Editor’s Note: This post is a VMware case study syndicated to the VMUG Collective. Enjoy!
Like any modern business, military forces need fast access to information to coordinate and execute their missions. However, running an enterprise at the tactical edge isn’t exactly the same as managing a typical data center. Troops need systems that are lightweight, easy to use, and can be deployed anywhere—in helicopters, airplanes, submarines, in a cave, or in the middle of the desert.
Cubic Mission Solutions helps the U.S. military and its allies meet this crucial need, providing secure communications and wireless solutions in a small form factor that can be easily deployed under any conditions. Using solutions such as VMware vSphere and VMware vSAN allows Cubic to build smaller, lighter, military-grade products that help warfighters deploy systems four times faster while meeting the defense industry’s strict security requirements.
Organization Overview
Founded in 1951, Cubic Mission Solutions provides networked Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) capabilities for defense, intelligence, security, and commercial missions.
The Challenge
On the battlefield, every minute and every ounce of equipment can be crucial to the success or failure of a mission, and to the safety of the troops. Cubic constantly works to reduce the size, weight, and power requirements for its C4ISR server and storage solutions, while making them easier to deploy. When the company began using VMware to virtualize multiple servers onto a single, small form-factor box, it was the perfect fit.
“Being able to run VMware on our small form-factor servers was a total game-changer that transformed how Cubic helps the warfighters on the ground,” says Tom Lynott, director of software architecture at Cubic Mission Solutions. “Managing the environment became much easier. We can now migrate and add servers in and out, and we have the ability to patch servers easily.”
Any solution that Cubic offers must meet stringent military security requirements. Near the top of the list is assessing and enforcing continuous compliance with more than 250 Security Technical Implementation Guides (STIGs) set by the U.S. Defense Information Systems Agency (DISA). Applying these security settings manually could take weeks, impacting deployment agility.
“The military needs to be able to deploy secure systems rapidly, which was difficult in the past,” says Lynott. “One of the biggest challenges that we find is the end user may not have the skill sets required to build virtual infrastructures, because their focus is on the military operation. We wanted a solution that could provide the automation needed to give them that capability.”
Because a battlefield situation can quickly escalate from a few hundred troops to a thousand, soldiers often carry more hardware than they need, knowing that scalability might be crucial at a moment’s notice. Despite decreasing the footprint of its proprietary servers, which are manufactured by Cubic subsidiary DTECH Labs, the size and scalability of storage hardware were still limiting factors. Troops still had to transport bulky, expensive storage appliances on airplanes, helicopters, and Humvees, usually buying and carrying multiple units for redundancy and emergency scalability.
“We wanted a virtualized storage solution that would allow the military to reduce equipment weight and the cost of their missions by using our small form-factor servers for their field storage needs,” says Lynott. “But it had to be absolutely reliable and performant under battlefield conditions.”
The Solution
Cubic decided to expand its relationship with VMware by upgrading customer solutions to vSphere 6.7 and offering military clients the option of using vSAN for virtualized storage. vSphere 6.7 offers a number of security improvements, including VM-level encryption and an HTML5-based client that does not require the use of Adobe Flash.
“For the military, using Flash can be a big security risk, so being able to eliminate that with vSphere 6.7 was the first thing that our military clients noticed,” says Lynott. “That was a huge win.”
vSphere 6.7 provides support for Trusted Platform Module (TPM) 2.0, an international standard that leverages the TPM 2.0 chip found on most modern servers to securely store passwords, certificates, or encryption keys used for platform authentication. TPM provides assurance that VMware ESXi™ has booted with Secure Boot enabled, meaning that the machine refuses to load any driver or application unless the operating system bootloader is cryptographically signed.
Cubic took a bold step forward by offering customers rugged, portable server solutions with multiple hard drive slots serviced by a 12Gb/s SAS Host Bus Adapter (HBA) controller. These slots are intended to be used with vSAN, allowing the military to use Cubic’s small form-factor servers to build virtual storage arrays in minutes. vSAN pools direct-attached storage devices across the vSphere cluster to create a distributed, shared datastore, replicating data between nodes for redundancy. Because vSAN is vSphere-native and fully integrated into the ESXi kernel, there are no appliances to push down and nothing further to install.
“We also looked at Nutanix but realized that it would require us to install a virtual storage appliance on every host,” says Lynott. “We selected vSAN because deploying it would be both easier and faster to configure storage for each server.”
To automate every element, the warfighter needs to manage and configure virtual infrastructure. Cubic uses VMware PowerCLI™, a command-line interface and scripting tool built on Windows PowerShell. Monitoring and troubleshooting are made easier with VMware vRealize® Operations™, a unified platform for capacity management, proactive planning, and intelligent remediation.
“vRealize Operations is great for monitoring what’s going on at the tactical edge, making repairs, and ensuring that systems in the field remain up and running,” says Lynott.
Business Results and Benefits
The combination of vSphere 6.7 and vSAN is helping Cubic’s military customers improve security while drastically reducing the size, weight, power requirements, and cost of their field deployments.
“Before vSAN, every time they deployed on a mission, soldiers were carrying about 750 pounds of equipment,” says Lynott. “vSAN makes a huge difference because the individual servers weigh about 3.5 pounds. The lighter transportation weight significantly reduces fuel costs, and we’re saving our customers hundreds of thousands of dollars in redundant storage arrays that they no longer have to purchase.”
When a mission occurs, the military usually needs to deploy immediately, and rarely has the luxury of taking weeks to build out a system and secure it. Using vSphere 6.7 and vSAN, tactical teams can stand up a virtual infrastructure in less than two hours that is fully operational and compliant with DISA STIGs. Needed applications, such as Microsoft Exchange Server and System Center Configuration Manager, can quickly be made available to soldiers, along with video and radio communications over IP.
“It takes about 25 to 30 seconds to configure one vSphere host with vSAN, allowing our customers to deploy field-ready systems approximately four times faster than before,” says Lynott. “And, with all-flash vSAN, performance is 700 percent faster than traditional storage.”
Using the High Availability (HA), Distributed Resource Scheduler™ (DRS), and vMotion® capabilities of vSphere, Cubic provides maximum uptime for virtual machines, automatically balancing the load between hosts for optimal performance. Should a mission suddenly require more troops, the military can perform live upgrades in the field and scale vSAN clusters without affecting tactical operations.
“Together, vSphere 6.7 and vSAN create an unstoppable system to support the modern warfighter,” says Lynott. “It’s stable, and lives depend on it.”
Looking Ahead
Cubic is always exploring new ways to help customers automate manual processes, and the next step is virtualized networking with VMware NSX® Data Center. For example, if the military needs to rebuild a system, they could use NSX Data Center to move an entire network configuration into a virtualized environment, then move it back out to the tactical edge.
“Having portable network configurations that can be moved with a couple of clicks or a drag-and-drop is going to be a huge benefit for our military clients,” says Lynott.
VMUG Office
450 Rev Kelly Smith Way, Nashville, TN 37203
[email protected] +1 312-321-6886