Experts from Curtiss-Wright and Cisco discuss how advanced technologies are empowering tactical networks to deliver vital information securely to the edge, even in a contested environment.
The rapid pace of innovation in commercial IT technologies including cloud, big data, machine learning, IoT and ISR provide new opportunities for defense organizations to achieve and maintain C5ISR overmatch – as long as networks and computing power can securely deliver those benefits to the network edge.
To achieve this, modern tactical networks must be deployable in reduced size, weight, and power – while delivering ever more bandwidth and security – in order to keep up with additional user and mission demands while protecting networks from increasing cyber and EW threats.
Tactical networks must provide critical services when disconnected from HQ, cloud, or upper echelon services while operating where wide-area networking is slow or unreliable due to contested spectrum, difficult terrain, or lack of SATCOM.
Recent COTS advancements in rugged, embedded networking are ready to meet these challenges – delivering 10x the performance and major security advances.
Frank Columbus, Technical Marketing Engineer, Cisco Systems and Charlie Kawasaki, CTO, Curtiss-Wright discuss the latest small form factor, rugged, high speed switching and routing hardware technologies.
Transcript
Bob Ackerman
Everyone, I’m Bob Ackerman the Editor-in-chief of Signal Magazine and I'd like to welcome you to our SIGNAL media webinar titled High-speed Secure Networking at the Edge.
In today's webinar which is sponsored by PacStar, Cisco and Curtiss-Wright, three experts will discuss how advanced technologies are empowering tactical networks to deliver vital information securely to the edge, even in a contested environment. Now, those of you who participated in past SIGNAL webinars are familiar with our audience interface. Throughout the presentation webinar attendees are encouraged to submit questions electronically through the ask a question box on the webinar console. When our experts are finished with their presentations they'll answer as many questions as time permits during this hour-long session
Also, the resources tab offers resources to attendees throughout the event. Today's first presenter is Charlie Kawasaki, CTO for PacStar. In his 16 years with the company Charlie has been part of a team that won tactical networking equipment awards for several defense department programs across the services. All told, he brings more than 40 years’ experience to the table in a number of networking, AI and systems integration disciplines.
Joining Charlie as a presenter is Frank Columbus, Technical Marketing Engineer Embedded Products, Internet of Things, System and Software Group, Cisco Systems. Frank has taken two turns at Cisco, beginning in 1993 as a systems engineer in field sales for nine years and returning to the company in 2013 where he became a technical marketing engineer in 2015.
Our third presenter is Dominic Perez, Vice-president of Systems Engineering, PacStar, specializing in routing and switching as well as security, Dominic and his team are responsible for PacStar's modular data center product line along with other company commercial solutions for classified products.
So with that I'd like to turn this presentation over to Charlie Kawasaki. Charlie?
Charlie Kawasaki
Thanks Bob. I’m going to go ahead and share my screen here so give me a second. In order to better coordinate deployed forces and enable new capabilities the U.S. Army, Air Force and Navy are actively looking to new programs to ensure warfighters have maximum agility and situational awareness. These programs will adopt a variety of compute and bandwidth-intensive technologies, increasing the use of video, big data analytics, artificial intelligence and machine learning to deliver the command and control information that warfighters need.
The software enabling these capabilities is increasingly developed to run in the cloud which itself might reside in a range of data centers ranging from large commercial services to the DoD's regional hub nodes or RHNs. These are located in separate strategic regions and used by deployed Marine Corps and Army units to access information from theater tactical networks around the world.
As forces develop greater dependence on cloud-based services, denial of wide-area access to the cloud due to contested communications through electronic warfare becomes a critical problem. A key to delivering advanced tactical capabilities and ensuring their continued availability is to vastly increase the capability of networking and compute at the edge of the battlefield, replicating critical data and services in mobile cloud infrastructure. As such the DoD is looking to deploy cloud replication between remote computing nodes and upper network echelons as shown here.
One example of these programs is the U.S. Army network cross-functional teams CPI-2, which is currently developing prototypes of its command post vehicles - essentially mobile data centers that in future iterations could support local cloud. These are medium tactical vehicles or trucks that carry a small data center's worth of servers enabling data resiliency. Likewise the Army future command has published a roadmap that specifies requirements for robust deployed cloud capabilities for their capability set 25.
