SDN Bolsters Network Security for USCENTCOM

Calendar icon 01-04-2019

Better eyes and control on data center and network traffic

With our IT engineering help, U.S. Central Command has solved an important need of its large and complex network: to better control the traffic and activities on it.

SAIC assisted USCENTCOM on modernizing its data center supporting enterprise services including file sharing, instant messaging, voice, and video applications for active warfighters. By deploying a software-defined networking (SDN) solution, USCENTCOM can better optimize security and network performance for the data center.

“SDN provides a network structure that gives us better scalability and visibility of the data center,” said Robbie Hodges, SAIC’s network infrastructure lead at USCENTCOM HQ in Tampa, Florida. “Network personnel can see errors or anomalies, isolate them, and react quickly.”

Policy-driven access and data routes

The SDN implementation lets network support staff deploy microsegmentation, giving them the ability to configure targeted security rules for different types of traffic across the data center.

These rules could be configured to block or permit what can “talk” between applications or to allow users access only to the resources they need for accomplishing their tasks. Both measures reduce attack routes.

The data center’s spine-and-leaf topology moves network traffic directly between end points versus “hops” over multiple points, making errant traffic detectable.

SDN enables USCENTCOM to:

  • Create and enforce protocols and controls from a central location to govern how network traffic can flow between user applications and the data center.
  • See all traffic and events on the network through a “single pane of glass,” giving a complete situational awareness picture. Network and security staff can quickly locate where errant behaviors and performance faults are happening and trace the paths of data traveling on the network.
  • Boost operational redundancy, balance traffic loads, and scale the data center and network by moving around and expanding resources within the leaf-spine setup.
  • Use newer and more efficient hardware as well as fewer devices in the data center to shrink its physical footprint and lower operating expenses and cost of ownership.

Our team performed the data center upgrade with over 600 network connections without disrupting critical services for users. “These are mission networks, so downtime was unacceptable,” said Hodges.

The build-out took less than two months, and services were moved over a weekend.

USCENTCOM’s solution uses Cisco networking technologies. Our strategic alliances with top technology providers enables us to engineer other types of SDN, tailoring the solution to a customer’s needs.

Through SDN, the combatant command is able to optimize the security posture for the data center and improve readiness for future network computing needs.