DMS will provide a fully integrated, supportable, secure, accountable, and completely commercial-off-the-shelf capability for E-mail and organizational/official messages for the DoD, ensuring that capability keeps pace with technology for years to come. The system consists essentially of three main component headings: a message handling system, directory services and a management system.
The message handling system and directory services are defined respectively by the X.400 and X.500 standards recommended by the International Telecommunications Union - Telecommunications Sector (ITU-T). Management of DMS is provided via a suite of products known as the Management Workstation (MWS). The MWS provides local and remote control and monitoring of all components in the DMS. It applies configuration, fault, performance, accounting and security management to monitoring and control, system administration and customer service. DMS is not, however, a network -- it is a "layer 7" application system. The transport of messages between elements of the DMS is via existing and planned communications networks and media, primarily the Defense Information Systems Network (DISN).
The Automated Digital Network (AUTODIN), DoD's present official messaging system, has existed for over 30 years. Although frequently upgraded, efforts to replace AUTODIN over the years have failed, primarily due to excessive costs and associated operational dilemmas. As a result the DoD has been forced to live with a system that is limited in its capability and is increasingly costly to maintain.
Work to define the baseline for DMS, estimate its cost, and develop a target architecture began in early 1988 with the formation of the Defense Message System Working Group at the direction of the Assistant Secretary of Defense (Command, Control, Communications and Intelligence) (ASD(C3I)). The basic operational requirements for DMS were determined:
- Connectivity and interoperability - Guaranteed delivery - Timely delivery - Confidentiality/security - Sender authentication - Integrity - Survivability - Availability and reliability - Ease of use - Identification of recipients - Preparation support - Storage and retrieval support - Distribution determination and delivery
Loral Federal Systems in Manassas, Virginia, and its teammates, Andrulis, Anstec, BBN, Boeing, CDA, CommPower, Enterprise Solutions Limited (ESL), GCH, GTE, GSI, Hewlett-Packard, Computer Associates, Litronics, Lotus, Microsoft, Oracle, Remedy, Troy Systems and Xerox, were awarded the DMS contract on May 1, 1995.
X.400 defines an architecture and set of standards for a message transfer system that provide for a global messaging service. The basic components of the message handling system are the User Agent (UA), the Message Transfer Agent (MTA), and the Message Store (MS). These components allow users to create, submit, receive and store X.400 messages. By requiring X.400 compliance the DoD has standardized its mail system while retaining the features and capabilities of the latest commercial E-mail systems. These products will allow the transfer of text messages, attachments like graphics and video, and ultimately Electronic Commerce and Electronic Data Interchange (EC/EDI).
The Message Store (MS) stores messages much like a mailbox. And like your mailbox, messages are submitted through the MS as well. The Message Store will reside on a server to which the User Agent accesses across a network. When a user accesses the system, incoming messages stored in the message store are displayed in the "In-box" just as they are with any commercial E-mail product. One MS may serve many UAs. In the Loral architecture ESL users will utilize an ESL Message Store, Microsoft users will utilize a Microsoft Message Store and Lotus Users will utilize a Lotus Message Store.
The Message Transfer Agents (MTAs) can be separated into two logical functions. First, there are MTAs that are collocated with Message Stores at the local user Server. These MTAs receive messages from the Message Stores for submission to the MTS. They also deliver messages to MSs for delivery to users. The second type of MTA is a "relay". These MTAs are dedicated to message switching. Within the DMS there are three levels of MTAs used. At the local level the Subordinate MTA (SMTA) interfaces directly with the UAs and MSs and routes messages locally or upward within the DMS. In the architecture, Intermediate MTAs (IMTA) and Backbone MTAs (BMTA) are message relays. The BMTAs provide for theater level message switching (about 50 BMTAs are planned to be installed worldwide) and the IMTA roughly corresponds to regional level message switching. IMTAs and BMTAs will be hosted on Hewlett Packard 9000 Model 800 servers and the MTA is provided by ESL.
The Profiling User Agent (PUA) provides the features necessary to handle profiling and message dissemination of organizational messages. Profiles and distribution information is built for a given organization and activated at the PUA. Upon receipt of message, the PUA decrypts the message and activates the profile. The profile can trigger searches for key words in the subject area and text, as well as trigger on precedence. If the profile determines a "hit" then the message is disseminated based on the distribution information associated with the profile. The PUA can reduce bandwidth requirements by limiting distribution to a small group of need-to-know individuals. Software developed by Xerox is being integrated to perform the functions of the PUA.
The Mail List Agent (MLA) manages a number of mailing lists to support the distribution of messages throughout the DMS. Messages that go to large groups of users are routed to the MLA where the header of the message is expanded to include the address of each recipient. The MLA also performs some security services in that it does lookups in the directory system to obtain security related information. Additionally, MLAs can generate the security tokens for each addressee, thereby off- loading the User Agent from this time-consuming process. The MLA is hosted on a high performance workstation designed to speed up this process. MLAs can be implemented locally or regionally. MLA software is provided by CommPower.
