US Army Tactical C2 Interoperability Services:

Publish and Subscribe Server (PASS) and Data Dissemination Service (DDS)

Sam EasterlingArmy PM Battle Command

2 DEC 09samuel.easterling@us.army.mil

Outline

• What are PASS/DDS in a nutshell?

• Operational Context

• Technical Detail

• Summary

• Weather Effects Matrix• Battle Scale Forecast Model

• Air Defense to Maneuver Units• Positive Aircraft ID• Weapon Coverage

• Display and disseminate COP• Disseminate Orders• Tactical Collaboration• Interoperability between • Tactical and Theater levels• Chem-Bio Rad-Nuc (CBRN)

WEATHER

AIR PICTURE

ENGINEER

FIRE SUPPORT

AIR DEFENSE

NBC

ENEMY

LOGISTICS

MANUEVER

Functional Capabilities

Man

euve

rLo

gisti

cs

Weather

Air D

efen

se

FBCB2/JBC-P

Blue

For

ce/S

ATBC

(CPOF, MCS)

IMETS

Airs

pace

Army Battle Command Systems

Battle Command Common Services

• Local Terrain• “Go/No-Go” Areas

Maps DTSS

Fire

Sup

port

AFATDS

• Synchronized Fires, Effects, & Maneuver• Execute Responsive Fires• JADOCSHand helds• Target Locations• Radar/Observer Locations

• Combat Power• In-transit Visibility

BCS3

• Secondary Imagery• Intelligence Summary• Enemy Locations• Enemy Geometries

Intelligence ASAS

DCGS-A

• Joint Automated Air Space Control with the JFACC

• Air Support Request

• PLI/SA• MEDEVAC• Orders

AMDWS

TAIS

GCCS-A/NECC• Shared SA• Net-Ready• Interoperability• Automatic Database Replication

EAC

C2

PASS/DDS (in a nutshell)• Built to support many-to-many data exchange requirements

emerging from stovepiped architectures• Publication/ Subscription mechanism

– Does not impose a model on the way the application conducts the Business of War.

• Not a database, but published data is stored for future subscriptions with a time-to-live

– Flexible methodology allowing for insertion of new schemas and message exchange

• Web Services/SOAP and XML• Runs over HTTP(s).

– Internet protocol– Protocol knows how to deal with latent and ‘dirty’ networks

• Data agnostic– But…. ABCS message exchange is based on PASS schemas

Data that Battle Command Exchanges via PASS / DDS

• Friendly Position Reports (ground and air)• Enemy Situation Reports• Sensor tracks• Military C2 Graphics / Battlespace Geometries• Significant Activities (SIGACTS)• Targets• Airspace Control Orders (ACO)• Weather• Task Organization Information• Addressbook Change Notification• Indicators and Warnings

Network Service Center

RC(S) HQKandahar

RC(E) HQ(Bagram)

ISAF HQUSFOR-A

KIFC

NATO HQ

RNOSC (operated by 143d ESC)

UK 6DIV assumes RC(S) HQ – o/a NOV 09; 1MEF – o/a NOV 10

AFT

((FOUO))

ISAF Joint Cmd HQ (IJC) - KAIA

CSTC-A

Other RC HQs - RC(C), RC(W), RC(N)

Draft Phase 2 (IJC FOC) – NOV 09 OEF Application Architecture

Kev Events- UK assumes operational control of RC(S) – UK 6DIV- 169 CAB RIP-TOA with 3CAB (Bagram)- IJC FOC – o/a 15 NOV

Key Tasks- Add CX-I GCCS-J 4.2 @ Bagram (servers/software already in place)- Deploy CPOF LM on I-S @ RCs- Finish Construction of Tech Control Facility to deploy GCCS-Js on CSD, I-S, CX-I @ Kandahar- Continue migration of JADOCS to 1.0.4.1 on SIPR

- (In Progress) IJC defines CONOPS and reporting requirements for operational employment of NATO and US C2 systems (to be finalized at CENTCOM/NATO OPT 9-13 Nov 09)- (In Progress) NATO accreditation of CX-I/I-S interconnect- (In Progress) NC3A fields COP LM infrastructure in support of IJC COP data interoperability- (In Progress) NC3A develops, deploys, and trains JOCWATCH pub/sub interface to PASS- (In Progress) Migrate current data into IJC to support CPOF an enhancing collaboration and visualization tool (SIGACTs/Events, Operational Graphics, CPOF data objects, Tracks, other ABCS COP data)

Decision Points- (IJC J6 and NATO) What systems are used for exchanging SIGACTS, tracks, geometries, and other COP information in ISAF (GCCS-J, JOIIS, ICC & iGeoSIT)Drives decision to field GCCS-A bolt-on to GCCS-J for PASS interoperability

14th Eng Bn (CBT)

CPOF WS 3.0.2P2 (QR1)

National Assets

GCCS-J 3.6.7

BFT Global NOC

BCS3 NationalData Portal (NDP)

Combat Training Center

4-25ID -> 3-101(FOB Salerno)

BC Server

CPOF Mid-Tier

BC Enterprise Svcs

JADOCSV1.0.4.1

CIDNE

TIGR Heavy Repository

DCGS-AWork Station Suite

TAISv9.3p1 FBCB2 AIC

TIGR Light Repository

AMDWS

AFATDSx11

BCS3

JADOCS x3

DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

4-4ID -> 1-101(J-Bad AF / FOB Fenty)

BC Server

CPOF Mid-Tier

BC Enterprise Svcs

JADOCSV1.0.4.1

CIDNE

TIGR Heavy Repository

DCGS-AWork Station Suite

BCS3

DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

TAISV9.3p1sp1

FBCB2 AIC

TIGR Light Repository

AMDWS

AFATDSx11

3-10MTN -> 173d IBCT(FOB Shank)

BC Server

CPOF Mid-Tier

BC Enterprise Svcs

JADOCSV1.0.4.1

CIDNE

TIGR Heavy Repository

DCGS-AWork Station Suite

TAISv9.3p1 FBCB2 AIC

TIGR Light Repository

AMDWS

AFATDSx11

BCS3

JADOCS x3

DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

169CAB -> 3CAB – TF Thunder(Bagram AF)

BC Server

CPOF Mid-Tier

BC Enterprise Svcs

JADOCSV1.0.4.1

CIDNE

DCGS-AWork Station Suite

TAISv9.3p1 FBCB2 AIC

AMDWS

AFATDS x4

BCS3

JADOCS x2

DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

82CAB -> 101CAB – TF Pegasus(Kandahar AF)

BC Server

CPOF Mid-Tier

BC Enterprise Svcs

JADOCS v1.0.3.5 bld 25

CIDNE

DCGS-AWork Station Suite

TAISv9.3p1 FBCB2 AIC

AMDWS

AFATDS x4

BCS3

JADOCS x1

DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

3MEB(FOB Leatherneck)

BC Server

CPOF Master Rep / Data Bridge

MarineLink

JADOCS v1.0.3.5 bld 25

CIDNE

BCS3

JADOCS x10

DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

C2PC (COP) C2PC(EMT)

AFATDS

IOS (COP)

IOSv2 (Intel)

TF KANDAHAR (CAN)

Canada C2 Apps(Placeholder)

US Battalion

BCS3

CPOF WS3.0.2p2 (QR1)

CanadaC2 Apps

TBC Server(PASS / NRTS)

