Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

F E A T U R E

Do It Cheap, Do It Now

September 18, 2003
By Jonathan Feldman

>> continued from previous page

Preparing for Rough Waters

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	No Money, Honey
	Preparing for Rough Waters
	Myles S. Weber

Challenges the NKO team faced included:

• Validation and security: Although administrators can assign access to Navy and guest personnel (for example, we requested guest accounts on NKO prior to our site visit, listing Morris as our sponsor, and our accounts were quickly validated), the main methodology for assigning accounts is a tie-in to DEERS (Defense Eligibility Enrollment Retirement System), an existing database that holds information for all Navy personnel.

Weber told us that the system uses Web services to call over to DEERS via XML. "We don't even know what the database is," he says. That's an interesting live example of "the promise of Web services."

At the moment, the authentication mechanism consists of user names and passwords entered via an SSL Web interface, but a Department of Defense mandate requires all externally facing systems to use smart cards by Oct. 1. Weber and Morris are still working those details out.

Smartcard or no smartcard, classified information doesn't ever make it onto the NIPRNet, on which NKO runs. Instead, it uses the SIPRNet, which is a private and physically separate network. This "air gap" makes it safe for engineers to chat about the finer points of nuclear power on SIPRNet NKO. Because the workstation is on a network that has nothing to do with any other network, including the Internet, there's no chance of the latest Blaster-type worm subverting the workstation. All SIPRNet terminals are in physically secure areas, and there is no generic remote access. SIPRNet users need to go to designated locations to access the SIPRNet version of NKO.

Of course, that doesn't mean NKO is off the hook in terms of NIPRNet security: NKO operates as a trusted network in the NIPRNet context.

"To live where we live in the DMZ down in Pensacola, [Fla.]" Weber says, "we have to follow all the other security regs that the other systems do." This translates into being prepared for vulnerability assessments and other spot checks by Fleet Information Warfare Command.

• Performance and reliability: Because user adoption and retention, or "stickiness," is part of NKO's goal scorecard, keeping the site responsive is a priority. As far as scaling goes, we asked Weber what capacity planning tool or methodology was used when building NKO. He said that Appian had rolled out a similar system for the Army and knew that its code and systems would scale in a linear fashion. There was, however, a hugely different approach between the Army and Navy rollouts (see "Army-Navy Game,").

"We knew what we could afford," Morris says.

But even though there wasn't money to build NKO as a 24/7 system, Appian and the Navy used tools and techniques to keep the system afloat most of the time. In fact, Weber claims that in the past year, there have been only 30 hours of downtime, 20 of them for scheduled maintenance. And 30 hours of downtime equates to a yearly uptime of 99.65 percent.

NKO Usage and Registration

click to enlarge

Keeping downtime to a minimum on a system that isn't flush with funding has required the team to keep a close eye on resources and to use backup tools that eliminate backup windows: Appian tracks resources with BigBrother and uses Veritas' Oracle plug-in to perform transactional backups.

This goal also requires discipline with change management. "We have development, staging and production systems," Weber says. The code development team uses Ant for code builds and Borland Software's StarTeam for configuration and change management.

• Bandwidth: Finally, because many of NKO's constituents are at sea much of the time, one obstacle to a good user experience is bandwidth: NKO's current training materials aren't huge, but large training videos are on the horizon, and obtaining a slice of precious bandwidth at sea presents a challenge.

"Intelligence products, imagery, phones all pull from the bandwidth pie," Morris says. "Nature and the Navy abhor a vacuum, and if I give a ship that had 64K a T1, it will take no time at all for resources to suck that dry."

Accordingly, Appian built caching into the NKO application (using Appian's algorithms). The Navy is going with local presence with preloaded content, then refreshing content when bandwidth is available. This is happening on the USS Mason now, and the practice will expand as NKO grows.

Jonathan Feldman is director of professional services for Entre Solutions, an infrastructure consulting company in Savannah, Ga. He has worked with and managed technology in industries from health care and financial services to government and law enforcement. Write to him at jf@feldman.org.

Post a comment or question on this story.