Search This Blog

Semantic Web for Navy Information Dominance Operations?

The information requirements for the Information Dominance Corps, which combines the Navy's
intelligence and information technology capabilities, will create an unprecedented increase in the demand for information services:
  1. Navy forces will  be connected into a single, global network for afloat, ashore and space.
  2. Every Navy platform will function as a data collector.
  3. Every data collector will make information available, in real time, for use by all other nodes.
  4. Every sensor will be connected via standard interfaces to make local data globally accessible.
  5. Every shooter will have the capacity to compile, assess and exploit data from any sensor or data repository.
  6. All data is will be universally discoverable, accessible and secure.
Translating these requirements into an operating environment will:
  1. Require every Navy sensor to be interconnected (such as radar, UAVs, intelligence sources, satellites, and observation sources). The estimated number of such sensors is at least 10,000.
  2. Generate, on the average, at least ten transaction/minute, which suggests at least six million transactions/hour.
  3. Retrieve and store electrical signatures, text and video with an average of at least 2 Megabytes per transaction. This would generate a stream of data totaling of at least 12 thousand terabytes/hour, or 300 petabytes/day.  At present (2009), Google processes about 25 petabytes/day. With the cost/petabyte declining 25-30% year (a 30 fold decline over ten years) one can project Google-like systems operating well in excess of the range projected for the Navy.
  4. Display to at least 50,000 shooters simple graphic displays extracted from the shared global files. Such data extraction would require a latency of not more than a quarter of a second, while assuring 100% network reliability achieved through multiple redundancies of data centers and communications links.
    To link the shooters to the data cannot use Google like key-word extraction methods. Only a semantic web, in which the computer network relates the relevance of data to a shooter's local situation can deliver what is necessary for meeting information dominance requirements.

    The deluge of video data from these unmanned aerial vehicles, or UAVs, is likely to get worse. By next year, a single new Reaper drone will record 10 video feeds at once, and the Air Force plans to eventually upgrade that number to 65. Chief of the Intelligence, Surveillance and Reconnaissance Division of the U.S. National Geospatial-Intelligence Agency, projects that it would take an untenable 16 000 analysts to study the video footage from UAVs and other airborne surveillance systems. (http://spectrum.ieee.org/robotics/military-robots/the-uav-data-glut).

    The semantic web makes it possible for computers to understand what can be extracted from huge files in the context of a shooter's unique inquiry. The key to such a capability is the availability of machine-readable metadata that provide the logical tags for connecting  related information. This makes it possible for automated agents to search and then display information from globally distributed databases.

    SUMMARY

    The stated Navy Information Dominance vision calls for the delivery of the most ambitious operational concepts ever conceived, anywhere. None of the existing commercial designs, such as Google, are comparable in scope.

    The systems planners for the Information Dominance capabilities should now consider proceeding with cloud designs that will function according to the stated vision.

    Starting with virtual servers, virtual desktops, data virtualization and network virtualization will place the Navy on a path that may take at least a decade to achieve.



    Tracking Anomalies in Social Computing

    In the 5/25/2010 issue of AFCEA Signal Scape I explained "How to Practice Safe Social Computing". The separation of secure NIPRNET computing, by means of a virtual desktop, from the unclassified Internet virtual desktop was seen as affordable secure means for separating social from DoD computing.

    To accomplish the separation between the Private Personal desktops and the Work Personal desktops calls for the placement of isolated logical windows on top of the Virtualization Platforms both at the desktop devices as well as at servers located at the data centers. By far the most secure and least expensive way of achieving this it by resorting to the use of thin clients for social computing (See Figure 1).

    Though DoD work is protected against security intrusions because any virus or botnet conveyed over the Internet lands up in a completely isolated virtual server, the outbound traffic from the Private Personal computers is open to compromise from unauthorized disclosures. In the case of potential security  compromises from insiders, DoD remains completely unprotected.

    Giving access to social computing therefore calls for the complete tracking of all transactions. Such monitoring must account for every social computing message. Forensic methods can be then used to identify incidents for the apprehension and ultimately as evidence used for the prosecution of security violators.

    The monitoring of social computing messages will be taking place at network control centers equipped with automated software that would reduce the workload on the surveillance staffs. Peak load transactions of social computing (including reserves, contractors and dependents) could approach 100,000 messages per hour. Without massive automation combined with a security schema that permits the correlation of message patterns over an extended time period the monitoring of social computing is not manageable.

