U.S. Department of State
U.S. Department of State
Other State Department Archive SitesU.S. Department of State
U.S. Department of State
U.S. Department of State
U.S. Department of State
U.S. Department of State
U.S. Department of State
U.S. Department of State
U.S. Department of State
Home Issues & Press Travel & Business Countries Youth & Education Careers About State Video
 You are in: Under Secretary for Management > Bureau of Administration > Office of Small and Disadvantaged Business Utilization > Marketing

Enterprise Network Management



EXECUTIVE SUMMARY

Enterprise Network Management (ENM) is IRMís primary initiative to accomplish Goal 1 of the Information Technology Strategic Plan: A Secure Global Network and Infrastructure. ENMís mission is to provide a reliable and secure global telecommunications infrastructure vital to the conduct of diplomacy and international affairs for the Department of State. A modern, high-capacity, commercial-style network is a prerequisite to the conduct of e-diplomacy. ENM enables the Departmentís IT infrastructure to support the nationís diplomats to exploit technology for innovative and collaborative processing and interaction, both internal and external. The purpose of ENM is to ensure available, fault tolerant and low-risk operation of the Departmentís total IT environment so Department employees can communicate rapidly and securely in a variety of conventional and innovative ways, including message text, voice, and video-conferencing.

DESCRIPTION

The scope of ENM includes all centrally deployed and managed components of the modernized IT infrastructure - OpenNet, PDnet, Intranet network connections, ALMA-deployed routers, switches, and servers at posts, and the evolving classified network infrastructure. ENM has also led the Departmentís efforts in Capacity Planning, thereby paving the way for the consolidation of networks and implementation of Virtual Private Networks, in support of the IT Strategic Planís Objective 1A: A Commercial-Style Global Network for Classified and Unclassified Communications.

ENM provides services to other organizations that are responsible for centrally run applications, such as Consular Affairsí Non-Immigrant Visa (NIV) Name Check System, in support of the IT Strategic Plan Goal 2: Ready Access to International Affairs Applications and Information. ENM supports email throughout the Department through performance monitoring and engineering improvements to the network, thereby facilitating Goal 3: Integrated Messaging Ė A Worldwide Approach. A core competency of ENM is the establishment of disciplined configuration and change management, managed by ENM through the IT Configuration Control Board (CCB), supporting Goal 4 Ė Leveraging IT to Streamline Operations.

ENM consolidates the following initiatives into a single program directly supporting the goals of the IT Strategic Plan:

Global Network Engineering and Design
Enterprise Operations
     Network Life Cycle Management
Enterprise Licensing
Planning and Project Management (Program Management Office)

Component Name: Global Network Engineering and Design

Description: Over the years the department has depended on a star topology for its unclassified and classified networks. Often there are multiple circuits coming from post to Washington supporting one or more unclassified networks, a classified network, International Voice Gateway (IVG) lines, and assorted other applications. This approach is under serious scrutiny for cost-effectiveness and throughput issues. As more applications migrate to the TCP/IP protocol the likelihood for collapsed and regionalized networks increases. ENM is working with DTS-PO to redefine the Departmentís wide area network (WAN) topology. Included with this effort is the completion of a security architecture that will support multi-level security across a common network infrastructure. ENM and the Architecture and Planning office are working with other IRM offices and DS to finalize security architecture. Work has also begun with Public Diplomacy (PD) to incorporate their requirements with the Departmentís global network design. As part of this effort, the Department approved the network 10 IP addressing scheme for overseas posts and domestic sites.

The Global Network Engineering and Design component of ENM consists of the following initiatives:

NED Division Front Office: NED has the need for a project manager and senior technical support Engineer to help organize and coordinate the project activities of the Network Design and the Enterprise Management System Branches. This is especially important since this division is the prime systems engineering unit in the ENM Office that has made a full commitment to establishing CMM level 3 certification. The objective of achieving CMM level 2, then moving to level 3, are very difficult but the ultimate benefit of low cost predictable processes is well worth the investment.

Network Design: Network Design includes capacity planning and management, design of new and enhanced networks, management of DNS/DHCP for the Department, Tier 3 Engineering, and Security Engineering. The component's goal underpins fundamental business processes and requirements that, in turn, lend support to all of the Department's missions as defined in the Department of State Strategic Plan. This project goal also meets Objective 1A of the IRM IT Strategic Plan: A Commercial-Style Global Network for Classified and Unclassified Communication.