Similarly, the U.S. Air Force is developing the Advanced Battle Management System or ABMS - a federated cloud system that will provide secure processing from a security cloud it refers to as cloud one, already running in commercial clouds. It also envisions a local cloud called edge1 to provide continued availability in case communications with cloud one are disconnected
In another example the Navy recently issued an RFP to support tactical cloud analysis including an approach for providing remotely deployed cloud or processing services in case the tactical unit becomes temporarily disconnected from the tactical network. In addition to cloud replication and data resiliency, higher speed networking is required to unify networking on modern vehicle platforms. Today organizations are fielding multiple discrete networks for various functions creating size, weight and power problems as well as system management complexity problems. Future vehicle electronics programs aim to unify networks combining C2, ISR, EW, radio, vetronics, and even integration with lethality systems.
At PacStar, now part of Curtiss-Wright Defense Solutions, we're pleased to collaborate with Cisco Systems developing new technology that makes it possible to meet these requirements. I'd like to turn it over to Frank Columbus, Cisco Systems technical marketing engineer to show how Cisco leverages their technology to make this a reality. Frank?
Frank Columbus
Thank you, Charlie. I’m Frank Columbus, Cisco Technical Marketing Engineer for IoT Embedded Systems. As Charlie mentioned, today's tactical networks absolutely need high bandwidth, the best cyber security and minimal size, weight and power. Next slide. Let's take, well let's first take a step back to look at the broader picture regarding Cisco's value to the U.S. government.
So as a part of Cisco's importance to the government, the pool of military personnel that are trained on Cisco technology is huge. I can't quantify this in totality but let's take a look at two key training programs - Netacad and learning credits. Netacad is a corporate social responsibility program that's basically Cisco giving back to the community - in this case the military community. The program's been in place for over 23 years - Cisco's contribution over the course of that time has been in excess of 40 million dollars. We've trained more than 93,000 students and over the last year alone over 7000 students have been trained.
Learning Credits is an incentive-based program based on purchases and the range is generally 20 to 30 million dollars annually and these learning credits are targeted at training. Next slide. For the Netacad program the military provides base facilities as training facilities worldwide. Also notice there's a large number of high schools on this list. Netacad also trains the children of deployed military families so think about this. Today we're training today's war fighters as well as the next generation. Next slide.
Cisco IoT industrial products are derived from enterprise products - those are the products that typically are used by the IT departments - they go into the carpeted workspace. The architecture and software for these products are basically shared as a common basis. Embedded products likewise are the next derivation from a subset of IoT industrial. Later today we're going to introduce our new ESS-9300 switch which is derived from the Catalyst-9200 so the net of this is after the product goes through all the necessary certification processes all of the work that was put into creating the STIG can be leveraged for the ESS, and for those of you who are not familiar with the term STIG, basically it's a how-to guide for configuring router switches, wireless network elements essentially in a secure manner to meet the mission needs. Next slide.
Let's take a quick look at the broader Cisco IoT portfolio. So as I mentioned, the products in industrial IoT are derived largely from enterprise products across the portfolio which has switching, routing, wireless security products, network management etc. All of these products are fanless. Some are din rail mount, some are rack mount, some have IP67 weatherproof enclosures right on the product itself. All have an extended temperature range but even with all of that some vertical markets are missed and that is where we look at embedded IoT and our partners such as PacStar. Next slide.
So if I expand out what was the upper-right corner of the previous slide and I arrange the switches on the left half of this slide, the routers on the right half, these are the components that Cisco supplies to PacStar. Go ahead and click the build-out. On the bottom are the products that PacStar bills as finished products for the military and today's focus is going to be on the very left side - the ESS-9300 inside the PacStar 448. Next slide.
So we've been saying size, weight and power - we're small form factor - quite a bit today so a quick way to visualize the actual size of the ESS-9300 module is take two credit cards, put them side by side on the long edge and within a few hundredths of an inch in either dimension you have the size of the ESS-9300 module. No, that wasn't by design, it basically worked out that way by chance but that's a really good way to visualize the size of this module. So next slide.
What is the ESS-9300? Well it is a switch, 10 ports of 10 gigabit ethernet and remember enterprise products are derivations, embedded products are derivation from enterprise products and hence the IoS XE operating system used in the enterprise products with security features that are applicable to this platform are implemented on this module. This module also features an operating altitude of 40,000 feet, an extended temperature range of minus 40 to plus 85 degrees C. It will go through FIP certification, Common Criteria and several other federal certifications that are currently in the queue. Those things take time.
