Network Tool Protects Guard Assets

July 2009
By Henry S. Kenyon


NetMRI is being installed in the Army’s Joint Network Nodes, part of the service’s Warfighter Information Network–Tactical program. The appliance will help operators manage and maintain their battlefield networks efficiently.

Security device safeguards data and voice architectures through constant observation, instant alerts, device-level troubleshooting.

The Tennessee Army National Guard is using a network change and configuration management technology to monitor its networks proactively and warn administrators about potential trouble. The NetMRI system incorporates devices that integrate hardware and software to provide alerts and to allow problems to be remediated immediately. It also enables a small staff to monitor and manage a statewide network consisting of hundreds of nodes and facilities.

As with the regular Army, its National Guard and Reserve units often have to work with limited personnel as individual soldiers rotate into and out of combat areas. This situation is challenging for information technology specialists responsible for maintaining operational communications and data networks. Because understaffing is a common condition for many units, the ability to automate network management and maintenance increases the effectiveness of administration teams.

A small staff and a large area of responsibility are some of the challenges faced by Capt. Randy Floyd, TN ARNG, Nashville, Tennessee. As the guard’s network operations and telecommunications manager, he is responsible for managing 94 National Guard locations across Tennessee. The captain’s primary mission is to ensure that voice and voice over Internet protocol networks are running smoothly. He also is in charge of the state National Guard’s computer network defense.

Capt. Floyd manages this system with one dedicated staffer and several temporarily assigned support personnel. His team usually is short-handed, he explains, noting that he has three other personnel who are being deployed. Much of the captain’s work revolves around disaster preparedness, such as providing support to regional state National Guard units during the hurricane season. He adds that western Tennessee is located on a potentially active fault line that could rival California’s San Andreas Fault for earthquake destructiveness and that the eastern part of the state is prone to flooding and snowstorms.

The Tennessee National Guard acquired the NetMRI system in 2007. Capt. Floyd explains that one of his warrant officers, a network administrator in civilian life, brought the product to his attention. But the main catalyst for selecting the device was a major information assurance and vulnerability assessment in 2006 that required the team to upgrade its Cisco internetwork operating system (IOS). This process required Capt. Floyd and his assistant to upgrade manually nearly a thousand routing and switching devices across the Tennessee National Guard’s wide area network. “It took us several weeks to knock that out. I didn’t want to do that again. There had to be a better way,” he explains.

After reviewing several systems, Capt. Floyd remarks that the Guard chose NetMRI because it could upgrade device software automatically across a network. Other criteria included the need for a tool that used simple network management protocol (SNMP) to interrogate the network’s routing and switching devices. The final metric was the system’s dashboard graphical user interface that measures network performance with a numerical score between one and 10. The captain notes that when he checks his network health on the NetMRI interface, it is typically a 9 or 9.1. Oh the other hand, if the score is a 7 or an 8, he can immediately drill down to determine if it is a malfunctioning device, such as an errant switch, or a larger problem that requires immediate attention.

Another key point behind the acquisition of NetMRI is that it is National Security Agency (NSA)-approved and has the agency’s requirements for correct network security. “It has the baseline from the NSA that says here is how it ought to look, and here’s how your network stacks up against that. If I’m keeping my network with what the NSA likes, then I know I’m going to be OK with all those other certification processes,” the captain says.

The captain explains that the system’s main advantage allows him to leverage his time because he has a small staff. It also enables him to obtain a snapshot of the network to determine its health and move on to the next task. Another advantage the captain notes is the system’s information assurance abilities. Capt. Floyd notes that the first iterations of NetMRI did not have an active security capability. The earlier version could collect network data up to four times a day, but he only used this feature once a night to measure network health. The latest release of the device’s software, which was installed in the last few months, has significant upgrades that allow real-time analysis and monitoring of a range of devices across the network or a few devices in a specific part of the system.

NetMRI also can support wireless communications systems and satellite communications networks. Capt. Floyd notes that he uses the application primarily as a tool to monitor unapproved wireless activity. He explains that there are approved wireless devices for use on National Guard and Army networks, but most civilian devices are not secure. NetMRI notifies the captain if soldiers have plugged in an unauthorized wireless device at the various National Guard facilities across the state.

Besides proactively monitoring networks to measure their health, NetMRI devices and software manage both voice and data networks, and modules in the system also watch additional layers in the network or cover hubs and other network devices. The system provides some firewall and virtual private network support. According to Gregory O’Connell, vice president of federal operations for Netcordia Incorporated, Bethesda, Maryland, which makes NetMRI, it is a Linux-based appliance with Intel processors that is rack-mountable and able to fit into transit cases and hubs. The device uses SNMP, which allows it to begin searching a network automatically. “We collect information on everything from serial numbers to temperature,” he says.

O’Connell explains that the system collects different strings of events and correlates them interactively. He notes that the device can indicate if separate isolated events are related. “We have the intelligence to tell you that this could cause a much more severe impact at some point down the road,” he says.

The device enables administrators to perform real-time, reactive work to maintain network security. O’Connell explains that Netcordia complements many other types of software consoles and tools. “We can complement broader and more holistic platforms with something that they don’t really have,” he says.

Netcordia has been working with the Army since 2005. O’Connell notes that it has supported the service’s work with the Joint Network Node (JNN) component of the service’s Warfighter Information Network–Tactical (WIN-T) (SIGNAL Magazine, April 2009, page 43). He explains that NetMRI was selected to meet the JNN’s requirement for rapid startup. He claims that within 30 minutes from startup, the device can be operating and collecting information on a network and generating scorecards within hours. Following the Army’s recommendations, O’Connell says that version 3 of NetMRI now has an application-programming interface that allows the system to focus on integration and interoperability.

The system features a browser-based, intuitive interface. The Web browser console also allows administrators to manage and monitor a network remotely. O’Connell explains that besides providing a range of alerts on different systems, from voice to data, the latest version of NetMRI also features a network mapping and topology tool.

The device and its software are also Defense Department Information Assurance Certification and Accreditation Process (DIACAP) certified. DIACAP is the Defense Department’s initiative to have a common information assurance accreditation process for products that are used across all the services. O’Connell adds that the Army has the most selective DIACAP requirements, noting that NetMRI has a 75 percent information assurance capability because it has been through the Army’s requirements. In addition to the Army, Netcordia’s product also is used by a range of government agencies such as the U.S. Coast Guard, the intelligence community and the legislative branch. It also is widely used by the private sector.

In the federal sector as well, Netcordia is busy providing scripts to the Defense Information Systems Agency’s Security Technical Implementation Guide (STIG) configuration controls to comply with the Federal Information Security Management Act. O’Connell explains that these controls allow users to generate reports, but he shares that this capability must be activated manually. Based on customer requests, he says that the next version of NetMRI will automate this function.

NetMRI is being installed on the Army’s WIN-T JNN equipment. O’Connell says that the WIN-T program plans to equip 88 of the Army Reserves’ National Guard units. Besides allowing National Guard units to deploy and operate with regular Army forces, WIN-T is useful for the guard’s disaster relief mission because of its mobile wireless networking capability. O’Connell notes that NetMRI soon will be in use across most of the Army’s regular and reserve brigade combat teams.

Tennessee Army National Guard:
Project Manager Warfighter Information Network–Tactical:



Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.