George I Seffers, Editor-in-Chief of Signal Magazine, Dominic Perez, CTO and Technical Fellow of Curtiss-Wright Defense Solutions and Alex Antrim, Senior Solutions Engineer at Yubico discuss:
An explanation of hardware security modules and the foundational technologies that they build upon and why that's critical for today's secure networks in the data centre and all the way out to the tactical edge.
HSMs and how Yubico and the YubiHSM 2 achieve this in the smallest package available.
Some examples of how Curtiss-Wright implements this technology to build secure networks at the tactical edge for the US Military, our allies and coalition partners.
Transcript
Kimberly Underwood
Hello. Thank you for joining our SIGNAL MEDIA webinar series. I'm Kimberly Underwood, Director of Digital News Media at AFCEA International SIGNAL Magazine. I'd like to welcome you to our webinar entitled Resilient Networking for the Tactical Edge which is sponsored by Curtiss-Wright and Viasat.
Today we have several great experts who are going to delve into how networks will need to support future, smaller more mobile units of warfighters who are dispersed across the globe. These units must be able to command and control without connecting to an overarching network or without the continuous links to satellite communications.
Their networks must be node-aware, self-forming and self-healing with the ability to add and remove transports depending on spectrum availability in the area. Our subject matter experts from Curtiss-Wright and Viasat will explore how software-defined wide area networking or SD-WAN can be augmented to meet the unique challenges of the tactical edge network.
I'd first like to introduce you all to Steve Karsten - he is the Business Area Director for Viasat government systems advanced network solutions group ANS where he leads the development of products and programs focused on compute at the tactical edge for military operations.
His team of 30 engineers and program personnel focuses on software-defined networking for defense applications, soldier war and compute and networking defense applications of 5G and terrestrial free space optical communications. Before joining Viasat five years ago, Steve worked on advanced development of remotely-piloted aircraft (RPA) and payloads, naval combat and ship-control systems and missile defense systems as a defense contract engineer and program manager.
Steve is also a marine, having served as a US Marine Corps Communications Officer with multiple combat deployments. He holds a BS degree in Aerospace Engineering from the University of Colorado and an MBA from San Diego State.
Next I'd like to introduce Dominic Perez who is the Chief Technology Officer at Curtiss-Wright Defense Solutions and he is a Curtiss-Wright Technical Fellow. Dominic leads the organization's technical strategy, identifies their technological needs and guides R&D to develop future capabilities.
Dominic has been with PacStar since 2008 when Curtiss-Wright acquired the company in 2022. And he got his start at PacStar as part of its software department where he played an active role in product development and was part of the team that created PacStar's first small form factor devices that evolved into the industry-leading PacStar 400 Series line.
In 2013 Dominic led PacStar's quality systems and network engineering departments, created PacStar's small form factor secure wireless command posts and NSA register commercial solutions for classified - or CSfC system - providing the wireless access to secret and above.
Additionally Dominic led the development of other next generation integrated solutions such as the PacStar Modular Data Center and the PacStar Tactical Fusion System for 360 essay application. Before becoming CTO at Curtiss-Wright Dominic was PacStar’s Vice President of Systems Engineering in 2020. And by trade he studied mechanical engineering and computer science at Oregon State.
Next we have Ted Suszczynski. He is the Principal Engineer for the Advanced Networking and Cyber Security Services Group or ANCS within Viasat's government systems division. Ted has been at Viasat that for 18 years and provides the technical leadership for the teams working on the products and services within ANCS, including their software-defined tactical networking solutions, their soldier war and compute ecosystems and next generation wireless technology.
And prior to being in the ANCS group, Ted was an engineer developing and leading teams at Viasat focused on information assurance, cyber security products, network communications across the low bandwidth and tactical data link systems. Ted holds a BS degree in Computer Science and Computer Engineering from Laterno University and an MS degree in Engineering with a focus on computer networking from UCLA.
And before we get started I'd like to encourage you, our attendee members, to submit questions to our experts and to do that you'll use the ask a question box on the console and when everybody's finished presenting and speaking we'll have Q&As for as long as time permits during this hour-long session.
I'd also like to point you to the resources tab where you can find brochures about Viasat's next agility and VR 1000. It's the virtual mobile SD-WAN, SD-LAN networking platform and there's also a brochure about the net agility NMA200 - the quad LTE 5G mobile access product. And with that, welcome gentlemen and Dominic, I'll turn it over you to get us started.
Dominic Perez
Thanks. Hey, thanks Kimberly, that was quite a mouthful that you got through there so thank you. All right, so today we're going to talk about applying resilient networking for the tactical edge, leveraging software-defined wide area networking and how to augment it to meet the needs of the tactical network. We're going to go ahead and run through the slides today with the cameras off so one last view of your beautiful presenters and we'll go and move through this.
Here's a high level overview of what we'll be covering. We'll start by looking at some of the joint all-domain command and control challenges across mixed networks, cloud integrations and the various authorities needed to field those networks as well as some of the adversarial challenges to network operation - those challenges both of the distributed physical domain we're operating in as well as cyber and electronic warfare challenges to the network.
Following that, Steve will dive into software-defined tactical edge networking - what is needed to be cross-platform and multi-transport as well as the resiliency required to be self-forming and self-healing. Then we'll hand the mic over to Ted to look at how the use cases of software-defined networking will enable ubiquitous communication including enterprise cloud to distributed operations and integrating networks with operations and radio gateways.