    There a a number of forensic tools available identify security anomalies, such as shown in Figure 2.

    The isolated connections would receive the highest priority for added surveillance.

    Summary

    The authorization of even restricted social computing access to the toxic Internet, without interrupted monitoring, is a risk that should not be tolerated.

    Figure 1


    Figure 2

    Virtualization of DoD Servers — The First Step Into The Cloud

    Migration into a cloud environment by means of virtualization of servers is extremely attractive and has instant paybacks. As compared with other software intensive improvements, the ability to combine servers in order to increase computer utilization from <20% to >70% is the most attractive choice in the current environment when cuts in IT budgets for FY12 and beyond are required by end of this July.

    Server virtualization is well understood. The technology is mature. There are a number of software vendors who can deliver server virtualization rapidly and at a fixed cost.

    The question is what are the potential savings that can be proposed as cost reductions?

    For comparison purposes let us look at the numbed of servers in computer services. For purposes of benchmarking I have chosen Akamai (with IT costs of $636 million/year) and Rackspace (with IT costs of $648 million/year). The combined IT costs of these two firms of $1,284 million can be compared to the DoD Operations & Maintenance budget for FY10 of $21,683 million, which is 16.9 times greater. Without growth this amounts to $108,415 million of IT spending over five years.

    The total number of servers for Akamai and Rackspace is 104,671. Using the dollar share of total operations and maintenance spending this suggests that DoD is likely to have about 180,000 servers, of which 100,000 have been already virtualized as the best case.

    The most complete total cost of ownership model is from Alinean (http://alinean.com/). The model suggests that a reduction in the number of eligible small-scale DoD servers from 80,000 to 5,000 mainframe-like computers is feasible.

    The net IT capital cost reductions, over five years, would be $3,760 million while requiring an up front net investment of $27 million. The net IT operating cost reduction, over five years, would be $63,123 million, which is a 58% cut. Such cost reduction is in line with results that have been so far realized by leading commercial firms. In addition there would be a reduction of 36,720 kWatts in electrical power and space savings in the data center of 7,118 sq.ft.

    The cost reductions from the virtualization of servers should be seen only as the first step on the path toward a cloud environment in which DoD operates its information technologies as a private and secure “platform-as-a-service”.

    Available savings from proceeding with virtualization are so large that a concerted effort to proceed with such migration should not be deferred.

    A Common Operating Picture Through Network Virtualization



    Network Virtualization

    The Situation

    Army Gen. Keith Alexander, the head of the new cyber command stated that the Defense Department needs situational awareness across DOD’s networks to protect its cyber defenses.  “We do not have a common operating picture for our networks. We need to build that.”

    DOD is responsible for protecting more than seven million machines, linked in 15,000 networks, with 21 satellite gateways and 20,000 commercial circuits. Unauthorized users probe DoD networks 250,000 times an hour or over six million times per day, he added.

    In the current situation the proliferation of networks, circuits and computers offer to attackers an enormous “attack surface” which is for all practical purposes indefensible.

    Virtual Networks

    Network virtualization combines hardware and software network resources into a software-based administrative environment, which can be managed centrally. Network virtualization enables the integration of numerous networks so that central services, such as consolidated security management, situation awareness and protective measures can be shared across every network.

    The components of virtual networks are: Network hardware, such as routers, switches and network adapters; WANs and LANs; Network storage devices; Network media, such as Ethernet and Fibre Channels. Examples of virtual networks are switches that physically connect to external networks as well as services that allow system administrators to combine local area networks into a singly administered network entity for the purpose of intrusion prevention.

    Network virtualization software allows systems managers to route traffic to diverse datacenter environments where support of business and warfare applications can take place.

    In the past DoD components used to purchase multiple security protection measures and to set up failover and redundancy capabilities at each of thousands of data centers. The installation of network virtualization software makes it possible to migrate security services as a fully configured virtual service to each data center, regardless of geographic locations. This allows for migration from legacy environments to a virtual environment across datacenters across the world.

    As data center resources become consolidated the network virtualization software allows for reduction in space requirements, in optimal server utilization and in the consolidation of controls into DoD-wide network control centers so that highly trained personnel can be utilized much better.

