Home >> July 2008 Edition >> PRIORITY BRIEFING... Army Signal Unit Integrates First Regional Hub Node
PRIORITY BRIEFING... Army Signal Unit Integrates First Regional Hub Node
by Major Brian P. Bailey
USA Chief
Network Operations Division
South West Asia
Theater Network Operations and Security Center

The Army Signal Community has successfully integrated the first Regional Hub Node (RHN) into the South West Asia Theater of Operations strategic network. The newest asset will support the warfighter through the three-fold combination of satellite communications transmissions capability, user services through Global Information Grid connectivity, and Network Common Operating Picture with Network Management systems. In addition to the listed functionalities, the RHN provides a limited set of common user enterprise services, including VoIP call management, file transfer protocol (FTP) / trivial file transfer protocol (TFTP) servers, and anti-virus software.

As designed, the RHN provides the following User Defined Functions identified by the Warfighter:
  • The ability to rapidly transition from a home station/garrison environment to the area of operation
  • Access to the full range of network services immediately on arrival in the AO
  • A continuous, seamless flow of information throughout all phases of an operation
  • The ability to quickly obtain network service when maneuvering / repositioning forces and command posts
  • The ability of on-the-move elements to access network services
  • Reduction in strategic lift requirements and deployed footprint

The Soldiers, DA Civilians and Contractors assigned to the 160th Signal Brigade at Camp Arifjan, Kuwait, in coordination and collaboration with the 335th SC (T) (PROV), USARCENT, CIO-G6, NETCOM, CENTCOM, and MNC/F –I planned, engineered, implemented, and brought the RHN to Initial Operating Capability.

One of the RHN’s primary objectives is operational agility, which will allow services to be provisioned quickly upon initial entry into the USCENTCOM AOR and sustained throughout all phases of Full Spectrum Operations.

The 160th Signal Brigade’s network engineering team initiated actions to plan and engineer the deployment of the SWA RHN into the SWA network in early summer of 2007. In conjunction with the 160th Signal Brigade activities, PM DCATS / SCS were responsible for the overall coordination of the RHN program implementation and installation effort pertaining to terminals, baseband equipment, NetOps, and connectivity.

With the PM DCATS published timeline that started RHN installation on August 19th, 2007 through the December 15th, 2007 completion date, the deployment occurred in three phases that included the Acquisition Phase, the Sustainment Phase, and the Operational Phase, as listed in the RHN Operations and Control (O&C) Plan. Each of the three phases included multiple milestones of varying complexity that the 160th Signal Brigade engineers, soldiers, and civilians worked to completion with the intent to conduct a COMMEX from December 15 through January 15, 2008 and meet IOC no later than January 15, 2008.

This case study focuses on the Acquisition and Operational Phases, which will describe both the 160th Signal Brigade Engineering Team actions to bring the latest communication asset into the Army’s inventory, as well as explain the actions that a potential customer will complete to draw services from the SWA RHN.

The first discussion, Acquisition Phase, recounts the network engineering processes and milestones associated with integrating the RHN into the SWA production network. In reaching the Initial Operational Capability (IOC) date, the engineer team focused on the administrative actions and documentation necessary to (1) procure satellite space frequency, (2) extend DISA-provided strategic services to the Operational Base facilities, and (3) delineate Network Operations relationships.

The second discussion, Operational Phase, identifies the processes that JNTC-S compatible Warfighters will use to request services from, or provision their unit onto, the SWA RHN. The generalized, systematic instructions outlined in this document will specify organizational roles and responsibilities, as well as identify the required information flow, coordination, and documentation throughout the requisition process.

As PM DCATS completed the physical construction of the facilities, the Operation and Maintenance (O&M) engineering team met to execute the final actions required to move the RHN from the planning and engineering (P&E) stage into operational status. During the coordination meeting, the team commenced planning for the gaps, shortfalls, and risks that inevitably result as newly fielded systems move from the conceptual stage of P&E to the functional O&M stage. From the first conversations, the RHN operators and Wide Area Network engineers talked about the challenges associated with integrating an Army-procured and managed communications platform into a Joint, or Multi-National, communications architecture. They recognized the challenge of creating a “flat, open network architecture” in an operational environment that consists of a “confederation of networks” unique to the Joint environment existing in the CENTCOM AOR. The engineering team worked through the processes associated with (1) procuring the pre-provisioned Operational bandwidth, (2) receiving DISA approval for extending DISN services, and (3) the Network Operations functions that are managed through both Army and Joint organizations.

