Air Force Builds "One Network"
Written by Harrison Donnelly
MIT 2011 Volume: 15 Issue: 10 (November)
With some three dozen bases and nearly 20 percent of all users having made the transition, the Air Force is well along in its campaign to implement a single, servicewide network, known as AFNet, by the end of next year.
Reflecting the “one Air Force, one network” construct, AFNet will consolidate separate Air Force base communications networks into a single enterprise for web, email and security operations.
Along with the Army’s current joint effort with the Defense Information Systems Agency to establish an enterprise email system, the AFNet program is part of the growing trend among the military services to increase efficiency and security by combining networks and services. The goal of the multiyear Air Force effort is to take all of the disparate networks that have grown up out of necessity from different organizations, major commands and centers, and bring them together into one standardized, cohesive network that can be commanded and controlled by a single entity.
As of late October, the transition from local networks to AFNet had just been completed at Schriever Air Force Base, Colo., and was under way at the Peterson, Colo., Malmstrom, Mont., Buckley, Colo., and F.E. Warren, Wyo., bases.
All told, the AFNet project will include migration and legacy-network shutdown activities at more than 410 locations and 14 legacy major command/unit Active Directory environments, and an estimated 845,000 users. The number of independent Air Force NIPRNet connections has also fallen from more than 100 to 16, thus improving security. In addition, the many base data centers will be consolidated into three regional facilities, at Wright-Patterson AFB, Ohio, Andrews AFB, Md., and Scott AFB, Ill.
The new network will offer many user benefits, developers say, including enabling personnel to work anywhere in the system, use a single sign-on and email address, and have immediate, round-the-clock access to collaborative tools. But the most important benefit, developers say, lies in the service’s ability to run a single, consistent, standards-based network environment, not many such environments across major commands.
The transition is being overseen by the Air Force Network Integration Center (AFNIC), located at Scott AFB. Command of the network will reside with the 24th Air Force, the service’s recently established cyber command, which is under Air Force Space Command (AFSPC). General William L. Shelton, commander of AFSPC, told Congress this spring that consolidation into AFNet was a “top priority.”
Along with AFNIC, the Air Force Electronic Systems Center (ESC) is also involved with AFNet, providing systems engineering and life cycle acquisition expertise, and exercising responsibility for the modernization, fielding and sustainment of AFNet capabilities.
The way for full deployment of the network had been cleared earlier this year, when a report by the Air Force Operational Test and Evaluation Center report found that the first increment of the system was “suitable, effective and mission capable.”
The gateways installed under the program have already been extremely effective in detecting and blocking malicious software and intrusion attempts, according to Michael Kaplan, chief, AFNet Systems Branch, Cyber Integration Division, ESC. “In an average quarter since they went operational, approximately 25,000 malicious intrusions are blocked, 130,000 viruses caught and more than 225 million pieces of spam detected and blocked.”
Due to web enablement of mission applications and the decision to allow social media use on the Air Force network, the gateways are handling far more throughput than was originally planned and spurring efforts to increase the throughput capabilities of the gateways, Kaplan indicated.
Migration Implementation
Although the first efforts to move to a “single force, single domain” architecture in the Air Force began as early as 2000, the project really got under way around 2005, when the Office of the Secretary of the Air Force called on AFNIC, then known as the Air Force Communications Agency, to develop a single-network design, recalled Nick Davenport, program manager for AFNet transition. The implementation began in 2009 with a migration at Keesler AFB, Miss.
The migration has been a relatively lengthy process because the array of legacy networks, equipment and mission is unique at nearly every base or other facility. “Each location is pretty different, in areas such as where their mail services are located, how they have set up their Active Directory and what type of group policy they have,” Davenport explained. “Each base is its own analysis each time, so it’s impossible to go in at this level to do a migration of each domain without going into each subdomain and look at the unique aspects of it. That’s what we do base by base as we move through the migration.”
While a goal of the project is to offer standardized, enterprise-level services that are needed by everyone, such as authentication, email and SharePoint, each location also has specialized needs that may require a customized approach—for example, a medical unit that has to have certain group policy exemptions. “That is a life and limb type of situation, so we go in and ask, how do we make that work in the AFNet? It requires some engineering and design expertise to go in and say, we need to enable reachback, and eventually to be able to bring this service from the legacy into the AFNet,” Davenport said.
