Embedded and external data storage innovations ensure information security in network-centric, mil-aero environments.
BY Courtney E. Howard
The data storage needs of military and aerospace end users, be they personnel or organizations, are unique "because lives may depend on the security of the information," says Joey Sevin, business development manager at Curtiss-Wright Controls Embedded Computing (CWCEC) in Ashburn, Va.
Mil-aero applications are most set apart by the stringent security and environmental specifications that products must meet, says Paul Ambuehl, storage technical lead, and Daniel March, systems technical lead, at Extreme Engineering Solutions (X-ES) in Middleton, Wis. "Most military and aerospace customers require storage products to operate within the demanding environments of MIL-STD-810F, including harsh temperatures from -40 to 85 degrees Celsius, as well as severe shock and vibration conditions," Ambuehl explains. For these types of applications, systems designers prefer solid-state disks (SSDs) because SSDs are built to withstand military-grade temperatures, shock, and vibration that can be difficult to meet with conventional rotating media.
Proponents of solid-state technologies continue to grow in number, as SSDs increase in capacity and decrease in price, yet demand for rotating media still exists, given its low cost and widespread use in legacy systems. Mil-aero professionals continue the rotational vs. solid-state debate, with some technology firms choosing allegiances to one and others providing access to both types of hard drives. X-ES is considered "bullish" on SSD technology for mil-aero applications, for example, while companies such as Crystal Group Inc. in Hiawatha, Iowa, and Phoenix International in Orange, Calif., offer mil-aero customers a choice of rotational or SSD storage.
|General Micro Systems' Golden-Eye II S802R-4 is a rugged, light-weight, Core 2 Duo Penryn system with four removable, solid-state drives.|
COTS and custom
"There is actually quite a list of requirements that are unique to military and aerospace users of storage," admits Paul Davis, director of product management at Curtiss-Wright Controls Electronic Systems in Santa Clarita, Calif. Mil-aero storage requirements include: performance, capacity, environmental qualifications (such as temperature, shock, and vibration), information assurance (including encryption, key management, and counterfeit parts), unwanted electromagnetic emissions (EMI/TEMPEST), cost, and size, weight, and power (SWaP), explain Davis and Tom Bohman, senior product manager at Curtiss-Wright Controls Electronic Systems.
"While commercial storage systems often have many of these same requirements," Davis adds, "it is not to the degree or in the combinations required in most military systems. The unique requirements can be attributed to the mobility and locations in which these military systems must operate without fail."
"All these needs are not synergistic, and many tradeoffs must be made to get the right combination of features at the lowest possible cost," Bohman describes. "For example, the larger the capacity, the more difficult it will be to minimize SWaP and cost. Because of the many variables, it is often best to seek help from a company, such as Curtiss-Wright, who can rapidly repackage its off-the-shelf (OTS) technology into an optimized storage solution."
The commercial market continues to advance data storage technologies, delivering higher capacities in a smaller form factor requiring less power; and, mil-aero applications benefit from the use of these commercial off-the-shelf (COTS) systems. Mil-aero professionals increasingly are opting for modified COTS (MOTS), however, given the unique requirements of mil-aero applications.
|Crystal Group Inc.'s TCM2 tactical computing module is designed for avionics applications, military shipboard computing, and land-based embedded computing.|
"SWaP is the big driving factor for rugged, deployed storage," Bohman explains. After all, power and space, within soldiers' rucksacks and military vehicle platforms, are at a premium on the battlefield.
Size, weight, and power are still king in mil-aero environments, admits Sevin, who has added cooling, cost, and protection to the requirement matrix. "The digital battlefield will continue to follow the commercial industry technology roadmaps," he says. "The fact that we can now put 256 gigabytes of data in a 3U VPX module is very impressive."
"Mil-aero system designers typically request the maximum capacity that can be hosted on a single 3U card, with one terabyte being the common target point," Ambuehl says. "Today, we can support this requirement with a 512-gigabyte 3U VPX SSD hosting a 512-gigabyte XMC SSD."
X-ES engineers also devised an SSD XMC module and an SSD removable module in a proprietary form factor that fits onto a 3U VPX carrier and into a half-ATR chassis for mil-aero applications, March explains. The company's staff is also working on delivering a higher-capacity SSD XMC module and 3U VPX SSD with 512-gigabyte capacity to meet industry needs for greater storage capacities in more compact form factors.
