Saturday, July 3, 2010

Edge Servers for Information Dominance

Managing the Navy's DNS (Domain Name Services)

In my November 2009 AFCEA Signal article on "Internet Vulnerabilities" I focused on the vulnerability of DNS routing in the path of transactions to end users.

One of the major exploitable vulnerabilities of the Internet is the hostile modification of routing tables that are managed by DNS.

It is now possible for the Navy to set up local  "Edge Servers" for the distribution of web transactions. These servers are configured as secondary DNS services, set up by centrally and controlled by network control operations (see diagram below).

This arrangement makes it possible to leverage improved performance through reduced transaction latency. It makes possible the placement of redundant web services, which is useful for achieving reliability under war-fighting conditions. A mission oriented edge server can be also placed on a vehicle
or on ships. Such servers can be assigned restricted roles and could operate with minimum bandwidth requirements.

The primary web servers are never exposed to the end users, therefore mitigating the risks from corruption, such as "cache poisoning" or denial-of-service attacks.

The edge servers have sufficient capacity to incorporate numerous locally hosted security technologies. These can act as the first line of defense between the end user and the web sites located on the cloud.

SUMMARY

To support the highly diverse requirements of the Information Dominance initiative calls for fielding of distributed computing resources. An "edge servers" design will meet these needs.

The placement of "edge servers" throughout the Navy could avoid investments in huge data centers and allow incremental roll out the Information Dominance program.



NOTE: Illustration based on Akamai concepts.

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com