Conceptually the CIO-G6 identified that as a key performance parameter (KPP), the RHN maintains a set amount of pre-provisioned space segment in the CENTCOM AOR intended to support short-notice warfighter deployments. The pre-provisioned space segment would be supplemented with a process to rapidly procure additional space segments to support the additional flow of forces into the theater.

As designed, the RHN NOC will act as the intermediary between the JNN-N enabled/compatible units and the commercial satellite NOC. Throughout the planning and engineering of the RHN Acquisition Phase, the Engineering Cell and the RHN NOC worked consistently with NETCOM, CIO-G6, and commercial satellite vendors to procure the appropriate satellite space segment.

However, in the operational environment, CENTCOM CCJ6 controls the spectrum management of Army Service Component Command’s assigned bandwidth in the AOR. USCENTCOM Transmissions section’s reluctance to recognize the significance of this key performance parameter and its inflexibility to support the CIO-G6 intent of pre-provisioned bandwidth locally managed by the RHN NOC has resulted in constant transition of the frequency spectrum used by the SWA RHN.

First, the SWA RHN required an entire set of new Block Up and Block Down Converters as a technical refresh in order to make use of the available Ku-band frequency that wasn’t already controlled by CENTCOM units. This technical refresh delayed IOC by six weeks.

Second, customer units and the RHN NOC transitioned through four different Transmission Plans and Task Orders during the testing phase and operational implementation to include US ARCENT’s Early Entry Command Post and Operations Command Post (EECP /OCP) during Communications Exercises preparing the ARCENT Staff for Full Spectrum Operations.

Lastly, the SWA RHN terminals were assigned frequencies that had been previously assigned to another organization. This resulted in a loss of operational availability to a customer during a scheduled exercise. The three listed incidents would have been avoided with permanently assigned, pre-provisioned bandwidth managed and administered by the RHN NOC satellite terminal operators, as intended by design of the CIO-G6.
A second Key Performance Parameter requires the SWA RHN to be collocated with, and permanently connected to, a DoD gateway, and will extend to deployed tactical users access to the following pre-provisioned DISA services:

  • Non-secure Internet Protocol Router Network (NIPRNET)
  • Secret Internet Protocol Router Network (SIPRNET)
  • Defense Switched Network (DSN)
  • Defense Red Switch Network (DRSN)
  • DISN Video Services – Global (DVS-G)

While planning and engineering the provisioning of DISN services, the 160th Signal Brigade and PM DCATS certification and accreditation process converged into the “perfect storm”. As PM DCATS worked the RHN system accreditation, the 160th Signal Brigade worked the Connection Approval Process (CAP) to enable the RHN to join the SWA network.

Coincident to those activities, the main NIPR and SIPR circuits providing connectivity between SWA TLA Tier 1 and DISA Tier 0 were expiring and needed CAP approval. Hindering the situation, the SWA TNOSC Circuit Engineer had submitted Telecommunication Service Requests (TSR) to provision circuits specific to the RHN, in order to extend services on those circuits to the operationally based SWA RHN.

The last impediment to achieve IOC was the connectivity of the RHN to the TLA stack that services the MNF-I network. The TLA that services MNF-I is housed in the same Technical Control Facility as the SWA TLA Stack. The TLA Stack discussion will be expanded in greater detail during the discussion of the third Key Performance Parameter, clearly delineating security boundaries and Designated Approval Authority assignments.

OBSTACLE: submitting approval of each tactical user through CENTCOM to DISA. Local DAA has the authority to allow a tactical user access to the SWA Network through the IATO / IATC of the local circuit.

SOLUTION: Extend DISA services through CAP / IATO / IATC to the RHN routers, allow SWA Network DAA the authority to accept tactical users. This will enable immediate access.

