From the first military use of computers until the late 1980s, military computers were designed and built from the circuit board up. This included designing the instruction set architecture (ISA) that operated the computer’s primary functions. As a young military officer, part of my first postgraduate school assignment was helping the AN/UYK-43 design team build the ISA for this military specification (MILSPEC) tactical computer. AN/UYK-43 computers continue operating the AEGIS combat systems in many of the Navy’s AEGIS cruisers and destroyers today.
In 1989, I participated in a Navy Research Advisory Committee (NRAC) study on next generation computers for Navy tactical systems. At the time, a formal waiver was required for a program that wanted to use commercial computers. The NRAC study recommended reversing that policy and requiring a waiver for using MILSPEC computers. The recommendation was accepted and the era of ruggedized commercial Naval computers began.
Fast forward to today. In the 1980s cyber-hacking was a little known activity. Taking advantage of rapidly growing commercial information technology was the most efficient way for the military to remain near the leading edge of the IT revolution. Unfortunately, by the mid-to-late 1990s cyber-hacking had become a known challenge for both National Security and commercial businesses . In response, DARPA established the first cybersecurity technology project, to defeat cyber-hacker threats, in 1998. Today DARPA is hosting a Cyber Grand Challenge to test the abilities of a new generation of fully automated cyber defense systems.
Although illegal, cyber-hacking has become big business over the past 15 years. Within the hacking community, low cost hacking tools and malware are easily obtained through the internet or related illegal connections. As I described in an earlier post, Can DoD Get Out of It’s Cyber-IT Rut?, the Defense Science Board categorizes hackers into six tiers, according to the amount of resources applied. Thousand dollar hackers are people or groups buying available tools and malware to exploit known vulnerabilities. Million dollar hacker organizations are discovering new vulnerabilities, and billion dollar hacker organizations are creating new vulnerabilities in support of National advantage and/or military cyber-warfare.
While eliminating all cyber vulnerabilities may be impossible for the foreseeable future, the military, and other high profile commercial organizations, can adopt techniques that significantly reduce the vulnerabilities of easily obtained hacking tools. Early on, Google started building proprietary servers and networking infrastructure by ordering directly from chip and computer/network development vendors. In doing so they are able to optimize security and performance across their infrastructure.
“Google’s data centers use custom hardware running a custom hardened operating system and file system. Each of these systems has been optimized for security and performance.”
Amazon, Facebook, and others have followed Google’s lead and now build their own proprietary infrastructures. By modifying these infrastructures, to include compute and network operating systems, these companies render ineffective many of the hacker tools and malware being shared across the hacker community. These techniques reduce or eliminate their vulnerability to thousand and million dollar hacker organizations, while complicating the job of the billion dollar club.
Military electronic systems are sensitive to the space, weight, and power (SWAP), necessary for them to field and operate. Because of newly emerging converged or hyper-converged server technologies, a paradigm shift in SWAP is becoming available to military system designers. By combining compute, storage, and networking functionality within a single server, these products are capable of hosting virtual machines (VMs), virtual desktop infrastructure (VDI), and software defined networks (SDNs) an order of magnitude more efficiently than current implementations. Said another way, one rack of converged server equipment can replace as many as 10 current system racks.
One of the technologies making converged servers possible is the maturing of flash memory solid state drive (SSD) storage components. SSDs offer significant improvement in access time and power usage over spinning hard disk drives (HDDs). Many of us are now enjoying these new SSDs in our laptop computers where they operate significantly faster than the older HDD computers. Solid state memory technologies have been under development for the past 35 years. Up until recently, cost and longevity challenges have limited the market for SSDs. That has now changed. Today’s enterprise class SSDs ship with 5-year manufacturer warranties and are delivering up to 2 terabytes (TB) of memory in a 2.5 inch form factor (laptop size). Further, SSD manufacturers predict they will be delivering 8 TB SSDs, in the same form factor, within two years.
By adopting SSDs into the converged server designs, manufacturers are now able to significantly improve virtual server performance. Nutanix and RuggedCloud are two of the converged server products Navy engineers are currently evaluating. While SSD memory is not as fast as conventional synchronous dynamic random-access memory (SDRAM) memory, it is 40 times faster than HDD memory.
Nutanix and RuggedCloud both leverage SSDs to speed up server performance and reduce SWAP for equivalent functionality. RuggedCloud further leverages SSD technology by increasing memory to central processing unit (CPU) data flow, thereby enabling SSD memory to be used by the CPU as extended random-access memory (RAM). The largest power consumers in a server are the CPU chips and the SDRAM memory chips. By using less SDRAM and more SSD memory as RAM, significant power savings are possible while computer performance increases because of the extra large RAM. Because a single 3.5 inch high 2U server, as shown, can be configured with as much as 96TB of SSD memory, the server can support hundreds of VM/VDI/SDN workloads using a power draw of less than 300 watts. When populated in a full rack configuration, achieving 10:1 reductions in rack space and power consumption is possible.
In addition to paradigm shifting SWAP savings, by increasing available virtualized cybersecurity processing resources, converged server technologies introduce new opportunities to mitigate cyber threats on Navy ships, and other tactical platforms. Further, these combined technologies create an opportunity for Navy to create its own version of the Google data center model. By designing and then specifying custom modifications to the chip sets, hardware, network, and software infrastructure, low cost hacker tools and malware can be rendered ineffective in Navy platforms and shore-based data centers. In a sense this would be a return to MILSPEC IT infrastructure, but with a modern twist. Like Google, Amazon, and others, Navy IT infrastructure customizations would be small variations on commercial chips, hardware, and software components, while maintaining compatibility with commercial and government software applications.