The Multi-Function Interpreter (MFI) allows the DMS to share messages with other messaging systems not compatible with the X.400 MTA. It allows the transition from AUTODIN to DMS for organizational messages by converting message protocols from one system to the other. Within the DMS the MFI functions as a MTA while at the same time it appears to the AUTODIN as a Mode I terminal. For E-mail the MFI acts as a SMTP-to- X.400 gateway when communicating with SMTP users. CommPower also provides the software for the MFI.
The directory system within the DMS stores recipients' addresses, security related information and other information necessary to provide organizational and individual messaging on a global basis. The ITU-T X.500 standards define the mechanisms to support distributed environments and access control of the information that is stored in the directory.
The DMS directory system stores information in a distributed, hierarchical structure known as the Directory Information Tree (DIT). Entries describe users, groups or network resources. The complete set of entries is called the Directory Information Base (DIB) and it is the collection of all the DITs. Message addresses for every user are stored in three formats: X.400, AUTODIN and SMTP. Users can look up addresses for message recipients in any of these three domains. Mail lists for group addresses can be identified, given unique names, stored and managed.
The software application that provides the user a means to access information stored in the directory is the Directory User Agent (DUA). The DUA is integrated with the User Agent and provides seamless access to the X.500 Directory Services just as a Personal Address Book in cc:Mail or MSmail does today. From the user's perspective the functional difference between the UA and the DUA is transparent. Requests of the directory are initiated from the DUA to the Directory System Agent (DSA) and the DUA receives the results of those requests. The user can maintain a cache of commonly or recently used directory names, addresses and certification information that can be automatically or selectively maintained by the DUA.
The DSA holds and manages the directory information. DSAs are geographically distributed and are also hierarchically structured into root, regional and site DSAs. The root DSA holds the information on all other DSAs and there is only one in the DoD. The site DSA communicates with the DUA and attempts to fill the DUA's request. If it cannot, it passes the request up the chain until the information requested is found and is passed back to the DUA. The Administrative Directory User Agent (ADUA) is used to maintain the directory. Similar to a DUA, the ADUA provides administrators with the ability to add, delete and modify directory entries.
Management of DMS is provided via a suite of products known as the Management Workstation (MWS). It provides local and remote control and monitoring of all components in the DMS. It applies configuration, fault, performance, accounting and security management to monitoring and control, system administration and customer service. The MWS must support multiple vendor products and multiple network management protocols simultaneously. The Loral integrated MWS consists of a Computer Associates ENTERPRISE*VIEW for E-mail application management, Oracle Relational Database for reporting and configuration management and the Remedy Action Request System for trouble ticket generation and tracking. An ESL UA and ADUA are collocated on the MWS to allow source and receipt of secure E-mail and to administer the directory. Loral will operate a 24 hours/day, seven days/week, Technical Support Desk (TSD) to track the DMS's performance and respond to queries from level 2 MWSs.
Security is handled through the use of a credit-card size FORTEZZA card (this was formerly known as the TESSERA card). The FORTEZZA card was developed through the National Security Agency's Multi-level Information System Security Initiative or MISSI. The FORTEZZA card includes the capstone cryptographic engine, as well as the user's private key to provide cryptographic services to decrypt and encrypt messages. The FORTEZZA card plugs into the user's desktop PCMCIA reader. Presently, every PC purchased by the DoD is mandated to have a PCMCIA reader, and they have become an industry standard integral on virtually all new PCs. For those PC's that do not contain an integral reader, the DMS contract includes SCSI, Parallel Port and PC Bus readers.
Each FORTEZZA card is uniquely programmed for each user, and the user must authenticate to the card before accessing DMS. This access protection is referred to as Enhance Identification and Authentication (EI&A) in that a user must "have" something (the Card) and know something (the Personal Identification Number) to access DMS. In addition to the user's private key, the card contains the privileges for a user including the information as to whether a user is an individual or an organization (release agent), and what precedence messages the user may author. The user agent can beconfigured to support encryption and electronic signature using the Digital Signature Standard (DSS).
What Will DMS Look Like to the End User? The answer is: a lot like the commercial off the shelf E-mail products we're used to seeing on our desktops. The User Agent (UA) is the desktop software application providing users the ability to create and receive messages, and to access the X.500 Directory Services. The User Agent is similar to E- mail products today. The main difference will be bringing elements of service for a command and control system to the desktop. Under the DMS contract and the Loral teaming arrangement, several vendor UAs will be integrated and certified as DMS compliant so that users can choose a desktop interface that they are either currently using or are familiar with. UAs are currently being provided by ESL, Microsoft and Lotus.
Back to Information and News