backtop


Print 9 comment(s) - last by Donovan.. on Jul 7 at 12:40 PM


The new FAA system uses faster, more reliable, and more secure Stratus FTserver 6400s powered by quad-core Intel Xeon processors. The new servers support virtualization for more efficient additions and workload distribution.  (Source: Stratus)
New FAA flight plan system beefs up security and processing power

In September last year, DailyTech reported that the FAA was in the process of virtualizing its flight plan infrastructure.  A throwback from the Cold War days, officials were inspired to replace the dinosaur-of-a-system after several massive crashes that were attributed to the failing, aging hardware.  A successful upgrade of a similar internal business system at the FAA, utilizing servers and storage from Sun and Cisco, served as a template for the flight plan system upgrade.

Over the last half year the FAA has been carrying out the upgrade, and it is now nearing completion.  The new and improved National Airspace Data Interchange Network's (NADIN) will comprise a critical part of the NAS (National Air Space) traffic system, which processes over 1.5 million messages a day.

FAA IT administrator Jim McNeill reports that these upgrades are almost done, stating, "We've just about finished our transition from the legacy system over to the new system.  The main new system is for NADIN, built on Stratus servers with virtualization, and handles all the legacy [mainframe] functions as well as new FAA-owned IP systems."

The new network will separate government and non-government data, a federal requirement.  The system uses virtualization to better provision services on new heavy-duty Stratus FTserver 6400s hardware.  The servers feature Intel Xeon quad-core processors.  Designed by Lockheed Martin engineers, the system replaces two 21-year-old Phillips DS714 mainframes -- located in Atlanta, Ga., and Salt Lake City -- that first went live in 1989.

Mr. Mcneill describes the benefits of virtualization, stating, "Our biggest use of virtualization is that it allows us to install one physical server, then provision services across that server, in a much faster manner, without having to do any modernization, upgrades or hardware installations."

He continues, "We can run one virtual machine for generic TCP/IP users, we can have another VM for international connections, and then we're having discussions about other agency services that have external data requirements. This allows us to provision them in a quick time frame and keep them isolated from each other in terms of data flow."

Virtualization also is helping the system with its upgrade needs.  States Mr. Mcneill, "It's travel to a facility for a hardware installation, power modification, training -- it's very costly and time-consuming to have to do all that.  Now with this common server using virtualization, we can have a template for an operating system and provision a new service in days, requiring no facility upgrade or travel."

The system enjoys superior security thanks to a new NAS-approved security gateway.  Mr. Mcneill states, "The system has a limited numbers of Internet access ports to the NAS system. We will keep the system inside one of their approved security gateways."

The upgrades are viewed as critical to the nation's security.  Recent intrusions of FAA systems have shown that foreign parties can gain access to the system and recent crashes have shown just how vulnerable the system is to corrupted data or other problems.  A full scale attack of the elderly system could easily bring domestic air traffic in the U.S. grinding to a halt.  International intelligence analytical firm Stratfor states, "The lack of redundancy and dynamism demonstrated ... by the latest NADIN crash makes a cyberattack against critical U.S. infrastructure all the more feasible."

One key difference between the old and new system is that pilots will no longer file their own flight plans.  Under the new system general aviation pilots (such as pilots of very small private planes) will file plans via a service provider or a flight station.  Pilots with airlines and private air services will have their plans filed by service providers that they employ.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Here's a link
By amanojaku on 7/3/2009 1:13:34 PM , Rating: 3
To the press release. Considering the two mainframes being replaced this is actually cheap at $860,000. It's running VMware (probably vSphere 3.5 as 4.0 wasn't RTM at the time of the release) and the price covers licensing and hardware, including two storage arrays. There are plans to grow the infrastructure down the road, too. This looks like money well spent, for once.

http://www.stratus.com/news/2009/documents/2009051...




RE: Here's a link
By Jeffk464 on 7/3/2009 8:49:11 PM , Rating: 5
I would say that is cheap. It normally costs the government more then one million dollars just to decide whether they should do something or not.


RE: Here's a link
By drinkmorejava on 7/4/2009 12:15:21 PM , Rating: 2
I was hoping the press release would have more info. I wonder if they're doing vSphere or vMotion. I don't know what vSphere's capabilities are with regard with hardware failure. 99.9999% uptime pretty much requires that a machine never skips a beat.


