Creating agile recruitment through SOA and API publication
The US Army Accessions Command (USAAC) was established by general order on February 15, 2002. A subordinate arm of the Training & Doctrine Command (TRADOC), it provides integrated command and control of recruiting and initial military training for the Army's officer, warrant officer and enlisted forces. USAAC meets the Army’s human resource needs from first handshake to first unit of assignment, transforming volunteers into soldiers and leaders for the Army.
US Army by the Numbers
- More than 1.4M active duty personnel
- More than 3,500 recruiting points of presence in the US alone
- 65,000 active duty recruits
- 8,000 recruiters (FY09)
- 108% of goal for recruits (FY09)
- More than 20,000 downloads of iPhone app in the first month
USAAC has a global presence operating in store fronts, Colleges and wherever the United States has a military base. In order to support field recruiters across such a large territory, USAAC created a centralized IT mechanism – a custom CRM system built by HP Enterprise Services (formerly EDS) – to help manage information on potential candidates and maintain internal department information. Just as businesses use Salesforce.com to nurture leads, the Army relies on its CRM application to distribute and manage recruiting leads.
Driven by post-911 information sharing and paperless Army initiatives, military mission support and mission critical systems are evolving to become more interoperable. The US Army’s own information sharing initiative began with the adoption of a Service-Oriented roadmap (known internally as Integrated Application Architecture or IAA), which was designed to create more efficient, reusable and interoperable IT systems. As part of that process, USAAC re-architected its CRM system into more than 100 components and 60 major services. However, it quickly became clear that securing and managing so many moving parts was trending towards too much overhead.
For example, with the growing threat of cyber attacks aimed at government resources (e.g. the July 2009 distributed denial of service attack on the Pentagon or the May 2010 malicious hacking of four US Treasury Web sites), securing public-facing military resources like Army recruiting was a key concern. But with more than 60 services, programming security measures into every USAAC Web service – security that would have to be updated to counter each new cyber attack – could result in a never-ending cycle of updates, testing and redeployment, leaving little time and few resources for new initiatives.
Additionally, as changes were made to services, client-side applications would need to be separately updated to support the new functionality, slowing down server-side rollouts and introducing a great deal of planning to maintain business as usual. The need to support a number of different environments (from development to test to production) across multiple datacenters and periodically move services to new hardware also required complex planning in order to minimize downtime.
Struggling just trying to keep up with the maintenance of existing services, USAAC went looking for a product that could help it better manage the service lifecycle.
By deploying the Layer 7 SecureSpan XML Gateway, USAAC was able to centralize service security, management and lifecycle in a policy-driven device. Now, when changes are required, USAAC can make them centrally for all services by making modifications at a policy layer – not individually to each service. Layer 7 even allowed the removal of functionality (such as certificate management) from clients, centralizing it in the Gateway and thereby removing a large part of the client-side maintenance burden. And because all service interactions must pass through the central Gateway, which obfuscates the location of backend services, USAAC could freely move, test and update applications without adversely impacting client activity.
Additionally, Layer 7’s API publishing capabilities allow USAAC to control and govern the way its CRM services are exposed outside the organization. Policy-based controls let USAAC: customize the message, identity and interface-level security for its CRM services; track usage, monitor interface health and even manage versions and updates without breaking client applications. In this way, USAAC was able to quickly and easily support the Army’s mobile and Web initiatives including an iPhone application and the Go Army and National Guard Web sites. Similarly, it was able to streamline the exchange of information with the Military Entrance Processing Command (MEPCOM), which provides testing, examining and processing of applicants for enlistment into the Armed Forces.
The network architecture consists of multiple DMZs, each leveraging a SecureSpan Gateway cluster to enforce security policy inbound to/outbound from the corresponding network: the untrusted Internet; semi-trusted NIPRNet (Non-secure Internet Protocol Router Network) and trusted internal LAN. Redaction capabilities ensure that information access is limited based on role. Cyber defense capabilities address common threats associated with SOA, Web and Web service implementations. And full support for the Joint Enterprise Service Monitoring (JESM) enables secure, federated application monitoring.
Layer 7 provided USAAC with a focal point for managing and publishing all the components and services associated with its recruiting system, thereby not only lowering maintenance costs but also allowing USAAC to take on new mobile and Web projects and turn them around in a matter of weeks instead of months.
And because the SecureSpan Gateway provided out-of-the-box support for the Department of Defense’s (DoD) Net-Centric Enterprise Services (NCES), the Common Criteria EAL4+ international security standard and the US Joint Service Security Working Group Specifications, costs and time associated with creating and certifying the security of the solution were dramatically reduced.
Looking to the future, the flexibility of the Layer 7 solution will allow USAAC to pursue opportunities to interface with SaaS applications and the DoD’s private Cloud by providing capabilities around secure connectivity and data validation to ensure the integrity of all shared information.