The United States Air Force was launching a program to consolidate information technology assets at a large base. The program included desktop hardware and IT infrastructure for more than 20 Air Base Group units and approximately 4,000 IT assets.

Method

With the IT infrastructure on the Air Force base spanning numerous physical locations, the movement of assets and changing personnel created significant challenges for tracking physical equipment and any equipment-related tasks. Working closely with the Air Force Deputy Chief Information Office, and through evaluation and understanding of our customers’ needs, the SMS team planned, designed, and implemented a custom database application that would manage the thousands of IT assets. The features of the database included: integration of data loads from the Defense Property Accountability System (DPAS), automated workflows through email notifications, near real-time visibility of asset locations, status, user login information, automated hand receipts, active directory, network device data integration, transaction history, and a list of installed software.

The Asset Management task has now become transparent to the former Air Base Group custodians. They are able to act as points of contract and notify the team of any changes in personnel or unique requirements. The program has also provided flexibility for organizations within the Air Base Group who wish to retain control of specialized pieces of equipment. They have full access to the Equipment Custodian Asset Management (ECAM) database to assist them in managing their assets – as do any other base organizations not part of the IT Asset Management as a Service program.

Benefit

Prior to adopting a custom database application, military and government civilian IT property custodians provided day-to-day management of IT assets using paper forms and spreadsheets. With SMS’s integration and management of the custom database, process improvements have been made that allow for a single, full-time asset specialist to handle the tracking and management of IT assets. Due to these efficiencies, more than 30 military and government civilian IT property custodians have been able to return full-time focus to their primary duties. SMS’s first consolidated annual inventory was completed with no missing assets. This asset management model was performed through an SMS Air Force task order and was realized with no additional SMS contract costs.

Organizations invest a significant amount of time and money on secure and robust networks, but they do not always have an adequate understanding of how well those networks are performing and operating. Monitoring and event management tools are designed to provide insightful information about the functional operation of the network and its various components, as well as reduce the meantime to resolve and repair any identified problems on the network.

When a Department of Defense (DoD) agency noticed that a sporadic sequence of network events was cumulatively stopping network services from functioning, they looked to SMS for a customized monitoring solution to help detect and mitigate the events that were negatively impacting their entire user community.

Method

Domain Name System (DNS) administrators had been attempting to upgrade their systems, but were spending a significant amount of time keeping their existing DNS systems up and running due to frequent outages. Prior to each outage, the administrators had noticed a sequence of specific events discovered through observation and logs. When this series of events occurred within a limited time frame, they knew the environment would quickly become unreliable and unpredictable.

Working with the DNS administrators, the SMS event management team began monitoring for the event sequences within a sliding window timeframe. The team devised a solution that correlated and suppressed associated alerts into a single, critical alarm to notify network administrators of a potential adverse situation when events were detected. In addition to the alarm, the solution also automated corrective actions. Since the system would gradually lose services before going down completely, the solution’s automated actions – such as restarting those specific DNS services as they began to deteriorate – kept the DNS running, allowing the administrators to refocus their efforts within a more stable DNS environment.

SMS further enhanced the management capability of the alarm function with an automated trouble ticket function that would open an incident and populate it with relevant information associated with the situation. The management system was also configured to execute remote commands on the systems hosting the critical services, proactively preventing a failure.

Benefit

The SMS event management solution helped the customer effectively monitor and accurately track the situation while eliminating the overall service failure on their existing systems. Our alerts and tickets fed into Remedy ticketing system that generated automated emails populated with all relevant event details, such as host name, IP, first occurrence, last occurrence, tally, and a summary message. This decreased meantime to repair and significantly increased uptime while also improving the overall contract service metric and SLA numbers. The SMS solution provided the system administrators the much needed time to successfully upgrade and enhance their environment to host their critical services.

A federal agency that had traditionally used only local infrastructure for their systems and had never accredited a cloud-based system, was planning to build a new database to meet their training requirements. Specifically, a Software as a Service (SaaS) learning management system was chosen to be hosted on the Amazon Web Services (AWS) GovCloud.

Since this agency had never previously accredited a cloud-based system, the government team requested industry expertise to work with them in understanding and implementing the steps in the process that would ensure proper controls would be in place for authority to operate and connect to the cloud-based training system.

Method

The SMS Subject Matter Expert (SME) began the process of accreditation by first identifying the required artifacts, or evidence that a system puts forward to show that each of the security requirements of the system is being met. We linked them to the appropriate controls after developing an artifact distribution template. The template listed all possible controls (862 controls using the latest NIST Special Publication, 800-53), which were mapped and tailored down to 453 individual controls. SMS reviewed these controls and their requirements, matched the appropriate vendor documents for each control, and identified which controls required local policies to address the requirements. For this migration, 86 controls were needed to meet the local policy requirements.

