Wednesday, September 30, 2015

U.S. Cyber Command's Requirements Demand Warrant Officers

Yesterday there was a hearing in front of the House Armed Services Committee, "Outside Perspectives on the Department of Defense Cyber Strategy".

Some of the points brought up were about the personnel management of military cyber warriors. This is a challenge, because "cyber" (BTW, I HATE the term) is both an infrastructure (i.e, IT Infrastructure), and a domain (Information Warfare). It is an area where both warriors and janitors walk, more akin to urban warfare than other historic domains.

Since the late 1980s, the military has treated IT as an area where COTS technologies should rule, to both increase the productivity of the military, and to reduce operating costs. At the same time, the PC and client-server boom of the 1990s drew skilled IT technicians from the military to the higher paying civilian sector.

Through the 1980s, the military, had its own data, uniformed, processing specialists. The father of a high-school friend was a Technical Sergeant in the Air Force and a Burroughs mainframe programmer.  In the 1990s, most of the programming positions were either converted civil service, or outsourced to contractors.

The second wave occurred in the 1990s with the decentralization of IT acquisition, management, and support from central service commands (i.e., Air Force Communications Command) to the local military bases.  This was followed with A-76 studies converting many base level IT jobs to a combination of civil service management and contractor work forces.

The result of all of this is the military lost its uniformed expertise in information technology.

Fast forward to today, and information infrastructure is as much a domain in warfighting as the seas and the air, yet the military is left without the skills in uniform which correlate not only to captains of ships and pilots of airplanes, but also to the technicians, operators, and maintainers. As a result, the military has once again centralized IT acquisition, management, and support, and is once again filling positions with uniformed personnel.

However, IT skills is unique in several ways. They are perishable. Old skill requirements (i.e., Novell NetWare, UNIX) become obsolete and unneeded, and are replaced with new skill requirements (i.e., Windows Server, Linux). To ensure quality, they require validation (i.e., IT Certifcations). Because they are COTS based, they are inexpensive compared to unique military skills. They are fungible and readily transferable to the civilian sector.

Another unique aspect of the military is ab initio training. The military will take someone from high school with the appropriate aptitude, enlist them, and train them up to a level of reasonable, beginners level, productivity. It then will use on the job training and continuing education to build expertise. In the case of an in demand skill set, this creates issues with retention. This is a bigger deal than a military turbine engine mechanic--there are only a handful of airlines needing them. But almost every organization needs a Windows administrator.

Then there are the challenges. The military needs, smart, highly skilled, problem solvers for day to day operation of the IT infrastructure. The military information infrastructure is more likely to be attacked both in peace and in wartime, but rapid recovery is critical in wartime. Poor retention hurts this need. The military needs deeply skilled, highly experienced IT technicians. But the need for operational managers is not that great, so the college educated, commissioned officer corps is not the appropriate career path for an IT technician. Something else is needed.

The military position of Warrant Officer is that of an technical specialist. Historically, the technical expertise came from experience serving in the enlisted corps.  In modern times, the Army uses Warrant Officers as helicopter pilots and trains them to the appropriate level or technical expertise.

Warrant Officers can serve as highly skilled individual contributors or as first level managers. It would seem a perfect career path for an enlisted military IT specialist. Tie it to certifications, and perhaps an Associate Degree, along with a service commitment and a retention bonus.

On the commissioned officer side, the career plan should be more on IT architecture, Information Warfare and advanced academic education. College educated officers would start focusing on both supervisory roles, and architectural roles. Then the focus should be on an advanced degree in the appropriate field of study. From there, moving to an Information Warfighting planning role, followed by the appropriate mid-career professional military education. Cross flow between related fields such as military intelligence would also be appropriate, however, this should be treated with care, as military intelligence often recruits from liberal arts studies such as history, foreign language, and political science. A cross flow program should not disrupt either the military intelligence corps, or the information warfare corps. Finally, the Joint Forces Staff College should create a dedicated Command and Staff school for information warfighters, with the goal of creating cadre of information warfighting leaders for all of the services.

Ultimately, the combination of a cadre of commissioned information warfighting leaders, combined with a corps of highly skilled warrant officer information warfighting specialists, would go a long way towards developing the cyber warrior force our nation requires.

Wednesday, July 01, 2015

A Reply to Chris M. Evans' "The NetApp Conundrum"

Storage blogger Chris M. Evans wrote a recent post on LinkedIn entitled "The NetApp Conundrum".

As a NetApp employee, and long-time member of the IT vendor industry, I have provided the following response.

I am having trouble resolving two points you made Chris. One is Data ONTAP is old (23 years, to be exact), and storage architectures only last 20 odd years. The second is clustered Data ONTAP is not Data ONTAP (the 23 year old one), but a new and different product created by merging some of Spinnaker's technology (acquired in 2003), with some of NetApp's technology in 2009. By my math, that makes clustered Data ONTAP six years old, and by your own calculation, it has 14 years of longevity left.

A few other points:

It is impressive HDS VSP's SVOS can run on a laptop. I can run a four-node clustered Data ONTAP cluster on my laptop.

The debate over the HA-Pair construct vs. a multi-node HA construct is an engineering and design debate, based on customer requirements, performance, time to market, predictable failure characteristics, and trade-offs--not ideology or perceived elegance. I would note VMAX engines are failover pairs for the same reason we use failover pairs in clustered Data ONTAP. It is also worth noting EMC changed the cache mirroring approach in Isilon with its Endurant Cache to a logical cache pair construct to maximize performance. Similar to clustered Data ONTAP, EMC XtremIO uses a cluster constructed of failover pairs, and Pure Storage use a failover pair scale up architecture similar to NetApp 7-Mode or EMC VNX.

True scale-out, distributed storage is interesting, but it presents challenges in developing fast, reliable, predictable failover. It is also very difficult to implement highly efficient data protection schemes, such as parity, double/triple-parity, and erasure coding in such an architecture. There is a reason Hadoop clusters, VSAN clusters, and Nutanix clusters use mirroring and triple mirroring for data protection. Nutanix's just announced EC is only for cold data.

What is happening today is almost all of the new all-flash array start-ups (XtremIO, Pure, Kaminario, Whiptail/Cisco, and Nimbus Data), and hybrid array start-ups (Nimble, Tintri, and Tegile), use log-structured filesystems, non-volatile memory and write coalescing, write to free-space, and parity RAID algorithms as the basic underlying technologies for their arrays. These concepts are more than 20 years old. NetApp built WAFL and Data ONTAP on these concepts more than 20 years ago because they worked. And they still work today, especially for NAND flash media. That is why NetApp continues to improve and develop Data ONTAP. Because the alternative to Data ONTAP looks a awful lot like Data ONTAP. Don't take my word for it--just look at the recent hybrid and all-flash storage players out there.