    Implications

    Establishing situational awareness and the much needed real time responses to attacks that emanate from 15,000 networks and 20,000 commercial circuits is not feasible using the existing network configurations in place in DoD.

    The installation of network virtualization as an architectural direction for DoD will make it possible to consolidate points of control to a limited number of network control centers. Such a move will not only deliver large reductions in cost but also safeguard the security of millions of computer devices.

    Time has come to start migrating to designs that will use network virtualization as the basis for cyber defense operations.

    The Merits of Storage Virtualization

    Storage virtualization is an abstraction (separation) of logical storage from physical storage so that it may be accessed without regard to physical storage or technology management methods.

    Storage virtualization makes possible the identification, provisioning and management of data storage at multiple locations. Storage virtualization can extract data from completely different applications as if they were a single, consolidated resource.

    Managing disk storage was once simple. If we needed more space, we got a bigger disk drive. For reliability we developed RAID, network-attached storage and storage-area networks that required the installation of more complex data center storage management processes.

    The latest answer to this dilemma is storage virtualization, which adds a new layer of software between storage systems and servers.  Network management no longer needs to know where specific drives are located. The management of partitions or storage subsystems, or the identification of where data resides now becomes a task for the virtualization software. Administrators can identify, provision and manage distributed storage as if it were a single, consolidated resource available across an entire network.

    Availability increases with storage virtualization, since applications aren’t restricted to specific storage resources. Data access is thus insulated from failure of a particular disk capacity. This automates the expansion of storage capacity and reduces the need for manual provisioning in supporting a specific applications. Storage resources can be updated on the fly without affecting application performance, thus reducing and even eliminating downtime.

    Storage virtualization operates as an intermediate layer. It becomes the primary interface between servers and storage. Servers see the virtualization layer software as a single storage device, while all the individual storage devices see the virtualization layer as their only server. This makes it possible to group storage systems—even devices from different vendors and different data base software solutions—for unified management.

    Storage virtualization shields servers and applications from hardware or software changes to the storage environment, letting users easily hot swap a disk. Data copying and data-backups are also managed at the virtualization layer. For instance data replication, whether for snapshot or disaster recovery to different data centers can be handled by the virtualization system, as a background task, with a shared management interface.

    Because data can be moved at will, vulnerable data centers or outdated storage capacity can be moved to the best storage devices. The virtualization software or device is responsible for maintaining a consistent view of all the mapping information for the virtualized storage, which defines meta-data and is stored as an overarching mapping table. Storage virtualization can be structured to look up metadata in the virtual disk space for data discovery and for de-duplications.

    Technology Maturity
    Storage virtualization can be considered a mature technology with F5 Networks and Citrix ranked as the leaders in the ability to execute.  There are other vendors such as 3PAR, Compellent Technologies, DataCore Software, Hitachi Data Systems, IBM, StarWind Software and Violin Memory. Storage virtualization has origins in 1980’s but has become widely adopted with the large-scale virtualization of data center servers.

    Implications

    Storage virtualization, in addition to offering savings in the utilization of disk capacity, enables improved real-time interoperability of data extracted from dissimilar data sources. DoD can now migrate its data files, which are presently wedged into incompatible servers, to an environment where pooled data services and universally shared metadata become economically feasible.

    HP Getting Ready to Bid NMCI Replacement

    Could NMCI to Be Replaced by Private Cloud, with Desktop-as-a-Service?

    Hewlett-Packard said on June 1, 2010 that it will cut 9,000 jobs over three years and invest $1 billion to focus on new efforts like private cloud infrastructure and desktop-as-a-service. Think of it as phase two of the EDS integration with an emphasis on delivering IT as a service.

    The move comes as HP has largely completed its integration of EDS. HP said in a statement that it will build next-generation platforms for its enterprise services business. In a nutshell, HP will consolidate its commercial datacenters, management platforms, networks, tools and applications to create a more automated infrastructure that it will use to serve enterprise services customers. With its next-gen datacenters, HP is hoping to boost services margins.

    Implications

    1. The cut of 9,000 jobs, mostly from EDS reflects the labor intensive NMCI operations.
    2. Desktop-as-a-Service means mostly thin clients.
    3. The potential HP re-bid for NGEN will most likely cost >$1 billion less over a five year period than current spending.
    4. This announcement should be seen as HP's posturing to bid on NGEN when the current contracts expire.