SMS then worked with the local system administrators to find the specific details regarding how they addressed those 86 controls. The SMS SME wrote the necessary local policies, then uploaded and linked them to the appropriate controls after approval. The Security Control Assessor (SCA) evaluated the policies to ensure the requirements had been met prior to granting authorization to be on the network. Acting as a local SCA, the SMS SME worked jointly with the government SCA in order create a more efficient process.

The overall system security plan was developed and quickly approved by the SCA, then approved for Interim Authorization to Test (IATT) for the standard six-month period with no rework and, after the entire package addressing all controls was submitted, SMS successfully received a one-year authority to operate. All system approvals were obtained without delays. 

Benefit

The government customer has access to an accredited training requirements information system with an artifact distribution template that can be used for all future cloud efforts to identify the necessary artifacts and cross-check them with their required controls. The template allows the agency to summarize policy into an easy-to-read format, saving time and resources in any future systems accreditation efforts through a repeatable, easy-to-use process.

An efficient, modernized cable infrastructure is an important component of seamless network operations, but an out-of-date or inefficient system can cause problems with both current and future operations.

When a federal agency’s headquarters found themselves with an outdated cabling infrastructure, they faced a potential risk of code violations. With no existing equipment room for the network component racks, this agency had resorted to using a storage room in the core of the building. This lack of dedicated equipment room space meant that heat became a problem, causing premature end of life for the customer’s network equipment. In addition, cabling was out of date and exceeded the required distance of 100 meters.

Method

The project encompassed an entire floor in a federal agency’s building: approximately 60,000 square feet and 600 users. With no previous, dedicated equipment room for their network component racks, the networking equipment was experiencing heat problems and potential failure. With the proper cabling limit at approximately 100 meters, the SMS team determined that the entire floor was too large to have a single equipment room due to the “L” shaped nature of the building. With a design meant to ensure cabling codes and standards were met, the SMS team worked to optimize the space through dedicated north and south equipment rooms with a backbone cable running between them. The team then determined the heating and cooling requirements based on the customer’s equipment specifications and designed a proper HVAC system to ensure the correct temperature for the network equipment. After removing the existing outdated cabling and providing fire stopping seal to all conduits, SMS designed and built cable pathways and installed basket trays, cable, and work area outlets to appropriately support the new cable plant. The agency had also been installing cabling to a 10-year-old standard that required four cables per user. We used the most current standard that required only two cables per user, allowing less cable in the ceiling and under the raised floors, increasing the air flow and allowing the equipment to cool by dissipating heat more efficiently.

Benefit

By using a creative design and cabling best practices for the new build-out, SMS brought the agency up to proper standards and code requirements. In addition to solving the space, heat, and excess cable challenges, SMS also created a new, set-label system with drawings and pathways identified, documented the test results for each cable installed, and provided rack elevations for network equipment planning. This forward-thinking structured cabling solution with proper documentation provides the ability to easily update and adjust to future standards and agency requirements.

A United States Air Force training center released a mandate to modernize training through increases in hands-on approaches and the digitization of legacy pen and paper training. The SMS team worked with stakeholders on a solution that would focus on consolidating resources and enable the trainers’ goals. SMS worked directly with personnel to help design the modernized training concept and deploy the infrastructure for a new, update network.

Method

SMS supported the design and deployment of the new network as well as the classroom training environments. The SMS team interfaced with training managers, specialists, and course instructors in order to understand the mission needs and develop a design that would sustain the solutions used to meet both the training objectives and the Air Force mandate. The objective of each solution varied depending on the specific training structure and environment. 

With an understanding of the needs of the instructors, SMS provided the engineering behind the setup and sustainment of the network infrastructure and virtualized classroom environments. The design and implementation of the network provided the infrastructure for the overall training modernization goals across 25+ buildings at the base, consolidating resources for all aspects of training including (but not limited to) virtual systems, software-defined networking, learning management systems, and file sharing.

Benefit

With the establishment of the training network, all distributed networks can be consolidated into a single environment with an emphasis on sharing resources and providing consistent functionality across all training squadrons. This alleviates budget concerns within the training groups and reduces the requirement on training personnel to set up and sustain their systems. By modernizing, operating, and maintaining an effective training system, SMS was able to increase the reliability of the systems and reduce the need for troubleshooting by trainers, enabling them to remain focused on the mission of training and preparing airmen for the field.

This federal agency operates large data centers that provide storage and computer services for classified and unclassified information, while also building, operating, and maintaining hundreds of enterprise applications, providing the user community with a high level of data accessibility. This includes support of data and applications that are both data center-based and resident in intelligence community cloud environments across all security domains. Application and management support also extend to a Platform as a Service (PaaS) model within the community cloud environments.

