As a provider of secure mobile communications systems to the U.S. Government and military, we often encounter operational requirements that go beyond the norm of traditional COTS (commercial-off-the-shelf) solutions. In this particular case study, DTECH LABS was tasked by a particular organization to evaluate both their existing deployed COTS (in a rack) system and their communications requirements with a goal to develop a more tightly integrated, and better performing, communications package. The package would be required to meet their unique, operational needs for secure voice and data over varied, and somewhat unreliable, satellite communications networks. Their primary problem involved the inability to establish and maintain multiple Secure Calls across unreliable and/or variable satellite networks. One of the customers major concerns was the ability to increase the number of Secure Calls over low-bandwidth (i.e., 64 128 kbps) satellite links. Of secondary concern was the ability to increase support for growing data and video applications.
There were several operational challenges the customer faced during the course of their normal operations:
Limited bandwidth The bandwidth available to the customer, predominantly IP or IP over ISDN-based, was typically limited to anywhere from 64 kbps to 512 kbps, with the higher speeds being the exception, rather than the norm.
Unreliable bandwidth Given the nature of the satellite equipment in use, ranging from GAN to BGAN to the occasional VSAT system, and the global nature of their deployment, consistent bandwidth could not be counted on - even in situations where a fixed-bandwidth link could be established, the quality and consistency of the bandwidth was often unreliable.
Diverse operational environments The customer had a fairly demanding set of deployment scenarios. They included the ability to establish secure voice, data, and video in a wide range of geographic environments and mobile transportation systems (i.e., fixed location, vehicular transport, and airframe platforms).
Unreliable power availability Given the nature of their mobile operations, wide-range power input was absolutely necessary. While emergency/generator power for satellite systems was typically available, standard AC and/or DC filtered power for mobile communications systems (especially in vehicles or airframe platforms) would not always be 100 percent available.
Expansion/sizing requirements The system had to be designed in such a way as to provide support for a variety of users, ranging from small teams of one to two individuals to as many as 18-24 members of a larger travel team.
As with most challenges, many times existing operational conditions must be taken into account for the ultimate solution. In this particular case, there were several fixed constraints:
- the proposed communications solution must be man-carry and configurable to meet standard airline carry-on size and weight limitations,
- the existing infrastructure of Secure Phones (primarily STU and SCIP devices) must be supported in the system, and
- No changes to the satellite system (typically GAN or BGAN), including both modem and dish/terminal technologies, would be allowed.
PHASE I of the task would involve establishing an operational system to meet the core customer requirements. Expected refinement would take place post-deployment in Phase II.
Developing a Semi-Custom COTS Solution
After evaluating several different commercially available technologies and packaging options, it was determined that some incremental improvement over the existing deployed system could be met with alternative and additional COTS products. However, such a system would not be feasible from a practical perspective due to the size, weight, and complexity of the system (even reducing the footprint of their rack-mount system or integrating the COTS components into a smaller transit case would not meet their mobility requirements).
It was quickly agreed that a semi-custom solution (that would become COTS) would need to be developed to meet the operational and physical size and weight requirements of the customer. Several different design options were considered before the customer finally agreed that a modular approach would be the most viable. This allowed for best of breed COTS equipment to be integrated into a highly-modular system, as well as custom and semi-custom developed components that would enable future upgrades and accommodate changes to the customers operations requirements.
To achieve this level of modularity, a split RED/BLACK chassis-based approach was selected. This required the repackaging of COTS products into universal modules for implementation as required by the client to meet the individual requirements of specific missions. The following modules were developed as core components of this system...
CISCO Mobile Access Routing Module A core module providing full CISCO IOS and Call Manager support for voice/VoIP applications, as well as to serve as the prime routing interface into the customers secure network.
DTECH LABS WHISPER Secure Voice and VoIP Optimization Module A module that would support the direct connection of Secure Call devices (STU/STE/SCIP) with a level of call optimization that would increase the number of Secure Calls permitted over very low bandwidth links. The WHISPER also provided an added benefit of enhanced Secure Call Relay (through software licensed from Network Equipment Technologies, Inc.), which allowed for temporary network outages of up to 10 seconds or statistically poor periods of network performance, without the dropping of Secure Calls. This was critical, as most Secure Calls, which can take up to a minute to establish, tend to drop when even minor packet drop rates occur, a common occurrence over satellite links.