The JNN-enabled / compatible unit completes an abbreviated Connection Approval Process (CAP) that will authorize connection to the GIG, through the RHN Operational Base circuits, in order to draw pre-provisioned services. The CAP requires a Memorandum of Agreement, SIPRNET Connection Questionnaire, and Network Connectivity Diagrams. The 160th Signal Brigade and the Unit share the responsibility to complete the MOA.

The contents of the MOA consist of the Consent to Monitor (CTM), a statement of residual risk; architectural changes notification, and IAVA scanning arrangements. The template of a CAP package is available through the 160th Signal Brigade Information Assurance team. The SIPRNet Connection Questionnaire consists of 15 questions that range from IP addresses, Contractor Network Access, Foreign National Access, and Network Connectivity.

The third and last Key Performance Parameter to discuss during the Acquisition Phase of deploying the RHN is the delineation Network Operations relationships, which turned out to be the most cumbersome action. The CIO-G6 intent of the RHN is that each supported unit enclave will be allocated a separate physical, or logical, firewall instantiation to allow the unit to maintain its IA boundary and to provide a sufficient level of granularity to allow for unit-specific requirements. The CENTCOM network architecture employs multiple, Top-Level Architecture (TLA) routing and switching devices (stacks).

As mentioned in the previous topic, the TLA stack that services MNF-I is housed in the same Technical Control Facility as the SWA TLA Stack. In order to enable SWA RHN interoperability with Service Component and Joint customers, the WAN engineers needed to determine the simplest solution. This solution had to be able to enable the SWA RHN provide connectivity to the Army’s LandWarNet (LWN) and the Joint Task Force’s Iraqi Theater of Operations (ITO) network, by providing a routing solution through the SWA TLA Stack and the MNF-I TLA Stack, respectively.

During the Rehearsal of Concept (ROC) drill conducted the week of April 7th through December, 2007, the engineering team developed multiple courses of action to determine the appropriate physical solution to a logical networking challenge. Using the military decision-making process, the engineers concluded the acceptable solution would be to physically connect the RHN via fiber optic cable from the aggregate Tier 2 switch to the MNF-I TLA stack on the NIPR and SIPR networks. The two most significantly recognized reasons for implementing this physical cross-connect to the MNF-I TLA are:
  • Autonomous System Number (ASN); the ITO had an established mesh topology within Iraq providing redundancy for the tactical elements, which enables them to talk to strategic units without the signal leaving Iraq over satellite transmission. The team determined that to change this methodology would require a re-engineering of the MNF-I network in order to enable information to route through the RHN using the SWA TLA stacks because of the ASN.
  • Security boundaries and management of assets. USCENTCOM CCJ6 acts as the CENTCOM DAA. The theater DAA has overall authority for the theater. The ARCENT CDR has appointed ARCENT C6 as the DAA for the SWA network. The MNF-I Commander appointed MNF-I CIS as the DAA for the ITO.

Although the RHN is located in Arifjan and is controlled / owned by ARCENT DAA, connected Iraq-based joint assets belong to the ITO managed and controlled by the MNF-I DAA.

OBSTACLE: multiple confederations of networks by service component and joint communities. Asset Network Operations, particularly DAA and security boundaries, become unclear.

RECOMMENDATION: U.S. ARCENT C6 / 335th SC (T) Commanding General be DAA for Operational base and tactical network connectivity.

In summary, during the Acquisition Phase, 160th Signal Brigade identified and advertised the SWA RHN as providing numerous benefits to the warfighter that included:
  • A continuous, seamless flow of information throughout all phases of an operation
  • The ability to rapidly transition from a home station/garrison environment to the area of operation
  • Access to the full range of network services immediately on arrival in the AO
  • The ability to quickly obtain network service when maneuvering/repositioning forces and command posts
  • The ability of on-the-move elements to access network services
  • Reduction in strategic lift requirements and deployed footprint

While operating in coordination and collaboration with the multiple key stakeholders, the 160th Signal Brigade worked through a number of obstacles to achieve IOC. Some of the hurdles that needed to be overcome were:
  • Legacy technical processes and procedures that require long lead time (Cold War processes for a cold war army, not the modular army)
  • Combatant Command control of Satellite Bandwidth (Component Spectrum Managers not involved in management of locally used space segment
  • Recognized authority of local DAA to enable customers to join the network
  • Network Management Common Operational Picture between Service Components and Joint elements

The stakeholders influencing RHN operations are: customer, RHN NOC, SWA TNOSSC, 160th Signal Brigade, 335th SC (T), USARCENT, USCENTCOM, DISA, GSSC, and the CIO-G6.