Method

Microservices focus on the service lifecycle and not the application lifecycle. Unlike large, tightly coupled software modules that scale to provide the enterprise application, the cloud microservices have a targeted, single-focus function that is about scope and not size. Cloud microservices are also loosely coupled and self-sufficient, avoiding any hard-coded references to other services. They are continuously delivered, which greatly decreases the time to adapt and respond to changes needed for applications that are often updated.

SMS worked with the agency to create an operational development team that would deliver a cloud microservices architecture that augmented the agency-specific portfolio of cloud microservices. The SMS team continued to expand the specific set of microservices for agency application developers while operating and maintaining the deployed set of microservices and building upon the library of offered microservices. These microservices could be utilized on premise or with any cloud provider, so if the agency decided to change providers the move to a new data center is greatly simplified because all developed services for the agency’s application teams will continue to operate with no modification.

The cloud microservices model delivers an architectural approach that defines another layer of abstraction between the PaaS service level and the user community. This has allowed application developers to use and re-use a set of services built for specific purposes, similar to a set of library calls that any application may use over and over again. Because of this, the microservice has functioned as a combination of programming and data made available for use by the user community through interconnection via the web. The efficient delivery of the cloud services provided allows enterprise applications to operate at optimal levels.

Benefit

The SMS microservices solution has resulted in overall cost reduction for the agency’s application build, operation, and maintenance. It not only reduced the need for the high number of application developers previously maintained through multiple contracts across multiple agency organizations, but also greatly increased security posture. By building a microservice that can run on a base operating system, it is easy to change out the Amazon Machine Images (AMI), upgrade the OS, or perform regular patches without any impact to the function of the service. To further streamline enterprise efficiency, the agency is also setting up an initiative that requires new applications to make extensive use of these microservices. This will not only reduce application accreditation time, but will also provide the business benefits of having new application functionality to users more quickly.

The United States Air Force (USAF) has become increasingly reliant on robust wireless networks to support aircrew and maintain flight line operations. As technology continues to evolve, software programs are often utilized via mobile smart devices to transmit and receive real-time data to enable USAF operations.

When end users at a large Air Force Base reported a troubling decline of wireless connectivity for maintenance troops and pilots on the flight line, Air Mobility Command (AMC) reached out to the SMS team to help resolve the growing connectivity challenges. SMS had been providing wireless network connectivity for all Air Force Network (AFNet) connected devices at bases across the country, including tablets and laptops the maintenance crews use to repair the planes. Due to the critical importance of wireless range and stability, SMS worked directly with Major Command leadership throughout this project.

Method

The SMS wireless task team deployed subject matter experts and skilled technicians to interface on-site with the customer in order to efficiently and effectively understand and address the direct needs facing the AMC at the base. The team began by troubleshooting with the local communications squadron and quickly identified an overtaxed and outdated infrastructure. Most device issues were fixed by working in conjunction with the local unit, with only two devices that required replacement.

Next, the SMS team boosted antenna strength to extend the range of the access port devices needed for better flight line coverage. A network configuration was then designed to allow the addition of mobile access points to communicate as a mesh network. The Air Force technicians were able to place these mobile devices and obtain connections in previously inaccessible flight line spots, greatly enhancing mission critical coverage.

Benefit

Working alongside the USAF base technicians, SMS was able to re-establish 99% connectivity of the access points and air monitors that provided wireless coverage for the flight line, and continue to provide status checks to help improve the overall performance of the system.

Modernizing wireless communications infrastructure greatly increased the flight line productivity on base and established clear lines of communication with other bases throughout the USAF. The project was completed with the critical 2-month timeline, and SMS continues to work with AMC to provide wireless network support for 10 additional Air Force bases under their command.

A state-of-the-art, high-performance computing (HPC) system was being migrated and redeployed to replace a legacy Department of Defense (DoD) HPC with the goal of providing a faster, more stable HPC for DoD scientists’ computer-based computations and simulations.

Method

Upon arrival at the DoD campus, the SMS team brought the HPC to a controlled work environment for initial testing. The HPC was reconfigured to function using a Defense Research and Engineering Network (DREN) Unix operating system image and existing DREN networking components. Once the reconfiguration was complete, the SMS team performed a proof of concept using a full “M-Cell,” which consists of four compute node racks (each compute node consists of 2400 CPU cores and 2.348TB of memory), two center cooling racks, and, as the entire system is water-cooled, one water pump rack.

During initial testing, the SMS team first noticed discrepancies in performance, which, upon troubleshooting, were determined to be caused by temperature fluctuations in each of the compute nodes. In order to properly troubleshoot these temperature fluctuations, the team incorporated open source software into the Unix operating system image to easily identify the temperature of each compute node. This enabled temperature mapping for each rack as a whole, which highlighted emerging patterns in the temperature fluctuations that pointed to debris buildup in the water cooling system as the root cause. The cooling system was then flushed, leading to a drastic improvement in the performance of each compute node. Safety controls were then built in for each node, preventing it from exceeding a temperature threshold by performing automated shutdowns due to thermal events. This precaution eliminated the majority of the power and cooling issues with the HPC, and yielded metrics showing how the machine functioned from a computing standpoint.

