168. The Federated Mission Networking (FMN) Spiral 1 standards profile defines interface standards for the services that are required to deploy a Mission Network Elements (FMN capability option A). Mission Network Extensions (option B) and Hosted Users (option C) may not meet these minimum service and service interoperability requirements. Connectivity and service provision throughout the federation is regulated by hosting agreements between participants.
169. FMN Spiral 1 refers to an FMN maturity level in which separate physical infrastructures exist per mission and per security classification level. This spiral is an evolution of the fielded baseline of the Afghanistan Mission Network (AMN). Notably, biometrics interoperability standards were removed and the network architecture has changed from a hub-and-spoke to a meshed concept.
170. Mission Network Extensions must be provided with their local area networks (including IP management) within the physical and cyber security boundaries of the hosting Mission Network Element. The services must function in a network environment that contains firewalls and various routing and filtering schemes; therefore, developers must use standards and well-known port specifications wherever possible, and document non-standard configurations as part of their service interface.
171. In the context of Federated Mission Networking, the purpose of standardization is to enable interoperability in a multi-vendor, multi-network, multi-service environment. Technical interoperability must be an irrefutable and inseparable element in capability development and system implementation - without it, it is not possible to realize connections and service deliveries across the federation and hence, information sharing will not be achieved.
172. Within NATO, interoperability is defined as "the ability to act together coherently, effectively and efficiently to achieve allied tactical, operational and strategic objectives". In the context of information exchange, interoperability means that a system, unit or forces of any service, nation can transmit data to and receive data from any other system, unit or forces of any service or nation, and use the exchanged data to operate effectively together.
173. For successful Federated Mission Networking, technical interface standards are critical enablers that have to be collectively followed and for which conformity by all participating members is important.
174. Standards are aggregated in profiles. A standards profile is a set of standards for a particular purpose, covering certain services in the C3 taxonomy, with a guidance on implementation when and where needed. As profiles serve a particular purpose, they can be used in different environments, and therefore, they are not specific to a single overarching operational or technical concept. Profiles for Federated Mission Networking may and will be reused in other profiles.
175. Generally, the scope of a profile in the EM Wiki is limited: it will focus on only a few services and a limited scope of functionality. Therefore, a full profile with a wider scope (ranging to an environment, a system or a concept) will have to consist of a selection of profiles, that together cover the full capability of that overarching profile. For organization of these standards and profiles, the overarching profile - in this case the FMN Spiral 1 Profile - is broken down in a hierarchical tree that forms a number of functional branches, ending in the leaves that are the profiles which contain the actual assignments of standards and their implementation guidance.
176. In the profiles, interoperability standards fall into four obligation categories:
Mandatory - Mandatory interoperability standards must be met to enable Federated Mission Networking
Conditional - Conditional interoperability standards must be present under certain specific circumstances
Recommended - Recommended interoperability standards may be excluded for valid reasons in particular circumstances, but the full implications must be understood and carefully weighed
Optional - Optional interoperability standards are truly optional
177. The interoperability standards profile in this document is derived from standards that are maintained by a selection of standardization organizations and conformity and interoperability resources. Some of these are included in the NATO Interoperability Standards and Profiles. Furthermore, standards are used from:
International Organization for Standardization (ISO) standards
International Electrotechnical Commission (IEC) standards
International Telecommunication Union (ITU) Radiocommunication (R) Recommendations
International Telecommunication Union (ITU) Telecommunication (T) Recommendations
Internet Engineering Task Force (IETF) Requests for Comments (RFC)
World Wide Web Consortium (W3C) Recommendations
Multilateral Interoperability Programme (MIP) standards
Secure Communications Interoperability Profiles (SCIP)
Extensible Messaging and Presence Protocol (XMPP) Extension Protocols (XEP)
178. The Federated Communications and Networking Profile arranges standards profiles for the facilitation of the platform and communications infrastructure of federated mission networks.
