C. Evolving Systems
When it was first accredited in 1995, ISSE was purely point-to-point and served one data transfer method, e.g. email or file drop, per installation. Version 3.4 enabled multiple organizations to transfer between two domains, and version 3.6.1 enabled multiple organizations to transfer between two or more domains. It is this v3.6.1 which is considered to be “enterprise” in today’s terms. At its highest point, ISSE was fielded in 160 operational locations. Since the advent of the enterprise construct, this number has been reduced, as expected. By counting the total number of threads, we can arrive at a realistic estimate of the capabilities delivered by ISSE systems. An inventory in September 2015 placed ISSE operating on an impressive 734 threads in 73 systems worldwide. This represents 46 percent fewer systems while supporting the flow of 298 percent more data.
ISSE has evolved from its first use as a point-to-point solution to be compatible with the enterprise construct which is prevalent today. This approach to the crossdomain business makes sense for financial reasons. For an organization with cross-domain needs, being incorporated into an enterprise system saves money by reducing the installation costs and manpower costs associated with system administration. Organizations housing the enterprise systems can charge user fees to the tenant organizations and staff one or more full-time administrators who oversee the operations of the system. The major disadvantage of the enterprise construct is that many organizations are tied into one system; if that system fails, the operational consequences are farther reaching than if the organization hosted its own CDS. Despite this concern, albeit a minor one, the enterprise construct is expected to become even more prevalent as new customers come online and some existing customers transfer to enterprise.
As an example of the conversion to enterprise, one such organization migrated from 18 point-to-point systems among seven sites to three enterprise systems among three sites. This major effort resulted in real cost savings in engineering support, licensing costs, power, administrative overhead, and 50 percent less hardware, while increasing the availability of mission critical data. The organization also upgraded their ISSE systems, and the improved transfer rates from the synergistic effects of combining upgrades and enterprise consolidation resulted in more than one billion files annually, not to mention the added security and connectivity to additional security domains.
An unremitting problem for the ISSE PMO is hardware obsolescence. From inception to fielding, a major version of ISSE is several years in the making. By the time a version is fully developed, tested by the engineers, tested by the government, final configurations are made, and certification is completed, several years have passed. (Minor versions can be fielded in several months—if enough manpower is applied to the effort.) Because the new version’s operating system is only compatible with certain hardware, the problem then arises that when hardware is no longer supported, there is a hardware obsolescence problem looming in the horizon. ISSE uses Oracle’s Solaris operating system (OS) which has excellent security attributes. Solaris is used heavily by the bank, stock market, and insurance industries . Despite this solid user base, there exists some concern about Solaris’ diminishing user base and future supportability, a concern that is not necessarily shared by the PMO. A third-party study was completed to investigate whether ISSE should move to another operating system. In order to transfer (“port”) to another operating system, significant funds and manpower would be required to accomplish this effort in parallel with other development and maintenance schedules. Additionally, there was no significantly compelling reason to port to another OS, since hardware obsolescence is persistent for all OSs. The ISSE PMO determined that the best alternative was to stay with Solaris and integrate new OS versions and test with beta versions whenever possible.
There is one other approach to mitigating hardware obsolescence the PMO is currently investigating. This involves placing ISSE on a cross-domain access solution. These are secure systems with virtualized security domains. Each domain is separate and therefore very secure within a small amount of hardware. The advantage of this approach is that x86 hardware can be used for the access solution, which will be supported for the foreseeable future. The Solaris OS is interfaced with a virtual machine of the access solution. As a corollary, if successful, the resultant hybrid ISSE will require fewer pieces of hardware and less power to operate. This effort is currently being completed for three domains and several mission applications on SecureView, which is a program also overseen by the Information Handling Branch of AFRL in Rome, New York.
The Information Support Server Environment (ISSE) is a cross-domain transfer solution that is used by numerous U.S. government organizations and coalition partners. It is an electronic capability which securely transfers data between separate networks. Since its initial fielding in 1995, it has become a premier cross-domain solution that has continued to meet users’ needs by evolving to the enterprise construct and providing advanced mission applications. It continues to stay relevant by anticipating the changing cross-domain landscape. For more information about ISSE, please contact the ISSE PMO firstname.lastname@example.org or 315-330-7838.