Following proof of concept testing, the SMS team completed the full HPC installation reutilizing fiber optic cabling obtained during the HPC disassembly and also deployed monitoring systems to prevent any future thermal events. Because the team had already worked out the HPC Unix software installation for configuration for the M-Cell during proof of concept, they successfully got the system up and running in significantly less time.

For ongoing monitoring of each compute node, the SMS team also built a custom web GUI that displays a physical representation for each compute rack in the M-Cell, showing temperatures of each compute node in that rack. Following the deployment, the team finalized the build of the queuing system for customers to submit compute jobs. This queueing system is based on the same system that large HPC centers use so that the scientists can test and model their code first and then easily move it to the larger centers if they need more horsepower.

Benefit

The newly repurposed HPC will allow scientists within multiple directorates to build scientific computer modeling simulations and to perform smaller batch run code testing to ascertain quick solutions to questions that arise within their projects. Through the successful redesign of the HPC to replace a legacy, aging platform, SMS helped the DoD lab save millions of dollars in the cost of a new HPC.

The Defense Department’s Risk Management Framework (RMF) is applicable to all DoD information technology that receives, processes, stores, displays, or transmits DoD information and follows the processes outlined in DoD and National Institute of Standards and Technology (NIST) publications. With the change in the DoD Information Assurance Certification and Accreditation Process (DIACAP), the DoD requirements and processes became consistent with the rest of the federal government.

When a Defense Department customer’s system accreditation process was behind schedule from converting DIACAP to RMF,  they requested SMS support their current needs as well as plan for future accreditation.

Method

SMS began the project by deploying an experienced information assurance (IA) team to manage the  DIACAP-to-RMF migration. The IA team was deployed from SMS headquarters in McLean, VA to a mid-western location for two months to manage the reaccreditation process and train staff on the requirements of RMF. The SMS team provided expertise on the complexities of the RMF process, starting with proper categorization. The number of controls and checks, which can exceed 4000, depends on system categorization in the operational mission security requirements of confidentially, integrity, and availability.

SMS then created an RMF foundation and training structure for the customer that was designed not only to address the current system need, but also to ease future RMF accreditations with a process that the customer could follow for every future iteration. The training structure included access to the SMS corporate SharePoint site, which provided guides, process, links, and templates.

By training the customer’s staff on all necessary tools, providing one-on-one training, and augmenting customer staff with a RMF subject matter expert (SME) to retain institutional knowledge, SMS was able to help ensure the success of both the current and future system accreditations. The SME allowed the customer to keep the system secure, continuously improve system security, and reduced overall risk.

Benefit

In addition to the RMF package being completed on time and receiving accreditation, SMS provided the support and training the customer needed to maintain the system in the future.

An independent Defense Department agency was planning to install a Microsoft Lync Unified Communications (UC) platform. However, they also needed to meet a protocol requirement for call preemption that only Cisco supported. The disparate vendors would create challenges with interoperability between the systems and, without the technologies working together, the UC system would lack the capabilities necessary for a robust communications network.

Method

SMS approached the challenge first by applying our high-level engineering skill sets with both Microsoft and Cisco. Our customer requested a Microsoft solution, but also accepted the proposal of a joint platform with Cisco due to a key, necessary feature called Multilevel Precedence and Preemption (MLLP) that Cisco provided. This preemption overrode established calls to ensure that mission critical communications always had an outside connection. In order to integrate the disparate vendor systems, we designed and implemented a plan that included standards-based session protocol (SIP) signaling and session border controllers (SBC’s), as well as intelligent call routing, which was essential to meeting the MLPP protocol. In order to effectively implement the intelligent call routing feature across the platforms, the SMS team worked with the vendors on configurations, bug fixes, patching, and software updates. Meanwhile, the SBC’s were used to understand each vendors’ interpretation of the SIP signaling protocol, and the SMS team translated the protocol to a format that the Microsoft and Cisco phones could understand while also maintaining end-to-end security. The SMS team then designed a call routing system to create a universal dialing plan. The overall solution was the first of its kind in the DoD. SMS continues to manage and operate the systems and infrastructure for this agency.

Benefit

A seamless, wholly integrated, multi-vendor solution allows for all end-users to use all the Unified Communications features whether they are connected to the Microsoft or Cisco platform, including: telephony, instant messaging, presence, application sharing, and conferencing. Meanwhile, high-ranking officers have the option of preemption and call override as a voice protocol in order to protect national security.