It also has a mean time between failure of 48.2 years so imagine that - unless the product is physically damaged it will very likely outlive the mission. Next slide. So let's take a look at some of the security features on this product. Arguably, this is probably the most important of all of the security features - the chain of trust. If I don't have an assurance that my hardware is authentic and my software's authentic, basically how can I trust the underlying security features? So for hardware authenticity we have a trust anchor module - the Cisco ACT 2 - ACT stands for anti-counterfeit technology. It's an integrated circuit that contains an immutable factory burn-once certificate that contains the secure unique device identifier. Boy, that's a mouthful; it's easier to say SUDI.
How do I know the software is authentic? Well we start out with a secure boot plus an image signing at every major stage of software module right up to the point that the OS is running. Hence we have an assurance that nothing absolutely nothing has been added, removed or modified. Next slide.
Another feature that is special to embedded IoT products is the zero eyes feature. Now what zero eyes is it's far more than factory-default that you see on other platforms that we at Cisco produce. With just the push of a button this feature can right wipe out every writable partition, leaving the device in ROM-ON which is basically the bootloader. So at that point in order to use the product again one would have to do a full recovery and reload of the configuration, however what we've done is we've wiped all the confidential information to make sure that if the product were to fall into the hands of an adversary they would have a fine time trying to basically hack the rest of the network. This is a very valuable security feature for a lot of the products being used by our military. Next slide.
So AAA security, wow that is basically a direct quote of what AAA is from the Cisco documentation so let me simplify this with a few words. Authentication - that first step is prove to me you are who you say you are and you're going to do that electronically. Authorization - once you do prove you are who you say you are we'll tell you what you're allowed to do, and lastly accounting. Yes we are watching, we are logging, we're taking notes of exactly what you did, when you did it, how much of it you did and if you were bad and you did things you weren't supposed to do we're logging that too. Next slide.
This architecture, the AAA in IEEE 802.1X has been around for many years on wi-fi networks. If you're familiar with configuring an access point you've probably seen things like WPA enterprise, WPA2 enterprise. Well, what organizations are realizing is that the value of that type of control, that type of security, that was leveraged on wi-fi is also very valuable in wireless, in wired networks so the ability to extend AAA out to the endpoint via extensible authentication protocol overland (EAPoL), that's the first step in the AAA process and that side is called the supplicant.
The switch is the network device or authenticator in standard speak and it talks back to an authentication server, in this case Cisco ISE, and those protocols could be RADIUS, TACASC+ or LDAP. ISE can also then probe further into other identity stores on the network via active directory and LDAP so in total there is a very complete security picture and this slide emphasizes how the ESS-9300 in the PacStar 448 fits into the broader security picture.
So with all that this slide is kind of an eye chart but what it's showing is the broad a rich set of security features that we currently have a product introduction for the ESS-9300 impact store 448 with more security features on the way so at this point I'd like to turn the discussion over to Dominic Perez of PacStar for a deeper look into how they deliver Cisco technology to our military.
Dominic Perez
Thanks Frank. Yes I'd like to talk about how PacStar has taken Cisco's IoT portfolio and integrated them into the PacStar 400-Series family to deploy high-speed networking at the tactical edge. Next slide please.
The PacStar 400-Series is a line of ruggedized networking communications and compute modules all built to a standardized form factor most of our modules are what we call one-slot, roughly 5 inches by 7 inches by 1.6 inches high. We also produce modules that are two or three slot multiples of this height. I’ll introduce some of those in a moment. We've partnered with Cisco for over a decade to embed their industry-leading routing and switching technology into PacStar products.
While Frank has given you a sneak peek I’m happy to formally introduce the PacStar 448 here today. The PacStar 448 is a 10 Gig switch as Frank has mentioned with 10 10-Gigabit ethernet ports - those SFP plus ports that you see on the front. We also have a 1 Gig RJ45 port for management network, a console port for local administration and a USB port for transferring configurations or IoS XE files. At PacStar we put the needs of the warfighter close at hand and the PacStar 448 supports a lights-out mode which turns off all sound and lights and the quick-zero-eyes button that Frank had mentioned. Next slide please.
