More than just server backups
- By Doug Beizer
- Jul 07, 2006
Over the years, the Army Knowledge Online portal has evolved into what military leaders envisioned it would become: a single point where warfighters and their support networks could log in and access applications and services.
But it had a serious flaw, said John Menkart, director of federal sales for Opsware Inc., a Sunnyvale, Calif., provider of IT automation software.
"They had everybody hitting the portal, and they started to think about the fact that they had absolutely no redundancy associated with it," Menkart said. "They had a single data center, and if there was a problem, it would take everything they do right off the table in terms of usage and access for their community."
Army officials sought to create a more robust infrastructure, one that was capable of recovering from a disaster if necessary. They decided the best plan was to build a secondary data center, and design the system so both the primary and secondary centers could coordinate configuration management.
At the time, the strategy of most disaster recovery locations was to have a primary data center, "and if something bad happens, have a secondary data center to bail over to," Menkart said. "But that meant the secondary data center was going to be pure overhead until you have a disaster."
Northrop Grumman Corp. won the contract to build the second data center for AKO, and built the system to allow the two centers to coordinate operations. Opsware software was selected to help create the new center and to manage the systems.
August Schell Enterprises, a Rockville, Md., systems integrator, worked on the AKO project and has extensive experience working with Opsware, said Chief Executive Officer Bill Schell. The automation tool is used to configure the servers that make up AKO.
Opsware manages all AKO assets, everything from initial provision and configuration to patching, configuration changes and compliance management. It's used it on everything from Apache Web servers to Oracle databases.
The automation that the software provides makes the process much faster and creates better systems, Schell said.
For August Schell's intelligence customers, for example, after systems are configured, they go through a security check before they can be placed inside a secure area and network. The security testing is extensive and looks for things such as having all proper security patches installed.
"We can package everything up on an Opsware core machine, get the core machine tested and through the security regiment," Schell said. "Once the core machine is on the inside, we can hit a button and start popping out cookie-cutter servers that are already secure."
Once the systems are running, the software is used to manage the servers. If, for example, an errant administrator loads something on a system that doesn't belong on it, Opsware flags the discrepancy against the original configuration.
"If anything gets touched on that machine, it is recorded in an audit," he said. "The software alerts us that something has changed, it records the logon of the person that made the change and when he made it."
In the case of AKO, the software gives administrators a singular view of their entire environment.
"If a server were to physically die, they have all the information within Opsware to identify another piece of hardware," Menkart said. "It can redeploy all the operating systems, software configurations on the new box, up to the point of when the last patch was applied to the dead box."
Most customers use the software to expand and manage existing systems, but AKO's initial use of it was a little different. First, it was used to build the disaster recovery center. When that was complete, it redirected all the traffic to the recovery center site.
Then the software in the primary data center reinitializes the environment, rebuilding all those servers from scratch with Opsware. With both centers operating, traffic is redirected to alternative locations.
"When Army users today connect to AKO, they don't actually know whether they're connecting and running on servers in Maryland or Virginia," Menkart said. "It's not critical that they know, it should just work."
If you have an innovative solution that you installed in a government agency, contact Staff Writer Doug Beizer at firstname.lastname@example.org.
Doug Beizer is a staff writer for Washington Technology.