RE: Here's a link
By javellan on 7/4/2009 12:40:52 PM , Rating: 3
Like juancferrer pointed out, what does it matter if it's now virtualized? If they didn't upgrade their code? The reasons they've had outages was for corrupt file plan inputs to their system! I'm a huge virtualization geek but all that does is provide better resource management and consolidation. If someone believes that virtualizing to VMware creates a more secure environment you've got another thing coming. In fact from reading this article it's almost assuming their placing DMZ and non-DMZ guests inside the same ESX server which is a huge mistake even with separate virtual switches and uplinks in a sensitive secure environment. Its called "guest escape" and just because it hasn't gotten mainstream attention yet on ESX, all you have to do is view this security patch VMware put out last April. http://bit.ly/14LZVS, hint host = ESX.

Moreover, did anyone read the Stratus press release? "The second will run a Windows application being used as a generic proxy server" Who prefers to run a proxy server on the most widely exploited OS at the moment for our nation's critical infrastructure? I know it makes sense with all 32bit Windows guests and transparent page sharing enabled (also a mistake in high security environments) but really?

I'm just ashamed they aren't putting as much press out on critical code changes to their mainframe rather than pushing virtualization improvements. Like others, I'm glad it was done cheap compared to other blunders of government work I've been part of.

/end rant
-Joaquin


RE: Here's a link
By chrisw0830 on 7/6/2009 2:52:27 PM , Rating: 3
I'm a long time VCP (my VCP number is below 5000), and have been designing and deploying virtualized datacenters for almost as long.

As to the security aspects you note (the "Big Mistake"), I'm afraid you're incorrect. Best practices are that you CAN place DMZ and non-DMZ VMs on the same physical ESX host, provided you maintain physical separation of network security trust zones at the NIC port level. Quoting from a recent article on the subject - because they say it so nicely:

"Most security administrators will not allow multi-homed systems into a DMZ. Multi-homed implies a system that connects to multiple networks at the same time. The fear is that these systems would then act unknowingly as a bridge between security zones outside the predefined firewalls, routers and gateways the security teams have already setup.

With VMware ESX or ESXi this is not the case. Inside the hypervisor is a Layer 2 virtual switch that behaves very similarly to a Layer 2 physical switch. Given that virtual switches exist and that virtual switches can not talk to each other unless, as with separate physical switches, there is some system bridging the gap. VMware ESX and ESXi do not act as such a bridge but maintain the virtual switch as its own entity. Virtual machines (VMs) are attached to portgroups on a virtual switch that can act as VLANs but do not need to do so. Virtual switches can not talk directly to each other, neither can VMs on different portgroups (except for those within a portgroup with a VLAN id of 4095, which is used for security software and VMs that handle VLAN tagging themselves)."

Now, as to the patch you mentioned, this actually is not nearly as relevant to ESX environments as you are trying to imply. In order to take advantage, you would need to 1) be on an unpatched system, 2) know how to take advantage of the vulnerability, and 3) know that you must execute ESX based - and NOT Windows based - code. Even at that point, you would still need to compromise the ESX kernel. The real vulnerability for this particular issue is when running VMware Workstation or VMware Server on a host running Windows.

Now, all of that said, I do agree that just because you decide to virtualize something doesn't make it any more secure than it was before. Virtualizing an unsecure physical server will result in a VM that is just as unsecure. Poorly written code is poorly written code regardless of the environment it is running on.

Finally, this does appear to be a VMware Infrastructure 3 deployment and not a vSphere 4 one (there is no such thing as vSphere 3 - the name change happened as of version 4). Oh - and VMotion is VMware's branded version of live migration technology that works in an ESX environment with vCenter. It's treated as one of several add-on features as opposed to an independent product - just like HA, DRS, and (in vSphere 4) Fault Tolerance.

We'll see how things go.


RE: Here's a link
By Donovan on 7/7/2009 12:40:12 PM , Rating: 2
Not disagreeing with the best practices, but this does assume that no one can break out of the VM and alter the host machine. If they do, they can reconfigure the virtual switch or even interact directly with other VMs. While it is theoretically possible to hack into a physical router to disable DMZ, it would require a monumentally stupid bug in the router firmware.


RE: Here's a link
By chrisw0830 on 7/6/2009 2:58:42 PM , Rating: 2
One more thing...

Transparent memory sharing (which is on by default) is also NOT a "Big Mistake" in high security environments. If you understand what this is and how it works, you would also understand why that's the case.

I would reconsider which security guys you are talking to on this stuff...


“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki