Military Embedded Systems

Enterprise software and the DoD


December 05, 2012

John McHale

Editorial Director

Military Embedded Systems

Enterprise software management is becoming more pervasive throughout the U.S. Department of Defense because of its cost advantages and the inherent security advantages of having one network based on common standards. Meanwhile, the world's largest enterprise network - the Navy Marine Corps Intranet (NMCI) - is going through a transition.

Information technology leaders within the Department of Defense (DoD) are moving toward a network-centric enterprise infrastructure to reduce overall costs, consolidate personnel, improve training, and enhance security. They are doing this by leveraging and licensing Commercial Off-the-Shelf (COTS) hardware and software solutions and making them affordable and available across large networks.

The DoD’s biggest success has been the Navy Marine Corps Intranet (NMCI), which has been a huge success, especially regarding security because it “prevents more than 78 million foreign network connection attempts per month, detects an average of 800 new viruses per month, and blocks approximately 35 million spam messages per month,” according to the Navy Chief Information Officer (CIO) website. NMCI will be transitioning to the Next Generation Enterprise Network in 2014. Another effort enabling the enterprise for U.S. military forces is the DoD Enterprise Software Initiative (ESI), which is sponsored by the DoD Chief Information Officer to “save time and money on commercial software, IT hardware, and services,” according to “To date, DoD ESI has achieved a cost avoidance of over $4 billion off prices established on the GSA Federal Supply Schedule.”

“The use of enterprise licenses makes great sense for DoD,” says Paul Capasso, VP of Strategic Programs at Telos. “Not only are there procurement cost savings, you also reduce costs in the operations and maintenance of the product through easier deployment of the software and help desk support. Maintaining multiple versions of a software product only adds complexity to the network and increases your security vulnerability. A joint enterprise email initiative is already taking shape within DoD. The Defense Information Systems Agency (DISA), who originally partnered with the Army to stand up this capability, has expanded this initiative to cover both U.S. European Command and the Joint Staff. This initiative was expected to save the Army alone $75 to $100 million per year. This enterprise initiative provides the foundation for future Joint Information Environment (JIE) capabilities to come.”

“The government is looking for standards and open architectures so they can start buying COTS software to manage with commercial APIs and create a higher service oriented architecture,” says Jim Davis, Chief Technology Officer at WBEM Solutions, which is a software company that specializes in standards-based enterprise and data center management. “Until recently, there were not many standards to take advantage of, but now there are a few that are good enough that are also being promoted by well known standards groups such as Distributed Management Task Force (DMTF) and the Storage Network Industry Association (SNIA). Management Initiatives include the Storage Management Initiative (SMI) from the SNIA, Systems Management Architecture for Server Hardware (SMASH), Desktop and mobile Architecture for System Hardware (DASH) and Common Diagnostic Model (CDM) from the DMTF. All of these initiatives are based on Web-Based Enterprise Management (WBEM), which includes the Common Information Model (CIM). As many organizations move to cloud-based solutions, these standards provide the instrumentation for the cloud.

“Government users like how standards enable them to build solutions from multiple vendors,” Davis continues. “Some management initiatives provide solutions for a specified management domain such as storage, systems, desktops while other management initiatives may apply to all domains, such as diagnostics or power management.”

“There are mechanisms and vehicles to pool buying power such as DoD ESI,” says Rinaldi Pisani, VP/GM Cyber Application Solutions. “What they do is set up blanket purchase agreements with discounts for different products. The discounted price makes procuring the software quite easy. Telos holds DoD ESI licenses for its Automated Message Handling System (AMHS) and Xacta IA Manager, which is a Web-based application to automate a variety of certification and accreditation processes. It follows the NIST Risk Management Framework (RMF) to help identify risk to the system. The Marine Corps has standardized on this solution. Telos also offers Xacta Flux for vulnerability analysis, and Xacta CyberCOP (Common Operating Picture) for situational awareness, network performance, and security.”

Security and the enterprise

“The fact that the DoD enterprise consists of a conglomerate of independent networks complicates the security paradigm required to protect it. Protecting data is the bedrock of cybersecurity,” Capasso says. “Complexity and insecurity breed distrust. In simplest terms, moving to a JIE is all about reducing complexity and ensuring trust between the sender and receiver. The difference between good and bad information can be a matter of life and death to the warfighter.”

There is a huge requirement for securing the data where it resides, Pisani says. “Software assurance is gaining mindshare and moving up the ranks of priority for DoD and government leadership. Historically, the focus has been perimeter defense and firewalls. Now they are paying more and more attention to the interior database layer because that’s where the breaches are happening. The question they are answering now is how to treat the intrusions once they get past the firewalls. We established the Application Software Assurance Center of Excellence (ASACoE) at Maxwell AFB-Gunter Annex in Montgomery, AL, to help manage this type of security. The center has conducted software assurance assessments on more than 1,000 applications.”