AFATDSx11

4-82ABN -> 170IBCTETT

BC Server

CPOF Mid-Tier

BC Enterprise Svcs

DCGS-AWork Station Suite

BCS3

JADOCS x2 DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

TAISV9.3p1sp1

FBCB2 AIC

AMDWS

AFATDSx11

Assumed

48IBCT(GA) -> 86IBCT(VT)TF Phoenix

BC Server

CPOF Mid-Tier

BC Enterprise Svcs

DCGS-AWork Station Suite

BCS3

JADOCS x2 DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

TAISV9.3p1sp1

FBCB2 AIC

AMDWS

AFATDSx11

Assumed

GCCS-J 4.1.1

GCCS-J 4.1.1

GCCS-J 4.1.0.4GCCS-J 4.1.0.3

GCCS-J 4.2

GCCS-J 4.1.1

Awaiting DISA FDO approval to upgrade to 4.1.1

JADOCS ServerV1.0.2.2 p2

JADOCS x10

JADOCS ServerV1.0.3.6 bld 5

JADOCS x11

CJTF-82 -> CJTF-4(Bagram AF)

BC Server

CPOF Master Repo / Data Bridge

BC Enterprise Svcs

JADOCSV1.0.4.1

CIDNE

DCGS-AWork Station Suite

TAIS v10.0

FBCB2 AIC

AMDWS

AFATDSx11

BCS3

JADOCS x12

DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

JADOCSV1.0.4.1

JADOCSx3

GCCS-J 4.1.1

GCCS-J 4.1.1

GCCS-J 4.1.1

CIDNE

BC Server

CPOF Master Rep / Data Bridge

MS OfficeSharepoint 2007

CIDNE

WEBTAS

DCGS-A Work Station Suite

ISRIS Server

CIDNE

WEBTAS

NIRIS

JOCWATCH

iGeoSIT

COP LM

MIP Gateway

CPOF Master Repo / Data Bridge

CIDNE

BC Server

CPOF Master Rep / Data Bridge

JADOCS ServerV1.0.3.5 bld 25

JADOCS x4

JIOC-A

BC Server(PASS/NRTS)

iGeoSIT

NIRIS

iGeoSITViewer

JOCWATCH

JADOCS v1.0.3.5 bld 25

JADOCSx51

iGeoSIT

NIRIS

iGeoSITViewer

JOCWATCH

Placeholder NATO Apps

SIPR-CSD(4-eyes)

US-SIPR

ISAF-SECRET

NATO-SECRET

UK-OVERTASK

CAN-LCSS

CENTRIXS-ISAF

US-JWICS

CENTCOMHQ - QATAR

GCCS-J 4.1.1

MIDB

CAOC

BC Server

CPOF Master Rep / Data Bridge

CPOF WS3.0.2p2 (QR1)

CIDNE

CENTCOMHQ - TAMPA

Joint Mission Mgmt Ctr

GCCS-J 4.1.1

CPOF LM

GCCS-J 4.2

GCCS-A

CPOF LM

GCCS-J 4.1.1

GCCS-J 4.2

GCCS-J v4.1.1

JADOCS ServerV1.0.3.6 bld 5

JADOCS x11

Planned insertion of JREAP feed of Link-16 air tracks here

JADOCS ServerV1.0.3.6 bld 5

JADOCS x11

JADOCSx48JADOCS x2v1.0.3.5 bld 25

JADOCS x 5V1.0.3.6 bld5

JADOCS v1.0.3.5 bld 25

JADOCS x5

TF UBIQUE (NED)

5-2ID -> 2SCR

BC Server

CPOF Mid-Tier

BC Enterprise Svcs

JADOCS v1.0.3.5 bld 25

CIDNE

TIGR Heavy Repository

DCGS-AWork Station Suite

BCS3

JADOCS x2

DCGS-A BAL

CPOF WS3.0.2p2 (QR1)

TAISV9.3p1sp1

FBCB2 AIC

TIGR Light Repository

AMDWS

AFATDSx11

JADOCS v1.0.3.5 bld 25

TF HELMAND (UK)

