U.S.

Army Accessions Command

Creating Agile Recruitment through SOA & API Publication
The U.S. Army Accessions Command (USAAC) was established by general order on February 15, 2002. A subordinate arm of the Training and Doctrine Command (TRADOC), it provides integrated command and control of recruiting and initial military training for the Army's officer, warrant officer and enlisted forces. USAAC meets the Armys human resource needs from first handshake to first unit of assignment, transforming volunteers into soldiers and leaders for the Army. USAAC has a global presence operating in store fronts, Colleges and wherever the United States has a military base. In order to support field recruiters across such a large territory, USAAC created a centralized IT mechanism a custom CRM system built by HP Enterprise Services (formerly EDS) to help manage information on potential candidates and maintain internal department information. Just as businesses use Salesforce.com to nurture leads, the Army relies on its CRM application to distribute and manage recruiting leads.

Army by the Numbers

>1.4M active duty personnel >800K personnel in the reserves >3500 recruiting points of presence in the U.S. alone 65,000 active duty recruits 8,000 recruiters (FY09) 108% of goal for recruits (FY09) >20,000 downloads of iPhone app in the first month

The Challenge
Driven by post-911 information sharing and paperless Army initiatives, military mission support and mission critical systems are evolving to become more interoperable. The U.S. Armys own info sharing initiative began with the adoption of a service-oriented roadmap (known internally as Integrated Application Architecture or IAA), which was designed to create more efficient, reusable and interoperable IT systems. As part of that process, USAAC rearchitected its CRM system into more than 100 components and 60 major services. However, they very quickly realized that securing and managing so many moving parts was trending towards too much overhead. For example, with the growing threat of cyber attacks aimed at government resources (i.e., the July 2009 distributed denial of service attack on the Pentagon, or the May 2010 malicious hacking of four U.S. Treasury Web sites), securing public-facing military resources like Army recruiting was a key concern. But with more than 60 services, programming security measures into every USAAC Web service security that would have to be updated to counter each new cyber attack could result in a never-ending cycle of updates, testing and redeployment, leaving little time or resources for new initiatives. Additionally, as changes were made to services, client-side applications would also need to be separately updated to support the new functionality, slowing down server-side rollouts and introducing a great deal of planning to maintain business as usual. The need to support a number of different environments (from development to test to production) across multiple data centers, and periodically move services to new hardware also required complex planning in order to minimize downtime. Struggling just trying to keep up with the maintenance of existing services, USAAC went looking for a product that could help them better manage their service lifecycle.

Enter Layer 7
By deploying the Layer 7 SecureSpan XML Networking Gateway (Gateway), USAAC was able to centralize service security, management and lifecycle in a policy-driven device. Now, when changes are required, USAAC can make them centrally for all services by making modifications at a policy layer not individually to each service. Layer 7 even allowed the removal of functionality (such as certificate management) from clients, centralizing it in the Gateway and thereby removing a large part of the client-side maintenance burden. And because all service interactions must pass through the central Gateway which obfuscates the location of backend services, USAAC could freely move, test and update applications without adversely impacting client activity.

U.S. Army Case Study

Additionally, Layer 7s API publishing capabilities allow USAAC to control and govern the way their CRM services are exposed outside their organization. P ir Policy-based controls let them customize the message, identity and interface level security for their CRM services; track usage, monitor interface health, and even manage versions services; and updates without breaking client applications. In this way, USAAC was able to quickly and easily support the eas Armys mobile and Web initiatives including an iPhone application and the Go Army and National Guard Web sites. Similarly, they were able to streamline the exchange of information with the Military Entrance Processing Command (MEPCOM), which provides testing, examining and processing of applicants for enlistment into the Armed Forces. The network architecture consists of multiple DMZ's, each leveraging a Layer 7 Gateway cluster to enforce security policy inbound to/outbound from the corresponding network the untrusted Internet; semi-trusted NIPRNet (Non/outbound network: trusted secure Internet Protocol Router Network and trusted internal LAN. Redaction capabilities ensure that information Network), access is limited based on role. Cyber defense capabilities address common threats associated with SOA, Web, and Web service implementations. And full support for the Joint Enterprise Service Monitoring (JESM) enables secure, federated application monitoring.

The Results
Layer 7 provided USAAC with a focal point for managing and publishing all the components and services associated with its recruiting system, thereby not only lowering maintenance costs but also allowing USAAC to take on new iting mobile and Web projects and turn them a ojects around in a matter of weeks instead of months. And because the Layer 7 Gateway provided out out-of-the-box support for the Department of Defenses (DoD) NetDefense Centric Enterprise Services (NCES), the Common Criteria EAL4+ international security standard, and the U.S. Joint Service Security Working Group Specifications, costs and time associated with creating and certifying the security of the solution were dramatically reduced reduced. Looking to the future, the flexibility of the Layer 7 solution will allow USAAC to pursue opportunities to interface with SaaS applications and the DoDs private cloud by providing capabilities around secure connectivity and data validation to ensure the integrity of all shared information information.

Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.