G.3. FMN Spiral 1 Profile

G.3.1. Scope

168. The Federated Mission Networking (FMN) Spiral 1 standards profile defines interface standards for the services that are required to deploy a Mission Network Elements (FMN capability option A). Mission Network Extensions (option B) and Hosted Users (option C) may not meet these minimum service and service interoperability requirements. Connectivity and service provision throughout the federation is regulated by hosting agreements between participants.

169. FMN Spiral 1 refers to an FMN maturity level in which separate physical infrastructures exist per mission and per security classification level. This spiral is an evolution of the fielded baseline of the Afghanistan Mission Network (AMN). Notably, biometrics interoperability standards were removed and the network architecture has changed from a hub-and-spoke to a meshed concept.

170. Mission Network Extensions must be provided with their local area networks (including IP management) within the physical and cyber security boundaries of the hosting Mission Network Element. The services must function in a network environment that contains firewalls and various routing and filtering schemes; therefore, developers must use standards and well-known port specifications wherever possible, and document non-standard configurations as part of their service interface.

G.3.2. Interoperability

171. In the context of Federated Mission Networking, the purpose of standardization is to enable interoperability in a multi-vendor, multi-network, multi-service environment. Technical interoperability must be an irrefutable and inseparable element in capability development and system implementation - without it, it is not possible to realize connections and service deliveries across the federation and hence, information sharing will not be achieved.

172. Within NATO, interoperability is defined as "the ability to act together coherently, effectively and efficiently to achieve allied tactical, operational and strategic objectives". In the context of information exchange, interoperability means that a system, unit or forces of any service, nation can transmit data to and receive data from any other system, unit or forces of any service or nation, and use the exchanged data to operate effectively together.

G.3.3. Standards and Profiles

173. For successful Federated Mission Networking, technical interface standards are critical enablers that have to be collectively followed and for which conformity by all participating members is important.

174. Standards are aggregated in profiles. A standards profile is a set of standards for a particular purpose, covering certain services in the C3 taxonomy, with a guidance on implementation when and where needed. As profiles serve a particular purpose, they can be used in different environments, and therefore, they are not specific to a single overarching operational or technical concept. Profiles for Federated Mission Networking may and will be reused in other profiles.

175. Generally, the scope of a profile in the EM Wiki is limited: it will focus on only a few services and a limited scope of functionality. Therefore, a full profile with a wider scope (ranging to an environment, a system or a concept) will have to consist of a selection of profiles, that together cover the full capability of that overarching profile. For organization of these standards and profiles, the overarching profile - in this case the FMN Spiral 1 Profile - is broken down in a hierarchical tree that forms a number of functional branches, ending in the leaves that are the profiles which contain the actual assignments of standards and their implementation guidance.

176. In the profiles, interoperability standards fall into four obligation categories:

  • Mandatory - Mandatory interoperability standards must be met to enable Federated Mission Networking

  • Conditional - Conditional interoperability standards must be present under certain specific circumstances

  • Recommended - Recommended interoperability standards may be excluded for valid reasons in particular circumstances, but the full implications must be understood and carefully weighed

  • Optional - Optional interoperability standards are truly optional

G.3.4. Sources

177. The interoperability standards profile in this document is derived from standards that are maintained by a selection of standardization organizations and conformity and interoperability resources. Some of these are included in the NATO Interoperability Standards and Profiles. Furthermore, standards are used from:

  • International Organization for Standardization (ISO) standards

  • International Electrotechnical Commission (IEC) standards

  • International Telecommunication Union (ITU) Radiocommunication (R) Recommendations

  • International Telecommunication Union (ITU) Telecommunication (T) Recommendations

  • Internet Engineering Task Force (IETF) Requests for Comments (RFC)

  • World Wide Web Consortium (W3C) Recommendations

  • Multilateral Interoperability Programme (MIP) standards

  • Secure Communications Interoperability Profiles (SCIP)

  • Extensible Messaging and Presence Protocol (XMPP) Extension Protocols (XEP)

G.3.5. Federated Communications and Networking Profile

178. The Federated Communications and Networking Profile arranges standards profiles for the facilitation of the platform and communications infrastructure of federated mission networks.

G.3.5.1. Federated Communications Profile

179. The Federated Communications Profile arranges standards profiles for the addressing, routing, forwarding, quality and security of IP traffic over federated mission networks.

