Service-Oriented Architecture

The OASIS Reference Model for Service Oriented Architecture defines SOA as “a paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains.” Such a simple and concise definition belies the complexity of implementing SOA within an organization. From implementation of small pilots to demonstrate value, to establishing SOA Centers of Excellence, all the way to full scale transformation into a Service Oriented Enterprise, SuprTEK’s SOA experts have the right combination of business understanding, management skills, and technical expertise necessary to successfully execute your SOA initiatives.

Defining the Business Case and Objectives

Our management consultants will work with you to understand your goals and objectives and define the business case to gain the executive buy-in necessary to ensure the success of your SOA initiative. Depending on the nature of the organization’s mission, typical objectives for undertaking SOA initiatives include:

  • Better alignment of IT with business objectives
  • Integration with customers and partners.
  • Technical system-to-system integration
  • Increased information-sharing between agencies
  • Establishing an enterprise-wide platform of shared services

Enterprise Architecture/Business Process Modeling

Our enterprise architects can help capture and define as-is and to-be models of your organization to identify target areas and processes for service-orientation and define your enterprise portfolio of services. Not all efforts require this, however a large-scale enterprise-wide initiative will benefit from this top-down approach to plan and manage the related efforts during execution. Our enterprise architects are experienced in relevant standards and frameworks such as Zachman, DODAF, FEAF, BPMN, etc.

SOA Strategy and Implementation Plan

Most SOA initiatives are multi-year undertakings and require a well thought out roadmap and implementation plan. Such plans will often include pilots to demonstrate success early on. Critical to ongoing success is also a service governance strategy to define and enforce the policies for sharing and reusing the services across the enterprise. Our experts will apply their best practices and lessons learned from multiple projects and past experiences to help you create comprehensive roadmaps and implementation plans to guide your efforts.

Technical Implementation

Our expert architects and developers are well versed in the following SOA-relevant technologies and ready to assist you with your technical implementation efforts.

  • Web Services Standards, e.g. SOAP, WSDL, UDDI, WS-Security, etc.
  • Data exchange formats, e.g. XML, JSON
  • Security, e.g. authentication, authorization, attribute-based access control, identity federation, etc.
  • SOAP and REST- based implementation approaches and frameworks, e.g. Apache Axis, CXF, Jersey, WCF
  • Enterprise Service Bus, e.g. Aqualogic, ServiceMix, Muse, OpenESB



  • Expertise from SOA strategy to technical implementation
  • Solid architecture, roadmap, and implementation plan to serve as a strong foundation
  • Early pilots to demonstrate success and gain buy-in
  • Strong service governance to ensure continued success

Identity and Access Management

For USTRANSCOM/SDDC, SuprTEK has developed and maintained their enterprise-wide Identity and Access Management (IdAM) system which is integrated with over 60 systems serving over 165,000 users. The system is composed of a set of SOA-based security services to provide capabilities that include single sign-on, authentication, authorization, role-based access and policy management to web applications and services to the DoD’s transportation and logistics community.

Our solution employs a “trusted broker” architecture as described in WS-Trust and WS-Federation allowing applications to externalize such security capabilities as authentication and authorization so that the business logic of the application is less tightly coupled to security functions. One of the benefits of this architecture is that changes to access control are simplified and dynamically effected by updating an external policy rather than application code updates. Integration with third-party applications is supported through standard Web service interfaces and the use of the SAML standard. We also support the integration efforts of third party developers, including the development and support of third-party plug-ins and a developer’s guide.

The system includes a robust PKI capability whereby users of the system register and are authenticated using their CAC, ECA, or TWIC PKI credentials. PKI credentials are validated through DISA’s Robust Certificate Validation System (RCVS) using Online Certificate Status Protocol (OCSP) as the primary validation means with fail-secure fallback to CRL lists as necessary. It employs automated techniques to verify PKI credentials are consistent with local user profiles in order to detect unauthorized use of PKI credentials such as individuals attempting to share certificates. These automated techniques include interfacing with DISA’s Joint Enterprise Directory Service (JEDS) to obtain authoritative user profile data for comparison to local user profile data.



  • Large enterprise-wide solution integrated with over 60 systems supporting 165,000 users
  • DoD PKI compliant
  • SOA-based architecture
  • Extensible for third-party integration via SDKs and APIs

Business Intelligence and Data Analytics

We live in an information society. Organizations that are able to turn that wealth of information into actionable insight are the ones that will lead and succeed. Doing so requires a business intelligence strategy with executive buy-in, a comprehensive implementation plan, and a team with strong functional and technical expertise. No matter where you are in your BI implementation lifecycle�from defining the strategy, to executing small pilots, all the way to operating and maintaining a enterprise-wide data warehousing and reporting solution, SuprTEK’s team of functional analysts, data architects, and engineers can help you ensure that your efforts are paying off and meeting your organization’s strategic objectives. Our teams have expertise in the following disciplines and technologies and are ready to adapt these to the specific needs of your organization.

