Meeting the Challenge of Managing Both Data-in-Motion and Data-at-Rest Devices

Data at Rest UAV
Data at Rest UAV
Blog
August 18, 2021

Meeting the Challenge of Managing Both Data-in-Motion and Data-at-Rest Devices

Modern, Deployed Ethernet Networks

Today’s deployed military vehicles require a host of computers. From mission computers to sensor management computers, these subsystems must communicate and share data and access shared storage via Ethernet networks. Data passing across such a network is known as data-in-motion (DIM) or data-in-transit (DIT). Data stored on a network attached storage (NAS) device is known as data-at-rest (DAR).

As a deployed example, a recent unattended vehicle had 15 network clients (computers), one network switch, and one network attached storage device. To reduce size, weight, and power (SWaP) and reduce software update issues, the 15 network clients did not include local hard disk storage. Instead, they were all remotely booted by the one network attached storage device which housed the operating system and application files for each. Software updates were distributed to the 15 clients each time the system was initialized.

But how do you manage and set up such a diverse system? That’s where Curtiss Wright’s IQ-Core software comes in.

IQ-Core Software

Curtiss-Wright PacStar IQ-Core Software provides a unified interface (“a single pane of glass”) to networking and computing equipment from multiple vendors on a network. It’s designed to monitor, manage, configure, and troubleshoot equipment in tactical and expeditionary use cases, including extensive support for military and deployed programs.

Although IQ-Core Software has been deployed for more than 15 years, it is a recent addition to the Curtiss-Wright product family, acquired through the Curtiss-Wright acquisition of PacStar in late 2020.

The software is widely deployed throughout the U.S. military in tactical networks as well as fixed infrastructure. IQ-Core Software includes extensive capabilities for managing and monitoring tactical and enterprise networks. IQ-Core Software Crypto Manager plugin provides support for VPN and certificate management required for Commercial Solutions for Classified (CSfC) DIM solutions and is included in many fielded CSfC projects.

DTS1 Overview

DTS1 Data Transport System

The Curtiss-Wright Data Transport System (DTS1) is an example of a modern, rugged NAS device that can protect classified data per the National Security Agency’s (NSA) CSfC program. The DTS1 provides two layers of certified commercial encryption to protect classified DAR, including Top Secret/SCI data. The outer encryption layer is hardware full disk encryption (HWFDE), and the inner layer is software full disk encryption (SWFDE). The DTS1 is on the NSA CSfC approved components list and is currently deployed by several U.S. Navy and Air Force programs in both attended and unattended applications.

Managing DTS1 with IQ-Core Software

Recently, the engineers at the Curtiss-Wright Defense Solutions division in Dayton, Ohio, conducted a prototype showing the ease of integration of IQ-Core Software and DTS1, enabling access and control of the DTS1’s command-line interface (CLI) through the IQ-Core Software, as shown in Figure 3.

Figure 3 - Curtiss-Wright PacStar IQ-Core Software Integrating DTS1 CLI

The DTS1 CLI is a simple yet powerful set of controls for every DTS1 function, including:

  • Login to the DTS1
  • Essential network functions such as IP address management and protocols enable/disable
  • Authentication to both encryption layers
  • Remote boot functions (through the PXE protocol) and management of client boot files

Using open industry-standard protocols, like SSH, SNMP, and ICMP, IQ-Core Software can quickly demonstrate IQ-Core standards-based integration with the DTS1, controlling the device and monitoring system information, drive capacity, voltage, temperature, and services status for the DTS1 software (see Figures 4 & 5).

IQ-Core Software supports many network and communications devices from more than a dozen major network and systems vendors. These devices with enhanced support in IQ-Core include graphic wizards with step-by-step instructions for administrators/operators that prefer to stay out of CLI. As shown in this prototype, new devices such as the DTS1 can be seamlessly integrated into your network managed by IQ-Core software. Wizards supplementing the CLI and health monitoring of the DTS1 could be a future enhancement to the prototype integration.

Figure 4 - Curtiss-Wright PacStar IQ-Core Software & DTS1 system information

Figure 5 - Curtiss-Wright PacStar IQ-Core Software & DTS1 system information

 

One-Stop Management of Data-in-Motion and Data-at-Rest from Curtiss-Wright

Now the mature IQ-Core Software can handle the management of DIM devices and control the DAR device. With options for NSA CSfC encryption for both data-in-motion and data-at-rest, Curtiss-Wright offers a secure encrypted network that is easily managed, reducing complexity while improving the performance and security of today’s deployed Ethernet networks.

Click here for more information about the DTS1. Click here for more details about IQ-Core Software.

Paul Davis

Paul Davis

Director, Product Management (Retired)

Paul Davis began his career for Curtiss-Wright as a Research Manager for the Dayton, OH facility in 1997. Paul has held positions including Director of Engineering managing a staff of 40+ engineers, managers, technicians, and co-op students; Product Manager for the switches, recorders, and various board-level products; and then Director of Product Management. Now retired, Paul worked in engineering and engineering management positions for 19 years.

Protecting critical data-at-rest (DAR) from unauthorized access

Today’s defense and aerospace platforms are required to protect critical data-at-rest (DAR) from unauthorized access. Curtiss-Wright offers cost-effective, proven, and certified commercial off-the-shelf (COTS) storage solutions that match various data security requirements, including National Security Agency (NSA) Type 1, NSA Commercial Solutions for Classified (CSfC), Common Criteria (CC), and FIPS 140-2.