Finally we wrap up the prepared presentation with a discussion of the hardware used to field these solutions in the various environments and the various platforms used today. Of course we will leave time at the end for questions so please put those in the box if you have them as we go along. Joint all domain command and control or JADC2 is one of the most ambitious programs that the DoD has ever undertaken.
It's going to take years to achieve this vision and it's going to take a combination of currently available technologies applied to new problems as well as new technologies to fill the gaps. I'm not going to rehash all of JADC2 but in a nutshell we're attempting to break down the barriers to communication and situational understanding.
Today's warfighter can't be impaired by a lack of information. We need to tear down or through the walls that we've been building between those domains of land, sea, air, space and cyber. All of our armed forces and coalition partners need to be able to share data and that data needs to be shared rapidly and as close to real-time as possible to connect the shooter with the information from the sensors.
Through this we will build a platform for data collection and processing that'll enable future decisions to be augmented by artificial intelligence and machine learning algorithms. Every house needs a foundation and in the case of JADC2 that foundation is the data fabric for information sharing. A critical piece of that is the wide area networks that link disparate organizations, locations and domains together. I like to think of this as the thread that weaves the data fabric that will carry JADC2 to success.
Looking at a slide that the U.S. Army has shared for their Capability Set 27, we can see a few of the challenges rely on the upper and lower tactical internet having a transport agnostic network access layer and that plan includes using Automated PACE to achieve that but what does that mean and how will it be automated?
So PACE is where we define primary alternate contingency and emergency paths and produce a PACE plan for how and when to use this. This is really a military planning concept that predates modern networks probably by decades. Well, conceptually this can be automated to help network access with AI machine learning assisting in the automation, it still reflects a focus on a legacy decision tree and it's trying to define a DoD-specific solution to what really is a global problem when our internet access is expected to be ubiquitous even in remote locations.
That's just as true for critical business and infrastructure or healthcare and telemedicine as it is for military and emergency responders. In a modern software-defined land and LAN network we don't just move to the next transport in a PACE plan. We can bond multiple networks together for maximum throughput and we can even monitor the underlying health of those network transports and the equipment that they run on to predict congestion.
Further, knowing the status of the hardware we can actually tune that on the fly to improve performance as needed. Further, these solutions are gaining intelligence from billions of commercial WAN hours - countless learnings, countless connections and how they behave under real world conditions. Here we want to look at the JADC2 interoperability challenges beyond determining the data path.
These are going to be mixed networks of various types, mixed cryptographies and locations requiring edge to cloud integration not to mention the variety of network authorities and security requirements that must be met to access these networks. In these mixed networks you're potentially going to end up with disparate SD-WAN implementations as there are various development efforts being performed across the DoD. So looking to integrate SD-WAN from the enterprise to the edge there are challenges of these mixed networks.
Getting the data out to the warfighter at the edge is less about Enterprise versus tactical but how do you do both simultaneously? The operator needs to be able to work across both emerging SD-WAN technologies as well as existing topologies in DoD mission networks today. Another challenge is in crypto interoperability. As you are going to have everything from Type 1 crypto Commercial Solutions for Classified and a plethora of secure but unclassified environments that need to be working together.
So what you have to do is look at how you incorporate that encryption into SD-WAN, ensure that you are managing all of the networking required and pushing that into the COCOM with interoperable access even with Legacy WAN transports. With Edge to Cloud integration the real challenge is in continuous connectivity, data synchronization and mirroring and how you're able to modernize mission applications from the cloud out to the edge.
You're not going to be able to field every version of Amazon or Microsoft or Oracle or Google or whatever private cloud or data center you need out to the edge so you need to be able to ensure that you deploy a solution out there that can synchronize the data both when you're connected and be available when you're disconnected. Last is really looking at who owns the network.
How do you support these ATOs and coalition partner networks and ensure that you're truly able to be a joint all-domain network and not just another siloed network. The next area we have to consider in this is looking at the challenges of actual adversarial impacts. In the physical domain you're looking at the challenge of moving around the enemy, rapid-based deployments and island hopping, as well as ensuring that you're interoperable from ground, air, sea and space. You need to focus on places, not bases.
The days of having a large infrastructure available, they're long gone. We need to be able to ensure that the network is flexible, dynamic, resilient and able to form together and disperse as needed. In the cyber domain we're looking at a combination of both threats and attacks and the emission impact of those networks and nowadays you can't just focus on the immediate weapon engagement zone as the only place adversaries are attacking. With a cyber connectivity the network can be attacked from really anywhere in the world.
There are also cyber impacts that are not adversarially delivered but potentially self-inflicted. The network needs to be easy to use because countless times a mission-critical network resource has been disabled due to a simple fat-fingering of a command. Another self-inflicted challenge is impairment through process. It's no longer acceptable to have an ATO, IA and RMF process that restricts and inhibits your ability to deploy cutting edge technology to the edge.
You need to move towards a continuous accreditation and modern DevSecOps approach to keep keep pace with the current threat landscape. Lastly we have to look at Spectrum. We're all aware how electronic warfare attacks on the system could impact RF Spectrum and how we need to be able to operate multiple networks and manage that at the same time. You may have radios that are using the same spectrum so you may have to manage that, turn radios on and off depending on how the spectrum is available or turn radios off to lower your probability of interception, detection and geolocation.
