network
OneVAEnterprise
Network
10
MultiMulti--Agency IPv6 TestingAgency IPv6 Testing
Verizon Sprint
InternetQwest Level 3
Internet
11
VA IPv6 Transition Lessons LearnedVA IPv6 Transition Lessons Learned
Start Early
Be Inclusive
Executive Level Buy-In
Training
Test – Test – Test
12
VA IPV6 2011 AND BEYONDVA IPV6 2011 AND BEYOND
12/13/2010 13
Why is IPv6 Important to VA?Why is IPv6 Important to VA?
Business (V t ) Si li it Investment (Veteran)
ContinuitySimplicity Protection
Reaching Rural Security
Veteransy
14
VA IPv6 Transition VA IPv6 Transition –– Our FocusOur Focus
15
VA IPv6 Governance StructureVA IPv6 Governance Structure
Chief Information Officer (CIO)Chief Information Officer (CIO)
Office of Information and Technology (OI&T)Enterprise Infrastructure Engineering (EIE)
Office of Telecommunications Engineering & DesignOffice of Telecommunications, Engineering & Design
IPv6 Transition Lead
IPv6 Steering Committee IPv6 Project Management Transition Office (IPv6 PMTO)
IPv6 Transition Working Group
Planning Activity
Security ActivityTraining Activity
Registry &Pil A i i
Technology Advisory Panel
16
Registry & Addressing ActivityPilot Activity Enterprise
Strategy
VA IPv6 ActivitiesVA IPv6 Activities
• IPv6 Planning UpdateIPv6 Planning Update– Transition Plan– Addressing Plan– T&E RequirementsT&E Requirements– VA OMB 300 Exhibit for IPv6– Inventory
• ARIN IPv6 Address Request Augmentation• ARIN IPv6 Address Request Augmentation• New VA IPv6 CIO Directive• Federal Task Force IPv6 Transition Worksheet• IPv6 Acquisition Process (FAR & USGv6)• Enterprise WAN C&A
U d P bli F i S i• Upgrade Public Facing Services– DNS– 9 Mail Domains– 126+ Application Domains
17
Domain Transition Domain Transition –– An Agile ApproachAn Agile Approach
• Focus on early “quick wins”
• Stagger domain i itransitions
• Build to full f ti lit ti
PlanOperationalize
functionality over time• Roll lessons learned
into next cycle Pilotinto next cycle• Don’t jeopardize
operational integrity
18
Pilot
operational integrity
VA IPv6 Transition Activities Cont.VA IPv6 Transition Activities Cont.
• IPv6 Specific Pilots– Infrastructure Pilots– Mission Pilots
• Inter-Agency Information ExchangeInter Agency Information Exchange• IPv6 Service into Veteran’s homes• Internet2 Program
– Internet2 connection– Internet2 Lab– Internet2 PilotsInternet2 Pilots
• DREN• IPv6 Lab
19
VA Infrastructure PilotsVA Infrastructure Pilots
Enclave Pilot• Phase 1: Turn up IPv6 in a secured isolated and monitored setting • Phase 1: Turn up IPv6 in a secured, isolated, and monitored setting • Phase 2: IPv6 networking between secured enclaves • Phase 3: IPv6 networking with the open internet
E-Mail Pilot• Initial focus on IPv6 enabled SMTP traffic• Limited MSFT Exchange deployment• Limited MSFT Exchange deployment• Lessons learned for enterprise mail upgrade
Va.gov Pilot• Leverage industry best practices• Initial deployment of ipv6.va.gov• Evaluate security and operational capabilities
20
Evaluate security and operational capabilities
Pilot Considerations for va.govPilot Considerations for va.gov
• Approach– Do we IPv6 enable the existing site or replicate it?g p– Do we do it in-house or use a cloud based service?– Do we use va.gov or a specialized domain such as ipv6.va.gov for
initial launch?• AddressingAddressing
– Do we have IPv6 addresses to use?– Are they advertised?– Can we allocate them?
Should we get them from our ISP?– Should we get them from our ISP?• Routing
– Are we routing IPv6 (BGP) to the outside world?– What IPv6 routing protocols are we using internally?
• DNS– Will our DNS support AAAA records?– Will .gov support AAAA records?– Is the IPv6 Glue setup in gov and va gov?– Is the IPv6 Glue setup in .gov and va.gov?– Do we have IPv6 connectivity to our DNS servers? .gov?
21
Pilot Considerations for va.gov Cont.Pilot Considerations for va.gov Cont.
• Network Connectivity– Do we have IPv6 connectivity from out ISP?y– Is IPv6 enabled on our routing devices from our gateway to our servers
(web and DNS)?• Server
– Does the va.gov servers support IPv6?g pp• Application
– Does our http (and other web based applications) support IPv6?– Are there any IPv4 addresses hard coded into our applications/code?
• SecuritySecurity– Will the gateway security products support IPv6?– Are the web server and other supporting servers updated with any IPv6
related patches and security configurations?• Network ManagementNetwork Management
– Can we manage IPv6 with our existing management system?– Can we see what is going on with the IPv6 side?
• Transition MechanismsDo we need to use a transition mechanism?– Do we need to use a transition mechanism?
– Tunneling or translation?
22
VA IPv6 Mission PilotsVA IPv6 Mission Pilots
Patient Monitoring Nurse Call/MonitorE d l di d li i ti iti t i l d t Utili IP 6 t t f b d id ti tExpand sleep disorder clinic activities to include at-
home monitoring via IPv6 connectivity. Utilizes IPv6 to convey a new set of bedside patient
choice icons to free up nurses’ time.
Benefits :• Increases the number of
individuals clinicians can
Benefits :• Alleviates patient frustration
particularly when speechindividuals clinicians can treat
• Lessening wait time for patients to be evaluated
particularly when speech impaired
• Assists nursing staff to support patient needs.
Remote Care Pilot Videophone PilotRemote Care Pilot Videophone PilotEmploy IPv6 video conferencing to provide scheduled
and drop-in medical appointment service. Employ IPv6 video devices to improve service inside
VA’s network, replacing current devices.
Benefits : Benefits :• Allows doctors and clinicians
to treat additional patients without significant patient travel
• Greater utilization of doctors
• Lower cost to service and maintain
• Improves level of service and speed of connection
23
• Greater utilization of doctors and clinicians time
Some of the ChallengesSome of the Challenges
• IPv6 Support in Security Products • IPv6 Support in Network Management
Products• Carrier Support for IPv6 (to Veterans)• Enabling Legacy Applications to support
IPv6 • IPv6 DNS (.gov)
12/13/2010 24
QUESTIONSQUESTIONS
25