Transforming NATO's Information Technology Architecture
NATO officials are laying the groundwork for a centralized enterprise networking architecture with invitations to bid expected to be released by year’s end. The new approach is expected to offer a number of benefits, including cost savings, improved network reliability, enhanced cybersecurity and greater flexibility for warfighters.
Officials at the NATO Communications and Information (NCI) Agency kicked off the alliancewide effort in August of last year shortly after the agency was created. The initial goal was simply to examine the alliance’s information technology infrastructure, how it could be modernized, where efficiencies could be gained and how to make the business case for modernization. The NCI Agency partnered with the Network Operations Industry Consortium (NCOIC) for the study. “We didn’t want to take just an academic view or an internal belly-button look. We wanted to get industry involved and find out what is within the realm of possibility today,” says Peter Lenk, chief, Capability Area Team Seven, NCI Agency.
The result will be a historical transition for the alliance. “We are for the first time, or one of the first times in NATO, looking at things as an enterprise. We’re starting to try to consolidate things across traditional boundaries,” Lenk says. “Through the creation of the NCI Agency, which has a mandate across all of the components of NATO, now we have within our grasp the ability to do this, and we can clearly see the advantages.”
The NCI Agency has requested funding for the new architecture, and the budget could be approved as early as this month. Once that approval comes through, officials intend to begin awarding contracts to consolidate data centers and centralize the network architecture for greater efficiency. “We hope to get authorization for the money early this autumn and then issue the major competitive invitations for bid before the end of the year,” Lenk reports. He adds that the agency did not request new funding, but is instead seeking to use existing funds for capability package 150, which is focused on renewing equipment for the current command structure. “NATO was on the path to spend the money for an implementation. What we’re doing is trying to reshape that to make sure we spend it in a modern way and bring NATO into the 21st century. This is not a technology implementation project. This is a transformational project.”
The initial study revealed a number of issues. “Our overall posture is decentralized. We grew up with local footprints, local people supporting those local infrastructures. By and large, those capabilities were bought either locally or through what we in NATO call territorial host nations, meaning the hosting countries where those units are,” Lenk says.
And that decentralized architecture presented problems, including more than 40 data centers. “We have a huge variety of equipment and a huge variety of ages of equipment. We counted just under 2,600 physical servers. Of that, we found about 100 different makes and models,” Lenk reveals. “We had some locations with three different types of storage area networks, so we have a huge logistical problem to maintain spare parts, to keep people trained, to be able to deal with this complexity.”
Furthermore, the agency discovered, up to 90 percent of server space was underutilized in many cases. And much of the equipment was either already past its lifecycle or rapidly approaching the end of its usefulness. Lenk lists the obsolescence issue as one of the major drivers behind the transformation. “We have to do something smart or we’re going to end up replacing things the way they lie just to be able to keep operating some of them, and that’s going to hurt us,” he says. “It’s going to be a waste of resources.”
The study revealed issues on the software side as well. “We counted around 156 installations of Microsoft Exchange. If you’re really generous, you’d say we need 10 to 20 licenses. We’re paying for 156,” Lenk states.
The NCOIC recommended a more centralized approach based on data centers. It recommended “two-and-a-half” data centers, which means two centers synchronized down to a few milliseconds and a third center for data recovery. The consortium also recommended a number of local nodes to provide some local applications and to support legacy applications that will take time to centralize. “And it does give people a warm feeling to have some local resilience. If all else fails, comms go down, then they do have some local capacity to do things,” Lenk offers.
NATO officials had estimated that the move to an enterprise network could save up to €85 million ($111.4 million) annually, which includes a reduction in military personnel. However, they are now amending that estimate. “What we’re advertising today is that we can save probably about €28 million a year and 480 military positions,” Lenk says, explaining that fewer people will be needed to support the centralized architecture.
The need to reduce military staffers is part of the reason for NATO’s network transformation. “There’s a lot of pressure on us to reduce military manpower because of the current budget situation in the nations. Nations want to get their military personnel back, at least a lot of them. So, we’ve got to do this in order to be prepared for that reduction of manpower,” Lenk says. “It’s not that we’re driving the reduction. We’re responding to it by adopting this new posture, centralizing the management and reducing the manpower requirements.”
Lenk emphasizes, however, that the benefits for warfighters is the primary concern. An enterprise architecture will provide greater reliability and flexibility for warfighters. Currently, Lenk maintains, if a commander needs to rapidly expand the available information technology for a mission such as the recent operation in Libya, the only option is to bring in a truckload of more equipment. “What we’re going to provide by taking that enterprise view is the ability to deploy capacity to where it’s needed electronically, in essence, and bring the capacity to bear to support the priority of the mission, either by using spare capacity or by reprioritizing things. We think there’s a big advantage in terms of that flexibility to be able to respond to demands as they occur,” he says.
The enterprise network also will increase cybersecurity. The current, sprawling architecture presents a “large attack surface,” Lenk says. “By reducing that to primarily three data centers and by ruthless standardization, we’re going to be in a much better posture. We can apply common patch levels to things by centralizing some of these functions. We can apply common pieces of software so that we’re not all using different things, each of which has to be protected. We think we can enhance the overall cyber defense information and security posture,” he notes.
Moreover, it will allow some business functions, such as finance and human resources, to be performed on a network with a lower classification. Currently, many of those functions are handled on the classified network. Another benefit includes greater use of NATO-owned mobile devices. “Workers, even in NATO, are not necessarily tied to their desks anymore. We can provide some of those solutions in an easier, less expensive way for mobile users,” Lenk predicts.
The five-year transformation will be implemented in four waves, which some might call spirals. Lenk jokes that as a former navy man, he prefers waves because, “Spirals are what bad pilots do.” The first wave, expected to begin this fall, will last about two years and will include the establishment of two data centers, replacing older equipment and centralizing many capabilities, including the nodes. The following waves will last about one year each and will focus on more centralization.
The first data center likely will be in an existing location at Mons, Belgium; the second at a new building site near Lake of Patria, Italy. The third is expected to be in the new NATO headquarters building, Brussels, Belgium, which will be integrated into the new architecture around 2017 in wave three. The short-term requirements of the first wave are well-defined, while the latter stages are more flexible. “The detail in the first wave is a lot more than we can predict three or four years from now in this environment,” Lenk indicates. “We know things will change. Technology will change; requirements will change. We know we’re going to have to adjust.”
The primary contract will focus on resolving a number of issues, including the first data center. The contract also will implement a number of nodes and provide the manpower to install equipment; migrate applications from the old system to the new; and will include centralization and virtualization. The NCI Agency also will contract for a consulting company that has either gone through a similar transformation or led other organizations through one. Another contract will be used to integrate the NATO Computer Incident Response Capability-Technical Center, which is being rolled out under the existing architecture, into the new enterprise architecture.
The enterprise architecture is expected to be NATO-owned, NATO-operated—at least for now. “We’re not looking for an off-source or off-premises solution right now,” Lenk explains. “It’s really a level of maturity we want to achieve before we think of turning some of this over to industry. We believe we need to take the first steps on our own—with industry’s help, of course—but then we’ll be in a position to better understand what we’re asking of industry if we should choose to outsource some of this.”
Lenk points out that because of the nature of information technology, work likely will continue after the five years currently planned for the transformation. “We will continue to centralize, to migrate, to massage, to drive process efficiencies into this once we have a good technological foundation to build on,” he says.