 |
3.1 | Testbed Environment Addresses Present and Future |
|---|---|---|
|
3.2 | Present NN-50 Work Environment |
|
3.3 | Present Oak Ridge MLS Testbed Environment |
As a particular phase is being implemented in the NN-50 Demonstration Networks based on a phase-specific implementation plan written by Center for Information Security Technology (CIST) personnel and based on testing completed earlier at Oak Ridge, the MLS Testbed will begin to reflect the requirements for the next phase to be installed in the NN-50 Demonstration Networks and will begin to test the products to be introduced in the next phase. When commercial-off-the-shelf (COTS) products do not exist, the Oak Ridge MLS Testbed will test preproduction releases of technologies that are under development.
 |
to Sect. 3 menu |
|---|
|
to Sect. 3 menu |
|---|
Because the Testbed is located in an unclassified area, no classified work or processing will be performed on it. In the following sections, references to the "classified LAN" refer to a Testbed LAN segment that simulates the classified segment of the NN-50 LAN but does not actually process classified data.
 |
3.3.1 | Testbed Cable Plants and Concentrators |
|---|---|---|
|
3.3.2 | Personal Computer Workstations |
|
3.3.3 | Network Servers |
|
3.3.4 | cc:Mail/SMTP Gateways |
|
3.3.5 | Secure Network Server/Mail Guard |
|
3.3.6 | Network Lab Workstations and Test Equipment |
3.3.1 Testbed Cable Plants and Concentrators
Unlike the NN-50 LANs that use two separate fiber optic cable plants, the Oak Ridge MLS Testbed uses one dedicated fiber-optic cable plant for the simulated classified LAN and uses the existing building Thin-net coaxial cable plant for the unclassified LAN. This difference does not affect performance but represents a cost savings to the project because the coax was already in place. Because the building network can provide connectivity to the unclassified LMES networks and to the Internet, this is a better emulation of the NN-50 unclassified LAN, which has connectivity to the DOE unclassified backbone.
The classified LAN cable plant consists of pairs of 62.5/125 multimode fibers in a star topology that are run from the Cabletron MMAC-3 concentrator and patch panel located in the building communications equipment room to the individual workstations located in various parts of the buildings and to the servers located in the network lab.
|
to Sect. 3.3 menu |
|---|
3.3.2 Personal Computer Workstations
Six existing Disk Operating System (DOS) personal computers (PCs) in staff offices were upgraded with 486/33–central processing unit (CPU) motherboards and 16 megabytes (MB) of installed random access memory (RAM). Each PC was fitted with a removable hard disk drive slot. Two 345-MB hard disk drives were mounted in holders. One hard disk was designated for the unclassified LAN and one for the classified LAN. Each PC has an A/B switch that allows it to be connected through a TMS-3 Ethernet transceiver or through a FOT-F2 fiber-optic transceiver to the unclassified LAN Thin-net cable or the classified LAN fiber-optic cable, respectively. Each PC uses a 3COM 3C509 Etherlink III network interface card. These workstations run Microsoft DOS version 6.22 and Windows version 3.1 software for their operating environment, and they are equivalent in performance to the PCs attached to the NN-50 LAN. Four PCs have parallel port Personal Computer Memory Card International Association (PCMCIA) card readers that are used for Fortezza cards. In addition, each workstation runs Lotus cc:Mail for Windows version 2.21 and Armor Mail Add-On for cc:Mail version 2.13.8.
|
to Sect. 3.3 menu |
|---|
The network servers consist of two 486/66-CPU machines, each with 32 MB of RAM and 1.05 GB hard disk drives. Each machine has a compact disk, read only memory (CD-ROM) drive that is used to load the network operating system. Each server runs the Novell NetWare Version 4.1 network operating system. For network management, LanWatch is available.
|
to Sect. 3.3 menu |
|---|
The sending cc:Mail/SMTP Gateway will receive cc:Mail from the sending Novell Server, convert the mail format to SMTP mail, and send it to the SNS. The receiving cc:Mail/SMTP Gateway will receive SMTP mail from the SNS, convert the mail format to cc:Mail, and send it to the receiving Novell Server. The cc:Mail/SMTP Gateways consist of two 386/66-CPU machines, each with 2 MB of RAM and 3 MB of disk space.
|
to Sect. 3.3 menu |
|---|
3.3.5 Secure Network Server/Mail Guard
An SNS Mail Guard is installed in the network lab between the unclassified LAN and the classified LAN to provide a controlled interface for the networks that will permit the flow of unclassified information between them.
The SNS Mail Guards was upgraded to Version 2B. This version will support bidirectional unclassified mail between the two segments of the Testbed, but only unidirectional mail flow from the unclassified LAN to the classified LAN will be configured for Phase 2 in the NN-50 Demonstration LANs.
|
to Sect. 3.3 menu |
|---|
3.3.6 Network Lab Workstations and Test Equipment
The network lab portion of the Testbed is shown in Fig. 1. The unclassified LAN side of the testbed is provided by a dedicated Novell server supporting mail and file systems connected to the "u-level" port on the SNS Mail Guard. In addition, the network can be loaded with a portion of or the entire building's unclassified network traffic for testing. The classified LAN portion of the Testbed is a separate, fiber-optic network connected to a dedicated bridge, a dedicated Novell server and to each of the workstations in the test system. It is connected to the "s-level" port on the SNS Mail Guard. The workstations in the staff offices can be connected to either network via an A/B switch.
In addition to the PC workstations located in the staff offices, three workstations in the network lab can be used for testing. These workstations can be connected to the networks by changing the connections from the multiport repeater on the classified LAN to the coaxial connections for the unclassified LAN. In addition, packet analyzers can be inserted at key points to measure network performance.
By using the patching capability in the network lab, it is possible to introduce a number of high performance systems on either network to provide testing loads. By using various system types, it is possible to identify media and vendor-dependent problems prior to installation in the NN-50 networks.
 |
for Article |  |
Section | |
to Conference Proceedings Page |
|---|