179. The Federated Communications Profile arranges standards profiles for the addressing, routing, forwarding, quality and security of IP traffic over federated mission networks.
| Service | Standard | Implementation Guidance |
|---|---|---|
|
Inter-Autonomous Systems IP Transport Profile The Inter-Autonomous Systems IP Transport Profile provides standards and guidance for Edge Transport Services between autonomous systems, using Internet Protocol (IP) over point-to-point Ethernet links on optical fibre. |
||
|
IP-based Transport Services |
Mandatory Section 3 - Clause 58 - 1000BASE-LX10, nominal transmit wavelength 1310nm Mandatory Mandatory Standards for IP version 4 (IPv4) over Ethernet Mandatory The use of LC-connectors is required for network interconnections inside shelters (or inside other conditioned infrastructure). If the interconnection point is outside a shelter in a harsh environment, the interconnection shall follow STANAG 4290 connector specification. |
Use 1Gb/s Ethernet over single-mode optical fibre (SMF). |
|
IP Routing Information Profile The IP Routing Information Profile provides standards and guidance for support of the Routing Information Protocol (RIP) to expand the amount of useful information carried in RIP messages and to add a measure of security. |
||
|
IP-based Transport Services |
Optional Under the condition that interconnecting partners support auto-configuration, this standard applies as an optional capability to support automatic configuration. Otherwise, partners by default will following the manual configuration process. |
|
|
Inter-Autonomous Systems Multicast Routing Profile The Inter-Autonomous Systems Multicast Routing Profile provides standards and guidance for multicast routing between inter-autonomous systems. |
||
|
Packet Routing Services, IPv4 Routed Access Services |
Mandatory The following standards shall apply for all IP interconnections Mandatory MNEs, as well as MNXs with their own multicast capability, shall provide a Rendezvous Point (RP) supporting the following IP multicast protocol standards Mandatory The following standards shall apply to multicast routing |
|
|
IP Quality of Service Profile The IP Quality of Service Profile provides standards and guidance to establish and control an agreed level of performance for IP services in federated networks. |
||
|
IP-based Transport Services, IPv4 Routed Access Services |
Mandatory Utilize Quality of Service capabilities of the network (Diffserve, no military precedence on IP) Conditional The following normative standards shall apply for IP Quality of Service (QoS) |
For NATO-led Mission Network deployments, the following governing policies apply:
|
|
Inter-Autonomous Systems Routing Profile The Inter-Autonomous Systems Routing Profile provides standards and guidance for routing between inter-autonomous systems |
||
|
Packet Routing Services, IPv4 Routed Access Services |
Recommended Additionally, the following standard applies for 32-bit autonomous system numbers (ASN) Mandatory The following standard applies for unicast routing Mandatory The following standards apply for all IP interconnections |
Border Gateway Protocol (BGP) deployment guidance in IETF RFC 1772:1995, Application of the Border Gateway Protocol in the Internet. BGP sessions must be authenticated, through a TCP message authentication code (MAC) using a one-way hash function (MD5), as described in IETF RFC 4271. |
|
Routing Encapsulation Profile The Routing Encapsulation Profile provides standards and guidance for generic routing encapsulation functions between network interconnection points (NIPs) |
||
|
IP-based Transport Services |
Mandatory Conditional Depending on whether authentication of IPSec sessions is based on pre-shared keys or certificates is used. If pre-shared keys are used, standard for IKE is the IKEv1, If authentication is done via certificates, then IKEv2 is used. |
|
180. The Federated Networking Profile arranges standards profiles for the establish network logic above the communications layer of federated mission networks.
| Service | Standard | Implementation Guidance |
|---|---|---|
|
Directory Data Structure Profile The Directory Data Structure Profile provides standards and guidance in support of the definition of the namespace of a federated mission network on the basis of the Lightweight Directory Access Protocol (LDAP) |
||
|
Directory Storage Services |
Mandatory |
|
|
Network Authentication Profile The Network Authentication Profile provides standards and guidance for to provide strong authentication for client/server applications by using secret-key cryptography on the basis of the Kerberos authentication protocol |
||
|
Infrastructure IA Services (In v2 of the taxonomy this service is listed as Authentication Services) |
Mandatory Strong authentication using Simple Authentication and Security Layer (SASL).