All of that optimally needs to be done without needing to reconfigure the network every time you need to change your RF signature. From those areas both operational and adversarial the network needs to be able to autonomously respond. We cannot be forward deploying S6s and combos to every echelon of the network. The network needs to manage itself and be able to defend itself. So now I'll pass it over to Steve to discuss the need for tactical software-defined networking. Steve.
Steve Karsten
Thanks Dom. This slide shows how Viasat perceives the need of software-defined tactical networking. It needs to integrate to spirit networks and intelligently route data across those networks of differing latencies and differing RF footprint. It needs to be able to deploy and synchronize data from the cloud to the edge as well as synchronize mission applications seamlessly and provide that layered resilience to have an automated primary alternate contingent and emergent path as Dom discussed.
Further we see this not just as a failover model but a network that will use all paths available under the mission constraints with minimal operator involvement. Lastly, it needs to have the ability to reduce the vulnerability of attacks, be it jamming, PNT-denial and others through a combination of radio control dynamic network allocation and network rerouting as well as the ability to autonomously and intelligently move data around per the mission parameters. Next slide please.
So how do we look at the network itself to ensure we have ubiquitous connectivity? The need is to fully integrate from space to the edge. Each warfighting function shouldn't have its own network. You should be able to look at any sensor best shooter along with the intelligence and logistics networks. They should all be supported by a common or at least interoperable resilient network that can be operated to the mission need. That may be across space, high altitude platforms, comms on the move, various ground Integrations of radio networks and mission application gateways all the way down to the dismounted soldier that may be wearing a secure compute and user device in radio hub, so that each node on the network can be autonomous from the squad level all the way up to the brigade and core level.
You must be able to integrate those networks of mixed software-defined networking cross-domain solutions, tactical radios and crypto as we've already mentioned. The goal is to thicken the network so you were looking at leveraging multiple commercial military SATCOM capabilities from LEO, MEO and GEO to take advantage of their unique characteristics but also address things such as latency when you are combining those networks, leveraging both public and private 5G as well as emerging efforts such as non-terrestrial networking from orbit.
Free space optics provides a low probability of interception and detection and high-capacity com link but it needs to be combined with other tactical transport types such as direct line-of-sight radios. Also, tactical data links and weapon data links such as Link 16 and Tactical Targeting Network Technology, or TTNT, need to be seamlessly integrated and so you have the right data at the right place at the right time. And with that I'll turn it over to Ted.
Ted Suszczynski
Thank you, Steve. So software-defined networking at the tactical edge must support more than traditional cloud-based SD-WAN. While commercial SD-WAN has driven Innovation and commoditized software-defined networking, it does not account for the disparity of network types such as SATCOM, cellular, radio nor other traditional military needs such as integrated Type 1 crypto or radio over routing.
It also may not support on-premise deployments or occasionally may require public internet for maintenance functions such as lights since checking. Additionally, SD-WAN is traditionally hub and spoke as shown on the left. However, operational networks are transitioning to mesh networks as shown on the right in mixed mode mesh networks which is a hybrid approach between the two, taking advantage of all local and WAN communication paths. As we look at the edge routers on the right side of the chart you may have numerous edge routers and multiple transports that want to connect through a simple Layer 2, easy-to-manage low overhead network that is still encrypted and protected and can autonomously fail over and fail back and work across mixed networks of different radio types.
These networks should continue to operate if it becomes fragmented or if those fragments are recombined later. So the ability to operate across both and bridge these networks is why we developed our product called Net Agility. It enables a common platform with intuitive operations and situational awareness to support both CONOPS and blend across them. So how are we augmenting the existing SD-WAN capabilities of the tactical network? We're doing that through Net Agility as I mentioned.
It has the intelligence to go beyond PACE to what we refer to as true bonding by using all available comm bearers at the same time. So if you look in the bottom left there you'll see the little pictorial - if there are three links that are operating at 10 Megabits per second each, for example, and the user performance is then nearly 30 Megabits aggregate across a single flow. So if one of those links goes down, say link two, it'll drop down to 20 Megabits and the network automatically handles this without any user intervention. Latency differences, Throughput differences per link and packets arriving out of order are automatically handled.
Furthermore by distributing the data across multiple links at the same time, this adds an additional layer of security. If one of those links is compromised the adversary only receives a portion of the data. Additionally a problem with the tactical network today is that critical intelligence such as ISR video or position location information is sometimes contained within special purpose or stovepipe networks. Customer legacy protocols that don't interface with standard network protocols make it difficult to distribute this data where it needs to go.
Today we are able to apply software functions that convert the special purpose data and bridge it across multiple networks. By having this bridging or gateway capability it enables certain types of data to leverage multiple communication links for increased robustness and capacity so as to ensure the delivery of the essay at all levels. Next, what happens when the network gets degraded due to blockages? Ideally the solution can query the wireless bearers such as the MANET radio and ask the device its perception of the network.
The systems then can use this information to move frequencies as to avoid interference all without user intervention. Apps should be spectrum-aware although not technically part of the SD-WAN solution proper, what this means is that as capacity on the network ebbs and flows, data producers on the network adjusts the requirements dynamically. For example, an ISR video feed that may transmit high-definition when there's excess capacity will reduce resolution when the network has less performance. Lastly, open standards are the key to integrating present and future networks.
