Architecting solutions for distributing NIMA geospatial data and services to all variety of users

Co - Author: Nicole Soltyka - SAIC contractor for National Imagery and Mapping Agency
8301 Greensboro Dr.
MS E-4-5
McLean VA 22102
USA
Phone 703-676-4118
Fax
soltykan@saic.com

Abstract:The National Imagery and Mapping Agency (NIMA) has expanded its user base in recent years to include its traditional customers, the US Military and its allies, plus academics, commercial organizations and non-DOD government customers. To meet the demands of these varied users NIMA moved from providing simple product delivery to providing on-line geospatial information access. NIMA also has information assurance requirements that dictate designs supporting easy replication, load balancing, mobile code compliance, versatile and expandable interfaces and user customization options. To meet these demands NIMA decided to leverage its services with Esri and Oracle products and to embrace several standards based technologies including OpenGIS Web Mapping and Web Feature Servers, NSDI Clearinghouse and Esri's Geography Network. In addition to the traditional MILSTD products, NIMA is migrating their geospatial information to directly accessible on-line map services. Using a combination of ArcIMS, SDE for Oracle, Esri OpenGIS software and custom servlets, NIMA is able to distribute data through a polished, easy to use web site and through highly customizable image, feature and extract services. The hope is that this architecture framework will satisfy the defense and intelligence communities' complex assortment of geospatial requirements as well as provide an effective means for public use of NIMA geospatial information.

• Introduction:The National Imagery and Mapping Agency (NIMA) must support its traditional customers, the US Military and its allies. To do this, NIMA must serve up MILSTD products on sites that are reliable, redundant and secure. NIMA must also serve a new customer base that includes academics, commercial organizations and non-DOD government customers. This means implementing additional capabilities that provide standards based technologies.

• Our Solution: It has been our experience over the past seven years that users want to get NIMA data over the Internet. They want a professional looking, easy to use web site that resembles what commercial companies serve up on the web. At the same time they do not always want to be limited to the functionality available via a web browser. They also want all varieties of NIMA data in countless formats. Of course users' connectivity varies from deployed troops on ruggedized, archaic, slow computers using satellite links to analysts sitting on high end Sun Workstations with T-3 connections to the Internet. User types range from sixth graders working on school projects to highly trained DoD Intelligence specialists.

  It is evident that one solution for distributing NIMA data will not serve all users, so NIMA elected to provide multiple solutions sharing one architecture.

  • The Hardware and The Networks:

    In order to serve the broadest range of customers, NIMA had to identify ways to serve publicly releasable data and Limited Distribution data using the Internet. To do this, NIMA decided to set up replicated Extranet Nodes that use Public Key Infrastructure (PKI) technology to validate the identity and credentials of its users. This allows users to access NIMA web sites containing Limited Distribution data using standard Internet connections. Traditionally users had to be sitting at terminals of "closed" networks to access this type of data. This severely limited the productivity of US Military personnel since they are often on the move and unable to establish connectivity to the "closed" network. When users could access the "closed" networks it was often through dial-up connections that provided lower bandwidth than dedicated Internet connections that were readily available.

    A third site was added in the Winter of 2000 that has an identical architecture to the Extranet geospatial servers minus the Extranet security pieces and minus the Limited Distribution data. This gave the general public its first access to a unified site that contained most of the publicly releasable NIMA digital geospatial data that is published on CD-ROM.

    
    

    As shown in the diagram above, the architecture calls for one node on the Internet and one node on the NIPRnet*. This facilitates continued service for all users in a time of hightened military risk that calls for the detachment of the NIPRnet infrastructure from the Internet. During normal operation the two Extranet nodes are kept synchronized with as much automation of the process as possible. All updates occur on one Extranet node and are pushed to the second node. During a network separation, the two nodes can function fully independently with the second node easily supporting its transition to "master" status with little manual intervention.
    *This node is scheduled to move to the NIPRnet in the near future but does not currently reside there

    In addition to the redundancy providing guaranteed service in the case of network separation, it also allows for load balancing under normal working conditions. All the data and services are duplicated across the two systems. Some of the hardware depicted above allows the NIMA O&M staff to establish load balancing. This means that a single IP address or Virtual IP address can be used to balance access to the most appropriate servers. This is important because many of the services NIMA plans to provide have load balancing capabilities built into them, however they do not always take into account the other services sharing the server. In other words, ArcIMS supports load balancing of incoming ArcIMS requests, but it does not take into account NSDI request that might also tax the NIMA database. Implementing Load Balancing at the hardware level promises to improve performance for users by taking into account all requests arriving at the servers.