Mandatory |
|
|
Digital Certificate Profile The Digital Certificate Profile provides standards and guidance in support of a Public Key Infrastructure (PKI) on federated mission networks. |
||
|
Infrastructure IA Services (In v2 of the taxonomy this service is listed as Digital Certificate Services) |
Mandatory Optional |
The version of the encoded public key certificate shall be version 3. The version of the encoded certificate revocation list (CRL) shall be version 2. Additional Implementation Guidance:
|
|
Directory Data Exchange Profile The Directory Data Exchange Profile provides standards and guidance in support of a mechanism used to connect to, search, and modify Internet directories on the basis of the Lightweight Directory Access Protocol (LDAP). |
||
|
Directory Storage Services |
Mandatory |
|
|
Domain Naming Profile The Domain Naming Profile provides standards and guidance to support the hierarchical distributed naming system for computers, services, or any resource connected to a federated mission network. |
||
|
Domain Name Services |
Mandatory |
|
|
Time Synchronization Profile The Time Synchronization Profile provides standards and guidance to support the synchronization of clocks across a network or a federation of networks and the safeguard of the accurate use of time stamps. |
||
|
Distributed Time Services |
Mandatory Mission Network Elements must provide a time server either directly connected to a stratum-0 device or over a network path to a stratum-1 time server of another Mission Network Element. All other entities in the federation must use the time service of their host. |
A stratum-1 time server is directly linked (not over a network path) to a reliable source of UTC time (Universal Time Coordinate) such as GPS, WWV, or CDMA transmissions through a modem connection, satellite, or radio. Stratum-1 devices must implement IPv4 so that they can be used as timeservers for IPv4 Mission Network Elements. |
181. The Federated Human-to-Human Communications Profile arranges standards profiles for the facilitation of information sharing and exchange on user platforms.
182. The Federated Unified Collaboration Profile arranges standards profiles for a range of interoperable collaboration capabilities to support real-time situational updates to time-critical planning activities between coalition partners, communities of interest and other participants. Levels of collaboration include awareness, shared information, coordination and joint product development.
| Service | Standard | Implementation Guidance |
|---|---|---|
|
Content Encapsulation Profile The Content Encapsulation Profile provides standards and guidance for content encapsulation within bodies of internet messages, following the Multipurpose Internet Mail Extensions (MIME) specification. |
||
|
Informal Messaging Services |
Mandatory |
10 MB max message size limit Minimum Content-Transfer-Encoding:
Minimum set of media and content-types:
|
|
Informal Messaging Profile The Informal Messaging Profile provides standards and guidance for SMTP settings and the marking and classification of informal messages. |
||
|
Informal Messaging Services |
Mandatory Regarding Simple Mail Transfer Protocol (SMTP), the following standards are mandated for interoperability of e-mail services within the Mission Network.
|
Depending on the protection requirements within the particular FMN instance, messages must be marked in the message header field "Keywords" (IETF RFC 2822) and firstline-of-text in the message body according to the following convention: [PPP] [CLASSIFICATION], Releasable to [MISSION].
The use of a short-name/code does not imply that NATO or one or more member Nations recognize those entities. Example: Keywords: ITA UNCLASSIFIED, Releasable to XFOR. |
|
Numbering Plans Profile The Numbering Plans Profile provides standards and guidance for the facilitation of numbering plans of telecommunications, audio and video networks. |
||
|
Audio-based Collaboration Services, Video-based Collaboration Services |
Mandatory |
|
|
Audio-based Collaboration Profile The Audio-based Collaboration Profile provides standards and guidance for the implementation of an interoperable voice system (telephony) on federated mission networks. |
||
|
Audio-based Collaboration Services |
Mandatory The following standards are used for VoIP and VoSIP signaling.
