Case Study: US Army Accessions Command - Managing the Service Lifecycle by Layer7Tech


More Info
									U.S. Army Accessions Command
Creating Agile Recruitment through SOA & API Publication

                                     The U.S. Army Accessions Command (USAAC) was established by general order on
  Army by the Numbers
                                     February 15, 2002. A subordinate arm of the Training and Doctrine Command
 >1.4M active duty personnel         (TRADOC), it provides integrated command and control of recruiting and initial
 >800K personnel in the reserves
                                     military training for the Army's officer, warrant officer and enlisted forces. USAAC
                                     meets the Army’s human resource needs from first handshake to first unit of
 >3500 recruiting points of          assignment, transforming volunteers into soldiers and leaders for the Army.
 presence in the U.S. alone

 65,000 active duty recruits         USAAC has a global presence operating in store fronts, Colleges and wherever the
 8,000 recruiters (FY09)             United States has a military base. In order to support field recruiters across such a
                                     large territory, USAAC created a centralized IT mechanism – a custom CRM system
 108% of goal for recruits (FY09)
                                     built by HP Enterprise Services (formerly EDS) – to help manage information on
 >20,000 downloads of iPhone         potential candidates and maintain internal department information. Just as
 app in the first month              businesses use to nurture leads, the Army relies on its CRM
                                     application to distribute and manage recruiting leads.
       The Challenge
       Driven by post-911 information sharing and paperless Army initiatives, military mission support and mission critical
       systems are evolving to become more interoperable. The U.S. Army’s own info sharing initiative began with the
       adoption of a service-oriented roadmap (known internally as Integrated Application Architecture or IAA), which
       was designed to create more efficient, reusable and interoperable IT systems. As part of that process, USAAC re-
       architected its CRM system into more than 100 components and 60 major services. However, they very quickly
       realized that securing and managing so many moving parts was trending towards too much overhead.

       For example, with the growing threat of cyber attacks aimed at government resources (i.e., the July 2009
       distributed denial of service attack on the Pentagon, or the May 2010 malicious hacking of four U.S. Treasury Web
       sites), securing public-facing military resources like Army recruiting was a key concern. But with more than 60
       services, programming security measures into every USAAC Web service – security that would have to be updated
       to counter each new cyber attack – could result in a never-ending cycle of updates, testing and redeployment,
       leaving little time or resources for new initiatives.

       Additionally, as changes were made to services, client-side applications would also need to be separately updated
       to support the new functionality, slowing down server-side rollouts and introducing a great deal of planning to
       maintain business as usual. The need to support a number of different environments (from development to test to
       production) across multiple data centers, and periodically move services to new hardware also required complex
       planning in order to minimize downtime.

       Struggling just trying to keep up with the maintenance of existing services, USAAC went looking for a product that
       could help them better manage their service lifecycle.

       Enter Layer 7
       By deploying the Layer 7 SecureSpan XML Networking Gateway (Gateway), USAAC was able to centralize service
       security, management and lifecycle in a policy-driven device. Now, when changes are required, USAAC can make
       them centrally for all services by making modifications at a policy layer – not individually to each service. Layer 7
       even allowed the removal of functionality (such as certificate management) from clients, centralizing it in the
       Gateway and thereby removing a large part of the client-side maintenance burden. And because all service
       interactions must pass through the central Gateway which obfuscates the location of backend services, USAAC
       could freely move, test and update applications without adversely impacting client activity.
U.S. Army Case Study

Additionally, Layer 7’s API publishing capabilities allow USAAC to control and govern the way their CRM services
are exposed outside their organization. PPolicy-based controls let them customize the message, identity and
interface level security for their CRM services; track usage, monitor interface health, and even manage versions
and updates without breaking client applications. In this way, USAAC was able to quickly and easily support the
Army’s mobile and Web initiatives including an iPhone application and the Go Army and National Guard Web sites.
Similarly, they were able to streamline the exchange of information with the Military Entrance Processing
Command (MEPCOM), which provides testing, examining and processing of applicants for enlistment into the
Armed Forces.

The network architecture consists of multiple DMZ's, each leveraging a Layer 7 Gateway cluster to enforce security
                   /outbound                          network:                              trusted
policy inbound to/outbound from the corresponding network the untrusted Internet; semi-trusted NIPRNet (Non-
secure Internet Protocol Router Network and trusted internal LAN. Redaction capabilities ensure that information
access is limited based on role. Cyber defense capabilities address common threats associated with SOA, Web, and
Web service implementations. And full support for the Joint Enterprise Service Monitoring (JESM) enables secure,
federated application monitoring.

The Results
Layer 7 provided USAAC with a focal point for managing and publishing all the components and services associated
with its recruiting system, thereby not only lowering maintenance costs but also allowing USAAC to take on new
mobile and Web projects and turn them a   around in a matter of weeks instead of months.

                                           out-of-the-box support for the Department of Defense’s (DoD) Net-
And because the Layer 7 Gateway provided out                                              Defense
Centric Enterprise Services (NCES), the Common Criteria EAL4+ international security standard, and the U.S. Joint
Service Security Working Group Specifications, costs and time associated with creating and certifying the security
of the solution were dramatically reduced

Looking to the future, the flexibility of the Layer 7 solution will allow USAAC to pursue opportunities to interface
with SaaS applications and the DoD’s private cloud by providing capabilities around secure connectivity and data
validation to ensure the integrity of all shared information

         Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
         trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.   2

To top