Military leaders approve two network-monitoring software tools
Pentagon officials who manage the Joint Warrior Interoperability Demonstration (JWID) are choosing two promising software technologies for special consideration in joint-service data network monitoring and information security.
By Edward J. Walsh
WASHINGTON — Pentagon officials who manage the Joint Warrior Interoperability Demonstration (JWID) are choosing two promising software technologies for special consideration in joint-service data network monitoring and information security.
Officials of the joint-service project office that manages the 2000-2001 JWID in late September chose two technologies they are calling JWID "gold nuggets." They chose these software programs from the 26 technologies they evaluated during the 18-day JWID demonstration period in July.
The two technologies are the Silent Runner, an internal network security system developed by Raytheon Co. of Lexington, Mass., and a family of application programs developed by BMC Software of Houston that provide network monitoring, situation awareness, and service assurance. U.S. Air Force Col. James Dowis, director of the 2000-2001 JWID, says defense leaders will field both "gold nugget" technologies to the unified commands next year.
The JWID process started in the early 1990s to evaluate information-management technologies that could meet service requirements with little or no additional development. Contractors and government organizations submit candidate technologies for participation in the JWID demonstration.
The gold nuggets must comply with the Defense Information Infrastructure Common Operating Environment (DII COE) and with the U.S. Department of Defense Joint Technical Architecture. They also must be usable to at least three of the services, be mature, supportable, and provide a unique capability.
The BMC Patrol family consists of task-oriented programs, including Patrol Explorer, Web Viewer, Patrol for Unix, Patrol for Internet Service, Patrol Integration, and Enterprise Manager. The programs are written in a unique Patrol scripting language.
Al Snell, Navy account manager for BMC, says the company's Patrol architecture monitors overall network status by inserting intelligent autonomous software "agents" at various levels within servers.
The agents carry out pro-active monitoring and management of operating systems, databases, and specific application programs and provide an overall "process view" of system performance, including root-cause trouble analysis real-time problem notification.
The Patrol family of applications ran within the JWID e-mail server and the imagery-dissemination server provided by the National Imagery and Mapping Agency. They also ran on other JWID network servers, such as an open-view node manager, that provides system monitoring at the "enterprise" level for viewing by network administrators and commanders.
The Navy's Space and Warfare Systems Center, San Diego, uses Patrol in research and development systems. The BMC software was run at the primary JWID sites: U.S. Pacific Command headquarters, the Air Force's Cheyenne Mountain, Colo., Operations Center, and the Joint Battle Center in Suffolk, Va.
JWID officials call Raytheon's Silent Runner a "network discovery, visualization, and analysis tool". The program was developed initially by HRB Systems of State College, Pa., to respond to federal government concerns about computer network security. HRB later was acquired by E-Systems, now part of Raytheon.
John Holloway, a Raytheon business development manager for the company's Strategic Systems group in Linthicum, Md., says Silent Runner provides graphic images of system status that are used to ensure network security. The Silent Runner images, he says, enable users to detect abnormalities caused by intrusions from within an organization.
JWID officials say Silent Runner, which is capable of examining some 1,400 network protocols, runs passively on networks and provides continuous monitoring.
Holloway says Silent Runner complements other network protection tools, such as firewalls and other intrusion-detection systems. It also can insert data filters that eliminate the need to read large volumes of data while providing imagery that would reveal abnormalities caused by internal intrusions.