"Everyone is demanding open architectures, which dictate that data storage devices have a standard interface," Sevin explains. "So now, the challenge is to be open-architecture and secure. There have been and will continue to be investments in securing data in open architectures. Cloud computing and other virtual computing services could become part of the military and aerospace user tools, but the data must be safe."
Curtiss-Wright Controls Electronic Systems has demonstrated "a high-TRL (Technology Readiness Level), cost-effective, modular approach to netcentric (network-centric) architecture modernization based exclusively on open-system building blocks," Davis reveals. "Derived largely from research performed for the U.S. Army's PM-HBCT (Project Management Office-Heavy Brigade Combat Team), the demonstration features data and video distribution, along with NAS (network-attached storage) recording and playback over a Gigabit Ethernet data bus backbone."
"It shows seamless bridging of legacy databus devices (e.g., CAN or 1553) to the Ethernet backbone, enabling a phased modernization approach," Bohman adds.
The need for open architectures includes a call for common interface and connectivity options. "We most often see interface requirements for PCI Express and Serial Advanced Technology Attachment (SATA)," Ambuehl notes. A PCI Express interface is typically preferred over SATA, but X-ES's SSD products support both PCI Express and SATA, configurable via a jumper, he says.
Raw data streams
Today's network-centric battlefield is rife with various electro-optics, video, and sensor-based digital data acquisition systems working in intelligence, surveillance, and reconnaissance (ISR) capacities, with each gathering multiple terabytes of information daily. The need to store this wealth of data, such that it is secure and yet readily available, is driving the demand for file servers in the field.
Mil-aero professionals use specialized, high-speed, digital data recorders, such as those from Conduant Corp. in Longmont, Colo., to receive and store raw digital data streams that come directly from sensors, video, radar, and data acquisition equipment. These mil-aero users are most concerned with performance and fail-safe operation, reveals Ken Owens, chief executive officer of Conduant Corp. The company's systems are engineered with these requirements in mind, and to record data flows at rates up to 800 megabytes per second.
"Our clients demand that we maintain this very high performance level for long periods of time," Owen explains. "In addition, data loss is not an option with these highly sensitive applications. As certain operations move to the field, we are seeing more requests for ruggedized hardware, and because traditional disk drives are sensitive to shock and vibration, we are utilizing solid-state storage devices to build more reliable field units."
Conduant systems are gaining more airborne deployments, for which requirements include rugged enclosures, high-altitude operation, and higher tolerance to vibration and shock. "Traditional hard disk drives do not operate well above 10,000 feet given that disk heads ride on a cushion of air," Owens says. "Solid-state drives are desirable in these environments. Costs continue to drop and capacities are on the increase."
|Crystal Group's TCM2 rugged computer with a bolt-on expansion base can accommodate up to ten 2.5-inch rotational or solid-state hard drives.|
Conduant's systems are engineered to provide ultra-fast performance and long-duration recording, offering high-speed recording and playback of very large data stores at up to 800 megabytes per second. "We support 16 drive configurations up to 32 terabytes in capacity," Owens adds. "We supported the PCI Express interface both at the backplane and through industry-standard cabling.
"More and more data is being produced. More high-speed video recording and instant playback is being deployed," Owen says. "We are continually exposed to requirements that push the recording rates. We see requests for recording rates that exceed 2 gigabytes per second. There is no question that solid-state devices will become much more common as their prices continue to drop."
Ben Sharfi, president and chief executive officer of General Micro Systems in Rancho Cucamonga, Calif., sees much the same trend. "The ability to store uncompressed live video feeds in real time from multiple channels requires extremely fast write speeds and is pushing manufacturers into creating drives with up to 5-gigabyte-per-second transfer speeds.
"Partitioning drives into secure and unsecure partitions-setting encryption for only part of the drive while the remaining partition(s) can be accessed freely-also requires faster write speeds and higher-density media," Sharfi says. (Secure partitioning solutions are available from such industry firms as Green Hills Software in Santa Barbara, Calif.; LynuxWorks in San Jose; Mentor Graphics in Wilsonville, Ore.; QNX Software Systems in Ontario, Canada; SYSGO in Chicago, Ill.; and Wind River in Alameda, Calif.)