If concepts such as JADC2 are to be realized, open interfaces and protocols must be used to ensure that equipment developed today and equipment developed in the future can communicate without having to rip out and replace. This is a key to success of any SD-WAN solution and something we've adopted for Net Agility. So speaking of JADC2, as we look at this in the deployed model going from the remote operations center so the comms on the move platforms and to the users at the edge you can see the multitude of transports across various tactical data links, MANET radios, cellular free space optics and SATCOM and how they can be deployed to service a multitude of missions including fires, logistics, UAV relay and support of air launched effects.
You can have a true platform-agnostic software-defined network that operates on the various servers and edge compute nodes that are already present on the battlefield. It's hard to deploy new compute in these areas but easier to use the nodes that are already present with new capabilities to make this ubiquitous network. Once the network fabric is created, then the mission applications and data can be distributed intelligently and synchronized through the edge cloud integration from any of these edge services back across transports as systems connect and reconnect back into the enterprise at various levels throughout the operation. So how do we get there?
So Viasat understands that software defined networking is still a relatively emerging technology within the DoD and our Five Eyes partners and so one of the approaches we have taken along the way is perform regular demonstrations with our iteratively-upgraded products. So Viasat and PacStar have been demonstrating the operational effects and the usability across US DoD exercises and experimentation and obtaining feedback to enable and enhance Net Agility software-defined Network across these comms. So here's a couple of examples we've done.
So at Cyberquest 2020 which is the kind of the top left corner there, we refined our approach to optimize streaming video based upon the CONOPS they had at antex 2021 which is the top right box we began to address LT SATCOM mixed use cases and how having those different transports would interact in the optimizations needed to work across all of them. Bottom left we have an ongoing OCONUS Army test and part of that was we enhanced our setup wizard to make it super easy to add new nodes into the network. And then last is bottom right with Office of Naval Research - we've worked on creating what I'll call an elegant mesh network solution that allows the network to fragment and rejoin without having to read IP address nodes. In all of those we were looking at the different use cases and how they apply both from the network and data perspective.
It's not the same panacea across all networks. As we continue to look at the various transport types, mission applications and cloud applications that are required, we continue to work with our partner Curtiss-Wright PacStar to deploy solutions that make the most sense in a variety of warfighting applications to ensure the network operation does not get in the way of emission requirements. So, Net Agility. Now let's focus on Net Agility resilient tactile networking.
First, what is it? Well there are two components - the first is a software-defined network router, the second is an orchestration and management portal that is used to manage all the router devices from a single location. The router component supports orchestration and Automated PACE as we mentioned before but it is also open standard and interoperable to work across existing communication capabilities as well as emerging platforms.
The router family consists of two different products which operate in a few different ways, one of which is the Net Agility Virtual Router - so that's the NVR - which runs on existing user hardware such as the PacStar 400-Series family devices as well as ARM processors for embedded compute such as on UAVs. We can host this Net Agility virtual machine and all the popular hypervisor solutions. The second device - the Net Agility Mobile Access Hardware or NMA200 which is shown near the middle of the screen, supports four cellular modems for both public and private 4G or 5G axis.
That appliance is networked into the Net Agility Virtual Router so they work as a pair which is installed on the PacStar 400-Series server or whatever program record appliance you're using to provide you the resiliency across multiple cellular transports in real time. What you get is the ability to enable bridging and bonding across heterogeneous networks as well as enable PACE failover aspect of network resilience, ease of use through rapid setup with minimal user interaction required. You can see a view of the orchestration screen at the bottom of the slide, it's the kind of the bottom middle there, but we also have an intelligent setup wizard in the router to ensure that as the operations push out of the edge setting up the Net Agility routers is akin to setting up your home network so it's easy and intuitive to use with a graphical user interface.
As we talk about the failover protection, which effectively gives you some resiliency against cyber and EW, so as the device is making decisions it's actually changing the way that the routing works across the network based on the effects that it's seeing on these different transports to mitigate the effects that are there. As you can see in the bottom right there's a roadmap of continuous software development. This being a software to find appliance we can continue to improve it and produce rapid incremental releases.
Today what is available is a multi-bearer solution including MANET and 4G 5G wide area network bonding. It also includes resilient failover to SATCOM or other high-latency transports with centralized SD-WAN orchestration it supports the ability to do VPN tunneling and packet management across Type 1 crypto devices for things like SIPR/NIPR/JWICS remote access.
Early in 2023 we'll be adding the ability to execute satellite link bonding and acceleration which addresses the challenges of higher latency while being able to deploy across commercial and military satellites including mixed networks of GEO, LEO and MEO constellations. We're also adding interoperability with enterprise routing protocols including EIGRP and DMVPN. In future releases we are looking at the intelligent radio aware routing, Layer 2 mesh bonding and integrating more seamlessly with the radios to improve setup and control of the overall system. Finally the orchestration will extend to the network encrypted devices.
The idea here is to have one single pane of glass where you can simply configure your network router and the peripherals attached to it. Okay, so closely related to the Net Agility Virtual Router, one of the solutions Viasat deploys is our Move Out Jump Off Next Generation, so MOJO Next tactical gateway. What this provides is a host for managing C2 applications and tactical data links including Link 16 and SATL. It also has a VHF/UHF Channel and it can accept IP interfaces from various other radios. This allows the gateway to bring together multiple disparate radio networks with Net Agility integrated on the PacStar server enabling you to backhaul connections to either be on line of site or line of site networks.