The IRM Capacity Planning and Management initiative within Network Design is intended to minimize the impact of inadequate IT capacity on the ability of the Department to accomplish its tactical mission and strategic goals. Capacity Planning helps to ensure that facilities are properly sized to support employee workloads and that they are scaleable to support reasonable growth and changes in requirements. Indirectly, the IRM Capacity Planning and Management Project is intended to help minimize the direct and indirect costs that accrue in the absence of a strategic IT planning commitment including: lost productivity; overpaying for IT capacity; and waste due to the replacement or upgrading of equipment prior to the end of planned life cycle. An effective IRM Capacity Planning and Management component will help managers to purchase the type and size of IT equipment required; aid technical IT managers in tuning their systems to maximize return on investment; and document the baseline workload and computer resources associated with each of the Department's mission critical business activities.

Enterprise Systems: This effort includes the continued development, training, and maintenance of the IEMS. IEMS is not just one product, but a collection of integrated tools used to manage the departmentís global network and systems assets. Already the IEMS has the initial components that include HP OpenView, Ciscoworks, TAVVE, Microsoft Systems Management Server (MS/SMS), Measure-IT, and the Remedy trouble tracking system. MS/SMS allows posts to easily inventory their systems, enables the "pushing" of software to client PCís automatically, and allows remote management. MS/SMS will be linked in with OpenView and Remedy, allowing overseas and domestic support personnel to provide more immediate resolution to network and systems problems. During FY2000, the IEMS was expanded to SIO. Ultimately, the IEMS will be expanded to allow integration of other operations in IRM and provide on-line links to help desks and operations centers in CA, FMP, and DS.

Benefits

Network Design (ND) Branch: The Network Design Branch has the key responsibility of engineering major system enhancements for the Department's network infrastructures. These projects are listed under category headings that characterize the major kinds of benefits that they can provide. Some of the listed projects have been referenced more than once because more that one major benefit category is clearly supported.

Best Practice Projects: These projects are necessary to provide a well run, reliable, and maintainable network that is characterized by high availability and strong performance. They promote the fundamental building blocks that insure low risk customer Service Level Agreements (SLAs) and support a scaleable, easily managed change control process. Cutting corners here can lead to short run saving and long term serious problems:

Network Capacity Planning
Domestic OSPF configuration
DNS/DHCP deployment and configuration
Domestic and Foreign network IP address planning and deployment
Network Engineering Support for the evolving OPAP pilot projects
Network problem analysis and correction (Tier 3 Engineering Support)
Engineering to support the successful transition from X.25 WAN to the BRN
Establishment of general software deployment through better use of SMS tools

Service Cost Reduction Projects: These projects utilize technology enhancements that have almost immediate high dollar financial payback. By simple analysis of service cost reductions the payback period is measured in months with minimal risks. With the proper and timely implementation, some of these projects have the potential of refunding the entire cost of the ENM Office.

  • Network Capacity Planning
  • Development of regional network topologies
  • Development and deployment of layer 3 network encryption (Router based IPSec)
  • Extension of Class-Net consolidation through OpenNet WAN transport system
  • WAN transport consolidation via PD-Net tunneling through the existing OpenNet
  • Deploy an OpenNet VPN via IPSec to improve availability/performance at low costs
  • Deploy a Voice over IP (VoIP) service that will provide secure low cost voice

 

Security Enhancement Projects: These projects provide for the integration of new technologies that will greatly enhance the overall security profile of the Departments networks.

  • Development and deployment of layer 3 network encryption (Router based IPSec)
  • Provide support for deployment of Network Intrusion Detection (DS NID project)
  • Extension of Class-Net consolidation through OpenNet WAN transport system
  • WAN transport consolidation via PD-Net tunneling through the existing OpenNet
  • Deploy a Voice over IP (VoIP) service that will provide secure low cost voice

Enterprise Management Systems (EMS) Branch: The EMS Branch has the responsibility of identifying network tool requirements, selecting commercial products, product integration, and providing stakeholders with access to the appropriate tools. The first generation of these tools has been made available as the Integrated Enterprise Management System (IEMS).

The selected tool set includes:

Hewlett Packard Open View Network Node Manager (NNM 6.0),
TAVVE Performance Reporting Module (PRM),
Cisco Resource Management Essentials (RME),
Remedy Action Request System (ARS) help desk ticket system
Remedy/Oracle based change management system for SIO
Remedy/Oracle based asset management system for SIO

Web access to these tools is provided from the ENM web page under "Network Management". Another stand-alone tool set called "MeasureIT" provides long term historical metrics and is also available from the "Network Management" page. Customized user documentation and vendor product information is the third major element available on the IEMS web page.

