One network that extends from the Army post to the warfighter, carrying with it a common set of enterprise services: That’s the Army’s vision as it collaborates with partners throughout the Defense Department on a massive network modernization program.
But as big as that undertaking is, it’s not the only initiative that keeps Douglas Wiltsie and his staff busy. Wiltsie, program executive officer (PEO) for Army Enterprise Information Systems (EIS), spoke to FedTech managing editor Matt McLaughlin about networks, data centers and a form of CHESS that has nothing to do with knights and pawns (though everything to do with strategy).
FEDTECH: Let’s start with an overview of your network modernization efforts. Can you give us the highlights?
Wiltsie: At PEO EIS, we’re teaming with the CIO/G-6, the Army Cyber Command, the Network Enterprise Technology Command, the Defense Information Systems Agency and the DOD CIO on a network modernization program known in the Army as LandWarNet 2020. It includes three main efforts: increasing bandwidth and security, introducing enterprise services and enhancing network operations.
For 2014, we’re focused on getting more bandwidth to posts, camps and stations. We’re teaming with DISA and using the Defense Information Systems Network to connect every one of our posts to their infrastructures. This will accomplish two things: boost bandwidth by upgrading both optical and core routers to 100 gigabits per second; and flatten the network architecture at the posts, camps and stations, so they have only area-distribution nodes and end-user-building switches.
At the same time, we’re establishing 11 joint regional security stacks [major Internet points of presence] in the United States and more throughout the world. This will allow us to remove the Army's organizational TLA [top-level architecture] stacks and raise the bandwidth across the posts, camps and stations. In doing so, we improve bandwidth and security, and we align ourselves with the future Joint Information Environment. By increasing bandwidth, we can apply enterprise-level services, email being the first, followed by unified capabilities, enterprise-level collaboration and content management, and enterprise-level net operations.
FEDTECH: Are any of the projects showing particular promise?
Wiltsie: DISA has a multiprotocol label switching cloud that we’re going to join, which, along with the joint regional security stacks, will allow us to increase bandwidth significantly. We will be capable of executing the Army Chief of Staff’s request to do live simulation. We can do multilocation mission-readiness exercises and optimize the money we have for training. For example, we could run a joint task force simulation with people from different locations without having to move organizations to various training sites. This saves a lot of money, and it’s very efficient. And it makes it so that we can maintain Army training in areas where dollars have diminished.
FEDTECH: What other capabilities demand extra bandwidth?
Wiltsie: The bandwidth needs to support the other LandWarNet 2020 efforts, especially the introduction of enterprise services, starting with email. Getting everyone into one global address list helps us start the process of bringing other enterprise services to the force.
Voice over IP is one service we’re looking at as part of the MPLS cloud with the regional security stacks. We will roll that out almost immediately, then we’ll move to unified capabilities — voice, video, data, presence awareness and chat — all over IP and all over the Army NIPRNet and SIPRNet.
Finally, we want the ability for enterprise-level collaboration between any organization in the Army and other organizations. Today, that type of collaboration environment is very low cost. But if an organization uses it and they want to collaborate with another group that maybe doesn’t have the same version of the collaboration tool, they can't share with each other. An enterprise-level capability should allow us to overcome that collaboration challenge.
FEDTECH: From the standpoint of noncombat operations, those capabilities could be significant. Will they affect the battlefield as well?
Wiltsie: I can tell you the intention is for there to be one network that goes everywhere — from posts, camps and stations all the way to the tactical edge. And these types of enterprise services must be provided all the way to that tactical edge. Now, how we implement that needs continuous work, especially as we get to what we call an “Army in motion.” As Army units head into an AOR [area of responsibility], how do we bring these enterprise services to locations where the communications or the network capability maybe limited?
FEDTECH: As you look to extend network capabilities, what other technologies are important?
Wiltsie: We mentioned two: MPLS technology, which will drive our ability to increase the capability of the network and protect it; and the joint regional security stacks, which will allow us to better operate, monitor and defend the network. It's a team sport, with NETCOM and ARCYBER from the Army and DISA and CYBERCOM from the department.
The other important technology is cloud computing, especially as part of data center consolidation. My organization has a dedicated team that’s working with the Army staff to develop a common operating environment in the cloud for the generating force. The intention is to provide Infrastructure as a Service, Platform as a Service, and a software development kit that supports the Army applications that have to move into a DISA data center. We’ll give the Army the ability to minimize cost and ease on-boarding by putting the infrastructure in place to make the transition.