All the PacStar 400-Series modules are extensively tested to MIL-standard 810 for thermal, shock, vibration and operation in blowing sand and dust as well as MIL-standard 461 to ensure that your EMI footprint is minimized. Independent laboratory is testing for the 448 - the labs are a little backed up due to Covid-19 - our design and test nearly guarantees a pass but PacStar doesn't stop there we'll get into the independent lab just as soon as we can. All the PacStar 400-Series modules can operate standalone, powered by an AC adapter on 10 to 35 volts DC or with PRC 148/152 batteries. When you use those radio batteries they function as a UPS, seamlessly providing backup power for up to two hours per battery. The batteries can even be hot-swapped one at a time to keep running as long as you have a supply of batteries to run off the grid.
Where the 448 really shines is when integrated with other modules like the one that you see here - the PacStar 447 in the 400 Series family. The 447 is powered by another one of Cisco's IoT modules - the 6300. It's a powerful compact router that has two 1-gig SFP RJ45 combo ports as well as four 1-gig switch ports. When equipped with the boost license this little router can transmit IPSEC at more than 350 megabits per second. Next slide please.
PacStar has a whole family of router and switch modules all powered by Cisco IoS and IoS XE. Many different server options, radio gateways to bridge your communications to an IP network and a wide assortment of sleds to hold your type 1 devices or your handheld radios and integrate them into the PacStar 400-Series form factor. Next slide please. Looking at our server options, PacStar has more than 50 different SKUs with different processors, memory configurations, storage and expanded capabilities. We can tailor the solution to meet your mission need, minimizing SWaP and maximizing capability.
We refer to all of our one-slot modules as the PacStar 451. It's available with 4 core through 16 core Xeon processors and the Xeon D options offer up to 128 Gigs of RAM and dual 10 Gig SFP interfaces - great for plugging into the 448. The PacStar 455 shown on the bottom left houses the same Xeon D and 128 Gigs of RAM as the 451 but the three-slot form factor allows us to add an enterprise-grade raid controller from Avago, Broadcom, LSI, whoever they want to be this year, and eight two and a half inch SSDs. Load it up with the 15 terabyte drives that we have available - you have over 120 terabytes of storage available in a six-pound package.
Saving what is probably our coolest server module for last is the PacStar 453. This two-slot module again houses the same Xeon D 128 Gigs of RAM and 10 Gig interfaces but it also packs an NVIDIA Quadro T1000 GPU with 896 CUDA cores and 6 Gigs of DDR6 it's perfect for edge processing of AI, video transcoding, object detection, sensor fusion or even a quick game of Fortnite. Next slide please.
With all of these modules you need some way to power them and transport them. For that we have the PacStar smart chassis available in 4-slot and 5-slot capacities and capable of taking wide range AC or DC input with UPS functionality backed by a common military 2590 lithium-ion battery or 5590 nickel metal hydride battery for airline compliance. The smart chassis can then be transported in the overhead bin with our carbon fiber transit case. Next slide please.
If carrying overhead is not what you need to do we also have a wide variety of rugged vehicle mounts to take those same smart chassis and mount them into your vehicle. As you can see here the PacStar gear is very rugged, perhaps even more rugged than the vehicle that the armed forces choose to mount it in. The marines took a couple of vehicles loaded up with our equipment and ran them around Camp Pendleton until the vehicles themselves broke - not the PacStar equipment. We didn't miss a beat. Next slide please.
So it's from all these building blocks that we've created the PacStar Modular Data Center. First and foremost the Modular Data Center is just that - modular. You can mix and match our compute and networking modules to meet the mission at hand it can be a bit overwhelming to have so many options when speccing out a system. To help kick things off we've outlined several payloads and templates that I'd like to go through today. There's just a few that I’m going to highlight on the next slide please.
This is what we call our variant one when you want as much compute and memory as you can get in an overhead bin. With eight ZND servers and 10 Gig switch for interconnects that PacStar 448 powered by the Cisco 9300 you can run all of your data center applications at the edge or the virtual network functions or connected to another one of our cases full of networking gear. Next slide please.
When we break it down and we look at how it's equipped you have 120 CPU cores, a terabyte of RAM and more than 120 terabytes of storage. Next slide please.
The second payload that we'll look at - swap six of the 451 modules for two of the 455 modules to maximize storage. Next slide please.
In this scenario, you still have 64 cores and half a terabyte of RAM but you bring along with that a gargantuan 276 terabytes of storage. I’ll leave it to you what you're going to fill that up with. The final variant that we'll look at today holds four of the PacStar 453 GPU accelerator modules along with that Cisco 10 gig switch. Next slide. Here we have the same 64 CPU cores and half a terabyte of RAM but we're swapping some of that storage to get almost 3600 CUDA cores for more than 10 teraflops of GPU processing power. And again you can mix and match all of these solutions, these are just a few examples. Next slide please.