Secure network storage
A rapidly growing area for future data storage systems is secure network- attached storage (NAS), X-ES's March and Bohman explain. "NAS is gaining favor in avionics and vetronics system architectures over the dedicated recorder with direct-attached storage (DAS)," March describes. "Because most military system designs now include Gigabit Ethernet backbones, high-speed NAS devices are an ideal place to centralize and encrypt all the data, including the binaries that are booted at startup."
"The secure NAS device provides any intelligent subsystem read/write access to the storage via standard network protocols (NFS, CIFS, FTP, TFTP, HTTL, PXE), regardless of that subsystem's processor type or operating system," Bohman adds. "These network protocols are the universal language that allows network-centric systems to be quickly and easily integrated to meet system requirements, then quickly expanded and upgraded to meet new and additional needs."
U.S. Air Force officials sought to modernize two data-based nodes in its network-centric architecture, the Distributed Common Ground System (DCGS). They elicited the help of NCI Inc.-a provider of information technology (IT), engineering, logistics, professional services, and solutions to U.S. Federal Government agencies located in Reston, Va.-to assist in the task.
NCI won a $12.5 million, 12-month task order under the Air Force's NETCENTS (Network-Centric Solutions) program to provide engineering and integration services for two data centers in support of the DCGS. "This upgrade is very important in modernizing the DCGS architecture and to the DCGS mission," says Terry W. Glasgow, president of NCI.
Engineers at NCI and at team member ITT Corp. will procure, test, integrate, and deliver two Data Storage and Dissemination Centers (DSD) at Langley Air Force Base (AFB), Va., and Beale AFB, Calif. As a result of work on this task order, the netcentric DCGS enterprise will gain modern data storage, dissemination, processing, and retrieval capabilities.
Computing continues to move closer and closer to the edge of the battlefield and, in many cases, even to the warfighter's pocket, Sevin notes; at the same time, mission-critical data that the warfighter requires-whether for survival, mission success, or both-must be shared. These factors compound the need for secure data storage on the battlefield.
|The Golden-Eye II S802R-S sealed, rugged, Core 2 Duo Penryn system from General Micro Systems sports removable hard drives.|
"Real-time, actionable information requires communicating data directly to the warfighter, and it must be secure because troop movements and lives could be impacted," Sevin explains. Secure storage is, in this way, critical to achieving the goal of the network-centric battlefield: to deliver the right information to the right person at the right time.
Data, at rest and in motion, must be protected, Sevin continues. "Encryption is the method of protection that everyone is using, with several types of key management and encryption algorithms implemented in software, firmware, and hardware."
"There has been a huge increase in the amount and sensitivity of the data being stored on weapon platforms," Davis describes. "The data being stored now includes mission data, maintenance data, and complete digitized models of the Earth." As the volume and value of the stored data increase, so do concerns over damage that might be caused if that data is compromised, he says.
"Elaborate methods are being developed to secure data with encryption and, as important, are the key management concept-of-operations (CONOPS)," Bohman describes. "In many ways, the key management strategies are more difficult. It has to be easy and fast enough so as not to hinder the mission and, yet, it must be foolproof in denying access to the enemy should the system fall into enemy hands. A compromise must be found between ease of use in the field and protection of the data."
Encryption and erasure
"In terms of security requirements," Ambuehl says, "many applications require not only the data to be encrypted, but also the storage subsystem to support secure erase options. These secure erases involve a complete clearing and sanitization process that can meet specifications, such as DOD NISPOM (U.S. Department of Defense National Industrial Security Program Operating Manual) 5220.22-M. The secure erase options commonly requested include push-button erase, anti-tamper support, and battery backup, which allow erases to be initiated and completed despite power loss."
Security specialists have been seeking quicker and more automatic methods of erasing sensitive data from data storage systems, especially since the P-3 Orion was forced down in Chinese territory in 2001, according to Davis and Bohman. They refer to the now infamous U.S.-China aircraft collision incident in which a U.S. Navy EP-3 reconnaissance aircraft (as well as its on-board intelligence, electronics and sensor systems, and crew) were retained for a period and inspected by the People's Republic of China.