ICS

JADOCSV1.0.3.6 bld 5

CIDNE(?) GrATS

JADOCS x158

HeATS

C2PC

JADOCS v1.0.3.5 bld 25

JADOCS x 1V1.0.3.6 bld5

BASTIONJADOCS

v1.0.3.5 bld 25

JADOCS x 71V1.0.3.6 bld5

Placeholder for 101CAB Avn BnSIPR JADOCS

BC Server

CPOF Master Repo / Data Bridge

CX-I Network PoP

GCCS-J 4.1.1

GCCS-J 4.1.1

Homestation

((FOUO))

TAISv9.3p1

AMDWS

AFATDS x4

-Each US Army unit in OEF has a PASS node at CJTF, BCT, BN HQ

- Also in RC(S) @ 57th SIG, MEB-A

- Co-located with every CPOF Master Repository to enable exchange

-Also planned installation in IJC HQ to enable interoperability services with NATO apps

UK/US Information ExchangesUK US

SharePoint

PASS / DDS

WISEWeb -> Sharepoint

JchatVoIP Phone

Transverse, Jchat, mIRCVoIP Phone

JADOCS

Document/File Exchange and Collaboration(Read, download, post, contribute)

MEDEVAC/CASEVAC, Personnel Recovery,FMV coordination, CAS coordination, TIC

- SIGACTS- BATTLESPACE GEOMETRIES- TARGETS- POSITION REPORTS

-INDICATORS/ WARNINGS-AIR TRACKS-ENEMY SITUATION-ACO

US BC Systems CPOFTAISGCCS-AAFATDSFBCB2

BCS3DCGS-AJADOCSAMDWSCIDNE

TIGR

JOCWATCH

TIGR

JADOCSFire Support Coordination MeasuresCoalition Fires / Effects

SIGACTS

PASS / DDS

JADOCS

Patrol Reporting

MIPOther Coalition Forces

CIDNE CIDNESIGACTS

PASS

PASS

ICS GCCS-J GCCS-ATRACKSTRACKS

IJC COP Flow (as of 15 Nov)

GCCS-J

CPOF MR/DB

PASS

MIP GWMIP GW

NIRIS

COP LM (formerly BOM)

iGeoSITServer

SA Tracks only

SA Tracks only

Full COP CIDNE

JOCWATCH

SIGACTS (-)

SIGACTS (+)

Graphics, non-track POS-RPT

GCCS-A

Graphics, non-track POS-RPT

SIGACTS (+)

Full COP

Full COP (CST)

iGeoSit Viewer

SIGACTS (+)

SA Tracks only

GEO, Full COP

Graphics, non-track POS-RPT

JADOCS

SA Tracks only ?

Full COP

GCCS-J

RM

In theatre Link-16

feed

SIGACTS (+)

CPOF Client

Proposed CXI Architecturewith C2 Interoperability Bus

9

US Integration SolutionsBased on PASS / DDS Server

C2 Interoperability Bus (CUR 355)JC3IEDM / NIIA Canonical Form

JOCWatchB

BOM

NIRIS

COPJOIIS

Intel FS

EVE CIED JISR 1

JADOCSGEO

ICC

IFTS

CORSOM

JADOCS

C2PC

ISRIS

FBCB2CPOF

CIDNE

GCCS

Others

NATO UNCLASSIFIED Releasable to ISAF

IJC MIP Architecture

10

ISAF SecretCENTRIX ISAF

Router

MIP

CPOF

COP LM IGEOSITPASS / DDS

Battle field GeometryNATO and ANA BoundariesFOBSCOPSUNITS (not tracks)NGO/IO LocationsRoad (Planned, under construction and completed)

DDS Uses a Pub-Sub Approach

5. Servers Publish(push data to consumers)

Clients only communicate with a single server

4. Servers match advertisement, subscription and publish metadata4. Servers match advertisement,

subscription and publish metadata

1. Providers Advertise (the data they will publish)

2. Consumers Subscribe(to their server for data)

3. Providers Publish (push data to their server)

There are multiple collaborating servers

within the DDS network

DDS and advertisements• DDS uses advertisements to “tell everyone on the network”

that data exists at a certain node– DoD Discover Metadata Specification (DDMS) version 1.3 is the

standard for the advertisement• What type of data• Data description• Who has access to the data