In a very short period of time these tools have been made available to all of IRMís customers. Any bureau can quickly obtain a real-time or historical view of the availability, reliability, performance and stability of the IRM SBU supported network and all the subnetworks that use it for transport. The Department tactical planning process has emphasized the need for projects to provide value by including real measurable results. The EMS Branch has done exactly that in the development of these metric centric tools. The measurements that are readily available have lessened the need to depend on anecdotal comment as the driving force in network support and planning. The ability to expand and extend these capabilities depends on the funding stream that is made available.

Other tools that provide specific functionality to the ENM Operations Division and the Network Design Branch include:

Cisco TACACS (router access authentication security),
Microsoft SMS tool (inventory and software distribution system),
Cisco SYSNET (network modeling and design tool),
Cisco Works 2000/Traffic Director (RMON Traffic Management Console),
NetScout Fast Ethernet Probes (collect traffic data from network core).

The current set of EMS Branch tools and the proposed future tool development projects can be divided into three general categories: Network Management, Systems Management, and Application Management. During the last stages of the ALMA deployment, the development of the three management disciplines was planned in such a way to provide the necessary tools in the order presented. Because Network Management is the critical element to keep the network operational, it was given the highest priority for deployment. The second and third categories, system and application management, should only come into existence after the network management tools are fully functional. The ENM has arrived at that critical point and is poised to begin selection, testing, deployment, and operation of individual products to complete the original plan.

The primary purpose of the selected tools can usually be categorized in one of the following functional areas:

Fault Management: The HP Open View Network Node Manager is the primary fault detection and display system. This system is distributed on seven Hewlett Packard UNIX platforms that are located in the ENM Network Management Operational Center at Beltville. This system continually discovers, monitors for network faults, and displays real-time graphical maps of the foreign/domestic network and major sub-elements. Collected data is stored in a central Oracle database where it is made available to other functional IEMS systems. This is the primary central system of the IEMS that requires continual engineering attention to fix problems, tune performance and add functionality.

Performance Monitoring: The TAVVE Performance Reporting Module (PRM) is the primary performance monitoring tool now deployed. This tool provides real-time and historical text and graphical data related to network latency, throughput, and availability. PRM runs on the same UNIX systems that support the Open View application and receives data from Open View and the central Oracle database. This arrangement is very efficient because PRM does not need to replicate the data collection processes that already exist in Open View. This helps reduce the volume of management traffic overhead that is levied on OpenNet. TAVVE is the most widely customer used IEMS tool. The MeasureIT monitoring tool run from a separate group of NT based servers. It is a custom developed tool set that uses standard SNMP and router based Management Information Base (MIB) functions to collect network statistics on OpenNet. These statistics include, availability, performance (latency), reliability, and stability for each of the foreign and domestic sites. The data is made available in several different views. The historical monthly view presents consolidated comparison data for each post along with ranking between sites for availability, performance, reliability and stability. Also, long term detailed performance charts are available in Power Point format. Data samples are collected every twenty minutes by polling the bridge routers located at each site. The resulting Access database is processed each week and each month to produce the respective report formats that are available from the ENM web page. By running independently from the IEMS Open View/TAVVE tools, this tool provides independent validation and a different perspective of OpenNet characteristics.

Security Access and Monitoring: The primary application for controlling Router access and control is the Cisco TACACS system. TACACS runs on a pair of NT systems in the NMOC. Accounts and passwords are assigned in a hierarchy that allows larger set of FTE technical staff to review router configurations, but only a very few staff to make router configuration changes. A detailed audit trail of access and changes are logged into the central TACACS database. SUN UNIX equipment has been procured to support the transition the current NT platform to the more functional UNIX platform. At least one EMS engineer will be needed for several months to support the transition process to the NMOC Operations staff.

Help Desk Management and Reporting: The EMS Branch has been actively involved with the development and deployment of Remedy Action Request System (ARS) and central Oracle Data Repository for last ten months. A team of six engineers including: a project lead engineer, a systems/Oracle engineer, two Remedy customer engineers, a Remedy applications engineer, and Remedy Web interface and reports engineer have constructed three fast prototype Remedy help desk implementations. Two of the implementations, one for the ENM Network Management Operations Center (NMOC), and one for the SIO Office, are operational. Full functionality of the respective trouble tracking systems is joined together with the other IEMS tools so that trouble ticket management is tightly integrated on a single web page.

Component Name: Enterprise Operations

Description:  Enterprise operations provides 7x24x365 monitoring and control of the OpenNet, PDnet, and evolving classified network. This includes administering system components and support software, providing technical management and control, monitoring the network, detecting, identifying, resolving or identifying help for resolution of problems and providing up to date status and technical analysis reports.