This can be done through a Type 1 crypto to enable data transmission across multiple otherwise stovepipe networks. The MOJO is primarily used in fire and maneuvers missions to reduce the kill chain by providing overall common operational picture at the tactical edge for war fighters to see the situational awareness information and targeting information across various tactical networks. As you see in the bottom right corner is the roadmap for MOJO Next.
You'll have prototype units and Air Force and Army exercises in the fall, with initial production in early calendar 2023. These units will include our most updated Link 16 small tactical terminals and will have the logical interfaces ready to support emerging tactical transports. So the slide shows the modular capability that MOJO Next, which is enabled by the PacStar 400-Series equipment. This capability allows the user to integrate various radios, Type 1 radio such as the Harris PRC-163 or the Viasat PRC-161, our radio over IP modules, small form factor servers that house things like Net Agility software as well as storage and processing for C2.
This system allows for installation of the PacStar GPU and hyper-converged modules which allows the MOJO to run various mission sets such as object recognition and Edge Cloud synchronization. So as we look at the Net Agility virtual clients on the PacStar family systems you can see at the bottom left that we can support anything from the enterprise or tactical data center all the way out to the mobile or mounted communications at the edge.
You see the different view of the system capability and descriptions on this chart on the right that we've talked about, including ease of management for Automated PACE, SD-WAN functions, centralized orchestration, a local GUI for router management at the edge as well as for running network and transport situational awareness for the operators. last but not least is a wrap up showing the family of software-defined network and compute systems we discussed today that would support the dismounted squad with a 451 and an embitter battery all the way up through the enterprise implementation on the top right. We've covered A-PACE and failover aspects of Net Agility, also includes cyber features such as an intrusion detection system for threat sensing and response on both the WAN and LAN interfaces which can be updated through the centralized portal.
We covered how Net Agility is platform independent working across multiple virtualization environments such as VMWare, ESXI, KVM, Hyper-V as well as bare metal installations. Net Agility sports virtualized application hosting for providing the ability to run docker containers inside of the router itself, so if you're looking to condense these nodes at the edge you can run mission applications on your router to maximize additional compute in those pack start bays. Lastly, being WAN and LAN transport-agnostic ensures both a resilient WAN and thickened tactical radio LAN network is enabled out at the edge.
So we are not looking at a communications gate with multiple transports, networking encryption but also as an application gateway with common operational picture, chat ISR and fires, cloud integration synchronization with Amazon IoT edge nodes - all of this ported onto a PacStar 400-Series platform. You can also support GPU-focused products for AIML and image recognition, which are leveraging ISR video feeds coming from the various connected transports.
All of this is enabled at the networking layer through Net Agility and at the hardware layer through Curtiss-Wright PacStar's hardware platforms that Dom will discuss now. Over to you Dom.
Dominic Perez
Thanks Ted. A clear trend in this space is the transition away from dedicated networking devices and appliances and onto servers that can serve multiple purposes through reconfiguration for a mission or supporting multiple applications at the same time through virtualization and containerization. Curtiss-Wright has been the leader in producing the most powerful compact server platform for deployment in the tactical edge in a variety of form factors.
On the left we have an example of a server in the Curtiss-Wright PacStar 400 Series, the PacStar 451 so the same module family that Ted had showed with Net Agility and MOJO Next. Each device in this line is five inches by seven inches - about the size of a paperback book and a single-slot module like shown here is one U or 1.75 inches high and about two and a half pounds. The PacStar 451 is available with Intel Xeon processors for four cores all the way up to 16 cores. It was up to 128 Gigs of RAM. For those networks where you need to interface with a lot of different ethernet networks we can offer up to five 1 Gig ethernet ports or two 1 Gigs and two 10 Gig ethernets for higher speed throughputs. Newish to the PacStar 451 product line is the addition of NVMe drives and IPMI.
There's actually more than 20 different server models offered in the PacStar 400-Series including two-slot and three slot modules with NVIDIA GPUs and storage modules configurable up to 122 Terabytes of storage. In the middle we have the Parvus DuraCOR While it offers similar performance to the PacStar 451 the DuraCOR line is fully sealed and uses MIL-999 connectors to prevent the Ingress of water and dust similar to those IP67 ratings that are used on consumer equipment. A neat trick of the Parvus DuraCOR is the ability to expand the enclosure upwards like is shown - here you can add a variety of PCI Express 104 cards for additional functionality in I/O. Finally on the right we have an example of Curtiss-Wright's 3U VPX offerings.
This is the VPX3-1260 card. That card again features an Intel Xeon processor - this time with six cores and 32 Gigs of RAM, along with 256 Gigs of onboard storage. There's an XMC expansion slot there so you can add more storage or other XMC packaged add-ons. The SOSA and Open VPX product offerings really warrant their whole own presentation but if you need to deploy a system in a ground, air or sea combat vehicle with multiple functions such as servers, switches, FPGAs and advanced technologies such as assured position, navigation and timing, that could be the form factor for you. As I mentioned, all of the server platforms are based on Intel x86 processors and they support the most common operating systems and hypervisors and there's many, many virtual network devices that can run on those operating systems including Net Agility. As great as flexible servers are for modern communication networks sometimes you just need a hardware router or switch and we've got plenty of options.