Service Standard Implementation Guidance

Inter-Autonomous Systems IP Transport Profile

The Inter-Autonomous Systems IP Transport Profile provides standards and guidance for Edge Transport Services between autonomous systems, using Internet Protocol (IP) over point-to-point Ethernet links on optical fibre.

IP-based Transport Services

Mandatory

Section 3 - Clause 58 - 1000BASE-LX10, nominal transmit wavelength 1310nm

Mandatory

Mandatory

Standards for IP version 4 (IPv4) over Ethernet

Mandatory

The use of LC-connectors is required for network interconnections inside shelters (or inside other conditioned infrastructure). If the interconnection point is outside a shelter in a harsh environment, the interconnection shall follow STANAG 4290 connector specification.

Use 1Gb/s Ethernet over single-mode optical fibre (SMF).

IP Routing Information Profile

The IP Routing Information Profile provides standards and guidance for support of the Routing Information Protocol (RIP) to expand the amount of useful information carried in RIP messages and to add a measure of security.

IP-based Transport Services

Optional

Under the condition that interconnecting partners support auto-configuration, this standard applies as an optional capability to support automatic configuration. Otherwise, partners by default will following the manual configuration process.

 

Inter-Autonomous Systems Multicast Routing Profile

The Inter-Autonomous Systems Multicast Routing Profile provides standards and guidance for multicast routing between inter-autonomous systems.

Packet Routing Services,

IPv4 Routed Access Services

Mandatory

The following standards shall apply for all IP interconnections

Mandatory

MNEs, as well as MNXs with their own multicast capability, shall provide a Rendezvous Point (RP) supporting the following IP multicast protocol standards

Mandatory

The following standards shall apply to multicast routing

 

IP Quality of Service Profile

The IP Quality of Service Profile provides standards and guidance to establish and control an agreed level of performance for IP services in federated networks.

IP-based Transport Services,

IPv4 Routed Access Services

Mandatory

Utilize Quality of Service capabilities of the network (Diffserve, no military precedence on IP)

Conditional

The following normative standards shall apply for IP Quality of Service (QoS)

For NATO-led Mission Network deployments, the following governing policies apply:

  • AC/322(SC/6)WP(2009)0002-REV2 - "NC3B Policy on the Federation of Networks and Provision of Communications Services within the Networking Information Infrastructure"

  • NATO Policy for Standardization

Inter-Autonomous Systems Routing Profile

The Inter-Autonomous Systems Routing Profile provides standards and guidance for routing between inter-autonomous systems

Packet Routing Services,

IPv4 Routed Access Services

Recommended

Additionally, the following standard applies for 32-bit autonomous system numbers (ASN)

Mandatory

The following standard applies for unicast routing

Mandatory

The following standards apply for all IP interconnections

Border Gateway Protocol (BGP) deployment guidance in IETF RFC 1772:1995, Application of the Border Gateway Protocol in the Internet.

BGP sessions must be authenticated, through a TCP message authentication code (MAC) using a one-way hash function (MD5), as described in IETF RFC 4271.

Routing Encapsulation Profile

The Routing Encapsulation Profile provides standards and guidance for generic routing encapsulation functions between network interconnection points (NIPs)

IP-based Transport Services

Mandatory

Conditional

Depending on whether authentication of IPSec sessions is based on pre-shared keys or certificates is used. If pre-shared keys are used, standard for IKE is the IKEv1, If authentication is done via certificates, then IKEv2 is used.

 

G.3.5.2. Federated Networking Profile

180. The Federated Networking Profile arranges standards profiles for the establish network logic above the communications layer of federated mission networks.

Service Standard Implementation Guidance

Directory Data Structure Profile

The Directory Data Structure Profile provides standards and guidance in support of the definition of the namespace of a federated mission network on the basis of the Lightweight Directory Access Protocol (LDAP)

Directory Storage Services

Mandatory

 

Network Authentication Profile

The Network Authentication Profile provides standards and guidance for to provide strong authentication for client/server applications by using secret-key cryptography on the basis of the Kerberos authentication protocol

Infrastructure IA Services (In v2 of the taxonomy this service is listed as Authentication Services)

Mandatory

Strong authentication using Simple Authentication and Security Layer (SASL).

Mandatory

 

Digital Certificate Profile

The Digital Certificate Profile provides standards and guidance in support of a Public Key Infrastructure (PKI) on federated mission networks.

Infrastructure IA Services (In v2 of the taxonomy this service is listed as Digital Certificate Services)

Mandatory

Optional

The version of the encoded public key certificate shall be version 3. The version of the encoded certificate revocation list (CRL) shall be version 2.

Additional Implementation Guidance:

  • AC/322-D(2004)0024-REV2-ADD2 - "NATO Public Key Infrastructure (NPKI) Certificate Policy"

  • AC/322-D(2010)0036 - "NATO Cryptographic Interoperability Strategy"

Directory Data Exchange Profile

The Directory Data Exchange Profile provides standards and guidance in support of a mechanism used to connect to, search, and modify Internet directories on the basis of the Lightweight Directory Access Protocol (LDAP).

Directory Storage Services

Mandatory

 

Domain Naming Profile

The Domain Naming Profile provides standards and guidance to support the hierarchical distributed naming system for computers, services, or any resource connected to a federated mission network.

Domain Name Services

Mandatory

 

Time Synchronization Profile

The Time Synchronization Profile provides standards and guidance to support the synchronization of clocks across a network or a federation of networks and the safeguard of the accurate use of time stamps.

Distributed Time Services

Mandatory

Mission Network Elements must provide a time server either directly connected to a stratum-0 device or over a network path to a stratum-1 time server of another Mission Network Element. All other entities in the federation must use the time service of their host.

A stratum-1 time server is directly linked (not over a network path) to a reliable source of UTC time (Universal Time Coordinate) such as GPS, WWV, or CDMA transmissions through a modem connection, satellite, or radio.

Stratum-1 devices must implement IPv4 so that they can be used as timeservers for IPv4 Mission Network Elements.

G.3.6. Federated Human-to-Human Communications Profile

181. The Federated Human-to-Human Communications Profile arranges standards profiles for the facilitation of information sharing and exchange on user platforms.

G.3.6.1. Federated Unified Collaboration Profile

182. The Federated Unified Collaboration Profile arranges standards profiles for a range of interoperable collaboration capabilities to support real-time situational updates to time-critical planning activities between coalition partners, communities of interest and other participants. Levels of collaboration include awareness, shared information, coordination and joint product development.

Service Standard Implementation Guidance

Content Encapsulation Profile

The Content Encapsulation Profile provides standards and guidance for content encapsulation within bodies of internet messages, following the Multipurpose Internet Mail Extensions (MIME) specification.

Informal Messaging Services

Mandatory

10 MB max message size limit

Minimum Content-Transfer-Encoding:

  • 7bit

  • base64

  • binary BINARYMIME SMTP extension (RFC 3030)

Minimum set of media and content-types:

  • text/plain (RFC 1521)

  • text/enriched (RFC 1896)

  • text/html (RFC 1866)

  • multipart/mixed (RFC 2046)

  • multipart/signed

Informal Messaging Profile

The Informal Messaging Profile provides standards and guidance for SMTP settings and the marking and classification of informal messages.

Informal Messaging Services

Mandatory

Regarding Simple Mail Transfer Protocol (SMTP), the following standards are mandated for interoperability of e-mail services within the Mission Network.

Depending on the protection requirements within the particular FMN instance, messages must be marked in the message header field "Keywords" (IETF RFC 2822) and firstline-of-text in the message body according to the following convention: [PPP] [CLASSIFICATION], Releasable to [MISSION].

  • "PPP" is a short-name/code for identification of a security policy.

  • "CLASSIFICATION" is the classification {SECRET, CONFIDENTIAL, RESTRICTED} or UNCLASSIFIED

  • "MISSION" is a name/acronym for identifying the mission.

  • "Releasable to" list shall include the name/acronym of the mission and may be extended to include other entities.

The use of a short-name/code does not imply that NATO or one or more member Nations recognize those entities.

Example: Keywords: ITA UNCLASSIFIED, Releasable to XFOR.

Numbering Plans Profile

The Numbering Plans Profile provides standards and guidance for the facilitation of numbering plans of telecommunications, audio and video networks.

Audio-based Collaboration Services,

Video-based Collaboration Services

Mandatory

 

Audio-based Collaboration Profile

The Audio-based Collaboration Profile provides standards and guidance for the implementation of an interoperable voice system (telephony) on federated mission networks.

Audio-based Collaboration Services

Mandatory

The following standards are used for VoIP and VoSIP signaling.

Mandatory

The following standards are used for voice media streaming.

Mandatory

The following standards are used for audio protocols.