In achieving IOC of the Army’s first RHN, the SWA RHN Team identified the solutions needed to achieve a high degree of operational agility, as envisioned by the CIO-G6. The following capabilities will need to be realized:
  • A well-defined Designated Approval Authority (DAA) chain and a stream-lined Authority to Connect / Authority to Operate (ATC / ATO) process in accordance with the DoD Information Assurance Certification and Accreditation Process (DISACAP) Guidance
  • Pre-positioned or pre-negotiated SATCOM space segment operated and maintained by the local satellite controller at the RHN NOC
  • Pre-positioned baseband services available to the customer for use activated by the SWA TNOSC WAN Engineers using templates of connectivity

The second part of this paper will explain to potential customers of the SWA RHN the processes and procedures related to requesting and receiving services from the SWA RHN while deployed to the CENTCOM AOR. With the mission as a component for theater reach back to support JTF and Army JNN-equipped units, the RHN provides connections with Enterprise-level services and direct access to the ARCENT/CENTCOM portion of the GIG.

The process is generalized in four categories (1) Service Request Process, (2) Planning and Engineering Process, (3) Service Acquisition Process, and (4) Theater Network Operations Support. All products generated by the processes and the lead engineer of the engineering cell within the SWA TNOSC will coordinate procedures identified within the four categories.

The RHN Engineering lead will consolidate all administrative documentation into a Mission Folder and submit that folder to the RHN NOC. The RHN Engineer lead will enable direct coordination between the customer unit and the RHN NOC early in the provisioning process.

This section describes the process that will be followed to request satellite and gateway connectivity into the FRHN. These requests will leverage and use DISA’s Satellite Access Request (SAR) and Gateway Access Request (GAR) procedures. It is important to note that these procedures have been streamlined for the sake of operational agility.

For all space segment requests, a SAR will be required. A SAR will also be required if changes are made to the existing allocation of the satellite space segment, or terminating equipment (e.g., antenna size) change. This is due to the continued need to interface with the Global Satellite Service Center (GSSC) or Regional Satellite Service Center (RSSC) as an interface to the DISN Satellite Transmission System-Global (DSTS-G) for generation of a transmission plan (TP), licensing, and so on.

The 335th SC (T) will submit a RFS to DISA to establish initial DISN services provisioned to the FRHN. This will be accomplished as part of the Initial Operational Capability (IOC) of the FRHN. The SC (T) to DISA will submit a RFS and TR if the baseband and/or DISN Tier 0 service requirements exceed the quantity pre-positioned and/or installed DISN services at the FRHN. An ASR will be submitted by the warfighter to the ASCC for the original requirement. An ASR is a modified GAR that is scoped for FRHN baseband operations. The ASR is not intended to go to DISA for any actions, and will be handled internal to the theater Army organizations in a highly expedited manner.

Expeditionary Signal Battalions (ESB) supporting Division and Corps assets will obtain Ku-band (future Ka-band) services from the FRHN using the SAR/ASR process. The supported S6/G6 will be responsible for submitting the SAR and ASR. The ESB S3 or Tactical Theater Signal Brigade (TTSB) will assist the supported unit with SAR and ASR development. ESBs may support joint operations (e.g., Joint Task Force (JTF)) and may derive their services via a DoD Gateway. This would require a normal DISA SAR and GAR submission. All X-band requirements (Ground Mobile Force (GMF) and Phoenix terminals) for service through a DoD Gateway will continue to follow the DISA SAR and GAR submission procedures.

Note that the IP connectivity (e.g., NIPRNET and SIPRNET) between the FRHN and co-located gateway will be accomplished via Army Tier 1 and DISA Tier 0 connectivity on the installation. Terminals down-linking at a DoD Gateway will have high-bandwidth, low-latency connectivity to users operating off the FRHN. As previously mentioned, the ability to leverage a local LandWarNet perimeter security stack will provide a high level of assured connectivity between FRHN and DoD Gateway customers by keeping the interface local to both facilities, thereby keeping traffic between them internal to the theater.

