About this job

Sapienza Consulting is recruiting a JChat Server Resilient Architecture to join NATO-NCIA, to work remotely

Responsibilities

• NATO Information and Communication Agency (NCI Agency) located in The Hague, Netherlands, is currently involved in development of new capabilities for NATO as well as in support of existing capabilities. JChat has been developed by NCI Agency to provide operators with a text-based asynchronous chat capability. Chat communications is used daily by operators to pass information, coordinate operations, and support collaborative decision-making. JChat is providing one-to-one chat, group (multiuser) chat and multi-user conferencing (moderated chat) and is based on Instant Messaging (IM) technology
• JChat M-LINK and Openfire Server are a mission configurable systems that allows for rapid adoption of new data sources and on-demand configuration, to support information exchange between any headquarters and unit on NATO Command and NATO Force Structure, even when those entities have dissimilar chat systems. M-Link and Openfire are used on the Afghanistan Mission Network (AMN) in Resolute Support Mission (RSM) and in NATO Response Force (NTF) exercises. IT Modernization (ITM) project will transform the way IT services are provided to users across NATO enterprise, including NATO Command Structure (NCS), the NATO Headquarters (NHQ), elements of NATO Force Structure and NATO agencies. This will be achieved by modernizing, consolidating, and centralising the infrastructure and service management, and by pooling and abstracting resources. In turn, this will allow an enterprise perspective to be taken, and services to be delivered according to standard and measureable service level agreements, offering a higher quality, more flexible, resilient, and secure set of services at significantly lower costs to the user community

SCOPE OF WORK

• Currently a number of chat domains exist on three M‐LINK and multiple Openfire servers
• Objective of this statement of work is to get test support in the migration from these multiple M‐Link multiple Openfire servers to a federated resilient M‐LINK / Openfire cluster which is anticipated to be deployed in the ITM environment
• Various options and configuration parameters exist to do the migration to a more resilient architecture (diagram 1 below). In the current architecture, the following situations are undesirable in a system with a goal of high availability or reliability:
• Single node servers may fail and there is no synchronised chatroom available at another site
• PKI certificates may have expired or be revoked without a user being notified
• Functionality and features like Federated Multi‐User Chat (FMUC)1 rooms, Message Archive Management (MAM)2, Form Discovery and Publishing (FDP)3 and Statistics may behave differently in M‐Link than in Openfire when combined with clustering
• Clustered server nodes may not be synchronized after a reconnect or network timeout
• Interfaces between JChat applications, Core Enterprise and Network Services such as e.g. DNS, TLS, and Kerberos Single Sign‐On may not function reliably, in particular in the clustered configuration
• M‐Link and Openfire may not be ready for using Direct TLS4 instead of Server‐to‐server Dialback
• Although FMUC only synchronizes chatrooms, the new architecture shall consider domains, sub domains, chatrooms, forms, archives and statistics. Eventually, the purchaser may decide during the execution of the work that synchronizing statistics and forms data is not required

WP 1 – DEVELOPMENT OF TEST CASES

• Contractor shall develop test cases in TestRail compliant format for testing following areas in light of migration to a more resilient architecture:
• Ref Area Context Focus
• PKI Services Can the server detect time expired certificates Server Interface Server to Server Connectivity Client to Server Connectivity
• Can the server detect revoked certificates via OCSP
• Can the server detect revoked certificates via CRL
• Server to Server Security Does the server handle Dialback connections Server to Server Connectivity
• Does the server handle TLS checking (mutual authentication)
• Does the server support Direct TLS
• Federated Multi User Chatroom (FMUC) Test FMUC between single-node servers (M-LINK / Openfire Hybrid) – Server to Server Connectivity – Restoring state after disconnecting nodes – Message ordering between desynchronised FMUC services – Use of Dynamic Chat Forms – Collecting statistics
• Test FMUC between clustered servers (M-LINK / Openfire Hybrid)
• Message Archive Management (MAM) Message Archive message timestamp consistency Server Interface Client to Server Function
• Message Archive message timestamp consistency in a cluster (M-LINK / Openfire / Hybrid)
• Kerberos (SSO) With stand-alone server (Openfire / M-LINK) Client to Server Function With clustered servers (Openfire, M-LINK, Hybrid)
• User VCARDs Configured attributes (or mapping) on the server
• Clustering Test Openfire / M-Link clustering behaviour in combination with Database server clustering (PostgreSQL and Microsoft SQL) – Client / Server resilience when database nodes are taken offline and back online
• Network Connectivity Test client-server and serverto-server behaviour when network response time is slow Client to Server Function
• Test client-server and server to-server behaviour when bandwidth is constraint in combination with and without QoS settings change See 8a
• Network connectivity with clustered servers (Openfire, MLINK) Cluster Function
• This work package formally starts with the kick off meeting at the start of the project and ends when test cases exist that cover the test areas