All this hardware is great but we need some software to make use of the capability. The PacStar Modular Data Center supports Cisco hyperflex and NFVIS as well as all of the other major hypervisors. We have a broad range of virtual network functions like the Cisco CSR 1000v, the ESR 5921 the ASAv for firewalling and security along with the full Cisco unified communication suite. That's just the start of what's possible. If it runs in a VM or a container we can run it on the PacStar Modular Data Center. Next slide.
While we have focused today primarily on PacStar's hardware offerings I'd like to point out that PacStar also has a powerful suite of software solutions in our IQ-Core line for managing and monitoring complex networks through a single pane of glass interface as well as a group focused on integrated solutions helping you solve your problems and address your mission using PacStar hardware and software along with the best of breed third-party software from Cisco and others. Next slide.
With that I’m going to hand it back to Bob for our Q&A.
Bob Ackerman
Okay, thank you Dominic. I want to remind everyone it's the ask a question box that is your portal to the discussion. Already got some questions in there so let me turn to them. One question is can audit logs be exported to non-Cisco network management systems such as IQ-Core?
Dominic Perez
I’ll take that Bob. Yes, the login information from all of our modules can be forwarded to IQ-Core as syslogs or other events and those can in turn be forwarded to upstream to other log storage devices so we're fully compatible up and down the chain.
Bob Ackerman
Okay next question. I’m gonna having made one jump ball call, I’m gonna toss this one over to Frank - seems to be a Cisco question. What's the difference in IoS versus IoS XE? Is it hard to learn IoS XE if you know IoS?
Frank Columbus
It is absolutely not a difficult task to transition from IoS classic to IoS XE. Much of what you've learned about the command line interface translates over directly so you have a user exec mode, you have a privileged exec mode, you've got a configuration editor and oh, by the way, those two things that you learned way back in CCNA about the question mark and the tab being your best friend - it holds true. There's debug commands, there's the show commands - much of the um syntax carries over. There are differences. As an example, the AAA security features that I mentioned earlier - AAA on the older IoS classic and if you compare that with AAA on IoS XE have differences. So yes, as technology moves forward you're going to expect differences but they're not insurmountable if you knew the prior IoS classic.
One thing that I will tell you that will make your life immensely easier is even if you're a command-line jockey, do play with the new IoS XE web UI. Good reason for it. Remember that pesky little problem that you have when you want to do an upgrade and you've got to go out and find a TFTP server to load onto your laptop, and by the way TFTP is probably not a secure protocol that you want to use today. Well guess what? With the web UI you can very simply use HTTPS to upload a new image from your laptop, either a Mac or PC and very simply upgrade the device.
Bob Ackerman
Okay. thank you. Dominic I’m going to turn back to you for this question. Why do you need 10G land networking when the weigh-in might only be 10 megabits per second satellite?
Dominic Perez
Well it's not a webinar if someone doesn't forget to unmute so I’ll nominate myself for that. That's a really good question. Having only a 10MB backhaul is exactly why we need high-speed networking 10 Gigs at the tactical edge. What we are trying to do and what our customers are trying to do is to replicate the data center out at the edge using some of those hyper-converged software solutions that I talked about. Every vendor's implementation is a little bit different but one thing that seems to be consistent is that they typically take a write on the device that initiated it and replicate it to a second device and the faster you can do that replication across that 10 Gig network the faster these servers can move on to the next thing you're asking them to do.
Bob Ackerman
Okay thank you. I have another jump ball for the three of you. Will PacStar devices with Cisco components be covered through JELA for technical support?
Dominic Perez
I’m not privy to the exact details of that enterprise license agreement. I will say that PacStar offers Star Support that covers all of our hardware and firmware on that and then Cisco smartnet which I believe you get through the EULA through the enterprise license agreement would cover that type of tech support. So PacStar will be front line for you if you have Star Support. If there are things that we need to reach back to Cisco for and also for IoS support that would be part of your license agreement with them.
Bob Ackerman
Okay. Charlie, you've been quiet - here's one for you. How does this technology deal with new radio and transmission technology such as 5G LEO, MEO or even FSO?