In the PacStar 400-Series we have the 447 that is powered by the Cisco ESR6300. Here we've taken an embedded routing processor board produced by Cisco and we add all of the PacStar 400-Series power conditioning and I/O goodness and make a module that's able to support more than 350 Megabits per second of AES encrypted throughput, All in a compact package.
One of the things that I'm really excited about is Net Agility's ability to integrate with EIGRP and DMVPN so we can use Net Agility to extend existing networks that are built upon Cisco Technologies. In a similar manner we package the Cisco ESS3300 switch processing cards in the 447 - sorry, the 444 and the 446. Offering 10 and 26 ports of 1 Gig connectivity. If that's not fast enough we can do a 10 Gig switch with the PacStar 448 that uses the Cisco 9300 10 Gig, 10 port switch. Similar in the Parvus DuraMAR or mobile access router line we've got the 6300 they've got Cisco 3300 base switches as well.
Another cool combo module is the DuraMAR 63-33. That takes the router and the switch and puts it all in one suit of armor. In the VPX space Curtiss-Wright has 3U and 6U VPX switches that are SOSA-aligned and those are available in speeds up to 40 Gigs But where the PacStar 400-Series really shines and how we integrate so well with systems like Viasat's MOJO is the PacStar smart chassis. Those chassis take four or five modules and provide power connectivity to AC/DC and in embedded UPS. This allows for the rapid reconfiguration of modules for the mission or the platform. If you need more user access - drop in another switch. You need to take more detailed mapping data - drop in a storage module. The PacStar 400 series is deployed throughout all of the US Services as well as many of our allies and Coalition partners so logistics probably already has spares that can be shared in common across these module types. Also shown here is the new PacStar VPX Smart Chassis.
This is a SOSA-aligned 3U VPX chassis that supports five VPX plug-in cards like the ones that I showed before. What's exciting about this chassis is that it is the same size and uses the same mounting provisions as the four slot 400-Series chassis. That allows us to build hybrid deployments of 400-Series and social systems so we can bring VPX technologies like assured position, navigation and timing alongside the PacStar 400-Series where the compute and storage density can be higher than what's available to be done on VPX form factors today. Here's some examples of how these solutions can be deployed. You can take a four-slot and a five-slot chassis and mount it in a 19-inch rack. Whether that rack is in a data center, in a tent or in a communications vehicle, we have both enterprise grade racks and rugged vehicle rack mount frames available. You can also mount that same four-slot and five-slot chassis into our carry-on carbon fiber transit case. We even have a safe compliant frame that allows the mounting of two four-slot chassis, two VPX chassis or one of each. And again if your deployment's a small one you can just take a couple of modules and some batteries in a pelican case. Lastly, I'd be remiss if I didn't mention IQ-Core Software. IQ-Core Software is PacStar's single pane of glass network management, monitoring and securing application for tactical networks. Just a real quick overview here - we can monitor the devices regardless of type, whether it's a Cisco router, a Juniper router or even a Net Agility Viasat router. we can monitor those and we'll continue to add additional support to integrate more tightly with Viasat's Net Agility. Before we jump to questions I'd like to leave you with this diagram showing an idealized future battlefield with the right hardware and software combination for the mission and the platform all interconnected. The future, fast resilient data fabric of JADC2 is ready to deploy today. And one final thing I'd like to point out is that Viasat and PacStar are partners so you can buy a PacStar module or a Parvus module from us and apply a Viasat license that you bought for Net Agility or you can come to us and buy it all together and have a turnkey solution. So with that we'll rejoin the group and take your questions.
Various
All right, thanks so much. Just a reminder to use the Ask a Question box on your webinar console. Let's jump into Q&A. All right let's see, the first one in there says how many different WANs or wide area networks can you run? Ted, do you want to take a stab at that and then maybe over to you Dominic? Thank you. Sure, the Net Agility perspective we've tested it with eight concurrent wide area network connections and those can be a mix of, you know, cellular, different flavors of satellite networks, you know, radio MANET networks you can kind of mix and match them however you'd like but we've tested up to eight. We could probably extend beyond that if needed so if there's requests for more we definitely support that but 8 is a number that you can use and feel good about. And that lines up quite well because the PacStar 451 is available with five ethernet ports so you got one for the LAN side, four for different WAN connectivities and looking at the NMA200, we can integrate in an additional four 5G networks so eight is a good number. If someone wants to challenge us to do more I'm sure we can come up with a creative solution. Right.
Okay and what happens when the orchestrator goes down. So I think the punch line there is the the system continues to work, right, so each sort of Net Agility router is a router in its own right and it gets a policy from the orchestration portal but once it has that policy it can run with that policy in perpetuity so you can in theory provision the device with the orchestrator and then turn the orchestrator off forever and the devices will continue to run just as they would, so it's not dependent on that backhaul connection to make it work. It's just there for setup management, ease of use at kind of the macro level if you need it. And that's really critically important to warfighter networks. If part of the network is taken down, you can't have a timeout after an hour or even 24 or 48 hours so it's one of the things we like about Net Agility. And one more thing about Net Agility does it have an ATO - Authority to Operate? Steve.