WP 2 – EXECUTION OF TEST CASES

• The contractor shall execute tests developed under section 3.2 and provide test results to Purchaser
• The contractor shall capture screens and document installation steps for functionality which is required for performing tests but cannot be found in any of the installation guides
• This work package formally starts when Purchaser and Contractor agree that created test cases under WP1 are sufficiently mature to justify test execution and ends when all tests have been executed

WP 3 – EXPLORE RESILIENCE ASPECTS OF ARCHITECTURE COMPONENTS

• The contractor shall explore the resilience of the envisaged architecture by performing in depth analysis of the impact of changes to components within the architecture
• The contractor shall explore the resilience behaviour of application failures, network connections, that sometimes suddenly fail or disappear without warning: Infrastructure failures

• Network failures:
• Lag, hold the packets for a short period of time to emulate network lagging
• Drop, randomly discard packets
• Throttle, block traffic for a given time frame, and then send them in a single batch
• Duplicate, send cloned packets right after to the original one
• Out of order, re‐arrange the order of packets
• Tamper, nudge bits of packet’s content
• The contractor shall propose and use test tools such as e.g. Chaos Monkey that randomly terminates virtual machine instances that run inside of the test environment, clumsy that provides functions to worsen perspective network conditions or Mangle which can inject infrastructure and network faults
• The contractor shall explore, and reproduce reported problems and advice on the way ahead

DELIVERABLES

• (Verbal) updates to progress meetings (weekly)
• Test cases as developed under WP 1 in a TestRail compliant format (weekly)
• Test execution reports for tests executed under WP 2 in a TestRail compliant format (weekly)
• Export file containing all test cases, test reports, test runs in a TestRail compliant format (end of project)
• Annex to M‐Link Installation Guide summarizing the Openfire‐M‐Link interoperability findings
• Report on resilience aspects of architecture components

COORIDNATION & REPORTING

• Contractor shall participate in a kick‐off meeting within five working days after the signing of this contract. This could be a meeting at the Purchaser’s facilities in The Netherlands or be done via electronic means using Conference Call capabilities. During the kick off meeting, the contractor will provide and discuss a plan for executing the tasks under this statement of work. Purchaser and Contractor will discuss the plan and amend where appropriate. The contractor will provide email minutes containing at least decisions and actions decided during the meeting
• The contractor shall participate in weekly status meetings, done via electronic means using Conference Call capabilities. The contractor will initiate this meeting and provide email minutes containing at least decisions and actions decided during the meeting
• The contractor shall conduct remote exception reporting via electronic means as required. Exception reporting to take place within two working days of the exception occurring and is to include, as a minimum, the reason for/ cause of exception, the impact of the exception, proposed action plan to address the exception for approval by the purchaser, and the residual impact. The format of the reports will be agreed between the purchaser and the contractor within five working days after the kick‐off meeting

Profile

• Required Security Clearance: NATO SECRET
• Contractor has strong knowledge and practical experience (minimum of 12 months in last 24 months) in using M‐LINK 16, M‐LINK 17 and Openfire 4.5
• Contractor has strong knowledge and practical experience with M‐LINK and Openfire clustering
• Contractor has significant knowledge and practical experience in area of M‐Link and Openfire testing
• Contractor has significant experience in area of computer networks, including DNS, domains, PKI certificates, network designs
• Contractor has experience with use of XMPP
• Candidate has flexible, cooperative and customer focused attitude; sets high standards for quality and quantity; monitors and maintains quality and productivity; works in a systematic, methodical and orderly way
• Candidate is able to speak and write fluent English since the work is conducted in English
• Candidate must have the nationality of one of the NATO nations

Candidates must be eligible to work in the EU

For information on how we process the personal data in your application, please see the Sapienza Privacy Statement here.