ENM Operations technicians support and manage the Department's OpenNet and PDnet network. This group handles trouble tickets from the InfoCenter relating, but not limited, to issues such as network outages and slow response times. At their disposal these technicians have the Integrated Enterprise Management System (IEMS), a standards-based framework of enterprise management tools, to efficiently troubleshoot and proactively manage the data network. As necessary, the technicians interface with the IMOís, system administrators, and other organizations to quickly resolve problems. One of the most common groups the ENM Operations Center (ENMOC) interfaces with is DTSPO to resolve circuit outages. ENMOC personnel are also involved with non-trouble ticket tasks such as working with DTSPO for circuit upgrades, monitoring and trend analysis. The ENMOC also provides input to ENM technical leadership on network reengineering, assists with the deployment of new tools into the management framework, and provides configuration and change management control for the deployed network devices.

ENM Operations technicians also support the systems management systems (SMS) deployed at each post. These systems provide Department of State management with information such as software inventory, distribution, license management and version control; and system capacity and performance management. The SMS system can, upon request, provide the ability to remotely control specific post servers to provide an additional troubleshooting tool. Servers cannot be remotely controlled without specific interaction and consent from the post. Technicians from this group handle any trouble tickets sent to the ENM dealing with the SMS system.

Benefits:  ENM Operations is essential to the ongoing mission of the Department. A high performing network is the lifeblood of the Departmentís business processes. Consular Affairs, Finance, Personnel, and Diplomacy all conduct their affairs over the enterprise network. Security of the network is a primary concern, and ENM Operations is integrated with Diplomatic Security in assisting DS in validating and categorizing potential threats that are identified with DSí Network Intrusion Detection System.

One of the most important objectives of ENM Operations is to reduce downtime and increase performance of the departmentís network infrastructure. To meet that demand new strategies based on an integrated enterprise management system have emerged that allow higher levels of support (i.e., full 7x24 coverage and remote management capability) while slowing the rate of increase for staffing.

Regional information management centers (RIMCs) are also playing an increasingly crucial role in supporting the new ip based networks. RIMC technicians are being trained in the support of ALMA compliant systems and ALMA contractors are employed at RIMC Bangkok and Frankfurt to support the increasing demands for technical support. RIMC Bangkok and Frankfurt are actively deploying supporting the ENM networks.

Component Name: Network Lifecycle Management

Description:  The Department is implementing a global, coordinated process for controlling changes that affect the Departmentís deployed IT assets. Network Lifecycle Management entails a disciplined process for planning, managing, and implementing changes to the IT environment. All proposed changes to the baseline configuration will be subjected to an impact analysis and review at appropriate levels following a structured management process.

The Network Lifecycle Management component consists of the following initiatives:

Configuration Management: Configuration management (CM) is considered both a discipline and a process. In todayís complex and highly integrated network environment, the Department experiences continual need and/or develops requirements for new and updated products to meet business needs. This evolution requires careful control, without proper planning and testing, costly mistakes could be made. CMís purpose is to control changes while maintaining integrity and traceability throughout the life cycle of any given component (both hardware and software). Controlling the enterprise environment can best be accomplished by having all assets identified and catalogued in detail in a working database. CM is dependent on a valid, up-to-date and viable asset management program.

The establishment of an end-to-end configuration management process where the IT CCB plays a primary role is currently under consideration by the CIO. The role and scope of the current CCB is being expanded to encompass all of the Departmentís information systems and networks. The establishment of a DoS-wide, IT CCB, in close coordination with the Certification and Accreditation process, will work to provide the necessary central control over DoS information system projects. Functions and tasks of the IT CCB include:

  • Develop, maintain, and facilitate a sound and integrated IT baseline for the Department
  • Provide system managers, data owners, and other applicable parties with approved baseline information
  • Coordinate established certification and accreditation requirements
  • Provide central change management
  • Support DoS in the implementation information technology architecture
  • Identify and document authorized baseline and system security requirements
  • Provide an administrative mechanism for instituting, valuating, and approving system configuration changes or enhancement requests in support of the certification and accreditation process