Wide-Range AC and DC Power Input Module The module was designed to accommodate varying power sources in the field.
Encryption Support Module (Power/Interface) A module allowing for the powering of external encryption devices by the main system, as well as providing for the connection of separate RED from BLACK chassis modules via standard LAN connection within the system.
PHASE I Results
The testing of the PHASE I prototype product was successful in meeting the core requirements established by the customer. However, as a result of testing, several additional enhancements were requested by the customer.
The first enhancement included the ability to operate entirely independent of the wired power grid. This was requested in order to allow emergency communications where adequate power was not available, such as within certain vehicles or while located in temporary facilities, such as an airport hanger between flights. To address this issue, an embedded UPS module was designed to power the complete system for as long as several hours. The power system was also designed to help support encryption and GAN/BGAN terminals that may be integrated along with the mobile communications system.
The second enhancement involved the expansion of the requirement for pure VoIP calls across the network. VoIP calls tend to be transported across the network in extremely small packets, and can quickly overwhelm many satellite modems in terms of packet-per-second performance. This was an easy accommodation as the WHISPER provides for an advanced packet-aggregation feature for VoIP calls, greatly reducing the bandwidth and number of packets required to support large numbers of VoIP calls across a low-bandwidth satellite network. The only physical change required was the development of an expanded Power over Ethernet module to accommodate additional VoIP phones
Ongoing System Refinements and XipLink integration
With the final testing and acceptance completed on the unit, several additional features were discussed with the client, including ergonomic enhancements that would improve the operational capabilities of the system and improvements to the overall data performance of the system. The determination was made that we needed to find a means to offer advanced IP acceleration that worked at the base packet level. The enhancement also had to be able to differentiate between applications and allow the customer to improve services for various applications (voice, data, video, and so on), based on real-time operational demands.
To accomplish this, XiplInk Wireless Optimization engine is presently being integrated directly into a new module for inclusion in the system. The benefits included real-time optimization for secure encrypted voice, which has now been combined with techniques for TCP protocol acceleration and advanced data compression. This further increases the use of available capacity over satellite links. This module is currently in final integration testing and will become one of the standard COTS modules for the system. Included will be a low-power CPU running the XipLink integrated system that will operate as a converged satellite voice and data platform, prioritizing voice calls and optimizing the remaining satellite bandwidth for data
While the initial requirement presented seemed fairly straight forward, it was apparent from the start that a standard COTS integration might not meet the stringent operational challenges of the customer. This proved to be the case. A modular system that could be fielded on a mass scale was developed as a new product.
Individual COTS components, where available, were modified to fit within a standardized modular chassis. Essentially, a new COTS system was created from a combination of in-house developed product and the integration of board-level, commercially-available components. The original set of requirements also expanded as design, prototype and field-trials were completed. The resulting product, which has now been deployed as a single, self-powered, man-carry system, is currently being fielded in several configurations, operating in stand-alone, vehicular, and airframe deployments.
The key to success of this project, and the quick turn time (less than three months, from concept to full deployment) was in working closely with the customer. The high-level end users as well as the supporting travel team personnel responsible for the operations and maintenance of the system were all included in what is best described as a superb team effort.
About the author
Fred is the Chief Information Officer of DTECH LABS, Inc., a Sterling, VA-based provider of secure mobile communications systems. red has been active in the networking and IT industry for over 25 years, most recently as the CEO of Current Analysis, a competitive intelligence firm covering the Network, Communications and IT market sectors for technology and investment professionals. Prior to that, he was involved in developing Advanced Product and Marketing strategies at Newbridge Networks (now part of Alcatel), served as a Program Manager at industry research firm Gartner Group, and was a Manager in the IT Consulting Practice of Ernst & Young. Fred published his first book on physical networking infrastructure in 1992 and has served as an editorial contributor to Network World Magazine. He can be reached at 703-609-3733 or firstname.lastname@example.org.