(1) Service Request Process…

Step 1
  • Warfighter submits a SAR, Request for Service (RFS), Commercial Satellite Team (CST) Service Survey (CSS), ASR, Network Diagram and ATO/IATO to the SWA Theater ASCC (ARCENT) or CENTCOM (CONUS)
  • Warfighter coordinates with SC (T)/Corps/Division (as appropriate/applicable) during the development and submission of the SAR/RFS/CSS/ASR, Network Diagram, and ATO process. The 335TH SC (T) (PROV)/Corps validates the submission paperwork and forwards to ARCENT

(2) Planning and Engineering Process…

Step 2
ARCENT validates request and assigns mission priority ARCENT coordinates with the 335TH SC (T) (PROV) and FRHN NOC to ensure resources are available to support mission requirements ARCENT coordinates requirement with combatant command if:
  • Space segment is funded by combatant command
  • Joint mission supported (e.g., JTF)
  • Adjudication of resources necessary for competing joint mission requirements
  • If disapproved the SAR/ASR is sent back to the requesting unit noting disapproval

ARCENT and 335TH SC (T) (PROV) will work with the tactical unit to identify alternative courses of action (e.g., Out-of-theater FRHN or Teleport access)
ARCENT submits SAR/CSS to the organization responsible for commercial SATCOM (COMSAT) management
  • CONUS COMSAT Manager-NETCOM/9th SC (A)
  • OCONUS COMSAT Manager-335TH SC (T) (PROV)

(3) Service Acquisition Process…

Step 3
  • 335TH SC (T) (PROV) or NETCOM/9th SC (A) incorporates mission requirement into SATCOM access schedule
  • Determines whether there are competing requirements for space segment resources and adjudicates conflicts with ARCENT and/or CENTCOM for Army or joint missions, respectively

Step 4
  • 335TH SC (T) (PROV) or NETCOM/9th SC (A) forwards SAR/CSS to the GSSC or RSSC
  • GSSC/RSSC receives SAR/CSS from COMSAT Manager and submits the package to the DSTS-G contractors
  • The DSTS-G contractor selected, develops transmission plan (TP) and coordinates licensing, landing rights, and frequency clearance
  • GSSC/RSSC assigns mission number and develops the SAA

Step 5
  • The SAA and TP are sent back to 335TH SC (T) (PROV) or NETCOM/9th SC (A) . In the case of training missions the COMSAT Manager tracks space segment utilization. In the case of joint missions (exercise & operational), the COMSAT Manager disseminates the SAA and TP to the combatant command J6 for theater space segment use and frequency management.
  • 335TH SC (T) (PROV) or NETCOM/9th SC(A) reviews IATO/ATO and authorizes connectivity
  • Coordinates with FRHN NOC to identify equipment set to support mission
  • The 335TH SC (T) (PROV) develops the ASA from the ASR and incorporates the mission number from the SAA into the ASA

Step 6:
  • The 335TH SC (T) (PROV) or NETCOM/9th SC (A) provides the Authorization to Connect (ATC), Army Service Authorization (ASA), and SAA/TP to tactical unit and FRHN NOC
  • The FRHN NOC and tactical unit coordinate, as necessary, the development of equipment crew assignment sheets
  • FRHN NOC and tactical unit implement crew assignment sheets and prepares systems for operation
  • FRHN NOC develops crew assignment sheets and implements equipment configurations as per SAA/ASA/TP/crew assignment sheets and provides coordinating authority for satellite and baseband services at the FRHN
  • Tactical unit implements equipment configurations as per SAA/ASA/TP/crew assignment sheets and coordinates with the FRHN NOC for access to satellite and baseband services

These are the processes and procedures the 160th Signal Brigade executed to successfully integrate the SWA RHN into the existing Component and Joint network architectures. Through illustrating and focusing on the Acquisition and Operational phases of the SWA RHN deployment, the key points have highlighted the benefits of the RHN, the obstacles inherent in fielding the RHN as a new system, the stakeholders, and the solutions presented.