Voice over IP (VoIP) refers to unprotected voice communication services running on unclassified IP networks e.g. conventional IP telephony. Voice over Secure IP (VoSIP) refers to non-protected voice service running on a classified IP networks. Depending on the security classification of a FMN instance, VoIP or VoSIP is mandatory. If a member choses to use network agnostic Secure Voice services in addition to VoSIP, then SCIP specifications as defined for audio-based collaboration services (end-to-end protected voice) should be used.

The voice sampling interval is 40ms.

Secure Voice Profile

The Secure Voice Profile provides standards and guidance for the facilitation of secure telephony and other protected audio-based collaboration on federated mission networks.

Audio-based Collaboration Services

Conditional

Secure voice services (end-to-end protected voice). V.150.1 support must be end-to-end supported by unclassified voice network. SCIP-214 only applies to gateways. SCIP-216 requires universal implementation.

 

Video-based Collaboration Profile

The Video-based Collaboration Profile provides standards and guidance for the implementation and configuration of Video Tele Conferencing (VTC) systems and services in a federated mission network.

Video-based Collaboration Services

Conditional

Not required at this time, but when available it can be implemented between MNE’s after approval from the MN administrative authority.

Mandatory

The following standards are required for VTC services.

Mandatory

The following standards are required for VTC over Internet Protocol (VTCoIP) networking.

It Is recommended that dynamic port ranges are constrained to a limited and agreed number. This is an activity that needs to be performed at the mission planning stage. Different vendors have different limitations on fixed ports. However common ground can always be found.

As a Minimum G.722.1 is to be used. Others are exceptions and need to be agreed by the MN administrative authority for video calls.

Basic Text-based Collaboration Profile

The Basic Text-based Collaboration Profile provides standards and guidance to establish a basic near-real time text-based group collaboration capability (chat) for time critical reporting and decision making in military operations.

Text-based Collaboration Services,

Presence Services

Optional

Bidirectional Server-to-Server Connections may be supported, i.e. stanzas are sent and received on the same TCP connection.

Mandatory

The following standards are required to achieve compliance for an XMPP Server and an XMPP Client dependent upon the categorisation of presenting a core or advanced instant messaging service interface.

Mandatory

The following standards are the base IETF protocols for interoperability of chat services.

 

G.3.6.2. Federated Information Management Profile

183. The Federated Information Management Profile arranges standards profiles for the handling of information throughout its life-cycle and the support of capabilities to organize, store and retrieve information through services and managed processes, governed by policies, directives, standards, profiles and guidelines.

Service Standard Implementation Guidance

File Format Profile

The File Format Profile provides standards and guidance for the collaborative generation of spreadsheets, charts, presentations and word processing documents.

Web Hosting Services,

Informal Messaging Services

Mandatory

For still image coding.

Recommended

For word processing documents, spreadsheets and presentations.

Mandatory

For word processing documents, spreadsheets and presentations.[a]

Mandatory

ISO/IEC 29500 and ISO/IEC 26300 are both open document formats for XML-based saving and exchanging word processing documents, spreadsheets and presentations. They differ in design and scope.

Internationalization Profile

The Internationalization Profile provides standards and guidance for the design and development of content and (web) applications, in a way that ensures it will work well for, or can be easily adapted for, users from any culture, region, or language.

Web Hosting Services

Recommended

Best practices and tutorials on internationalization can be found at: http://www.w3.org/International/articlelist.

Character Encoding Profile

The Character Encoding Profile provides standards and guidance for the encoding of character sets.

Web Hosting Services

Mandatory

Use of UTF-8 for complete Unicode support, including fully internationalized addresses is mandatory.

 

[a] In the published FMN Spiral specification 1.1, the reference to ISO/IEC 29500 is incomplete. As a result, the respective part of the standard and the title do not show up in the FMN 1.1 profile.

G.3.6.3. Federated Web Hosting Profile

184. The Federated Web Hosting Profile arranges standards profiles for the facilitation of web-based services in a loosely coupled environment, where flexible and agile service orchestration is a requirement on the basis of a Service Oriented Architecture (SOA).

Service Standard Implementation Guidance

Web Platform Profile

The Web Platform Profile provides standards and guidance to enable web technology on federated mission networks.