Mandatory The following standards are used for voice media streaming. Mandatory The following standards are used for audio protocols. |
Voice over IP (VoIP) refers to unprotected voice communication services running on unclassified IP networks e.g. conventional IP telephony. Voice over Secure IP (VoSIP) refers to non-protected voice service running on a classified IP networks. Depending on the security classification of a FMN instance, VoIP or VoSIP is mandatory. If a member choses to use network agnostic Secure Voice services in addition to VoSIP, then SCIP specifications as defined for audio-based collaboration services (end-to-end protected voice) should be used. The voice sampling interval is 40ms. |
|
Secure Voice Profile The Secure Voice Profile provides standards and guidance for the facilitation of secure telephony and other protected audio-based collaboration on federated mission networks. |
||
|
Audio-based Collaboration Services |
Conditional Secure voice services (end-to-end protected voice). V.150.1 support must be end-to-end supported by unclassified voice network. SCIP-214 only applies to gateways. SCIP-216 requires universal implementation.
|
|
|
Video-based Collaboration Profile The Video-based Collaboration Profile provides standards and guidance for the implementation and configuration of Video Tele Conferencing (VTC) systems and services in a federated mission network. |
||
|
Video-based Collaboration Services |
Conditional Not required at this time, but when available it can be implemented between MNE’s after approval from the MN administrative authority. Mandatory The following standards are required for VTC services. Mandatory The following standards are required for VTC over Internet Protocol (VTCoIP) networking. |
It Is recommended that dynamic port ranges are constrained to a limited and agreed number. This is an activity that needs to be performed at the mission planning stage. Different vendors have different limitations on fixed ports. However common ground can always be found. As a Minimum G.722.1 is to be used. Others are exceptions and need to be agreed by the MN administrative authority for video calls. |
|
Basic Text-based Collaboration Profile The Basic Text-based Collaboration Profile provides standards and guidance to establish a basic near-real time text-based group collaboration capability (chat) for time critical reporting and decision making in military operations. |
||
|
Text-based Collaboration Services, Presence Services |
Optional Bidirectional Server-to-Server Connections may be supported, i.e. stanzas are sent and received on the same TCP connection. Mandatory The following standards are required to achieve compliance for an XMPP Server and an XMPP Client dependent upon the categorisation of presenting a core or advanced instant messaging service interface. Mandatory The following standards are the base IETF protocols for interoperability of chat services. |
|
183. The Federated Information Management Profile arranges standards profiles for the handling of information throughout its life-cycle and the support of capabilities to organize, store and retrieve information through services and managed processes, governed by policies, directives, standards, profiles and guidelines.
| Service | Standard | Implementation Guidance |
|---|---|---|
|
File Format Profile The File Format Profile provides standards and guidance for the collaborative generation of spreadsheets, charts, presentations and word processing documents. |
||
|
Web Hosting Services, Informal Messaging Services |
Mandatory For still image coding. Recommended For word processing documents, spreadsheets and presentations. Mandatory For word processing documents, spreadsheets and presentations.[a] Mandatory |
ISO/IEC 29500 and ISO/IEC 26300 are both open document formats for XML-based saving and exchanging word processing documents, spreadsheets and presentations. They differ in design and scope. |
|
Internationalization Profile The Internationalization Profile provides standards and guidance for the design and development of content and (web) applications, in a way that ensures it will work well for, or can be easily adapted for, users from any culture, region, or language. |
||
|
Web Hosting Services |
Recommended |
Best practices and tutorials on internationalization can be found at: http://www.w3.org/International/articlelist. |
|
Character Encoding Profile The Character Encoding Profile provides standards and guidance for the encoding of character sets. |
||
|
Web Hosting Services |
Mandatory Use of UTF-8 for complete Unicode support, including fully internationalized addresses is mandatory. |
|
|
[a] In the published FMN Spiral specification 1.1, the reference to ISO/IEC 29500 is incomplete. As a result, the respective part of the standard and the title do not show up in the FMN 1.1 profile. |
||
184. The Federated Web Hosting Profile arranges standards profiles for the facilitation of web-based services in a loosely coupled environment, where flexible and agile service orchestration is a requirement on the basis of a Service Oriented Architecture (SOA).