  • Data Strategy & Management
  • Data Warehousing
  • Advanced Data Analytics
  • Decision Support Systems
  • Reporting, Dashboards & Data Visualization
  • Big Data Processing Using Cloud Technologies



  • Transforming information into actionable insight
  • Strong focus on data quality and security
  • Experienced with all aspects of data warehousing architecture, e.g. ETL, OLAP cubes, dimensional models (star & snowflake schemas), Kimball vs. Inmon approaches, etc.
  • Experienced with COTS (BusinessObjects, Cognos, OBIEE, etc.) as well open source (Pentaho, Jasper, BIRT, etc.) business intelligence tools

Continuous Monitoring

Whether you’re trying to maintain FISMA compliance, manage the certification and accreditation of your systems, manage vulnerabilities across the enterprise, or maintain overall situational awareness of your networks, implementing a continuous monitoring program will give you the necessary information and insight into your assets and networks to make decisions and manage risk. NIST SP 800-137 defines the key phases of the continuous monitoring process as:

  • Define a continuous monitoring strategy
  • Establish measures, metrics, and status monitoring and control assessment
  • Implement a continuous monitoring program to collect the data required
  • Analyze the data collected and report findings
  • Respond to findings with technical, management and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection.
  • Review and update the monitoring program, adjusting the continuous monitoring strategy and maturing measurement capabilities

SuprTEK’s Information Assurance specialists and security architects have the experience and expertise to help you get your continuous monitoring program off the ground, improve existing processes that you have in place, or provide targeted support with specific phases of the continuous monitoring lifecycle. Our teams are working to define and implement continuous monitoring capabilities at the DoD enterprise level to meet the needs of DISA and United States Cyber Command (USCYBERCOM) as well as at the Tier 2 and Tier 3 levels to support the needs of specific COCOMS, Services, and Agencies. We have developed continuous monitoring capabilities using best-of-breed technologies and industry and government standards common across the Federal government, Defense, and Intelligence Communities.



  • Enterprise-scale solutions
  • Compliant with NIST best practices for continuous monitoring
  • Leveraging standards for interoperability, e.g. NIST SCAP (CPE, CVE, XCCDF, OVAL, etc.)
  • Tailored insight for all levels of decision making, e.g. enterprise level to facilitate investment decisions all the way down to the operational level for a system administrator to patch a specific system

Red Flag

Red Flag, our early warning decision support system (EWDSC), is an innovative solution to help DoD customers secure and improve defense industrial base supply and service chain integrity. Red Flag helps our customers in answering the question, “will a specific company be able to deliver mission critical industrial supply now and in the future?”

Many organizations struggle to make proactive – rather than reactive – decisions to reduce supply chain risks. They gather data and try to monitor the activities and performance of other companies to improve visibility of changes and risks so they can make the right choices before something goes wrong. They need detailed and specific information to:

  • Proactively manage risk
  • Forecast another organization’s future decisions or activities
  • Avoid disruption of critical supply or service chain elements

To support the Defense Contract Management Agency (DCMA) Industrial Analysis Center (IAC)’s mission needs, Red Flag EWDSS:

  • Electronically collects sustainable, valid business and economic data on defense industrial base (DIB) companies and assesses them on a regular, recurring basis
  • Identifies and forecasts risk for specific critical defense industrial base government and private contractor sites across the Department of Defense
  • Enhances early warning notification of possible failure at critical defense industrial base assets
  • Provides timely management information to key senior stakeholders within the Department of Defense, other Federal Agencies, Congress, and the Executive Department
  • Supports development of actionable risk mitigation strategies
  • Monitors/tracks recommendations to ensure continuous system improvement



  • Increase visibility of potential risks
  • Influence to formulate best-of-breed risk mitigation strategies
  • Increase ability to proactively influence outcomes related to risks
  • Increase ability to reduce risks for your organization

Distance Learning and eLearning

SuprTEK has provided industry standards-compliant courseware development support for a variety of customers such as the Air Force Institute of Technology. This support has most often involved developing multiple courses of the customer’s curriculum, with a focus on reuse of courseware components. SuprTEK’s technical approach to courseware development is based on the ADDIE model for instructional systems design (ISD) – Analysis, Design, Development, Implementation, and Evaluation. Application of the ADDIE model ensures project success by clarifying the requirements, ensuring the accuracy of the front-end analysis, confirming instructional soundness, and maintaining continuous communication with the client.

SuprTEK utilizes Shareable Content Objects (SCO) to ensure that end products conform to the Shareable Content Object Reference Model (SCORM). We design SCORM conformance into the course templates and structures from the inception of development. We test the course(s) against the appropriate SCORM Test Suites, and retain the resulting test reports, or deliver copies with the final product.

At AFIT, SuprTEK supported over 2,000 students and faculty members in addition to over 1,000 long-distance learning and continuing education students. SuprTEK installed, implemented, configured, and maintained all AFIT learning systems. We were instrumental in managing the environment within AFIT and are a preferred vendor and solution provider of enabling us to gain additional technical support and access to the development environment. Within AFIT we deployed the Blackboard academic suite throughout the AFIT enterprise and provide an expanded 24X7 after hours Tier 2 support to Air University courseware for geographically separated users.

SuprTEK is experienced with a variety of course authoring tools and multimedia software such as Adobe Director, Asymmetric ToolBook, AuthorWare, Icon Author, MediaScript, HyperCard, SoundEdit Pro, WaveEdit, Adobe Captivate, Adobe Photoshop, Adobe Illustrator, Adobe Premiere, Adobe Flash, Adobe Dreamweaver, Adobe Soundbooth, Asymmetric Digital Video Producer, Aldus FreeHand, Specular Infini-D, Truespace, Bryce, Morph, Renderman, and GIF Animation.



  • ADDIE-based approach
  • SCORM-compliant courseware for reuse and integration into third-party Learning Management Systems
  • Continuous improvement of training materials and approaches through closed-loop feedback processes with students