The Enterprise Operational Support Environment (E-OSE) is the product of the Air Traffic Organization’s (ATO) Program Management Organization (PMO) and Technical Operations (Tech Ops) efforts to address multiple security concerns and operational inefficiencies. Driven by Executive Orders to improve cybersecurity, FAA Orders to develop boundary protection infrastructure, and Office of Management and Budget (OMB) guidance to isolate sensitive or critical information, the E-OSE platform was designed and built from the ground up to help meet both Second Level Engineering (SLE) and ATO cybersecurity requirements.

A collaboration between AJW-1 Operations Support, AJW-B NAS Security and Enterprise Operations (NASEO), AJM-24 Terminal Second Level Engineering (TSLE), and AJM-25 En Route and Oceanic Second Level Engineering led to innovative new solutions that address inconsistencies, inefficiencies, and supportability issues across SLE.

The E-OSE solution offers enterprise services to SLE and Tech Ops groups at no cost and allows organizations the freedom to focus on core functions without the added complexities of maintaining infrastructure. It also gives SLE systems the ability to replace unsupported legacy equipment with the latest hardware and software technologies. The following set of enterprise solutions are currently offered to the ATO community:

• Patch Management, Compliance Scans, and Malware Protection
• NESG External DMZ Connectivity
• NAS Cyber Monitoring System (NCMS) Forwarding
• Virtual Machine hosting services
• Data Storage
• System Monitoring
• F5 Load Balancing
• Virtual Machine and Data Backup
• Remote Connectivity to E-OSE Infrastructure and SLE labs
• Automation – Red Hat Ansible Automation Platform
• On-Prem Cloud Services – GitLab, DevOps, Containers, Microservices, CI/CD

There are multiple benefits of onboarding to the E-OSE. Foremost, it is an on-premises system that is FAA owned and managed. It is located at both the Mike Monroney Aeronautical Center (MMAC) and the William J. Hughes Technical Center (WJHTC). It also provides a security-hardened platform that protects and monitors NAS Operational Support systems. This new environment provides network segregation and layered boundary protection from the Mission Support Network, consolidates NAS support assets behind a secure environment, provides enterprise-level services and monitoring capabilities, and eliminates the need for every SLE system to build and maintain their own OSE-type environment, resulting in a significant cost savings. Key services and functions for SLE include on-premises hosting for mission essential SLE systems; boundary protection; enterprise services including patch management, asset management, monitoring, and malware protection; and remote connectivity to the Federal Telecommunications Infrastructure National Test Bed (FNTB) and NAS OPIP assets via the NAS Enterprise Security Gateway (NESG). 24/7/365 FAA SLE support is available and E-OSE users can contact the PMO ATS Help Desk for immediate assistance.

There have been 19 systems successfully onboarded to the E-OSE so far, with more systems added each month. Of those systems, the Remote Support Facility (RSF), Surveillance and Broadcast Services (SBSM), Remote Monitoring and Logging System (RMLS), and Power Environmental Systems Telemetry Operations (PESTO) (formerly Air Route Traffic Control Center (ARTCC) Critical Essential Power System (ACEPS)/ARTCC Power Monitoring System (APMS)) have success stories to share. Here are some successful insights about the process:

"In June 2022, after a routine network scan that resulted in the abrupt severing of all remote connections to critical RSF equipment, Surface Surveillance Systems had to find a solution to prevent operational impact. Furthermore, this disconnection occurred while Oklahoma City was in a max telework status due to COVID-19, risking the production capability of Second Level Engineering and the ability to adequately support its customers and the NAS.

Fortunately, Surface Surveillance had an ongoing project to convert RSF assets over to the Enterprise-Operational Support Environment (E-OSE). This project was immediately realigned to reestablish remote connection from the Engineers’ AIT laptops to the OKC RSF assets effectively resolving the unexpected disconnection. This RSF remote connectivity and operation capacity restoration was made possible through superb cross-organizational teamwork and communication. AJW-144 leaned on the expertise of E-OSE’s IT Specialist, Robert Bortu, and Security Engineer, Christian Pol, who realigned and prioritized their efforts to accommodate Surface Surveillance’s needs.

Within one month of receiving requirements, the E-OSE team members stood up 13 Virtual Desktop Interfaces, created 29 user accounts including an encrypted storage server, and attended various review boards."
- Jared Florence, AJW-144

"Using the E-OSE has allowed SBSM to reduce our physical footprint, improve redundancy, and reduce risk of data loss. E-OSE has been extremely helpful in overcoming challenges with antiquated Operating Systems that are needed to maintain ATCBI-6 software. The E-OSE provided a Windows 98 software development environment. Not only did we avoid purchasing additional development resources, but it also solved any security concerns that would be associated with the project.

The E-OSE Team has been very helpful by walking us through the entire process and helping us understand how to best utilize this enterprise solution!"
- Allison Quate, Manager AJW-1432

"I want to say thank you to the E-OSE team for their hard work and willingness to help RMLS with a critical security component. We needed a solution in a very short timeframe to meet a major security hurdle, and they delivered. They were instrumental in providing us with a PIV authenticated VDI interface to secure a key RMLS application. We had been attempting various solutions for nearly 10 months with no success. E-OSE was able to help us in about a month. Throughout the whole process they answered questions, helped us troubleshoot anything that arose and helped pave our way for success. The E-OSE environment seems very well set-up with a ton of beneficial functionality and the support team is a pleasure to work with. I think many other systems will benefit from their platform - if they haven’t already."
- Robert D’Armi, AJW-163

"I appreciate working with you and the E-OSE team. We [PESTO] have been developing some new capabilities as well as taking some existing assets to the enterprise level. E-OSE has been extremely helpful and is a good place to continue development for our telemetry systems. The time to on-board as well as continue to build features has been surprisingly fast and simple. To date, I have been impressed with the level of service and capabilities from E-OSE.
- Matt Hays, AJW-1511

So, what does it take to On-board? Here are the basic steps!

The AJW-1 team will work with the System to:

1. Gather requirements
2. Perform a technical evaluation
3. Seek ACG CRB Approval, if applicable
4. Perform system provisioning

Then, the Hosted System will:

1. Perform System Testing
2. Onboard the System
3. Complete Final Acceptance

ATO SLE Organizations are encouraged to reach out by visiting the E-OSE website ATO Security Initiatives (faa.gov) and contact Biafra Carrington-Smith and Robert Bortu for additional information about E-OSE functions and services for your systems.