Implementation SIGRID

GT Implementation

The GT solution enables military organisations to locally manage and disseminate foundation GEOINT data and products.

T-Kartor has the expertise and innovative solutions to enable a military organisation to provide real time, relevant, current geospatial data to all of its end users.

GT offers workflow driven functionality including advanced data registration system, complex multi-level network security, automatic replication and synchronization across connected and disconnected users, extensible metadata, extended discovery options, data validation mechanisms and interoperability with other enterprise level systems and partners.

GT gives military organisations and their end users the capability to utilise and exploit data when it is most critical.

Functionality of GT:

Interoperable – built on Certified open industry standards (ISO, OGC / KML and W3C) allow content to be easily shared between other open systems, removing file format incompatibility, projection inconsistency and metadata discrepancies that have afflicted many joint operations. Scale seamlessly to many hundreds of terabytes of data in over 90 data formats (and derivative products) and utilization rates of up to 20,000 users.

The system has an open 3-tier architecture based on service-oriented architecture (SOA) principles comprising of a data repository tier, an application services tier and a client tier. The architecture comprises a Single Sign On (SSO) based access system granting access to a set of OGC services and data (Geospatial based services and non-Geospatial services such as ordering, statistics etc…) through a standard web browser (no plugins required) or common GIS thick clients (FalconView, RemoteView, SOCET GXP, ArcGIS, ENVI, Google Earth, Palantir, ERDAS Imagine). User selected data (raster and vector) can be mosaiced, compiled and exported into a single useable file.

Geospatial services are accessed through a spatial data infrastructure with an active (crawling/harvesting) central catalog offering a single point of access to all services (raster, vector, elevation, LIDAR, FMV, geoprocessing, maps, external services, documents, multimedia, etc).

Search in many ways, through standard geographical searches, keyword searches (on any metadata tag), place name (geonames) searches.

Extended discovery options – Users are able to discover and consume content in many ways, through standard geographical searches, keyword searches (on any metadata tag), place name (geonames) searches and so on. Search results are presented through the data validation traffic light system and can be displayed in the GT client or chosen GOTS/COTS exploitation and visualization software. Display projection can be defined in the client, independent of original projection and multiple layers may be combined. The GT client provides tools for styling, annotation and fit for use product generation.

Multi-level network security – is core to the GT system and can be customized to specific requirements. Group or individual datasets can be tagged to flow to specified levels of security. A ‘Data Pump’ system automatically pushes data up to higher security levels (see figure 1). Significant manual sanitization procedures are used to move data at higher levels to lower levels of security. This concept allows changes to propagate between instances on the same or other security levels including conflict handling. GT prepares identified data to be transferred to other instances as a package, either through air gap or diode. Subsequent security levels receive packages of data, which replicate identically on the new instance. A similar mechanism is used to identify subsets of data to be transferred to a self-contained, deployed system instances. As an additional precaution for limited resource systems, GT can automatically optimize data storage by removing duplicates and redundancies. This process improves the foundation data usability and optimizes geoprocessing, analytics and discovery tools.

Data validation through a traffic light system – allows accredited users to approve foundation data. When a user carries out a search within the system, individual results have coloring indicating the level of assurance. RED datasets are temporarily stored, have no metadata or services visible to users of the system. An approved data manager may elevate data to an AMBER state, indicating that metadata is visible to all approved users, however data services and download are not available. The final stage is fully assured GREEN, were metadata, data services and download are available to applicable user groups. The assurance system allows non classified open data to be assessed and combined with classified information and gives users and decision makers confidence that content is current and relevant. In addition to data validation all data can be limited to groups or users based upon a temporal extent (expiration dates/ times). For mission critical data it is possible data sets large and small could be useful to particular group for a finite amount of time. GT’s ability to set a temporal extent of the data safeguards teams and organizations from out of date views of rapidly changing data models/ analytics.