So that's a great question. Net Agility has been utilized by field experimentation trials in a couple of different AORs by both the Army and the Marine Corps. We also are utilizing it as the software-defined networking engine on four separate development programs that Viasat is executing today - that is also being run on PacStar hardware and we designed Net Agility to DoD stigs and we have run our current builds against ACAS scans so although we don't have an ATO today we are quite certain that an IATT approval process and implementing it into somebody's RNF framework would be something easily done. So we look forward to partnering with a DoD entity on pursuing that ATO and ITT. Fair to say it's a bit of a chicken and an egg issue there but PacStar and Viasat are standing by to assist those that want to pursue that. And then Steve can you talk about setup in the field - how easy is it to set up Net Agility in the field and kind of what are their considerations there?
Sure Kim. So as we discussed in the slides we're looking at the next generation of distributed operations warfare. So one of the underlying tenets of Net Agility is that it's going to be utilized by a group of infantry and support personnel probably on a small island in the middle of nowhere where they may not have a network technician with them. So the user requirement for Net Agility has always been it can't be any harder to set up than your home Wi-Fi router and so what Ted and his team have done is Implement user wizard screens that pop up when you turn the box on and it essentially says where are you, what are you trying to do, what are you trying to connect to me, and then it'll walk the user through the step-by-step process to accomplish the end comm plan. Yeah, one of my CCIEs was given that agility for the first time they stood it up and they came back to me and said well where are all the options? so we called up Ted and Ted said, well here's the secret undersauce but the the idea is that it's made to just work. Yeah, that's a good point Dom.
So if you if you are a networking expert, there's a command line just like you have on a typical router - the the operator can go deep, set up the protocols they want, do whatever they want to kind of tune it for their network. But that's typically the guy that's on the back end working with the data center, maybe setting up the aggregation side of it. The guy in the field - he just needs it to work right. He just wants to click some buttons and all the complexity of the configuration it builds under the hood is handled for him and he has communications back. Once he has communications back if there's a higher level policy, so once he connects back if there's a higher level policy that's been defined it will get deployed to his box so he doesn't have to worry about setting up all these fancy configurations, doing all this complexity. He plugs WAN one, WAN two, WAN three and goes for the wizard and says I got three WANs, these are the types they are, click click click, connects, negotiates all tunnels and kind of up he goes. So super easy, that's the idea.
Last point I'll make on that Kim - if anybody were to google Viasat Net Agility it'll take you to our website which has a series of videos that actually show those user wizards. Nice. What transports have you tested or used Net Agility with? How's that gone and can you tell us a little bit about that? Oh there's a lot of them, okay sure. So I guess we can start with satellite since we are Viasat, right, so we've tested with GEO, so geosynchronous medium earth orbit and low earth orbit satellites of all the various different typical satellite providers you'd expect - both commercial um and military waveforms as well.
And so we've done all of those, tested all those, we've run into some challenges, right, because GEO is high latency - we understand that problem because we're Viasat, we've sort of mitigated that in our systems. To understand that MEO is a different latency, LEO is even less latency and so when you blend those together there's some Logic the system has to sort of understand. How do I take all three of these with packets arriving from all of them kind of independently of each other and make it all work together. So we've done that for satellite. For cellular we've done all the major U.S carriers. We've tested over all their networks in either us or through bailments of different customers of ours.
From the perspective of radios we've tested the various MANET radio vendors. So Trellisware - we've done work with their radios. Persistent Systems and Syllabus - tested over all those, work well over all those. They each have their kind of different way they solve the same problem but different users prefer different types of radios for their CONOPS and so we support all those. And then from Type 1 radio perspective - the L3 Harris radios - so like the PRC 163 we've tested over - we can connect into a Viasat PRC 161 as well which is a Link 16 radio to pull certain essay off the radio so wide variety of different types of transports. If there's a particular one that someone's interested in you can send us a question or an email and we could tell you if we've tested with it, if we have, sort of what the experience is and our expectation of how we perform on the system.
But I mean at a macro level you should be able to take pretty much any comm, modem, radio, transport you have, plug it in and the system should come up and be able to work across it. Hey Ted, I think we got a bit of a mixed audience today. You want to spend a couple minutes on LEO, GEO MEO and MANET and what those are? Oh sure. So satellite networks, right there's sort of three orbits and it really depends on how far from the Earth to outer space you are and so the highest is geostationary so Viasat’s satellites like our ViaSat-1 and ViaSat-2 are geostationary so they sit in the same location and they're always there. So the dish points at them - they stay there. The advantage of that is you get a lot of capacity so you have a lot of throughput. Sometimes the disadvantage, depending on what you're doing, is you have higher latencies and so our technology tries to compensate for some of that latencies with some smart - I'll say fetching and queuing and acceleration technologies that we have.
The next one down - so that's the highest - then there's medium earth orbit MEO and so those satellites move around so the antennas typically track them and so you'll get better performance than from a latency perspective. So you might see let's say 200 milliseconds of latency, just picking a number here, but in some applications like video teleconferencing that will work a little better because you've got a little lower latency and those are constellations that are kind of middle and then LEO is the low earth orbit and there's basically for LEO constellations there's typically lots of satellites and they kind of come and go over the sky quickly and so the modem antenna pair needs to kind of track that and so they each have different behaviour.
Some of them will like GEO once you point at it you're kind of fixed and you get sort of consistent behavior. LEO right you'll get a satellite you'll get kind of, you know, the amount of throughput you get will ramp up and then it'll kind of go down as the satellite crosses the horizon then you'll grab the next satellite and so there's different technologies that the different companies have to sort of mitigate some of that but there's three different types, right, so that for lack of a better term. And then MANET radios - so that's a mobile ad hoc network - and so you can think of - I've got a radio, Dom's got a radio and Steve's got a radio - we turn them on, they sort of figure out how to mesh and talk to each other, right, and so if right now I'm closer to Steve I can hop through Steve to get to Dom.