Web Hosting Services

Mandatory

HTTP shall be used as the transport protocol for information without 'need-to-know' caveats between all service providers and consumers (unsecured HTTP traffic). HTTPS shall be used as the transport protocol between all service providers and consumers to ensure confidentiality requirements (secured HTTP traffic). Unsecured and secured HTTP traffic should use their standard well-known ports by default, i.e. 80 for HTTP and 443 for HTTPS.

Web Feeds Profile

The Web Feeds Profile provides standards and guidance for the delivery of content to web sites as well as directly to user agents.

Web Hosting Services

Mandatory

Providing web content.

RSS and Atom documents may reference related OpenSearch description documents via the Atom 1.0 "link" element, as specified in Section 4.2.7 of RFC 4287.

The "rel" attribute of the link element should contain the value "search" when referring to OpenSearch description documents. This relationship value is pending IANA registration. The reuse of the Atom link element is recommended in the context of other syndication formats that do natively support comparable functionality.

The following restrictions apply:

  • The "type" attribute must contain the value "application/opensearchdescription+xml".

  • The "rel" attribute must contain the value "search".

  • The "href" attribute must contain a URI that resolves to an OpenSearch description document.

  • The "title" attribute may contain a human-readable plain text string describing the search engine.

Web Content Profile

The Web Content Profile provides standards and guidance for the processing, sharing and presentation of web content on federated mission networks. Web presentation services must be based on a fundamental set of basic and widely understood protocols, such as those listed below. Proprietary or compiled components shall be avoided (e.g. Microsoft Web Parts, Microsoft Silverlight or Adobe Flash).

Web Hosting Services

Mandatory

Publishing information including text, multi-media, hyperlink features, scripting languages and style sheets on the network.

Mandatory

Providing a common style sheet language for describing presentation semantics (that is, the look and formatting) of documents written in markup languages like HTML.

Applications must support the following browsers: Microsoft Internet Explorer v9.0 and newer, and Mozilla Firefox 16.0 and newer. When a supported browser is not true to the standard, choose to support the browser that is closest to the standard.

Some organizations or end user devices do not allow the use of proprietary extensions such as Microsoft Web Parts, Microsoft Silverlight or Adobe Flash. Those technologies shall be avoided. Implementers shall use open standard based solutions (HTML5 / CSS3) instead.

Geospatial Web Feeds Profile

The Geospatial Web Feeds Profile provides standards and guidance for the delivery of geospatial content to web sites and to user agents, including the encoding of location as part of web feeds. Feed processing software is required to either read or ignore these extensions and shall not fail if these extensions are present, so there is no danger of breaking someone's feed reader (or publisher) by including this element in a feed.

Web Hosting Services

Recommended

GeoRSS GML Profile 1.0 a GML subset for point 'gml:Point', line 'gml:LineString', polygon 'gml:Polygon', and box 'gml:Envelope'. In Atom feeds, location shall be specified using Atom 1.0's official extension mechanism in combination with the GeoRSS GML Profile 1.0 whereby a 'georss:where' element is added as a child of the element.

Mandatory

GeoRSS Simple encoding for "georss:point", "georss:line", "georss:polygon", "georss:box".

Geography Markup Language (GML) allows to specify a coordinate reference system (CRS) other than WGS84 decimal degrees (lat/long). If there is a need to express geography in a CRS other than WGS84, it is recommended to specify the geographic object multiple times, one in WGS84 and the others in your other desired CRSs.

For backwards compatibility it is recommended to also implement RSS 2.0.

Web Services Profile

The Web Services Profile provides standards and guidance for transport-neutral mechanisms to address structured exchange of information in a decentralized, distributed environment via web services.

Web Hosting Services

Mandatory

Provide the elements a web service needs to deliver a suitable UI service, such as remote portlet functionality.

Mandatory

Conditional

The preferred method for implementing web-services are SOAP, however, there are many use cases (mashups etc.) where a REST based interface is easier to implement and sufficient to meet the IERs.

Restful services support HTTP caching, if the data the Web service returns is not altered frequently and not dynamic in nature. REST is particularly useful for restricted-profile devices such as mobile phones and tablets for which the overhead of additional parameters like headers and other SOAP elements are less. Web

Structured Data Profile

The Structured Data Profile provides standards and guidance for the structuring of web content on federated mission networks. Web Hosting

Web Hosting Services

Mandatory

General formatting of information for sharing or exchange.

XML shall be used for data exchange to satisfy those Information Exchange Requirements within a FMN instance that are not addressed by a specific information exchange standard. XML Schemas and namespaces are required for all XML documents.