| Service | Standard | Implementation Guidance |
|---|---|---|
|
Web Platform Profile The Web Platform Profile provides standards and guidance to enable web technology on federated mission networks. |
||
|
Web Hosting Services |
Mandatory |
HTTP shall be used as the transport protocol for information without 'need-to-know' caveats between all service providers and consumers (unsecured HTTP traffic). HTTPS shall be used as the transport protocol between all service providers and consumers to ensure confidentiality requirements (secured HTTP traffic). Unsecured and secured HTTP traffic should use their standard well-known ports by default, i.e. 80 for HTTP and 443 for HTTPS. |
|
Web Feeds Profile The Web Feeds Profile provides standards and guidance for the delivery of content to web sites as well as directly to user agents. |
||
|
Web Hosting Services |
Mandatory Providing web content. |
RSS and Atom documents may reference related OpenSearch description documents via the Atom 1.0 "link" element, as specified in Section 4.2.7 of RFC 4287. The "rel" attribute of the link element should contain the value "search" when referring to OpenSearch description documents. This relationship value is pending IANA registration. The reuse of the Atom link element is recommended in the context of other syndication formats that do natively support comparable functionality. The following restrictions apply:
|
|
Web Content Profile The Web Content Profile provides standards and guidance for the processing, sharing and presentation of web content on federated mission networks. Web presentation services must be based on a fundamental set of basic and widely understood protocols, such as those listed below. Proprietary or compiled components shall be avoided (e.g. Microsoft Web Parts, Microsoft Silverlight or Adobe Flash). |
||
|
Web Hosting Services |
Mandatory Publishing information including text, multi-media, hyperlink features, scripting languages and style sheets on the network. Mandatory Providing a common style sheet language for describing presentation semantics (that is, the look and formatting) of documents written in markup languages like HTML. |
Applications must support the following browsers: Microsoft Internet Explorer v9.0 and newer, and Mozilla Firefox 16.0 and newer. When a supported browser is not true to the standard, choose to support the browser that is closest to the standard. Some organizations or end user devices do not allow the use of proprietary extensions such as Microsoft Web Parts, Microsoft Silverlight or Adobe Flash. Those technologies shall be avoided. Implementers shall use open standard based solutions (HTML5 / CSS3) instead. |
|
Geospatial Web Feeds Profile The Geospatial Web Feeds Profile provides standards and guidance for the delivery of geospatial content to web sites and to user agents, including the encoding of location as part of web feeds. Feed processing software is required to either read or ignore these extensions and shall not fail if these extensions are present, so there is no danger of breaking someone's feed reader (or publisher) by including this element in a feed. |
||
|
Web Hosting Services |
Recommended GeoRSS GML Profile 1.0 a GML subset for point 'gml:Point', line 'gml:LineString', polygon 'gml:Polygon', and box 'gml:Envelope'. In Atom feeds, location shall be specified using Atom 1.0's official extension mechanism in combination with the GeoRSS GML Profile 1.0 whereby a 'georss:where' element is added as a child of the element. Mandatory GeoRSS Simple encoding for "georss:point", "georss:line", "georss:polygon", "georss:box". |
Geography Markup Language (GML) allows to specify a coordinate reference system (CRS) other than WGS84 decimal degrees (lat/long). If there is a need to express geography in a CRS other than WGS84, it is recommended to specify the geographic object multiple times, one in WGS84 and the others in your other desired CRSs. For backwards compatibility it is recommended to also implement RSS 2.0. |
|
Web Services Profile The Web Services Profile provides standards and guidance for transport-neutral mechanisms to address structured exchange of information in a decentralized, distributed environment via web services. |
||
|
Web Hosting Services |
Mandatory Provide the elements a web service needs to deliver a suitable UI service, such as remote portlet functionality. Mandatory Conditional |
The preferred method for implementing web-services are SOAP, however, there are many use cases (mashups etc.) where a REST based interface is easier to implement and sufficient to meet the IERs. Restful services support HTTP caching, if the data the Web service returns is not altered frequently and not dynamic in nature. REST is particularly useful for restricted-profile devices such as mobile phones and tablets for which the overhead of additional parameters like headers and other SOAP elements are less. Web |
|
Structured Data Profile The Structured Data Profile provides standards and guidance for the structuring of web content on federated mission networks. Web Hosting |
||
|
Web Hosting Services |
Mandatory General formatting of information for sharing or exchange.
|
XML shall be used for data exchange to satisfy those Information Exchange Requirements within a FMN instance that are not addressed by a specific information exchange standard. XML Schemas and namespaces are required for all XML documents. |