In a few minutes if everybody moves around it'll sort of reorganize the network so it's this kind of ad hoc network that the radios have and they all, you know the three vendors that I mentioned, they all have kind of their own technology in their own sweet spots you know on how they do things and kind of what they're good at and so depending on your CONOP you can pick one or the other. But yeah, that's kind of the idea there as well so, you know, different , dramatically different - types of technology, satellites in the sky versus radios people are running around with. We support both and have tested across both. Right, sure I love that flexibility that it supports. With cyber security being an important part of any network how does Net Agility support cyber security features? And I guess Ted? Ted's been talking. Steve, you were talking about the stigs that you've already prepared. Yeah, I could take that one on. Okay so Net Agility does have a integral intrusion detection system so you can set that IDS per a policy that you implement either on the router itself or through the orchestrator and then in the near future Viasat is working on specific agents that will be able to accept external data to the router so that extraneous or outside cyber threats, alerts, alarms could be passed to the router to either make immediate transport decisions or to modify policy-based routing, depending on what those threats are. And then are any of the PacStar or I guess, Curtiss-Wright compute route devices airworthy for aviation operations?
And I guess Dom maybe can you answer that one? Sure. So if we look at Curtiss-Wright as a whole, we have products that are definitely airworthiness-certified, safety certified. In the PacStar 400-Series specifically, yes we do have a certificate of airworthiness and we are part of the V22 Osprey for the U.S Marine Corps. That is more of a personnel vehicle and the PacStar equipment is appropriate for that but Curtiss-Wright if you guys don't know, we go back to the Wright brothers so aviation is our daily work. Sure and then Dom maybe you can answer this one as well. Are any of the PacStar I asked that one, sorry. Do I have to replace everything I have to use Net Agility? The answer definitely is no. So Net Agility has implemented enterprise routing protocols, so EIGRP and DMVPN for those who understand the networking tenants. So Net Agility is very happy to be a part of your routing fabric. It can also sit just outside of the routing fabric and topology that you already have in your network and just be a router on a stick to manage all of your WAN transports and then feed that directly back into your Cisco or Juniper infrastructure. And then Can IQ-Core Software work on any hardware or only PacStar Curtiss-Wright hardware and what about non-network hardware, i.e. modems?
So yeah, IQ-Core is a Windows application client and server so it can run on any hardware that supports Windows or Windows Virtual Machine but that is just where IQ-Core runs. IQ-Core manages devices of dozens of different vendors. Cisco's, Juniper's, Viasat's and those are network devices, those are modems, those are crypto devices, those are switches and servers and pretty much anything that you would encounter in a tactical network, IQ-Core can manage. For new devices, if we haven't added dedicated support to yet we have generic SSH and SNMP support so that we can monitor the the high-level status of those devices. Very, very flexible piece of software. And with LEO available, why use GEO? I don't know who'd like to talk. I think Ted covered it a little bit, it's you know what, one's a sports car and one's a semi truck. You don't move big heavy equipment in a sports car but if you need that bulk transport GEO still hasn't been surpassed but Viasat, you got the sat in your name. What's your take on it? That was a great analogy Dom. I would leave it with that. Yeah, GEO gives you sort of that big pipe that's there consistently and then LEO, the pipe will ebb and flow but it definitely gives you a latency advantage so you know if you can use both, which we can, it kind of gives you the best of both worlds. I'd like to touch on that one just for an extra second because it speaks to the resilient tactical network. So resiliency, we're not talking about an exquisite transport that is high-capacity, low probability of interception and detection, easy to use everything all at once.
There's going to be technical trade-offs with any transport you use and so the resilient integrated approach is to layer these transports and be able to integrate them all so that they seamlessly work within your network so that the operators can choose which ones are best for the mission set they have at hand. Well it's really the Swiss cheese analogy, right, any individual slice of cheese has a hole through it but when you look at the block you can't see through. So you can cover the limitations of one transport with the strengths of another. Nice, and one more question. If I already have PacStar equipment or other hardware do I have to buy another device or box to use Net Agility? Maybe you covered this already but... It's pretty similar to some of the things that we've already talked about. No. If you have a PacStar device in a server in your system, nearly all of our customers are already running virtualization, we can likely just add another VM or take out one VM and bring Net Agility in.
Like Ted and Steve has said you don't have to run Net Agility everywhere on the network to gain some of the advantages of Net Agility, so please, existing customers reach out and we can show you how to move to a more modern network. Right, sure. Well thank you gentlemen and thanks to all you viewers for submitting questions, for any that went unanswered the companies will follow up with you directly offline. Don't forget to check out that resources tab where you can find the specs and the brochures about Net Agility. You can find more about the companies at curtisswright.com and viasat.com. Thanks for joining us and thanks to Steve, Dominic and Ted for presenting today, to have your expertise on those engineering minds - really great. And then just so you know you can - our attendees - you can continue to link to the archived version of this webinar and see previous SIGNAL webinars on AFCEA's SIGNAL magazine website which is www.afcea.org/signal/webinar and thanks again gentlemen and this concludes our webinar. Thanks everybody.