Maximizing Government Networks

November 2011
By George I. Seffers, SIGNAL Magazine
E-mail About the Author

 

Globecomm Systems Incorporated, Hauppauge, New York, recently upgraded the National Weather Service’s Advanced Interactive Processing System, an information processing, display and telecommunications system that is the cornerstone of the National Weather Service modernization and restructuring.

Optimization means more than just monitoring dots.

The increasing complexity of government networks is compelling managers to turn to solutions for monitoring that are as diverse as the networks they operate. Their needs are varied, but their goal is the same. In this era of electronic government, departments and agencies continually search for ways to improve network performance and ensure that the networks remain healthy and robust.

Civil government networks that serve officials internally must be able to deliver the right information to the right people in the right manner. External government networks must provide broad-based access as they deliver services to the citizen, and their traffic can vary greatly. Military networks pose even more complex challenges both for optimization and for security. They face a greater threat of enemy cyber action, and they constantly must deal with bandwidth constraints. For both types of government organizations, commercial solutions are the primary path to optimization.

Keeping the network healthy is about much more than simply checking up on the remote connections, says Lt. Col. Joseph Hilfiker, USA, former communications director for Regional Command-East in Afghanistan. “It is imperative to operating a network to look at more than just the little green and red dots telling whether or not your link is up to some distant site. There’s a heck of a lot more to it than just the color of the dots,” Col. Hilfiker advises. “To look at the overall health of the network, you have to drill in and look at factors like bandwidth, look at packet loss, look at availability. If you’re not watching proactively, the first time you realize you’re out of storage is when the servers lock up.”

U.S. military officials in Afghanistan use Microsoft SharePoint for collaboration, and the tool is being embraced by NATO as well, Col. Hilfiker says. However, as with other applications, it has to be monitored closely. “SharePoint is the number one tool we use for information sharing. We use it as an information portal, to disseminate information and to collaborate. And you have to monitor the share points because if they get too big, it will crash,” he explains.

Officials in Regional Command-East also use a network assessment tool that allows them to view the network with enough detail to proactively prevent problems. They monitor, for example, the microwave line-of-sight link to ensure availability to the warfighters. Earlier this year, about 14 percent on average of the 44-megabit link went unused. “That’s getting to the point where we need to think about upgrading that or maybe changing the architecture so that not so much data is running over that link. Again, it’s not just about the color of the dots. It’s about the actual health,” Col. Hilfiker says. “If you’re not looking at the health of your network, if you’re just looking at the colors of the dots on the network monitoring tool, you’re missing what’s most important. Because the dot may be green, but your availability is only 60 percent, or if your packet loss is running at 60 percent, there’s a problem. If you’re not looking at those kinds of details, it’s really amateur hour.”

Regional Command-East also has made use of mesh networking, which boosts reliability because if one node goes down, the others can continue to operate and share data. “One of our huge successes is that we redesigned our meshes to be more efficient. Where we used to see 60 or 70 percent availability, now the lowest we see is 99.6 percent. It’s much more elegantly and efficiently designed,” Col. Hilfiker reports.

On or off the battlefield, many government officials rely on commercial products and services to keep their networks performing at peak capacity. Citrix Systems, Fort Lauderdale, Florida, for example, provides a wide range of government customers with two primary network optimization technologies—Branch Repeater and NetScaler.

Branch Repeater is a wide area network (WAN) optimization tool that accelerates, controls and optimizes desktop, applications and multimedia services. David Smith, Citrix chief technology officer for the public technology sector, explains that many networking protocols simply are not as efficient as they could be. Transmission control protocol/Internet protocol (TCP/IP), for example, still is used widely today, but it has been in use for more than 20 years and was designed in an era when networks were inefficient, inconsistent and unreliable. TCP/IP routinely floods the data pipes with more information than they can handle, then slows down and ramps up again—an inherently inefficient process. “The networks were a lot sloppier in the early days of TCP/IP,” Smith says. “What WAN optimization does is to get rid of those inefficiencies within TCP/IP and make way for full utilization of the pipe between locations.”

Various applications, such as file transfers or connections to email servers, use their own protocols that can be a hindrance on any network. If, for example, someone in a remote location connects to a data center file share application and tries to drag the file over to the local machine, it typically does not receive the entire file—it retrieves the first bit and then returns for each subsequent bit afterward, Smith explains. So, if the file is being dragged over a long distance, “the back end is waiting for the next task at the front end.”

 

Cables make up part of the extensive warfighting network in Afghanistan. The network requires in-depth monitoring to ensure optimal performance.

WAN optimization tools, however, can pre-fetch some of that data so that the user experience is much quicker than the actual protocol. “Instead of waiting for it to fetch the next packet, the WAN optimization knows you’re trying to grab a file. So, it grabs a huge section of the packet and brings it across the network and caches it on the client side, so that when the client is ready for the next packet, it just goes to the WAN optimization box sitting on the network instead of going all the way back across the network,” Smith adds.