Charlie Kawasaki
So the technology that we demonstrated or showed today is IP networking and so long as the radio technologies that you're interested in deploying can transmit IP then we're transmission independent from those. That being said, the Cisco technology has some significant benefits for connecting to various wireless infrastructures - for example the PacStar 447 which includes the Cisco ESR-6300 in it is on the Neapolis right now going through Common Criteria as a VPN gateway. That will give you a government-grade VPN or IPSEC encryption that allows you to encrypt data over any wireless infrastructure and keep that secure so that you can try all sorts of different transmission types whether it's 5G or free-space optics and you can share that same encryption scheme independent of those radio types so it gives you a lot of flexibility.
Bob Ackerman
Another toss-up. I think I’ll call this one. Can you address how or if SD WAN could be implemented for dual home deployed nodes? Do IoT routers support SD WAN?
Frank Columbus
That's a mix - I’m going to have to give you a mixed answer on that. Yes they do support uh SD WAN technically. They have been tested - the ESR-6300 that Charlie mentioned supports SD WAN in IoS XE 17.4 and beyond. However the roadmap part of this are the license PIDs to implement SD WAN - those are actually being worked on as we speak so there's a little bit of work on the product management side to deliver the feature
Charlie Kawasaki
Yeah Frank I’ll also chime in on that a little bit as well. On the PacStar 451, 455 and 453 server platforms we have extensively tested Cisco CSR1000V which is one of Cisco's premier SD WAN routers so that's well-supported on that platform as well.
Bob Ackerman
Okay, well here's a very basic question. Since the networks are operating at the tactical edge how do you protect the classified data?
Charlie Kawasaki
Yeah maybe I’ll take that one. So there's several different technologies and procedures for protecting classified data at the tactical edge. One of the things that PacStar has been very active in is in a program called the NSA commercial solutions for classified program. That allows us to transmit classified data over our infrastructure using two layers of commercial encryption so long as it's NIAP and FIPS-certified. Cisco being one of the leaders in that space has a wide variety of products that are CSfC certified including things like the ASAv including things like the ESR-6300 which is nearly complete with that and so you can use two layers to transmit classified data. So that's the primary means that we use to make that happen.
Other customers also still use Type 1 data and transit encryption devices and so that would be currently the state of play in the tactical networks.
Bob Ackerman
Okay Dominic, I think it's your turn. Question for you. Do you support 10G over copper?
Dominic Perez
Well yes, we do support 10 gigabit ethernet over copper using direct-attached copper cables which are actually the most economical way to do 10 gigabit. They may be referring to trying to do 10 gig networking over ethernet cabling or RJ45 and we don't support that on the 448 although we do on the 451. In general it really isn't the best solution for 10 gig networking. The transceivers use a couple watts more power than even a long-range fiber transceiver and it's really really picky about the cat 6 / cat 7 cable that you use. It's a very limited distance and if you step on those cables, you don't terminate them exactly right you're going to end up with some intermittent problems so we really don't recommend doing 10 gig networking over RJ45. Either over fiber or direct-attached copper is the best solution
Bob Ackerman
Okay, got it. Well here's one I guess for either Dominic or Charlie. Do PacStar products support Wi-Fi and cellular bearers in one chassis
Charlie Kawasaki
So typically our deployment - we've had a lot of different Wi-Fi infrastructure support and typically what we'll have is mobility controllers or other types of technology running on the PacStar 451, 455 or 453 platforms. We've even had other types of technology as well like cellular EPCs and things like that running on our platform. What we've generally found is our equipment is used as what people call a baseband solution and what they want to do is hang the radios either outside vehicles or in a distributed manner around an area to provide greater coverage. So today what we typically find is that we'll have the controllers and the core encryption and security features in our chassis and then the radio infrastructure in an outboard kind of installation.
Bob Ackerman
Okay thank you. Frank we haven't heard from you for a while. This one I think is up your alley. Can I just buy the ESS-9300 from Cisco?
Frank Columbus
Okay, so I’m going to hold up an ESS-9300. This is the ESS-9300 module. You could, but question is how am I going to plug my SFPs to that? That's where our partners like PacStar come in. So yeah you could, if you're going to do some custom work and Charlie you might also address if they do have a custom program, what would PacStar do if, let's say the 448 does not fit into their program? You have a lot of experience working with our ESS-9300 - how would you address that?
Charlie Kawasaki
Well we would ask the customer to call us and see whether or not we could meet their needs. We typically go through very, very rigorous engineering processes so it's not something that we would just necessarily do, you know, a small one-off but there's lots of ways that we can meet our customer's requirements and so you know we would engage with them to understand exactly what they need
Bob Ackerman
Okay, this seems to be a logical follow-up question Frank. With the catalyst ESS-9300 does this mean you're going to EOS the ESS-2020 and ESS-3300?