The other big challenge in the program as a whole is the acquisition process, he added. “We continue to operate under the standard acquisition process rules when we do our acquisitions. We try as best we can to meet a schedule, so we have to start acquisitions early on in the process. As we do the base by base analysis, we have found that it is very difficult, once you start an acquisition process, to go back in and say, now that we’ve figured out one thing at a particular base, we have to add something to our acquisition. But adding things to an acquisition is fairly difficult under the current process. So that is a challenge in itself—balancing the acquisition process with the speed that we need to move the migrations forward at.”
To support migrations at each base, AFNIC relies on local contractors and a small team of people from the 690th Network Support Group, which goes on-site to help troubleshoot problems. While AFNet does not represent a full “tech refresh” of base equipment, hardware acquisitions are frequently necessary— new servers, for example, because the legacy network infrastructure has to be maintained until the transition is complete.
Since the process involves both migration and consolidation, it is also gaining efficiencies in numbers of servers. “We generally have about 28 virtual servers that are deployed to a site, even when their exchange gets moved to a central location,” Davenport noted. “Those 28 servers reside on three physical servers in a virtual infrastructure, so we’re trying to leverage the new technologies that are out there to reduce the operations and maintenance footprint, as well as the sustainment footprint in the out years.”
For the future, AFNet planners are already thinking about potential links with the other military services. “The Army is going through its email migration, and we have had some information interchanges, so that we can look at what they have done. The next step we have with the other services is to sit down with the Army and have our technical people talk together and do a synch-up of lessons learned and issues they have seen in their migrations, and what we have seen in ours,” Davenport said.
“What we’re doing is posturing ourselves inside the Air Force, through this migration and consolidation, to be able to take advantage of offerings from the DoD level for enterprise services, such as email, a collaboration environment or any services that would benefit greatly and are not solely Air Force services. We want to make that transition as easy as possible for Air Force users,” he noted, while adding, “Obviously, there are certain things that will remain in the Air Force for the long term.”
Industry Role
In addition to local contractors, several companies with national scope have been working with the Air Force on AFNET. General Dynamics, for example, first began supporting the AFNet program in 2003, evaluating options for the Air Force to improve the security and operation of the enterprise network. To carry out the initiative, General Dynamics was selected as a partner with a two-year contract valued at $35.7 million issued in 2009 by the Air Force for a redesign of the network to include configuration, testing and deployment of the new intranet. General Dynamics consolidated more than 100 worldwide network interfaces to 16 gateways; integrated more than 80 new and existing components into the network; conducted developmental and integration testing to ensure functionality and introduced new security tools to protect and defend the network from intruders.
These efforts improved security by blocking unauthorized incoming message traffic, which was more than 60 percent of the total incoming message traffic and was comprised mostly of malicious emails or spam. The program also enhanced situational awareness and intrusion prevention capabilities.
Serco, meanwhile, is assisting the AFNIC in developing the AFNet roadmap, modeling operational mission threads on network management, security, cloud computing, and the interconnected transport layers of the air, space and terrestrial domains of cyber superiority. AFNIC uses Serco architectures as the baseline for decision briefings to the commander, AFSPC, provide program guidance to acquisition programs, and identify capability requirements for Cyberspace Command and Control and Situation Awareness that supports improvements for the 24th Air Force operations centers.
Serco is also assisting the Air Force Command and Control Integration Center in developing future requirements for the airborne layer of the AFNet, and enabling them to build in interoperability with the other components of the Air Force and joint network environment. The AFNet architecture shows both a systems requirements and business process view of how the Air Force will transform its information enterprise from being base-centric to becoming net-centric. A central component of the company’s approach to developing interoperable solutions is to leverage current architecture development work it is undertaking for AFNIC.
In addition, NCI was recently awarded the AFNet Requisite Engineering Support (ARES) competitive task order, under which the company will provide engineering and subject matter expert implementation support services for critical programs within the Air Force Electronic Systems Center’s AFNet Support Branch. The 22-month task order, announced in September, represents an award value of approximately $23 million.
The ARES task order provides technical and subject matter expertise across 13 separate support areas, including: engineering services support across the AFNet enterprise, vulnerability life cycle management system integration and operational support, and AFNet situational awareness operational and engineering support. NCI’s engineers and subject matter experts will provide mission-critical support at 15 key Air Force bases. ♦