WAN optimization tools also compress files. Most tools use two different compression techniques, Smith explains. The first, called first-pass compression, does its best to compress data going across the network so that it takes up a minimal amount of bandwidth. The second technique is multipass compression, which maintains a history at both ends of the WAN optimization solution. The network recognizes that the data has been passed before, and rather than send it across the entire network again, it sends up a flag signaling that the data should be grabbed from the compression history. If, for example, a user were to send a 4-megabit PowerPoint file to all company employees, Smith explains, it would not have to cross the network every single time. “That’s probably where you’ll see the biggest benefit on the network optimization side—you don’t have the data crossing the wire multiple times. It really only crosses the wires once,” Smith says.

NetScaler, on the other hand, is an application delivery controller (ADC), which combines an array of different networking technology into one application. ADCs are handy for large websites, such as Yahoo or Amazon.com, because they take over some of the more difficult computing tasks, including encryption and decryption, opening and closing connections between servers and end users, and passing information so that scores of users do not have to retrieve the information from the server every time. In the Yahoo example, for instance, an ADC could be used to present the logo and all of the icons on the site.

Many ADCs, including NetScaler, also involve security measures such as application firewalls. Traditional firewalls detect requests to access a specific part of the network and then either approve or deny the request. An application firewall looks at the content being requested and intelligently decides whether or not to allow access. Smith cites the example of a commercial site such as Amazon, which deals with customer credit card numbers. An ADC would understand it is supposed to accept credit card numbers but not give them out. “What an application firewall does is that it intelligently looks at the data and then blocks information based on the recognition that it is a 16-digit credit card number, and it won’t let that go out.”

For WAN optimization, Citrix has seen government customers achieve up to 40 times the savings in bandwidth usage or in time of data delivery to an end user. With its ADC product, the company sometimes can reduce server costs by up to 60 percent, Smith says.

Among its many government customers, Citrix supports the Warfighter Information Network-Tactical (WIN-T), the U.S. Army’s on-the-move, high-speed, high-capacity backbone communications network linking warfighters on the battlefield with the Global Information Grid. WIN-T is a mobile, ad-hoc, self-configuring, self-healing network using satellite on-the-move capabilities, robust network management and high-bandwidth radio systems to keep mobile forces connected, communicating and synchronized. In March, General Dynamics announced that the Army had ordered WIN-T Increment 2 systems for an additional five brigade combat teams, making a total of eight brigade combat teams receiving the second increment. According to the announcement, the systems are scheduled for fielding in November under a potential $2.8 billion contract with a General Dynamics-Lockheed Martin team.

Smith warns government customers not to take the easy route for maximizing network performance. “Typically, the first response is the most expensive response. If a network is slow, the first response is to just buy more bandwidth. The problem is that it doesn’t necessarily solve the problem. If you double the amount of bandwidth you have, it doesn’t necessarily double the speed of your network, and it doesn’t take away the thing that is making your network inefficient,” he says. “Probably the most common thing making your network inefficient is the protocols going across it.”

On a similar note, officials with Globecomm Systems Incorporated, Hauppauge, New York, warn that government agencies often take the least expensive approach and then end up dissatisfied with the results. Globecomm takes a holistic approach to helping its customers “deliver more bits per hertz per dollar” by optimizing networks to increase the efficiency of voice, video and data transport.

The Internet protocol-based network is composed of multiple technologies from scores of suppliers, all supposedly interoperable but seldom right-sized for the number of applications they serve, according to Globecomm officials. With today’s complex, multiplatform networks, achieving maximum performance requires the right design, the right match-up of technology, and constant attention to changing conditions on the Internet. In times of limited budgets, issues such as frequency band, links, antenna size and the overall network architecture need to be assessed.

Globecomm has supported efforts to provide morale-boosting capabilities, such as email and Skype, to troops in Afghanistan. The company also has worked with the U.S. Agency for International Development, the principal organization for administering aid to countries that are recovering from disaster, trying to overcome poverty or engaging in democratic reforms. The company announced in July that, as a subcontractor to Raytheon, it had completed the transition and expansion of the National Oceanic and Atmospheric Administration’s National Weather Service Advanced Weather Interactive Processing System.

Security is the number one issue that any agency should consider in its effort to optimize networks, says Alan Williams, Globecomm’s information technology network domain manager. “It doesn’t do any good for us to optimize the network if it’s not secure and anybody can get into it,” Williams says. “Anybody can do nefarious or illegal things on your network if you leave the light on for them. Network security is always the first thing we take into account.”

Another critical element is network visibility. Once the company understands the nature of the network activity, it can implement controls to limit such things as movie downloads as well as a number of caching, compression and other optimization techniques. Williams echoes Col. Hilfiker’s statements about the importance of closely monitoring the networks. “A lot of people don’t know what’s going on in their networks,” he says. “We apply visibility techniques to determine what is business traffic and what is nonbusiness traffic—like the Web surfing so many people do while they’re in their offices.”

WEB RESOURCES
ISAF: www.isaf.nato.int
Citrix: www.citrix.com/lang/English/home.asp
Globecomm: www.globecommsystems.com/index.shtml

 

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.