• Clients subscribe to advertisements– Clients provide the “call back protocol” method to deliver data

• HTPP(s), UDP(s) (DDS version 2.0)

• Publishers, publish data for an advertisement– Once a publisher, injects data, and a match occurs against the

subscription, data is delivered to the client

DDS versus PASS• Data is global

– Unlike PASS which was a application for data dissemination within the TOC, DDS was developed with global data as the main paradigm.

• PASS compatibility– Will keep compatibility with current PASS– Usage of a PASS/DDS bridge to mach advertisement to topic– Not tied to any software baseline because of backward compatibility

• Better security model than PASS – Complies with NCES security policies– Meets DOD guidelines for security.

PASS to DDS EvolutionPASS – Local Service

DDS – Federated Service

SOA / SOAP Interface SOA / SOAP Interface

Payload independent Payload independent

Data Caching Data Caching

Publish and SubscribeAdvertise, Publish &

Subscribe, Query

Limited Metadata filtering

(Topic, AOI, Time)

Enhanced metadata and Content filtering

(Keywords, Content, AOI, Time)

Local interchange Net-Centric Interchanges

Hand-Jammed static PASS forwarding relationships

Dynamic Peer node Discovery

<advertise commandDateTime="2006-02-15T11:04:16.765-05:00" userID="mcsuser" xmlns="http://mitre.org/DDS">- <metadata>  <ns1:title ns2:classification="U" ns2:ownerProducer="USA" xmlns:ns1="http://metadata.dod.mil/mdr/ns/DDMS/1.3/" xmlns:ns2="urn:us:gov:ic:ism:v2">MCS_DEMO</ns1:title>   <ns3:description ns4:classification="U" ns4:ownerProducer="USA" xmlns:ns4="urn:us:gov:ic:ism:v2" xmlns:ns3="http://metadata.dod.mil/mdr/ns/DDMS/1.2/">MCS_Desc</ns3:description> <ns5:creator ns6:classification="U" ns6:ownerProducer="USA" xmlns:ns5="http://metadata.dod.mil/mdr/ns/DDMS/1.3/" xmlns:ns6="urn:us:gov:ic:ism:v2">- <ns5:Organization>  <ns5:name>MCS</ns5:name>   </ns5:Organization>  </ns5:creator>- <ns7:subjectCoverage xmlns:ns7="http://metadata.dod.mil/mdr/ns/DDMS/1.3/">- <ns7:Subject>  <ns7:category ns7:label="Ground" />   <ns7:keyword ns7:value=“FBCB2" />   </ns7:Subject>  </ns7:subjectCoverage>- <ns8:temporalCoverage xmlns:ns8="http://mitre.org/DDS/metadata">

  <ns8:start>2006-02-15T11:03:55-05:00</ns8:start>   <ns8:end>2006-02-15T16:03:55-05:00</ns8:end>

  </ns8:temporalCoverage>- <ns9:geospatialCoverage xmlns:ns9="http://mitre.org/DDS/metadata">

  <ns9:lowerCorner>-170.0 16.0</ns9:lowerCorner>   <ns9:upperCorner>-169.0 17.0</ns9:upperCorner>

  </ns9:geospatialCoverage>  <ns10:security ns11:classification="U" ns11:ownerProducer="USA" ns11:releasableTo=“MCSGroup FBCB2Group" xmlns:ns11="urn:us:gov:ic:ism:v2" xmlns:ns10="http://metadata.dod.mil/mdr/ns/DDMS/1.3/" />   </metadata>  </advertise>