Advanced data registration – ensures instances, users and organizations have a push and pull mechanism creating a seamless interoperable system. Single datasets or multiple datasets can be registered within the GT catalog using the registration mechanism. Any data set can be fully or partially updated at any time without any downtime or interruption. This allow GT instances be synchronized between each other and between security levels in almost real time. Multiple formats within a defined directory may be registered during the same action. Any form of geospatial data with relevant spatial information may be registered, including raster, feature, height, external services, photographs, documents, etc…). During registration, mandatory metadata, services to activate (WMS, WFS etc), back up schedules, warnings and security levels may be defined. Specific data can also be limited temporally to when they are visible to users of the system. New data registration and updating of existing data layers do not disrupt live services.

Download services – can be used to export / download a sub-set of data sets displayed in GT client. Map content can be defined by search capability (keywords, spatial area (intersect, contains, within) and metadata). The download service allows data to be selected via bounding box (as previously discussed), selections by vector layers, selections by raster bands and export/ transformation capabilities (NITF, GeoTIFF, MRSID, JPEG2000, JPG, IMG, KML, SHP, GML, etc…). All exported content can be “clipped, zipped and shipped” by a defined AOI (bounding box) to the user profile or external media. When downloads are completed users will receive notifications from GT via email or RSS feed with the ability to immediately download the requested dataset in a .zip format. This .zip file will include licensing information, metadata and any associated ReadMe files vital to the appropriate data usage.

Backup, redundancy and fail-over clusters- ensure the safety and reliability of all data within the GT system. GT has several solutions for backup and recovery guaranteeing maximum system uptime and data reliability. The system provides basic user functionality to allow data restoration from known recovery points or, if needed, can restore an entire instance. GT backup implementation is closely related to instance handling and data flow procedures as mentioned previously. Below are described the different backup solutions implemented by GT:

Instance Recovery – backs up all data sets and aggregates within the existing catalog. This can also be described as a simple catalog based backup (catalog structure, metadata, and data). It should be noted this does NOT include anything other than data registrations. All tasks (geoprocessing and analytics), history (metrics tracking), notifications, ordering, user profiles are not recoverable using this process.

Conventional Recovery – is a special case of “Instance” backup which gives the user the possibility to restore versioned backups of items created by an “Instance” backup. For example, an infrastructure backup of the sub-system store “Instance” on a tape device. A system administrator can choose specific snapshots to restore by copying them to dedicated restoration structure within the enterprise structure.

Master/Slave Recovery—is a full backup solution implemented as master / slave relationship in real time. This solution is based upon real-time system cloning within the data flow synchronization process. In a case where the master instance can not respond for any reason (network limitation, Hardware failure, Enterprise system failure) the slave will take over immediately without users experiencing any downtime.

GT will crawl and harvest any metadata supplied with data sets and metadata can be easily extended to meet additional profile requirements.

All users of the system have disk storage and are able to register data, allowing for designated geospatial information to be defined by data managers and additional user specific information added by users with lower privileges. This is especially useful when the GT is in a deployed mission.

Role based profiles allow specific user workflows – GT security is based on a 1:1 relation between the GT system internal privileges and the privileges as defined in Active Directory (AD). Authentication / Authorization is implemented as Kerberos based SSO and is fully integrated with client operating system (the user never provides any credential manually). Following access to GT, different users (administrative to basic user) have access to defined functionality. Users are also connected to a notification system, allowing updates when new content is added or information related to a subscribed location changes. GT provides a single point of geospatial data within an organization, to all levels of users on a consistent modular platform. When the system is deployed, GT enables on-site staff to maintain the data and become a local data manager.

Robust ordering (request) system- within organizations large and small GT has the ability to directly integrate with SAP systems for ordering (requesting) products and services. GT was designed to allow users (internal or deployed) to submit requests to fulfillment services within the organization. The primary use case for this type of service is for the creation or generation of standardized map product, large deployable systems or very large data deliveries outside of the GT platform. GT’s integration with existing SAP services gives users the ability to plan future exercises, request deployable systems and leverage large data request for joint operations.