  • The Data:
    • Raw Data
    • Data is stored in Mil-Spec format on a storage array
    • The data on the storage array is replicated across the two geographically separate Extranet Nodes (Veritas File Replicator)
    • Publicly releasable data is pushed to geoengine.nima.mil
    • Converters are run on selected NIMA data to generate Esri compatible data sets. Certain data types are not yet imported into SDE and remain directly on the storage array
    
    
    • Database
    • Translators are run at each local server to populate the Oracle database with metadata
    • Translators are run at each local server to generate coverage footprints
    • Reference map data is stored in SDE
    • Converters are run on selected NIMA data to generate Esri compatible data sets. That data is then stored in SDE
    
    
    • Server Tools
    • Custom Servlets drive the NIMA web sites (http://geoengine.nima.mil, https://gis.extranet.nima.mil)
      
    • Metamanager serves up NSDI formatted metadata
      
    • Esri tools serve up image services, feature services and extract services

      

    All of this data presentation allows NIMA to meet the needs of a wide customer base which includes US Military, US Allies, Academics,Non-DOD Government and Commercial.
    • The Services:
    • The Geospatial Engines

      Many trained GIS analysts and Military Intelligence specialists are experts at using the data and services NIMA provides using the variety of standards discussed in this paper. However, there is a much broader group of users, including trained military personnel, who do not know the difference between NIMA MUSE(TM), ArcInfo, ArcExplorer, the Geography Network, etc. There are others who are limited by the security mechanisms or bandwidth on local networks. These are the customers most often found using the Geospatial Engines. There are several benefits to providing a polished, easy to use web site within an organization along with the standardized services. Some of the ones that drove the design of the Geospatial Engines are:

      1. Mobile Code Policy Compliance - The Geospatial Engines provide all basic services without use of plug-ins or JavaScript since many government sites block proprietary ports used by plug-ins and many firewalls strip out JavaScript all together
      2. Low Bandwidth Users - NIMA also wanted an interface that didn't depend on an applet that might take significant time to initially download over a satellite link or other low bandwidth connection. Even though Java passes the military mobile code policy requirements NIMA decided to present an HTML only solution to help users with these restrictions.
      3. Familiar Look & Feel - NIMA engineers reviewed familiar commercial sites to learn about the common mapping navigation tools users encounter when they surf the Internet at home. They found that using a similar design to commercial sites decreases the learning curve for users not specifically trained in GIS and Intelligence analysis
      
      

      One of design restrictions NIMA engineers conquered was how to migrate the http solution to https, or secure socket layer (SSL). In order to do this NIMA runs two virtual web servers on the Extranet nodes. The first web server runs on port 80 and communicates via http. This server is the one that communicates with the ArcIMS map services. The second web server runs on port 443 and all user request go to it. The only client the port 80 server accepts requests from is itself. A diagram is shown here:
      

    • OpenGIS Web Mapping Services
      

      The WMS 1.0.0 Interface specification has been implemented in NIMA's ArcIMS-based image map services served through Geoengine. These map services can be requested by and viewed within any WMS compliant client through a "GetMap" request sent to the WMS Interface. The WMS "GetMap" request returns a map in the form of an image (JPEG, GIF or PNG) containing data layers requested by the user, projected in a specific spatial reference system within a particular geographic area of interest. The WMS "GetMap" request defines 12 input parameters that are required in the request string responsible for returning the image.

      
      

      The implementation of WMS technology in the existing Geoengine environment involved the installation of Esri's implementation of the WMS specification, the ArcIMS WMS Servlet Connector. Servlet Connectors enable a variety of clients to communicate with ArcIMS through HTTP request handling. The standard ArcIMS Servlet Connector is capable of communicating between the ArcIMS Application Server and a variety of Esri clients, including ArcGIS, ArcExplorer Java, ArcIMS standard and custom HTML and Java viewers. The WMS Servlet Connector, which is installed through a "custom" ArcIMS installation, allows any WMS compliant client to communicate with the ArcIMS Application Server by translating WMS requests into ArcXML, ArcIMS's implementation of the XML communication protocol. Responses are converted from ArcXML back into a format that the WMS compliant client understands, where it subsequently displays the requested image. Once installed, users can request maps from Geoengine over their particular area of interest and view and interact with these maps in conjunction with other WMS services serving data from different systems and sources.

    • National Spatial Data Infrastructure (NSDI) Clearinghouse
      

      Executive Order 12906, signed April 13, 1994, directs Federal, State, local and tribal governments to participate in the National Spatial Data Infrastructure (NSDI) for the coordinated acquisition and access of geospatial data. As part of the Geoengine implementation project, NIMA is addressing this Executive Order by becoming a NSDI node allowing NSDI Clearinghouse users to search, browse, discover and retrieve NIMA geo-data assets based on the Federal Geographic Data Committee (FGDC) metadata standard. In order to comply with the requirements of operating as a NSDI node, NIMA evaluated several publicly available and commercial Z39.50 protocol server and search software solutions. This evaluation led NIMA to select Meta Manager, a product developed by Compusult, Ltd. This software was selected due to the ability of NIMA to leverage their existing metadata holdings in Oracle, map these elements to the FGDC standard for metadata collection, the ability to interface with other architecture products such as SDE and it's conformance to the Z39.50 interface search specification adopted by NSDI.