Frank Columbus
Absolutely not. All three of these are complementary products. If you think about what the ESS-9300 is, it's a 10 gig switch. It's mainly deploying optical interfaces but what would happen if you needed a lot of power over ethernet? That's where an ESS- 3300 comes into play - we can do as much as 24 ports of PoE with two 10 gig uplinks. And then, oh by the way, what if I need just a 10-100 switch? That would be the place that an ESS-2020 comes in. And one other thing I would add to that. PacStar also makes a 400-series module for both of those solutions.
Bob Ackerman
Okay, thank you. Dom, you seem to be a popular panelist among the audience - here's another question for you. Will this type of setup enable redundancy in case a single component fails?
Dominic Perez
Sure, that's the short answer. The long answer is - am I muted? I don't see myself but I’ll just keep talking. Can you hear me Bob?
Bob Ackerman
I hear you hot and clear.
Dominic Perez
All right. Yes so to do redundancy we would leverage the multiple servers that you saw in the MDC examples that I gave and the hyper-converged applications that I mentioned. All of these can set up redundancy and we can even add a second 448 switch to the solution to give you both path redundancy and compute redundancy. So there's lots of options for redundancy in these solutions.
Bob Ackerman
Okay thank you. Charlie - this one I believe is for you. Someone is asking can I run prior generations and this generation of equipment at the same time?
Charlie Kawasaki
Well that's actually a nice follow-on question from what Frank was talking about with the other models of Cisco switches that PacStar currently supports and all of the PacStar 400-Series modules have the same form factor and are essentially interchangeable. They have the same electrical interfaces and they're all open standards in terms of networking so we've had a lot of customers who have done things like deployed systems and then over time upgraded say to a new generation server or in the case of the switches that we're talking about, they may have started with a Cisco ESS-2020-based solution and decided that they wanted higher-speed networking so have stepped up to the ESS-3300 but you can mix and match those and even incrementally upgrade your program, you know one unit at a time rather than having to forklift everything. So yeah you can run the older generation and the newer generation at the same time.
Bob Ackerman
Thank you. All right this one I’m gonna call a jump ball again. For tactical edge users that are currently using two 441 routers and an inline network encrypter for NIPR and SIPR enclave access is there a product that can combine two routers for a physically smaller configuration giving the same access for two enclaves with different classifications.
Charlie Kawasaki
Well, jump ball with me and Dom
Dominic Perez
First I would say first off thanks for being a PacStar customer. Charlie go ahead and offer what you want to offer.
Charlie Kawasaki
Oh so you know if you're using Type 1 encryptors from PacStar today there's still, you would still end up in in a configuration like that where you'd end up with a device on the outside and you've got to have your your HAPI inline encryptor - we have not yet done something like combined a HAPI encryptor into a PacStar 400-Series and that's you know, just something that, PacStar doesn't make those - we use partners to do those kinds of things. If you want to go the CSfC route, the solution doesn't get smaller per se but you do get away from the regulations regarding the handling and the key material and the CCI handling restrictions around the Type 1 encryptor but that doesn't necessarily make it smaller. Dom, do you want to add anything else to that or do you think I covered?
Dominic Perez
I think you covered most of it but that's a pretty technical discussion and I think we've got the asker's contact info so we can reach out and really kind of whiteboard it out with them and see if we can come up with something that helps them make it smaller or quite potentially makes it a lot faster as well.
Bob Ackerman
Okay then, thank you. Charlie this one's for you. You briefly mentioned the system has software management - what does that mean?
Charlie Kawasaki
Oh yeah, so Dominic touched briefly on it on one of his last slides that when we're fielding tactical systems you know we'll have the hardware layer at the bottom, we'll have partner virtualized network functions or security sort of in the middle - the meat of a sandwich if you will - and then the other thing that PacStar makes is what we call IQ-Core® software and this is a network management package that is a single pane of glass designed to simplify, streamline, reduce errors, improve the consistency of configuration across tactical networks. It's particularly useful because U.S. DoD and our military partners as well have a history of acquiring technology from a lot of different vendors and that creates a real learning problem and a manageability problem so we've created an overarching software solution which just brings to the surface the capabilities the warfighter needs to manage their tactical solutions. We have a couple of different main versions of it - one runs directly on a deployed node themselves so if an organization is disconnected from the WAN they're still self-contained and can manage their own equipment. We have a remote management version of it that actually gives you visibility across your whole network and we have another edition which is optimized for managing PKI, VPN and some of the commercial solutions for classified that we talked about so that's just a quick rundown of what that is.
