Expeditionary Processing
Written by Peter Buxbaum
MIT 2010 Volume: 14 Issue: 6 (July)
ARMY AREA PROCESSING CENTERS SEEK TO
MAXIMIZE EXPEDITIONARY FLEXIBILITY WHILE
STREAMLINING COMPUTING AND STORAGE MANAGEMENT.
Despite continuing efforts at rationalization and consolidation, the Army’s information technology infrastructure remains unwieldy. The service currently maintains information technology operations at 447 locations in the United States alone, supporting 19 commands and agencies, with diverse operational and management schemes.
The cost and difficulty of operating many diverse systems prompted a 2009 memo from Army Chief of Staff General George Casey, who called for evolving LandWarNet, the Army’s portion of the Department of Defense’s Global Information Grid, to a global Army information enterprise. “The Army will transform LandWarNet to a centralized, more secure, operationalized and sustainable network capable of supporting an expeditionary Army in this era of persistent conflict,” the memo said.
The Army intends to accomplish this by establishing five network service centers worldwide—two in the continental United States and one each in Southwest Asia, Europe and the Pacific—to handle networking, data processing and storage, operations, and security. At the heart of each NSC will be a consolidated data center known as an area processing center (APC).
The idea behind APCs is to consolidate identity management, e-mail, data management and storage, security services, backup and recovery services, service desk, collaboration software, knowledge management, and other applications into a set of LandWarNetaccessible enterprise services. The point of consolidation is to lower operating costs and to improve the configuration management, availability and security of the Army’s servers and applications.
The Army has already opened two APCs in the continental United States, one in Oklahoma City and the other in Columbus, Ohio. Others have been established in Germany, while an APC hosted in Kuwait is on the drawing board.
The APC concept is not carved in stone, but is dynamically changing. What started out years ago as a plan to consolidate Army computing assets has evolved into a program that would maximize the Army’s expeditionary flexibility while streamlining computing and storage management.
The Army thinks of APCs as a distributed capability designed to facilitate flexibility for expeditionary operations. APCs represent a consolidation of the Army’s current computing and storage assets, but the maintenance of a multiplicity of APCs will allow the Army to reconfigure circuits and information flows in response to unfolding events. Moving beyond governmentowned APCs, the Army is currently pursuing an idea that would complement them with private industry assets under the shared infrastructure scheme known as cloud computing.
CONSOLIDATION AND DISTRIBUTION
The thrust of the APC program is to support theater warfighter operations, according to Lieutenant Colonel Mike Devine, the Army’s APC product manager “If we are invading a country, everyone knows about it by watching the news and viewing the logistics buildup,” he said. “But we are also preparing in the IT world by rearranging circuits and repositioning databases and applications. Today that is a very manual process. What we want to have is a web of APCs in a virtual environment so that we can adjust our information resources to support contingencies, not in six months, but fairly dynamically.”
In order to maintain the flexibility it desires, the Army is walking a tightrope between two competing concepts: consolidation and distribution. “About four years ago, the Army decided based on what it saw in commercial industry that the way our computing environment was structured was pretty inefficient,” said Devine. “I don’t think anyone would disagree with that.”
One of the biggest cost saving elements of consolidation involves reductions in power consumption. “New technology is coming out that reduces the power footprint of data centers,” said Kevin Orr, director of defense operations at Cisco Systems. “Software virtualization allows for the reduction in the number of servers and an increase in asset utilization.”
Server virtualization involves loading specialized software that allows running multiple applications and operating systems independently on a single server. Server virtualization not only increases asset utilization, but often is also associated with power reduction efforts.
Compounding the disadvantages associated with inefficiency is the unfolding Base Relocation and Consolidation process, which is shifting thousands of Army personnel from one area to another. “If a base is taking on 20,000 new people, how does it provide IT services to all of them?” said Orr. “Then, there is the network security posture. How do you deny network access to the bad guys?”
