EXERCISING COMMS: The 50th Expeditionary Signal Battalion (Enhanced) and 63rd Expeditionary Signal Battalion conducted a combined large-scale combat operations communications exercise at Fort Bragg, North Carolina, on Sept. 29, 2021. Operational units are experimenting with hybrid tactical cloud models that provide access to critical services in disadvantaged or contested environments and additional resources when network connection allows. (Photo by Capt. Eric Messmer, U.S. Army)
From defining cloud computing models to executing pilots with operational units, the Army lays the foundation for data-centric operations.
by Lt. Col. Philip J. Smith, Paul Puckett III and Col. Evert R. Hawk II
Shoot, move and communicate. All three fundamentally involve movement. It can be moving a small chunk of lead to its intended target or moving raw materials to ammunition plants. It can be placing Soldiers in the right situation with the right mission to move to a specific objective. It can be moving information in the form of data from the location of observation to an analysis center, then back to field commanders for decision-making at the pace of war. But the real challenge is delivering payloads to their intended targets simultaneously in a constantly moving and therefore changing environment.
In each of the examples above, we find that access to real-time information is critical to ensure that we are shooting, moving and communicating the right way. As DOD pointed out in its 2020 DOD Data Strategy, and the U.S. Army has pointed out in the Army Data Plan and Joint All Domain Command and Control (JADC2) documents, data has become the new ammunition in a changing battlefield. Similar to moving ammunition, we must be able to move relevant data to the right users in time to make a difference. The U.S. Army Network Cross-Functional Team, part of Army Futures Command, is enabling the Army to leverage modern concepts and technologies to access and evaluate data from numerous sources, enabling faster and better informed decisions.
The foundational concept on which many other concepts and technologies will be built is the cloud: the ability to remotely access data and services via an internet connection. In the same way we build physical structures, this foundation—while not as visible to the unknowing eye—is critical to a stable end-state complete with a frame, walls, plumbing and electrical. In this multi-part series, we aim to describe the Army’s tactical cloud progress to date, as well as challenges to consider moving forward. We also explain key cloud terms where common understanding will be mandatory within the requirements, communications, acquisition, tactical and general leadership communities.
WHAT THE CLOUD BRINGS TO DOD
Often “cloud” takes on two very different but complementary meanings. One approach focuses on the value of access to data in the cloud—think backing up the photos on your smartphone—while the other focuses on the infrastructure that enables that access. The second version, often referred to as cloud computing, means that computing and storage capabilities require hardware and therefore, must exist somewhere. That can be your pocket, in the form of a smartphone, or your laptop or Internet-of-Things-like device. It can be warehouses full of high-end servers and networking equipment. For larger workloads (such as artificial intelligence, data analysis, service hosting), it requires specialized hardware purposefully built to handle the kind of computing needed to create complex machine-driven neural networks. It can also include the small collection of servers and networking kits Soldiers take to the field today, or any hardware combination thereof.
For DOD, acquiring and maintaining this hardware is a challenge because the uncertain nature and scale of conflict make it difficult to target investments, not only in acquisition but also in people. Cloud has become a way to offload expertise requirements and hardware investments while allowing for instant flexibility—if you need more computing and storage resources, you pay for them, click a button and they are instantly available. When they are no longer needed, you simply delete the resources you used and can reduce your cost rather than sinking an unused investment and obligation in equipment and people. However, for the tactical and operational Army, access to online cloud computing resources means bringing cloud computing resources into the field—or drastically increased reliance on the expeditionary network systems, often with bandwidth restrictions, that reach back to centralized cloud locations. Doing this in a way that meets today’s mission needs and the unknown needs of the future is a major concern.
The vision most have of the cloud is that it’s just someone else’s computer or data center somewhere that cannot be touched or controlled. This is one of numerous models when it comes to cloud computing, called off-premise public cloud, which intends to serve numerous tenants with common cloud computing requirements. There are other models for cloud computing that start to combine both public and private cloud offerings that can be delivered in both off- and on-premise architectures. Designers and engineers can structure those different cloud environments to function as one hybrid cloud.
|CLOUD IN MANY FORMS
Understanding how the Army and DOD are approaching cloud implementation starts with defining these different cloud models.
Hyper-Scale and Off-Premise
Modern off-premise hyperscale cloud involves multiple (usually large) data centers with the ability to replicate data and load-balance access at large and robust scales. When you become a tenant of one of these cloud providers, you are renting a set of components of that infrastructure for use, just like renting an apartment. Depending on the agreement and cost, where and how mission-critical data is replicated and load-balanced can vary. Most cloud providers replicate data between zones within a geographically similar region—enabling load balancing and resilience of service—but can be expanded to multi-region to guard against catastrophic failure such as an earthquake, flood or malicious attack that could compromise geographic power or network connectivity.
When it comes to on-premise cloud computing serving DOD needs specifically, the community has been practicing this in select IT spaces for some time now. On-premise means services are physically in the organization’s owned facilities. This could be on organization-owned equipment or equipment provided by a second or third party, such as Amazon’s Snowball line or Microsoft’s Azure Stacks. The burden of power, space, cooling and external connectivity are the minimum responsibilities of the hosting organization. Other responsibilities vary based on what services and agreements are procured with a service provider. This model provides the most autonomy for an organization but comes at the cost of dynamic flexibility.
As the world becomes more connected, industry is reevaluating how to design its systems to take full advantage of the value of cloud computing. For sectors like the oil and gas industry, where companies often operate within remote and challenged environments, a hybrid cloud architecture serves both local and global cloud computing needs. This model attempts to take the best of both previous models so that when you have connectivity, you have access to the resources available in hyperscale (robust, on-demand and flexible), and when your connection is disadvantaged or contested, you have critical services locally hosted with you. In the tactical space, this is the design we must strive for. There are times on the battlefield where loss of certain services could lead to unacceptable loss of situational awareness, obstructing command while other less critical services can enhance decision-making on a broad tactical to strategic scale when network connection allows.