FEDTECH: As the Army works to consolidate its network and data center infrastructure, where do you see opportunities for sharing services?
Wiltsie: Network operations — everything from enterprise-level service management systems, including ticketing, trouble reports and those kinds of things, to how we operate, monitor and defend the network.
The way the Army is organized today — and it's done for very valid and good reasons — we localize the way we handle network operations and protection. For example, when it comes to defense in depth, there’s defense in every post, camp and station. And even that sometimes varies, based on the way each handles network defense and its implementation. We need to bring that up to an enterprise level and remove the organizational TLA stacks. There needs to be an enterprise-level network-operations capability.
FEDTECH: Can you talk a bit about Army CHESS? What benefits does the Army derive from the program?
Wiltsie: CHESS is the Computer Hardware, Enterprise Software and Solutions program. It’s the Army’s designated, prime source for commercial IT and an extremely powerful tool of commodity buying power for the Army. CHESS provides IT enterprise solutions from more than 20 IT providers for activities in the Army and Army organizations. CHESS uses a no-fee, flexible procurement strategy for all COTS hardware. It allows us to bundle our buys every six months. We collect requirements and go out for very, very large buys that help drive prices down.
CHESS has been a great case study of federal IT purchasing power. It's not limited to just Army purchasers; other DOD and federal agencies can use it. And it’s not limited to hardware. It does support software buys, including a lot of enterprise license agreements for some of the major commodities, like Oracle.
FEDTECH: You also mentioned security, which is a big government priority, but even bigger in the military. How do you protect a single network? What are the main threats you’re trying to defend against? And how do you deal with the fact that network attackers are always getting better and more sophisticated?
Wiltsie: I agree, they are. As I said earlier, the security of the network is really a team effort. We’re in a supporting role to ARCYBER and NETCOM and their partnership with DISA and CYBERCOM.
Standardizing our ability to monitor and operate and defend the network is going to be key. Clearly, we’re focused not only on threats from the outside but also on insider threats, using big data analysis to help identify such threats. So we’re looking both outside-in and inside-out on network defense. As we bring this network to an enterprise level, we need to ensure we’re balancing access, permissions and authority to data. But the organization that really has the lead — is really the tip of the spear on this — is ARCYBER, and we work with them to bring them the capabilities they need in order to defend.
FEDTECH: You just mentioned access control, which is a big component of a secure enterprise network. What types of technologies are important for governing access?
Wiltsie: Before you get into technology, it’s really about policy. It’s really about how you limit or control access to data, based on the needs of users, and how you set policy and procedures for allowing someone to get permission to see the data. We’re not just talking about how people are authenticated, but also how they’re authorized to access data. As we migrate data and programs to the DISA data centers, and as we start using the cloud as an environment for operating a lot of applications, the ability to control who has access to data and why is going to be critical.
FEDTECH: All agencies are dealing with tighter budgets. How does PEO EIS meet demand when resources aren’t exactly growing, and in some cases they’re shrinking?
Wiltsie: I will tell you that after furloughs and the government shutdown, there was a shadow over the beginning of the year. But we're back and working hard. I’m extremely proud of my team and the dedication and commitment to the mission that they’ve shown. Soldiers and the Army family everywhere rely on what we provide every day, and my team has met the challenge.
There are two main factors at play. The first is speed of deployment. The biggest impact of reduced funding — at least on the network side — is velocity. How fast can we execute what has been laid out in front of us? The reduction in money may slow us down. But the other factor can help, and that’s this enterprise-wide bundling of commodity IT purchases.
In the past, we would do network modernization by geography. We would go to Fort Hood, for example, and we would survey all the things they needed and then, over several years, we would get that job done and do another post. The G-6 and our organization realized that we needed to attack this problem by function, bandwidth, security, enterprise services, and network operation, and not by geography. We did a commodity buy for the core routers that will support our network. It saved the Army more than $115 million over the traditional base-by-base or post-by-post acquisition model.
Another example is those area-distribution nodes and end-user building switches I mentioned earlier. We spent $45 million on those, and had we done it in the traditional way, we would have spent $185 million. By bundling them together, we gained a tremendous amount of purchasing power. Now the key is to implement this equipment extremely quickly, because our critics will say that by the time the last systems go in, it will be time to replace them. We’re going to have them all in place in only 18 months.