Provide testing of proposed changes in a laboratory environmentAs an example of an end-to-end effort falling under this initiative, ENM Configuration Management is spearheading the testing, approval, and planning for the deployment of Windows 2000. For reasons related to the way the network(s) developed out of individual LANs, the Department has not adequately addressed enterprise-wide issues at the network operating system level. ENM has made substantial progress in recognizing and rationalizing networking up through the IP layer, but upper-layer issues of the network operating system such as naming contexts, directory services, permissions, security policies and the like have largely been left to LAN administrators. The inevitable arrival of Windows 2000 offers both opportunities and dangers. At the same time as we (quite properly) postpone its introduction, we should be proactively working on details of an enterprise design for it, if only to prevent it from attempting to carry on replication in a way that our WAN can not support. This is not something that can be easily farmed out as a package. A proper design will require a significant research effort by people familiar with our topology, our political and bureaucratic structure, and our security environment. It will have to address issues relating to existing systems such as FADS, DNS and Exchange as well as how to implement an eventual migration. The effort will involve study of available literature and documentation, and collaboration with other Department offices such as Architecture, CA, IRM/OPS/MSO. ENM will call on existing and augmented staff expertise in the Windows operating system to identify the issues and problems, develop a design iteratively through preliminary testing, and identify a migration strategy. This would be likely to lead to subsequent organization of a central core migration nucleus that would host enterprise wide policies and schemas.

IT Asset Management: The Departmentís networks continue to experience rapid and ever-increasing complexity, and when we combine this with the daily pressure to ensure high service levels, it emphasizes the need for comprehensive and integrated network asset documentation to help ensure that we can effectively support the network customers. A centralized asset management system which provides readily available asset information, can assist ENM in several ways such as planning or projecting budget costs, providing justification for acquiring new assets, assist with obtaining volume discounts on purchases, minimizing the need for new purchases, and help with the planning of future migrations.

One of the most significant changes to the ENM project plan is the concept of enterprise-wide software and hardware asset management. The ALMA program proved that centrally funded hardware is more cost-effective than the Departmentís decentralized approach. This area is responsible for management of the enterprise licensing and for overall tracking of assets under ENM control.

Benefits:  Our decentralized management of computer desktop resources resulted in many benefits, but it also resulted in the loss of control over technology assets, which can somewhat negate the overall benefits the organization had received. Managing the organizations technology assets can no longer be performed by manual methods, therefore, asset management tools assist us by providing a means to inventory the network. Having a central repository which stores this information will be used to more efficiently manage the network, standardize on both hardware and software platforms, help with capacity planning, analyze costs and benefits, and assist with more smooth migrations. An asset management system has also be used to quickly identify underutilized equipment which can be transferred to where it might be needed. Industry estimates show that businesses implementing an asset management program can expect to reduce a total cost of system and network ownership by 10% in only six months.

The IT CCB is also expected to act as an enforcement mechanism by exercising central control over lifecycle management. Having the authority to approve or reject proposed IT projects based on comprehensive criteria developed by the bodyís cross-functional representatives will ensure that proper policies and procedures are followed by all DoS organizations. It is expected that the IT CCB will enforce not only broad IT security policies contained in the FAM and national legislation, as well as specific process procedures considered essential for the establishment of a standardized lifecycle IT management process.

Component Name: Planning and Program Management

Description:  This component includes tactical planning, budgeting, project control, internal process improvement, and liaison activities of ENM. Within this area, project management plans describing the technical approach, organizational resources and management controls are prepared including cost, performance, and schedule requirements of subprojects undertaken in support of this Tactical Plan. All project plans are produced in adherence to the Departmentís Managing State Projects (MSP) methodology and other relevant Department standards. This component contractor produces plans to support ENM in the Departmentís IT Capital Planning (ITCP) process and IT Tactical Plan (ITTP). Weekly status reports that monitor the execution of the project plan and the performance of periodic reviews at the program level are prepared. This activity includes productivity and management methods such as quality assurance, earned value, risk management, configuration management, and work breakdown structuring at the subproject level. Centralized administrative, clerical, documentation, and related functions in support of ENM project operational and planning level activities are performed.

Benefits:  ENM will be adopting industry best practices and following the Software Engineering Instituteís (SEI) Capability Maturity Model. The Software Engineering Institute was established by the Federal Government to act as a central body of reference for process improvement. Achieving increased levels of development maturity as measured against the SEIís Capability Maturity Model reduces program risk, increases schedule and cost accuracy, reduces defects and results in a more stabile and productive organization. This effort will ultimately lead to the ENM being assessed as a Level 2 systems engineering activity and lay the groundwork for future efforts to support Level 3.


  Back to top

U.S. Department of State
USA.govU.S. Department of StateUpdates  |   Frequent Questions  |   Contact Us  |   Email this Page  |   Subject Index  |   Search
The Office of Electronic Information, Bureau of Public Affairs, manages this site as a portal for information from the U.S. State Department. External links to other Internet sites should not be construed as an endorsement of the views or privacy policies contained therein.
About state.gov  |   Privacy Notice  |   FOIA  |   Copyright Information  |   Other U.S. Government Information

Published by the U.S. Department of State Website at http://www.state.gov maintained by the Bureau of Public Affairs.