Computing Service Banner

COMPUTING DATA TRANSMISSION

PRINT PAGE Add This

DISA has network monitoring tools at its disposal to provide service for our partners. DISA provides and maintains the Global Information Grid (GIG) utilized by our partners. Network operations support is provided by a 24x7 staff responsible for identifying and resolving network problems, upgrading network devices and conducting change management. Unclassified but Sensitive Internet Protocol Router Network (NIPRNet) and Secret Internet Protocol Network (SIPRNet) availability is built into the system via hardware and circuit diversity throughout the Wide Area Network (WAN).

DISA is responsible for separate enclaves used to support Defense Enterprise Computing Center (DECC) connectivity and applications. The same degree of circuit and hardware redundancy is provided to support the same degree of survivability. DISA hosts DoD demilitarized zone (DMZ) access nodes and DoD DMZ extensions that provide our partners with the ability to secure their applications in accordance with the DoD DMZ Security Technical Implementation Guide (STIG).

STANDARD FEATURES

The communications component is comprised of the DISA internal communications infrastructure and support teams. This infrastructure allows end-users, anywhere in the world, to connect safely and securely to the data that resides within DISA’s processing centers.

NOTE: Partner-specific communications enclaves, community-of-interest networks, virtual private networks (VPNs), etc., are cost-reimbursable and are not part of the DISA communications infrastructure.

  • Data Transmission Options: DISA will provide a variety of options to satisfy data transmission requirements to mitigate the potential risk with using unauthorized ports and protocols. These services are no longer billed to the partner. The following table describes each of the options.

Traffic Flow Solution to Use Notes
Site-to-site VPNs Varies N/A
.com to .mil (DECC) Business to Business (B2B) Complete B2B/VPN checklist and follow instructions enclosed.
.mil to .mil (DECC) Policy-Based Co-Location (PB Collo) If the partner is collocated at DMZ, use partner VPN equipment. If the partner is not collocated at DMZ, use DISA-provided VPN. Complete B2B/VPN checklist and follow instructions enclosed.
.mil (DECC) to .mil (DECC) Inter-DECC Virtual Routing and Forwarding (VRF) No configuration needed
DISA has deployed proxies that are used for any .com or .mil to .mil (DECC) based on Ports, Protocols, and Services Management (PPSM) and associated boundaries DMZ Proxy N/A
Ports 20,21 – File Transport Protocol (FTP) (User initiated) Mainframe Internet Access Portal (MIAP) Complete MIAP application online at https://miap.csd.disa.mil
Ports 20,21 – FTP (Batch initiated) B2B or PB Collo & Global Exchange (GEX)
(on the backside)
Complete B2B PB Collo checklist as well as the GEX checklist
Port 22 – Secure Shell (SSH)/Secure FTP (SFTP) GEX Complete GEX checklist
Port 23 – Telnet MIAP Complete MIAP application online at https://miap.csd.disa.mil
Port 25 – E-mail Mail Relay Services Complete Mail Relay checklist
Port 80 – Hypertext Transfer Protocol (HTTP) Web Proxy Complete Web DMZ checklist
Port 443 – HTTP Secure (HTTPS)/Secure Socket Layer (SSL) Web Proxy Complete Web DMZ checklist
Port 1414 – Message Queuing (MQ) Series GEX Complete GEX checklist
.mil (DECC) to .com or .mil on Transmission Control Protocol (TCP) port 80 or 443 DMZ Forward Proxy No configuration needed above DMZ VPN Router (top side of the Community of Interest Network [COIN])
Any .mil to.mil (DECC) that is not proxiable or is not required to be proxied based on PPSM and associated boundaries DMZ Non-Proxy Firewall (FW) rules need amended in Non Proxy context on DMZ FW for required ports.

NOTE: To obtain any of the checklists referenced in the above table, please contact your EIS CME team.

The following communication services are included in the basic processor rates and the partner will not incur an additional charge.

  • B2B Gateway/DMZ Non-Proxy Gateway: The DoD B2B is intended to provide a controlled and secure communications portal for authorized contractors, vendors, and other support resources to access non-web based DoD Legacy systems and applications as required for mission-critical business and e-commerce activities between .com and .mil. The DMZ Non-Proxy Gateway is similar to the B2B Gateway but is for .mil to .mil traffic. The DoD B2B and Non-Proxy Gateways are designed to require and enforce the use of encryption and mandatory authentication from within the gateway.
  • Web DMZ: The Web DMZ infrastructure is designed to support Internet access to all production system applications (such as Internet accessible personnel, medical, and informational sites and electronic commerce portals) that use web-based TCP Internet protocols (IP) (currently HTTP port 80 and HTTPS port 443) with partners in WAN. It also services Domain Name Server (DNS) resolution requests on User Datagram Protocol (UDP) port 53. This infrastructure is intended only for web applications which require back-end NIPRNet connections, for example, database and application server access. It is not intended for web applications with embedded static content, which can be hosted elsewhere (i.e. the Defense Technical Information Center [DTIC]).