ISB MEETING MINUTES - 15 SEPTEMBER 1987

Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 ? ii_ rsjmwiJlLAL I1 7 srD ?987 ROUTING AND RECORD SHEET SUBJECT: (Optional) ISB Meeting Minutes - 15 September 1987 FROM: s- -_ EXTENSION NO. ER 4320-87 SA/EXDIR 7E12 HQS 16 September 1987 TO: (Ollker designation, room number, and DATE building) OFFICER'S COMMENTS (Number each comment to show from whom RECEIVED FORWAIDED INITIALS to whom. Draw a line across column after each comment.) 1. D/OS 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 13. o " 610 EDIT Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 ER 4320-87 16 September 1987 MEMORANDUM FOR: Information Systems Board Special Assistant to the Executive Director ISB Meeting Minutes - 15 September 1987 1.1 (Computer Scientist for Engineering Group within OIT, discussed efforts to reduce the security risks posed by removable ma netic media through the use of "diskless" workstations. also conducted a demonstration of diskless workstation prototypes. A copy of the presentation slides is attached. 2.I within IMS, described plans for a test-bed of diskless workstations in IMS. Notes from the presentation are attached. Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Diskless PC Technology From OIT to the ISB, Sept. 16, 1987 Unclassified Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Diskless PC Concepts Problem: Floppy Disks Insecure Too Portable/Concealable Work-at-Home Temptations Unaccountable/Untraceable Obvious Target for Hostile Acquisition Floppy Disks Unmanaged Poor for Record Use Disorganized Shoebox, not Corporate Data Unclassified 09/15/87 Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Diskless PC Concepts Solutions: Render Floppies Unthreatening Use for Unclassified Program Loading Only Ensure Floppy Drives cannot Write Develop Operational Concepts to Match Support Organizations Provide Customization Replace Disk Functionality Use Host Disks in Limited Ways Advance to Networked Disks if Needed Allow Internal Disks where Secure Unclassified 09/15/87 Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Diskless PC Concepts Technologies for Eliminating Floppy Disk Problems RAM Disk Created in Volatile Memory High Speed Access Virtual Disk Maintained on Host Disks Requires Host Logon, Availability Speed Constrained to Network Speed Read-Only Disk Drives Modified Locally Special Purpose, Program Loading Network Disks (LAN) File Server on LAN Separately Secured, Administered Unclassified 09/15/87 Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Diskless PC Concepts Constraints: Configuration 1 (See Figure) Limited use in Structured Environments Not fully useful PC -- Very Programmable Terminal Suitable Mainly for IMS Requirements Technically Done, Available Anytime Requires Central Support, Development Configuration 2 (See Figure) Generally Applicable Architecture Full, more-than-PC Function Requires New Investments in Engineering Creates New Problems, but Better Ones Not Ready for Deployment to Everyone Unclassified 09/15/87 Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Configuration 1. VM Host Services MDS/SAFE AIM DBMS Generic PA/AT CLone 3270 Emulation Card/SW RAM Disk Read-only Floppy Drive EGA Graphics Mouse PC 3270 Connectivity PBX or SNA Usage: Programmable Interface Local WP Central Storage Short term Off-line Work User Interface Word Processing Read-only Boot Programs Customized Disks Unclassified Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Configuration 2. VM Generic PA/AT CLone 3270 Emulation Card/SW RAM Disk Optional R/O Floppy Drive Optional Hi-Res Monitor Mouse TRN LAN Adapter Network Coax U sage: PC P C Programmable Interface Disk Boo LAN Boot I Local WP . a w"a M W Local and Ce tr l St _ _ -1 a n orage = ~ U Longer Term Offline Work Host Optional File Server Adds: LAN Secure Areal i Compartmented Storage Local Shared Data Host Independence Full PC Functionality Unclassified Read-only DI 1 File Server Future LAN-Host Paths Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Work Group Computing Vault-sized LAN Twisted Pair PS/2 Oho ~=M Diskless Workstations PC/AT Print Server Laser Printer Opp Unclassified PC/AT 386 PC lb-i Read-Only PCs Equipment Room (Controlled Access) Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Diskless PC Concepts Activities: Working with IMS to Deploy Configuration 1 Tools for PC-based WP/Cable Creation from OIT Development of Customer System by IMS Starting Now Working on Configuration 2 Issues Acquiring and Testing LANs Supporting Testbeds Developing Distributed AIM/Cable Services Initiating Future LAN-based Architecture Design Interim Accommodation Policies Use of Least Portable Media Possible Policy to Minimize Floppy Abuse Personnel Security and Education Unclassified 09/15/87 Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 DIRECTORATE OF OPERATIONS DISKLESS PC TESTBED Agenda - Background - Purpose - Scope - Schedule - Potential future applications Background DO concerned about use of PC's because of diskettes OIT to acquire "neutered" (read only) version of workstation DO agrees to use when: - suitable DO user interface developed - PC-based word processor - cable "model" - Aim interface - seamless integration - SAFE modified to provide 3270 support (version 3.5) - 3270 communications are available in outbuildings to support DO training Alternatives for loading software - from neutered disk - from LAN file server - from mainframe, optical disk, etc. OIT to provide first option DO to testbed second option - implications for future (DOLPHIN) Purpose To build testbed using diskless PC's and LAN - test/evaluate in DO environment - adjust as required - consider for long range use - use OIT option for short-range - departmental (cooperative) computing concept - local files at "desk" level - same as DO stations - file server in vault, therefore compartmentation - user ownership/control - mainframe connectivity when needed - "corporate" data - message processing - networking Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Scope File server (1) - DEC MicroVAX II Local area network (1) - Ethernet (IEEE 802.3) Workstations (15) - IBM PC/AT equivalents - with no non-volatile storage - with 3270 DFT-A interface card - IMS front office 2 - SG front office 3 - SG branch chiefs 6 - DO Info Center 2 - IMS programmers 2 Total 15 Schedule Early 1988 (standalone LAN) - MicroVAX III here now - Ethernet LAN on order - diskless PC's to be ordered when available Potential Future Applications Standalone LAN (PC network) - Local (compartmented) processing local files/applications (mirror of DO station) local word processing Mainframe terminals - Mainframe processing - message processing (MDS) - networking (Aim) - alternatives will be evaluated Connected LAN (with gateway) - Cooperative processing - corporate data in mainframe - local data in LAN Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4  Declassified in Part - Sanitized Copy Approved for Release 2012/03/02 : CIA-RDP89B01356R000100140028-4 Standalone LAN eC _ E72'eZ?ve7-