Sample metadata

How DDS Works

DDS

NCES ServicesSecurityDiscovery

•DDS Nodes

Sub 1

Sub 2

Overlap in subscriptions from same DDS node are only sent once

DDS

Publisher

Sub 1

Sub 2

Advertise

Publish

Subs

crib

eAd

verti

se

1.DDS client, discovers DDS node location through the use of discovery services

2.Publisher• Advertise their data, DDS server to server

protocol propagates advertisements to other nodes

• Publish data to local DDS node. DDS node merges subscribers of published data from save DDS node and send data to node then DDS nodes stores based on TTL

3.Subscribers• Subscriber, specify advertisement and data

filters• DDS node will match subscriptions to

advertisements and forward subscription to owning DDS nodes

• When DDS node receives published data, it sends to subscribers

4.NCES Security• Authenticates and authorizes DDS nodes,

publishers & subscribers

KeyAdvertisementsSubscriptionsPublished data

ABCS Data Dissemination Service (DDS) Security Model

Tactical Services Security System (TS3)

NOTES:• All connections are SSL using HTTPS• All transactions are digitally signed and validated• Client Cert Validation Handler connects to the Cert Validation Service (not shown)

(2) C

lient

App

Dig

ital S

ig.

(0) User provides credentials (Username/PW)

(1) Digitally Signed SOAP Request with SAML Assertion

(10) Digitally Signed SOAP Response with filtered data

(3) C

ert v

alid

ated

(4) P

rese

nt U

N/P

W

(5) U

ser D

N re

ceiv

ed

(6) P

rese

nt U

ser D

N

(7) U

ser A

ttrib

utes

(e.g

. Ro

le/G

roup

s) re

turn

ed

(8) P

rese

nt U

ser R

ole

(9) U

ser i

s au

thor

ized

User Directory (AD / LDAP / etc.)(roles, clearances,

citizenship)

UserAuth.

Service

Cert Validation

Service

PrincipalAttributeService

PolicyDecisionService

NCES Component

SignatureHandler

CertValidationHandler

DDS Client

SecurityHeaderHandler

UserAuthentication

Handler

PrincipalAttributeHandler

PolicyDecisionHandler

SignatureHandler

Cert ValidationHandler

DDS Web ServiceSecurityHeaderHandler

SEC Developed Component

SAML

Summary• PASS / DDS are used by US Army Battle Command

systems to share ‘common operational picture’ data at tactical echelons

• XML payloads with metadata to enable appropriate AOI/temporal queries and identify releasability

• HTTPS-based with soft certificate-based security model

• Supporting initial coalition interoperability with UK (JADOCS) and ISAF (CPOF, JOCWATCH, COP LM)

Backup

Security policyDDS has a comprehensive security model

• Functional Validation– Users have privileges to functionality based on their group membership

• Clearance Classification– Users have privileges to publish or subscribe based on their security

classification and releasibility for data.– Users have privileges to publish or subscribe based on the rights associated

with the advertisements.– Advertisements carry security classification

• Need to know– All functionality for access is based on users being members of groups – Advertisements carry need to know– Advertisement is only available to subscribers who are in the groups which are

specified in ‘Releasable To’ field of the Advertisement• Single Sign On under Windows (clients)

MIP Deployment Summary

21

MIP Ver 09_4_4_22 is installed on the BCS server at IJC HQ. MIP is receiving data from CPO LM (formally BOM) and publishing it to PASS. We have tested it with CPOF and CPOF is subscribing to PASS and displaying the data. There is one issue with Road graphics they are a point to point line, but they are displaying as an icon. Joel Varanda is sending Venis the unclass PDU for the road. COPLM is sending the following data through MIP:

Battle field GeometryNATO and ANA BoundariesFOBSCOPSUNITS (not tracks)NGO/IO LocationsRoad (Planned, under construction and completed)

COP LM is not sending the following dataSIGACTS (JOC Watch) Ground Tracks (GCCS-J)Air Tracks (TBMCS)Fires (JADOCS)LOG (NIRIS)