U.S. Army Accessions Command
Creating Agile Recruitment through SOA & API Publication
The U.S. Army Accessions Command (USAAC) was established by general order on
Army by the Numbers
February 15, 2002. A subordinate arm of the Training and Doctrine Command
>1.4M active duty personnel (TRADOC), it provides integrated command and control of recruiting and initial
>800K personnel in the reserves
military training for the Army's officer, warrant officer and enlisted forces. USAAC
meets the Army’s human resource needs from first handshake to first unit of
>3500 recruiting points of assignment, transforming volunteers into soldiers and leaders for the Army.
presence in the U.S. alone
65,000 active duty recruits USAAC has a global presence operating in store fronts, Colleges and wherever the
8,000 recruiters (FY09) United States has a military base. In order to support field recruiters across such a
large territory, USAAC created a centralized IT mechanism – a custom CRM system
108% of goal for recruits (FY09)
built by HP Enterprise Services (formerly EDS) – to help manage information on
>20,000 downloads of iPhone potential candidates and maintain internal department information. Just as
app in the first month businesses use Salesforce.com to nurture leads, the Army relies on its CRM
application to distribute and manage recruiting leads.
Driven by post-911 information sharing and paperless Army initiatives, military mission support and mission critical
systems are evolving to become more interoperable. The U.S. Army’s own info sharing initiative began with the
adoption of a service-oriented roadmap (known internally as Integrated Application Architecture or IAA), which
was designed to create more efficient, reusable and interoperable IT systems. As part of that process, USAAC re-
architected its CRM system into more than 100 components and 60 major services. However, they very quickly
realized that securing and managing so many moving parts was trending towards too much overhead.
For example, with the growing threat of cyber attacks aimed at government resources (i.e., the July 2009
distributed denial of service attack on the Pentagon, or the May 2010 malicious hacking of four U.S. Treasury Web
sites), securing public-facing military resources like Army recruiting was a key concern. But with more than 60
services, programming security measures into every USAAC Web service – security that would have to be updated
to counter each new cyber attack – could result in a never-ending cycle of updates, testing and redeployment,
leaving little time or resources for new initiatives.
Additionally, as changes were made to services, client-side applications would also need to be separately updated
to support the new functionality, slowing down server-side rollouts and introducing a great deal of planning to
maintain business as usual. The need to support a number of different environments (from development to test to
production) across multiple data centers, and periodically move services to new hardware also required complex
planning in order to minimize downtime.
Struggling just trying to keep up with the maintenance of existing services, USAAC went looking for a product that
could help them better manage their service lifecycle.
Enter Layer 7
By deploying the Layer 7 SecureSpan XML Networking Gateway (Gateway), USAAC was able to centralize service
security, management and lifecycle in a policy-driven device. Now, when changes are required, USAAC can make
them centrally for all services by making modifications at a policy layer – not individually to each service. Layer 7
even allowed the removal of functionality (such as certificate management) from clients, centralizing it in the
Gateway and thereby removing a large part of the client-side maintenance burden. And because all service
interactions must pass through the central Gateway which obfuscates the location of backend services, USAAC
could freely move, test and update applications without adversely impacting client activity.
U.S. Army Case Study
Additionally, Layer 7’s API publishing capabilities allow USAAC to control and govern the way their CRM services
are exposed outside their organization. PPolicy-based controls let them customize the message, identity and
interface level security for their CRM services; track usage, monitor interface health, and even manage versions
and updates without breaking client applications. In this way, USAAC was able to quickly and easily support the
Army’s mobile and Web initiatives including an iPhone application and the Go Army and National Guard Web sites.
Similarly, they were able to streamline the exchange of information with the Military Entrance Processing
Command (MEPCOM), which provides testing, examining and processing of applicants for enlistment into the
The network architecture consists of multiple DMZ's, each leveraging a Layer 7 Gateway cluster to enforce security
/outbound network: trusted
policy inbound to/outbound from the corresponding network the untrusted Internet; semi-trusted NIPRNet (Non-
secure Internet Protocol Router Network and trusted internal LAN. Redaction capabilities ensure that information
access is limited based on role. Cyber defense capabilities address common threats associated with SOA, Web, and
Web service implementations. And full support for the Joint Enterprise Service Monitoring (JESM) enables secure,
federated application monitoring.
Layer 7 provided USAAC with a focal point for managing and publishing all the components and services associated
with its recruiting system, thereby not only lowering maintenance costs but also allowing USAAC to take on new
mobile and Web projects and turn them a around in a matter of weeks instead of months.
out-of-the-box support for the Department of Defense’s (DoD) Net-
And because the Layer 7 Gateway provided out Defense
Centric Enterprise Services (NCES), the Common Criteria EAL4+ international security standard, and the U.S. Joint
Service Security Working Group Specifications, costs and time associated with creating and certifying the security
of the solution were dramatically reduced
Looking to the future, the flexibility of the Layer 7 solution will allow USAAC to pursue opportunities to interface
with SaaS applications and the DoD’s private cloud by providing capabilities around secure connectivity and data
validation to ensure the integrity of all shared information
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 2