IMPLEMENTATION AND EXPERIMENTATION
The Network Cross-Functional Team is working with the Army’s Enterprise Cloud Management Agency (ECMA), Project Manager Mission Command (PM MC) and others to make this tactical hybrid capability a reality. In the beginning, the team worked with PM Mission Command on a pilot to see if current software could be served from a cloud without operating outside of current contract constraints. PM MC, the Network Cross-Functional Team and the Pennsylvania National Guard proved it was possible in a Non-classified Internet Protocol (IP) Router Network (NIPRNet) environment. Others expanded on that capability once Secret IP Router Network (SIPRNet) capabilities were available from ECMA’s cArmy service, which provides an authorized and accredited set of general-purpose multivendor cloud environments that host Army IT services for multiple classifications.
Initially, PM MC, the Pennsylvania Army National Guard and the Network Cross-Functional Team collaborated on a pilot to explore the technical possibility of placing currently fielded Mission Command Information Systems, the core of the Command Post Computing Environment, in a NIPRNet cloud—because of accreditation timelines, the pilot could not expand into SIPRNet. The Tactical Cloud Pilot, Increment I validated the hypothesis that units could be trained on new software without being issued associated hardware. COVID-19 constraints forced an adaptation that also proved, while not ideal, that such training could be done remotely. Others took notice of the success and began work on their own adaptations. One U.S. Army Training and Doctrine Command use case is attempting to expand the number of users and locations, while units are striving to exercise these capabilities in tactical scenarios to inform the requirements community.
Today, we are leveraging the XVIII Airborne Corps’ Project Ridgway to pilot hosting capabilities through cArmy, with Amazon Web Services in the 101st Airborne Division and Microsoft Azure in the 82nd Airborne Division. As part of Project Ridgway, which encompasses XVIII Corps data and software modernization efforts, these units are providing realistic use cases and putting them to the test with current and legacy software during various experiments and field exercises on a mix of hyperscale, commodity and vendor on-premise cloud solutions. The Network Cross-Functional Team also just began working with I Corps on upcoming events for the spring of 2022. Upon successful I Corps implementation, the Army will have initially experimented or piloted with as-is software and configuration in at least one of the two cArmy cloud options from the battalion all the way up through the corps and brigade echelons, and division in the other.
What value does this bring to the Army? These pilots demonstrate possibility. While not the ideal or most fiscally efficient arrangement of software, with the episodic nature of exercises and operations, the Army can put cloud computing to use to enable a persistent, real-time mission command environment delivering those resources as a service to the total Army. When online, every unit asset could have secure access to the same common operating picture of resources and capabilities. In a contested environment, critical data and services for maneuvering capability will remain with the units geographically. However, much work still must be done to make this a feasible option for any program of record. In general, fielding to the cloud with as-is software is currently cost prohibitive.
There is still much work to be done, mainly with the key tool that creates, consumes and disseminates our data: software. With the availability of dynamic computing and storage paradigms enabled by cloud computing comes a new set of challenges for how we use software. The software that the tactical Army currently owns and operates was not built to be run in the agile cloud environments in which we are placing it. The way we handle, manipulate, translate, store and visualize data in its various forms is still largely tied to specific warfighting functions, limiting the ability to inform decisions more broadly.
While the current pilots will deliver new value to the Army in the form of real-time data access, reduced technical overhead and informing operational uses of cloud resources, the Army’s software was never designed to run in the cloud in optimized ways. Therefore, while the Army will see isolated value in using the cloud, software and system modernization remains fiscally unachievable at the scale the Army requires. The Army cannot change operational software across the force overnight, causing a legacy compatibility requirement as it adapts to future capabilities.
All these considerations lead to follow-on topics of the technical knowledge and strategic investment in software redesigning and replatforming to take full advantage of cloud computing. These new means of implementing IT services may cause us to reevaluate the ways in which we employ them. Concepts of operation for how identity services are implemented and compartmented are at the root of many if not all other IT services in a secure environment, and must be addressed and resolved. While each concept brings its own advantages, the revolutionary contribution to the fight can only be delivered in its integration with the others.
In the next article, the authors will discuss “as a service” models and talk about how the software and therefore the development process must change, enabling greater flexibility, mobility and hopefully faster delivery of change and adaptation.
For more information, contact Lt. Col. Philip Smith at firstname.lastname@example.org.
COL. PHILIP J. SMITH is the Network Cross-Functional Team’s information system development officer. He holds an M.S. in telecommunications and network engineering from Syracuse University and a B.S. in communications with an emphasis on computer science from Truman State University. He has served as the division automation management officer for 10th Mountain Division, as well as chief network engineer at the Defense Intelligence Agency and Joint Staff Directorate for Intelligence.
PAUL PUCKETT III is the director of the U.S. Army’s Enterprise Cloud Management Agency. He has served as the federal chief technology officer at an industry cloud native service provider and numerous civil servant roles at the National Geospatial-Intelligence Agency, including cloud integration lead. He holds an M.S. in systems engineering from George Washington University and a B.S. in computer management information systems from Liberty University.
COL. EVERT R. HAWK II is the line of effort 2/3/4 team lead at the Network Cross-Functional Team. He holds a Master of Strategic Studies from the United States Army War College, an MBA in finance from Saint Joseph’s University and a B.S. in business administration and finance from Penn State University. He is a certified Project Management Professional and PMI–Agile Certified Practitioner from the Project Management Institute and a Lean Six Sigma Black Belt.