Sidebar 1: Enterprise company list

(Click graphic to zoom)




The Navy Marine Corps Intranet, considered to be the largest enterprise computer network in the world, is currently in a transitional period to a new operational contract called the Next Generation Enterprise Network (NGEN). According to the Navy, all the services currently provided by NMCI will be transitioned to the NGEN, which is being competed for by two teams and is part of the Navy Enterprise Networks program under the Program Executive Office for Enterprise Information Systems. HP’s NGEN team includes AT&T and Northrop Grumman. The other team is led by CSC and includes Harris, General Dynamics Information Technology, Verizon, and Dell.

“NGEN will have exactly the same network as NMCI. It is the service that is being competed,” says Bill Toti, VP at The HP NGEN Alliance. “The Navy and Marine Corps bought the network from HP under the Continuation of Service Contract (CoSC). During the CoSC bridge, HP is the services provider for the Navy and Marine Corps. Now they are competing the service aspect under NGEN, which will provide the government with secure enterprise capabilities at a lower price. However, there is a slight difference between the Navy and Marine Corps management of NGEN. The government owns the network for both, but the Marine Corps operates their network with contractor support. In other words, they refer to it as government owned and operated but contractor supported. The Navy, on the other hand, does not have the people to run it nor do they want to have active duty sailors operating the network. Therefore, it will be government owned and contractor operated.

“The fact that the Navy is competing NGEN will force the price down,” Toti continues. “However, when it comes to moving toward what other large organizations are doing with the enterprise – such as more cloud operations – NGEN will be a step in the opposite direction. NMCI was a first-generation cloud solution and it used the cloud business model; in other words, you pay for what you use and the Navy paid by seat and will in the future. For the Navy, buying the infrastructure is neither good nor bad. For instance, a cloud model may not be the best choice for operational forces due to increased latency over long distances and an increased risk of losing communication lines. However, for business services, which are more than half of the operations, it works just fine.”

The NMCI success

“When NMCI was first implemented, there were about 2,000 disparate networks ... managed at varying degrees from a technical and security posture,” says Drew Newman, Chief Information Officer for Department of Defense operations at HP and Chief Engineer for NMCI at HP Enterprise Services in Plano, TX. “The Navy didn’t completely understand how many disparate networks and sometimes even where they were located. An early value add of NMCI was eliminating them and creating one common network platform with a common set of policies. Through NMCI we serve about 700,000 sailors and Marines and more than a million mailboxes. Geographically, that spans the continental U.S., Hawaii, Japan, and Guam. There are also some claimants and commands in the Navy that still retain their legacy network connectivity only where they have applications that reside for a particular purpose. We allow them to reach back for that application access.

“Through the current structure we offer HP computers as standard, as well as Dell and some specialized tablets such as Panasonic Toughbooks,” he continues. “We maintain a catalog for users to buy from for use off the network. Going forward, during the CoSC they can still buy them through us or bring a request and we can put an item on the catalog. It covers computers, printers, peripherals, equipment for classrooms, etc. So far we’ve rolled out 65,000 Windows 7 machines with 4 Gigs of RAM at a minimum. Specific security postures are enforced at the network layer and in how the machines are configured. We use … two-factor authentication – something you have and something you know. Which in this case is a Common Access Card (CAC) plus user ID and password for enabling network entry. There is cryptographic log on and we also encrypt the disk for data at rest protection.”

Mobility and NMCI

“Progress is being made on the mobilization of the network,” Newman says. “When it comes to introducing a mobile device – whether it is a smartphone or tablet – we lay out the use case for mobility. We determine what are they going to use it for – sending and receiving email, getting data, reading something, etc., and then map use cases to the different capabilities. We will have an iPad solution ready in mid December this year with a small limited deployment for capability for iOS devices. We’ve also implemented a limited deployment hosted virtual desktop. This occurs in the data center as a cloud and users can access it from their desktop at home or anywhere remotely. It is represented in a window on their mobile device. All the processing happens in the data center and no data remains on their remote device.”

“One disadvantage to having a large network is that no COTS product is designed to operate on a network this big,” Toti says. “From email to routers to network security to fill in the blank, almost everybody’s product needs to be reengineered to work on a network this big. COTS equipment is typically designed for large commercial enterprises with 30,000 users, not a million users.”

Sidebar 2: Virtual training over the enterprise

(Click graphic to zoom)