Bob Ackerman
Okay, thank you. Dominic, I need to turn back to you. In the diagrams you did not include wiring. How do the modules connect for power and data?
Dominic Perez
Yeah if someone has a great way to make a diagram look clean and show wiring I'd love to know it but yeah for visibility we leave those out. In the real world PacStar 400-Series modules are connected through our patented connectors on the side where we transmit just power to the modules. We found that to be the most rugged and robust way of connecting them for power for the data connections we do that through good old cabling - either the RJ45 ethernet cabling for the 1 gig and lower connections or the 10 gig DAC or SFP cables that I talked about earlier. So it lets you mix and match, it's almost like a punch down, you can kind of, you know, customer one wants to connect port one to port one but customer two wants to connect port one to port three - if I pre-wire those beforehand I've always got someone complaining. So we let you connect things up how you want to connect them up.
Bob Ackerman
Okay, let's get rugged. Charlie, someone says this looks rugged but what do you mean when you say that?
Charlie Kawasaki
Well okay, this is a kind of a long answer but let me start with the basics. As Dominic said in his part of the overview, our standard PacStar 400-Series modules go through roughly 20 MIL- standard qual tests and we do that with third-party independent labs and we can make those reports available. So while some organizations might say they design to meet those requirements, we test against them and can deliver the documentation and that includes heat and dust and blowing sand and and vibration and shock and that's on the MIL Standard 810. And then on the 461 that has to do with emissions, electromagnetic magnetic interference. So that's our core modules. Then on a program-by-program basis we may also create systems and then have those systems tested as a whole and that's particularly important for organizations that for example might be in flight or may be very sensitive around EMI and things like that. The other thing about the PacStar 400-Series is you probably saw they have standard RJ45 connections in the front and what that means is they're designed to be in a sheltered environment. We don't recommend that you spray them down with a hose. But now that PacStar is part of Curtiss-Wright Defense Solutions we have other business units that have a variety of other products and in some cases very similar Cisco IoT embedded technology on board that are designed in packages that are even more rugged than PacStar so wash-down capable and things like that. So one of the things that I’m really proud about is now we can sort of meet the range of use cases, you know if you need something outdoor, if you need something bolted to the outside of a vehicle that's one of our partner business units if you need something that's in a shelter or in a backpack that's a PacStar solution and from one vendor you can get all those requirements met now.
Bob Ackerman
Okay thank you. All right this is the jump ball. Do you foresee challenges in bringing these solutions forward with the growing focus on secure supply chain manufacturing sources?
Frank Columbus
So let's start with Cisco - not at all. In fact on the presenter chat I put a public link that you could move to the webinar participants, This will address how Cisco treats secure supply chain at a high level. If we really wanted to get into a detailed discussion we could engage with the Cisco people that actually control our secure supply chain as well as PacStar because remember, Cisco's a component to a PacStar product and it would be a holistic discussion. Charlie do you want to add to that?
Charlie Kawasaki
Well, you know from where I sit, our mechanical and electrical engineers make these products and their magic so I would like to find out if Dominic has anything to add but that's an area of the company that I’m not as involved in and don't really feel like I can talk about with authority.
Dominic Perez
Sure I’ll chime in a little bit. I will say that all of the materials that we source for the 400-Series are TAA compliant. We have a robust supply chain management all the way down to the little resistors and capacitors that we put on our boards are validated, verified through the supply chain and their transmission through that supply chain. Beyond that, you know security is a paramount concern for everyone and we do all of our final assembly, all of our configuration and all of our testing in our Portland headquarters. So these are people that are full-time backstage employees - most of them have been with us for many years and I think that's an important thing when you're considering what equipment to buy is where it's made and made in the USA is what we do.
Bob Ackerman
Well on that note that concludes our SIGNAL media webinar for today - I want to thank our experts for their presentation and thanks to all of you the audience for joining us. Our presenters will try to respond directly by email to any unanswered questions in the queue. Now you can link to the archived version of this webinar previous signal webinars on the signal magazine website at www.afcea.org/signal/webinar. Thank you again and have a good day.