Case Study: US Army Accessions Command - Managing the Service Lifecycle
Creating agile recruitment through SOA and API publication The US Army Accessions Command (USAAC) was established in 2002 to provide integrated control of recruiting and initial training for the Army's officer, warrant officer and enlisted forces. In order to support field recruiters, USAAC created a custom CRM system for managing information on potential candidates and maintaining internal department data.
U.S. Army Accessions Command Creating Agile Recruitment through SOA & API Publication The U.S. Army Accessions Command (USAAC) was established by general order on Army by the Numbers February 15, 2002. A subordinate arm of the Training and Doctrine Command >1.4M active duty personnel (TRADOC), it provides integrated command and control of recruiting and initial >800K personnel in the reserves military training for the Army's officer, warrant officer and enlisted forces. USAAC meets the Army’s human resource needs from first handshake to first unit of >3500 recruiting points of assignment, transforming volunteers into soldiers and leaders for the Army. presence in the U.S. alone 65,000 active duty recruits USAAC has a global presence operating in store fronts, Colleges and wherever the 8,000 recruiters (FY09) United States has a military base. In order to support field recruiters across such a large territory, USAAC created a centralized IT mechanism – a custom CRM system 108% of goal for recruits (FY09) built by HP Enterprise Services (formerly EDS) – to help manage information on >20,000 downloads of iPhone potential candidates and maintain internal department information. Just as app in the first month businesses use Salesforce.com to nurture leads, the Army relies on its CRM application to distribute and manage recruiting leads. The Challenge Driven by post-911 information sharing and paperless Army initiatives, military mission support and mission critical systems are evolving to become more interoperable. The U.S. Army’s own info sharing initiative began with the adoption of a service-oriented roadmap (known internally as Integrated Application Architecture or IAA), which was designed to create more efficient, reusable and interoperable IT systems. As part of that process, USAAC re- architected its CRM system into more than 100 components and 60 major services. However, they very quickly realized that securing and managing so many moving parts was trending towards too much overhead. For example, with the growing threat of cyber attacks aimed at government resources (i.e., the July 2009 distributed denial of service attack on the Pentagon, or the May 2010 malicious hacking of four U.S. Treasury Web sites), securing public-facing military resources like Army recruiting was a key concern. But with more than 60 services, programming security measures into every USAAC Web service – security that would have to be updated to counter each new cyber attack – could result in a never-ending cycle of updates, testing and redeployment, leaving little time or resources for new initiatives. Additionally, as changes were made to services, client-side applications would also need to be separately updated to support the new functionality, slowing down server-side rollouts and introducing a great deal of planning to maintain business as usual. The need to support a number of different environments (from development to test to production) across multiple data centers, and periodically move services to new hardware also required complex planning in order to minimize downtime. Struggling just trying to keep up with the maintenance of existing services, USAAC went looking for a product that could help them better manage their service lifecycle. Enter Layer 7 By deploying the Layer 7 SecureSpan XML Networking Gateway (Gateway), USAAC was able to centralize service security, management and lifecycle in a policy-driven device. Now, when changes are required, USAAC can make them centrally for all services by making modifications at a policy layer – not individually to each service. Layer 7 even allowed the removal of functionality (such as certificate management) from clients, centralizing it in the Gateway and thereby removing a large part of the client-side maintenance burden. And because all service interactions must pass through the central Gateway which obfuscates the location of backend services, USAAC could freely move, test and update applications without adversely impacting client activity. U.S. Army Case Study Additionally, Layer 7’s API publishing capabilities allow USAAC to control and govern the way their CRM services ir are exposed outside their organization. PPolicy-based controls let them customize the message, identity and services; interface level security for their CRM services; track usage, monitor interface health, and even manage versions eas and updates without breaking client applications. In this way, USAAC was able to quickly and easily support the Army’s mobile and Web initiatives including an iPhone application and the Go Army and National Guard Web sites. Similarly, they were able to streamline the exchange of information with the Military Entrance Processing Command (MEPCOM), which provides testing, examining and processing of applicants for enlistment into the Armed Forces. The network architecture consists of multiple DMZ's, each leveraging a Layer 7 Gateway cluster to enforce security /outbound network: trusted policy inbound to/outbound from the corresponding network the untrusted Internet; semi-trusted NIPRNet (Non- Network), secure Internet Protocol Router Network and trusted internal LAN. Redaction capabilities ensure that information access is limited based on role. Cyber defense capabilities address common threats associated with SOA, Web, and Web service implementations. And full support for the Joint Enterprise Service Monitoring (JESM) enables secure, federated application monitoring. The Results Layer 7 provided USAAC with a focal point for managing and publishing all the components and services associated iting with its recruiting system, thereby not only lowering maintenance costs but also allowing USAAC to take on new ojects mobile and Web projects and turn them a around in a matter of weeks instead of months. out-of-the-box support for the Department of Defense’s (DoD) Net- And because the Layer 7 Gateway provided out Defense Centric Enterprise Services (NCES), the Common Criteria EAL4+ international security standard, and the U.S. Joint Service Security Working Group Specifications, costs and time associated with creating and certifying the security reduced. of the solution were dramatically reduced Looking to the future, the flexibility of the Layer 7 solution will allow USAAC to pursue opportunities to interface with SaaS applications and the DoD’s private cloud by providing capabilities around secure connectivity and data information. validation to ensure the integrity of all shared information Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 2