Meeting the Challenge of Managing Both Data-in-Motion and Data-at-Rest Devices
August 18, 2021 | BY: Paul Davis
Modern, Deployed Ethernet Networks
Today’s deployed military vehicles require a host of computers. From mission computers to sensor management computers, these subsystems must communicate and share data and access shared storage via Ethernet networks. Data passing across such a network is known as data-in-motion (DIM) or data-in-transit (DIT). Data stored on a network attached storage (NAS) device is known as data-at-rest (DAR).
As a deployed example, a recent unattended vehicle had 15 network clients (computers), one network switch, and one NAS device. To reduce size, weight, and power (SWaP) and reduce software update issues, the 15 network clients did not include local hard disk storage. Instead, they were all remotely booted by the one NAS device which housed the operating system and application files for each. Software updates were distributed to the 15 clients each time the system was initialized.
But how do you manage and set up such a diverse system? That’s where Curtiss Wright’s IQ-Core software comes in.
Curtiss-Wright PacStar IQ-Core Software provides a unified interface (“a single pane of glass”) to networking and computing equipment from multiple vendors on a network. It’s designed to monitor, manage, configure, and troubleshoot equipment in tactical and expeditionary use cases, including extensive support for military and deployed programs.
Although IQ-Core Software has been deployed for more than 15 years, it is a recent addition to the Curtiss-Wright product family, acquired through the Curtiss-Wright acquisition of PacStar in late 2020.
The software is widely deployed throughout the U.S. military in tactical networks as well as fixed infrastructure. IQ-Core Software includes extensive capabilities for managing and monitoring tactical and enterprise networks. IQ-Core Software Crypto Manager plugin provides support for VPN and certificate management required for Commercial Solutions for Classified (CSfC) DIM solutions and is included in many fielded CSfC projects.
The Curtiss-Wright Data Transport System (DTS1) is an example of a modern, rugged NAS device that can protect classified data per the National Security Agency’s (NSA) CSfC program. The DTS1 provides two layers of certified commercial encryption to protect classified DAR, including Top Secret/SCI data. The outer encryption layer is hardware full disk encryption (HWFDE), and the inner layer is software full disk encryption (SWFDE). The DTS1 is on the NSA CSfC approved components list and is currently deployed by several U.S. Navy and Air Force programs in both attended and unattended applications.
Managing DTS1 with IQ-Core Software
Recently, the engineers at the Curtiss-Wright Defense Solutions division in Dayton, Ohio, conducted a prototype showing the ease of integration of IQ-Core Software and DTS1, enabling access and control of the DTS1’s command-line interface (CLI) through the IQ-Core Software, as shown in Figure 3.
Figure 3 - Curtiss-Wright PacStar IQ-Core Software Integrating DTS1 CLI
The DTS1 CLI is a simple yet powerful set of controls for every DTS1 function, including:
- Login to the DTS1
- Essential network functions such as IP address management and protocols enable/disable
- Authentication to both encryption layers
- Remote boot functions (through the PXE protocol) and management of client boot files
Using open industry-standard protocols, like SSH, SNMP, and ICMP, IQ-Core Software can quickly demonstrate IQ-Core standards-based integration with the DTS1, controlling the device and monitoring system information, drive capacity, voltage, temperature, and services status for the DTS1 software (see Figures 4 & 5).
IQ-Core Software supports many network and communications devices from more than a dozen major network and systems vendors. These devices with enhanced support in IQ-Core include graphic wizards with step-by-step instructions for administrators/operators that prefer to stay out of CLI. As shown in this prototype, new devices such as the DTS1 can be seamlessly integrated into your network managed by IQ-Core software. Wizards supplementing the CLI and health monitoring of the DTS1 could be a future enhancement to the prototype integration.
Figure 4 - Curtiss-Wright PacStar IQ-Core Software & DTS1 system information
Figure 5 - Curtiss-Wright PacStar IQ-Core Software & DTS1 system information
One-Stop Management of DIM and DAR from Curtiss-Wright
Now the mature IQ-Core Software can handle the management of DIM devices and control the DAR device. With options for NSA CSfC encryption for both DIM and DAR, Curtiss-Wright offers a secure encrypted network that is easily managed, reducing complexity while improving the performance and security of today’s deployed Ethernet networks.