IT Issues in the Army

deanwebb · July 26, 2017, 01:24:35 PM

http://breakingdefense.com/2017/07/army-struggles-to-streamline-its-networks-for-war/

Imagine having to show up in a battle zone and have a network setup nearly instantly - and for troubleshooting to be relatively easy and straightforward to do.

Now imagine the reality those troops most likely have to face... would *you* be able to do a debug on a WLC to fix an OSPF issue with the satellite network, while under artillery fire?

icecream-guy · July 26, 2017, 01:56:48 PM

Quote from: deanwebb on July 26, 2017, 01:24:35 PM
http://breakingdefense.com/2017/07/army-struggles-to-streamline-its-networks-for-war/

Imagine having to show up in a battle zone and have a network setup nearly instantly - and for troubleshooting to be relatively easy and straightforward to do.

Now imagine the reality those troops most likely have to face... would *you* be able to do a debug on a WLC to fix an OSPF issue with the satellite network, while under artillery fire?

That's cause trump won't let his transgender supporters in the military, or any for that matter.

deanwebb · July 26, 2017, 02:02:38 PM

Politics aside - and we should put them aside on the forum

- they've got lots of really cool gear that is also very hard to use. I would not want to be trying to do my job in battlefield conditions, let alone be dealing with a product for the first time in a battle.

icecream-guy · July 26, 2017, 03:17:26 PM

Quote from: deanwebb on July 26, 2017, 02:02:38 PM
Politics aside - and we should put them aside on the forum - they've got lots of really cool gear that is also very hard to use. I would not want to be trying to do my job in battlefield conditions, let alone be dealing with a product for the first time in a battle.

...talk about blowing up a network......hahahahahahahahahahha

dlots · July 27, 2017, 08:27:46 AM

Quote from: ristau5741 on July 26, 2017, 03:17:26 PM
...talk about blowing up a network......hahahahahahahahahahha

ROFL

This actually sounds like a fun challenge. Give them a week or so of solid training for a super standardized system

deanwebb · July 27, 2017, 08:31:12 AM

Fun challenge all right... but what happens when stuff goes wrong? How good is that 1-week class going to be if they get hit with a CCIE-grade issue just as the Russian tanks pop around for a quick chat?

I look at it where even the troubleshooting needs to be simplified - and streamlined. How long does it take to turn everything off and on again? Can the stuff be brought up in any order? What dependencies need to be addressed and removed so that the system as a whole is more resilient?

dlots · July 27, 2017, 08:53:05 AM

That's where the design comes into play. The system would need to come up in any order and just work for the people in the field. I actually use to work for a radio company (like cops carry) that did military systems (For around bases and such, don't think we did much for out mobile for the military). We did do mobile radio systems for search and rescue/cops/etc though. They had servers and radio stations in the truck, with a satellite link or cellular modem (depending on how remote the system was) DMVPN link back to the main system (or a mobile self contained system). I can't speak for the servers but the network part was solid as a rock. Everything had a spot to plug into (and very port/cable was well documented). Those systems got tested for months before they were sent out, if there was 1 missing packet in a call that was a failed call, and we had to pass 99.999% of calls, each call had thousands of packets. We had multiple systems that went to trade shows every week that called back to our data-center or the AWS cloud (depending on what system). No startup order or TSing needed.

deanwebb · July 27, 2017, 10:03:03 AM

Now, make sure the database guys have done their bit...

And that the application writers didn't write code with poor error handling...

And, hopefully, the Windows server guys are on top of their game...

Well, um, er... from the looks of things, it may be a looooooooooooong night here...

dlots · July 27, 2017, 10:20:53 AM

Sadly I can't control other people's work quality :-(

icecream-guy · July 28, 2017, 08:30:10 AM

Setting up some of those military grade comms protocols, probably ain't like fishing in a barrel. something you can do, get good at and never use again.

deanwebb · July 28, 2017, 08:35:22 AM

And there's the rub, because we all know that more security usually means implementing a deliberate obstacle or inconvenience. We *could* get those networks up and running in an instant with Meraki and an open SSID, but we'd rather not have $ENEMY on the same network as our soldiers.

So we also need a guest SSID for our military networks in the field... right?

LynK · July 31, 2017, 12:51:36 PM

Sounds like the army needs some automation.

How hard is it to plug a satellite (that can do L3) into a switch. VPN to HQ Controller. Done.

Obviously there needs to be some form of access/authentication to prevent hijacks/stolen infrastructure.

deanwebb · July 31, 2017, 02:56:25 PM

Quote from: LynK on July 31, 2017, 12:51:36 PM
Sounds like the army needs some automation.

How hard is it to plug a satellite (that can do L3) into a switch. VPN to HQ Controller. Done.

Obviously there needs to be some form of access/authentication to prevent hijacks/stolen infrastructure.

And I'm guessing that it's the TACACS+ config that doesn't automate so easily...

Don't forget making sense of the stuff that utilizes that network. Maybe the switch and router were easy-peezy to set up, but what happens when the mobile rocket launcher requires a static IP and the kid running it doesn't know DHCP from a hole in the ground?

LynK · August 01, 2017, 07:40:19 AM

Quote from: deanwebb on July 31, 2017, 02:56:25 PM
mobile rocket launcher requires a static IP and the kid running it doesn't know DHCP from a hole in the ground?

The answer to this is DHCP static leases/reservations.

deanwebb · August 01, 2017, 12:11:38 PM

Quote from: LynK on August 01, 2017, 07:40:19 AM
Quote from: deanwebb on July 31, 2017, 02:56:25 PM
mobile rocket launcher requires a static IP and the kid running it doesn't know DHCP from a hole in the ground?

The answer to this is DHCP static leases/reservations.

But on which VLAN?

There's another article: http://breakingdefense.com/2017/07/build-bare-bones-network-small-satellites-for-multi-domain-battle/

This one mentioned how different services have different networks, and getting them to play together is something that they want to do.

Also, they want the network to be able to carry voice, plaintext, and little else. They do NOT want a PowerPoint slideshow in the middle of combat!