Meanwhile, the demand for processing power and storage is growing by leaps and bounds in the face of the use of more mobile devices streaming everincreasing messaging and video traffic. “In response, people are looking at how to create data centers to meet these demands,” said Orr.
Many in private industry, who were originally intent on building huge, centralized processing and storage centers, have since concluded that a distributed model is more appropriate, according to Orr. “Moving to more strategically located centers to host applications and data around the world also provides redundancy and facilitates disaster recovery,” he explained.
“There has been a great emphasis since 9/11, both among defense organizations and in the commercial world, to have fall-back for disaster recovery,” added David Nelson, a Cisco System account manager. “The way the Army is building out APCs, it can have failover to other strategic locations.”
Many applications—none more so than those used by the military—”are time sensitive,” noted Orr. “So you have to look to the right areas to deal with voice and video latency.”
The APC plan represents a balancing act between the Army’s relative tolerances for increased centralization and the necessary distribution of computing and storage assets. “At the end of the day, the Army is all about combat effectiveness,” said Colonel Gary Langston, chief of Info Infrastructure Architecture, Operations, Networks, and Space in the Army CIO office. “The Army has a culture of decentralized execution. We can’t leave the warfighter unable to perform his mission if local area network connectivity is not there for whatever reason.”
On the other hand, fewer assets means faster responsiveness. “If there is a change in the attack vector in cyberspace, consolidation makes changes easier to accomplish,” said Langston. “We can do it in minutes rather than hours or days. Centralization also has the potential to reduce costs and improve our information assurance posture.”
To facilitate expeditionary warfare, APCs must be able to consolidate and standardize data and applications, and make those available to soldiers wherever they may be.
“What sold this idea to warfighters,” said Devine, “is the idea that a brigade combat team ready to deploy can plug into the same data environment and situational awareness products being used in a theater of operations and use those to rehearse and train for the environment they are going to fight before deployment. That way they can acclimate and get situational awareness before they get over there. That is very different from how the Army does things today.”
ARMY PRIVATE CLOUD
The move towards bringing cloud computing environments to the APC mix reflects the flexibility that the Army is seeking. Cloud computing posits that users can store data, manage databases, and access and run software applications from someone else’s shared infrastructure.
“Cloud computing allows us the ability to leverage technology and expertise we don’t have in the federal government,” said Devine. “We want to make sure that we’re not just consolidating while still being inefficient.”
The notion of storing data and running applications from a shared, commercially run environment naturally raises the issue of security. “We’re going to want to make sure that classified data and mission critical applications are housed on federal property,” said Devine. “That way we can be sure that the assets can be federalized in the case of a national emergency. “On the flip side, there are some business applications, while very important to the Army, that don’t necessarily have to be housed on a federal facility,” he added.
“The concept of the Army Private Cloud takes the APC to the next level by taking advantage of the newest technologies,” said Stephanie Balint, director of Dell Services Federal Government. “Cloud computing will be able to provide the Army with a more robust infrastructure and better enable access to data for warfighters anywhere they happen to be.”
“The private cloud concept also moves away from the Army owning all of its equipment and hardware,” added Jerry Garretson, a vice president at Dell Services. “It involves a recognition that in private industry there exists a lot of infrastructure that can be leveraged. At the same time, the Army won’t have to worry about all of the capital costs involved in maintaining that portion of the IT infrastructure.”
Dell Services was instrumental in migrating the IT infrastructure at Rock Island Arsenal in Davenport, Iowa, to the APC in Columbus. The Rock Island migration included establishing rules, creating centralized control of firewalls and configurations, and establishing remote access. Also key to the project was the establishment of a single basewide Directorate of Information Management (DOIM)— now usually referred to as a Network Enterprise Center (NEC)—to support all tenants at the installation.
“IT resources are typically better managed with a fully integrated DOIM, and information assurance protection and compliance improve through common standards and centralized processes,” said Garretson. “In addition, day-to-day management requirements decrease by eliminating site-level and organization- level IT stovepipes.”