"For many years, to zeroize all memory was the only way to sanitize and protect the data," Davis recalls. "Every Government and Department of Defense branch has its own elaborate memory erasure algorithms. When performed by the software, these processes can take too long to complete on large, multi- gigabyte or -terabyte storage. Some solid-state disk vendors have implemented erasure algorithms in hardware to speed the process."
"Increasingly, the favored alternative is to encrypt the data before storing it with a very strong algorithm (AES-256, for example) and then provide for rapid and reliable erasure of the encryption key," Bohman says. "Thus, the data is protected from reading until the key is re-installed by a certificate authority."
Curtiss-Wright engineers adopted this method with the company's Compact Network Storage system and removable Flash Storage Module (FSM). A pushbutton, a discrete signal, or an authorized user can delete the key within milliseconds from a special non-imprint static random access memory (SRAM) location, rendering the data unreadable.
Another valued method of ensuring secure data storage involves the use of systems having removable hard drives. Technology firms such as General Micro Systems Inc. and Crystal Group engineer electronics systems with multiple, removable drives for mil-aero applications.
General Micro Systems engineers developed the company's Depot SX401R-4 with mil-aero needs and requirements in mind. The system is compact, rugged, and low-power, and it supports up to four removable, sealed solid-state drives. Its ultra-small footprint measures 6 x 3.5 x 3 inches, and it weighs 2.5 pounds. The Depot can be configured with up to 1 terabyte of storage capacity. It can serve as network-attached storage, and the removed SSDs can be accessed via SATA or USB interfaces.
"It fits in the palm of your hand," explains Ryan Steely, vice president of marketing at General Micro Systems. "The 1.8-inch drives pull out and can be accessed via a USB port on the back. In addition to offering data storage, it's a complete computer system."
The company's GoldenEye II family of compact, rugged systems- including the S802R-4, S802R-S, and S802R-LP-are designed to provide up to 2 terabytes of storage capacity across multiple, removable, solid-state drives.
|High-capacity, solid-state, Rugged Drivepacks from Crystal Group enable the transfer of data in 1 to 2 minutes by physically swapping out the drive packs.|
Crystal Group-a designer and manufacturer of rugged, COTS, custom-designed computers, displays, networking devices, embedded systems, and storage devices-has unveiled its TCM2 Tactical Computing Module with options for removable storage media. The embedded module is tailored for "environments where performance, ruggedness, and reliability are imperative, such as military shipboard, airborne, and land-based applications," says a company representative.
The TCM2 high-performance embedded computer is designed to operate in extreme environments and to run on conventional, 12-volt vehicle power or 24/28 volts of DC power to meet the requirements of many mil-aero applications. It is available with two 2.5-inch rotational or solid-state hard drives and can accommodate as many as eight more drives with the addition of a bolt-on expansion base, enabling a single TCM2 to deliver up to 4.8 terabytes of rotational hard drive storage or 1.28 terabytes of SSD storage.
Mil-aero industry innovators anticipate that solid-state technology will continue to replace and outpace adoption of rotational hard drives in mil-aero environments.
"Solid-state media lacks moving parts, which makes it inherently better than rotating media for the environments that mil-aero vehicles must withstand," Ambuehl says. "In the past, mil-aero systems included rotating media as a concession because there was no other choice for high-density storage. Now, with the densities that solid-state media can provide, SSDs are able to provide the storage capacity required by many applications.
"Going forward, I expect solid-state media to be selected for any new designs," Ambuehl adds. "The cost/density disadvantage that solid-state media has when compared to rotating media seemingly disappears when weighed against the inherent ruggedness in a high shock and vibration environment.
"It will not be long until there are SSDs with encrypted densities in the multi-terabyte range, with read and write performance two to three times that of current SSDs," Ambuehl predicts. "Before the end of 2011, we should be able to provide a 1TB SSD in a single 3U VPX form factor."
|General Micro Systems' Depot SX401R-4 is a sealed, rugged, low-power system with quad removable solid-state drives.|
Beyond SSD, secure data storage systems of the future are likely to provide more of precisely what mil-aero users need. Specifically, they will be smaller, faster, and offer "more disbursement of actionable information to the warfighter safely to the edge," Sevin says.
In the not too distant future, Ambuehl anticipates storage modules will "become intelligent self-contained entities, with their own security policies and the ability to self-declassify (essentially erase with overwrite). For example, for a CPU to access the data stored in the storage module it will have to first authenticate with the storage module."