      
      

      To implement the NSDI phase of the project, existing NIMA metadata holdings stored in Oracle were augmented and mapped to a FGDC compliant format and finally integrated and ingested into the Meta Manager software. NIMA was then registered as a NSDI node within the NSDI Clearinghouse. NIMA's products are now available for discovery through the Z39.50 search engine.

      The data entry form for a sample query that looks for VMAPLV1 and all other 1:250K products produced since the end of 1999 is shown above. Obviously users now have a lot of flexibility to generate their own queries against the NIMA data.
    • Esri's Geography Network
      

      The Geography Network (GN) is a major contribution by Esri to support the NSDI and the geo-community at large. The initiative was leveraged from an existing ArcData On-line repository and the recently released ArcIMS web mapping software suite from Esri. The final step in providing broader access to NIMA data holdings is registration of Geoengine with Esri's GN. As a participant in the GN, NIMA is extending their outreach to the geo-data community by providing access to NIMA information that was traditionally only available in NIMA product formats by FTP download or CDROM.

      
      

    Through registration on the GN, becoming a NSDI node and providing WMS and ultimately WFS services, NIMA has addressed the full suite of currently implemented federal standards and interoperable specifications that pertain to the geospatial data provider community.

• The Future: The architecture just described is the foundation of a NIMA architecture designed to meet the broad demands of a diversified clientele. More work needs to be done to provide the leading edge in geospatial information. Some of the planned enhancements for NIMA geospatial data and services include:
  • OGC Web Mapping Feature Services - The Web Feature Server (WFS) Specification will be implemented in Geoengine in the near future. This specification will enable "feature streaming" through WFS compliant clients. The WMS interface only allows users to request images back from a WMS enabled map server. These images are then integrated into applications, most commonly a viewer client, with other WMS map services. These images can handle a simple request for information at a particular pixel in on the map. This request is called "FeatureInfo" and is used to reveal information about a particular feature located at a particular point on the map. WFS extends this to a higher level of functionality by allowing users to receive features in the form of vectors as opposed to an image. The ability for users to receive features enables them to perform transactional operations on OGC simple features stored in data stores. In addition to requests, users can manipulate features through transactions including creating new features, deleting features, updating features and querying features.

    To implement this functionality, NIMA's Geoengine will be enabled with Esri's WFS Servlet Connector, currently undergoing Beta-testing, in ArcIMS running SDE and using an Oracle database. The Oracle database is responsible for managing the coordinate geometry of the features in addition to the feature attributes through SDE. Users will be able to request the features they are interested in for a particular area of interest and have those features "sent" to their client, where they can manipulate them in their own applications. In addition to the functionality WFS provides to the user community, there is an additional benefit to NIMA. Once WFS is fully implemented, NIMA will no longer need to store redundant data in different formats in order to respond to users that require data in either native NIMA format or an Esri supported Arc format. All WFS requests will be sent to a single instance of the SDE-enabled Oracle database storing NIMA feature data in a single format. This will result in significant savings in redundant data storage and overhead costs for NIMA's and provide more robust services to NIMA's user community.

  • Converting all NIMA data to SDE supported formats - Completing this milestone will allow all NIMA data types to be served in some form via the OpenGIS services. This will allow clients to use NIMA data in ways that were never before possible or that required great amounts of overhead and data preparation. Instead of spending weeks converting data and even longer hunting for the storage to support data conversion, NIMA customers will be able to access data in the formats they desire almost instantaneously
  • Replicate the SDE data using Oracle Replication Technologies - Once the NIMA data is converted to Esri compatible formats and stored in SDE, more COTS tools can be utilized to replicate the data across the nodes. One potential mechanism for replication is to use Oracle replication technology to synchronize the data across nodes. This gives NIMA the advantage of using more standard mechanism for replication and will allow for a more intelligent mechanism for filtering data across different classifications of networks.
  • Store Mil-Spec data only on NIPRnet node and redirect users to that machine directly for downloads - This will free up valuable storage space for more industry standard data while still guaranteeing that the US Military customers and allies will have access to the Mil-Spec data needed to run customized software.
  • Re-use of standards based services - If NIMA continues to support http://geoengine.nima.mil, build the standard services back into the site so regular browser users can take advantage of the new standards even if they do not know how to use other client tools
  • Advanced Enhancements - On going enhancements to the Geospatial Engines to include integration with On-Line ordering prototypes, greater footprint variation to support varied customer requests, greater feature query capabilities, and improved download flexibility.

• Acknowledgements: The National Imagery and Mapping Agency contracted with Logicon, Inc. and Science Applications International Corporation to design and build the described system. The opinions expressed here, however, are the responsibility of the authors.