The single DOIM enables enhanced access to e-mail addresses, collaboration tools and other electronic information, a single service desk interface, and consistent standards for all tenant organizations on the base, according to Garretson.
The Army Private Cloud, as the contract vehicle is being called, will also provide the Army with greater speed and flexibility in the development of fielding of applications, according to Langston. “Cloud computing environments are highly standardized,” he explained.
New software emerging from a development environment is often incompatible, to one degree or another, with its deployed environment, and so must be tweaked and re-certified. “Agreeing on a standard environment means the software that goes into production is an exact copy of the software that was developed,” said Langston. “This reduces both development time and deployment time.”
Awards for the recently released request for proposals on the fiveyear, multiple-award, indefinite quantity/indefinite delivery contract are expected in the fall. This acquisition will be a full and open competition, with some small business set-asides and a ceiling of $249 million. Devine hopes to attract best-of-breed data center operators and application hosting service providers to bid on the contract. Contract awardees would later have to compete for specific task orders under the contract.
“The vehicle has been designed to get the best technical solutions and to maintain price competitiveness for program managers, Army commands and combatant commands,” said Devine. “We will work with customers to develop tasks orders.”
The decision to issue a task order under the contract will be a collaborative effort between user organizations and Devine’s office. Utilization of a cloud computing environment maintained by the Defense Information Systems Agency (DISA) is also considered. DISA has set up a private DoD cloud for those for whom managing data or running applications in a commercial facility does not provide adequate security.
“We do a cost-benefit analysis for them and present the alternatives,” said Devine. “We won’t present the same solution for everyone all the time.”
SECURITY ADVANTAGES
The Army’s APC effort is still in its infancy, said Devine, noting that the product manager office that he heads was established only a year ago. A precise vision for what the Army’s network of APCs will look like has not been firmly established. “That’s part of the challenge,” he said. “It depends on the level of activity. When we are at peace, CONUS facilities represent 80 percent of our activity. When we are at war, a certain proportion of those assets are deployed overseas.”
The prospect of continued involvement in long wars, perhaps a state of persistent war, suggests the need for a network that is flexible, one that could be expanded or contracted depending on the needs of the moment.
Cisco Systems provides data center infrastructure packages to integrators and prime contractors to be incorporated in larger projects. “These are consistently engineered to industry best practices, so coordinating federated activities to standards gets much less difficult,” said Nelson. “Eighty to 90 percent of all governance, compliance and configuration heavy lifting has already been completed with these packages.”
Cisco has seen rising demand for mobile data centers in modified shipping containers that can transported to an area of operations and set up quickly. Cisco is currently working with other industry players to develop strategies for these “mini-APCs in a box,” said Nelson.
The demand for this kind of capability suggests the possibility of a proliferation of APCs, and illustrates again the tension between consolidation and distribution in the Army’s APC plans. Still, if the Army’s strategy is executed as currently envisioned, there is no question that the number of Army gateways to the Global Information Grid will eventually be dramatically reduced, from hundreds or thousands to dozens.
This will also improve the Army’s cybersecurity posture. “Going from 2,000 to 10 centers makes it much easier to get your arms around security and to protect the network from cyber threats in the future,” said Orr. “Reducing the number of entry points makes the network easier to monitor,” added Garretson, “and makes it harder for hackers to get in.”
Devine agreed with these assessments, but noted that they refer only to network perimeter security. “Consolidation has lots of advantages,” he said, “but we don’t want to create the nation’s largest national security vulnerability. Once hackers are inside the wire they have access to everything.
“I look at cybersecurity as a soldier,” he added. “You have a front line of defense, but what do you do if the enemy gets inside? The enemy is very versatile and we have to continually figure out how they’re coming at us. We need to apply a lot of resources on how to do defense in depth. It is absolutely something you’ve got to keep swinging at.” ♦
