The people whose job it is to schedule aircraft for takeoff, help guide passengers to their destinations and get them safely back down on the ground finally have some powerful new open-standards computer systems up and running to help them do their work more reliably.
The Federal Aviation Administration has endured a lot of grief in the last 24 months due to some well-documented crashes of its national flight plan-filing system. But the nation’s No. 1 aerospace agency is finally bringing its Cold War-era mainframe IT systems into the 21st century.
Last year, the FAA upgraded its legacy internal business systems to a new open-systems server and storage infrastructure supplied by Sun Microsystems and an IP network provided by Cisco Systems. These systems currently handle all the agency’s nonflight-related administrative functions, including the FAA’s human resources information, e-mail, messaging, internal document routing and storage. The open systems worked well there, and the idea was to transfer the same kind of system to the all-important national flight-plan function.
NADIN’s (National Airspace Data Interchange Network’s) old mainframe-based system, an integral part of the overall NAS (National Air Space) traffic system that processes an average of 1.5 million messages per day, was obsolete and was beginning to break down due to technical issues. Travel disruptions due to these breakdowns are not out of the ordinary, according to knowledgeable air industry sources.
As a result, industry analysts and a number of former FAA staff members worried about major air traffic stoppages, as was demonstrated three times last summer by the crash of the system head in Atlanta. They also were concerned about increasing vulnerability to terrorist cyber-attacks.
An example of this happened on Aug. 26, 2008, when a corrupt file entered the flight plan system and brought it down for about 90 minutes during a high-traffic period late in the day on the East Coast. This was not an isolated incident, as the FAA’s chief administrator originally had told the media. Similar crashes occurred on Aug. 21 and in June 2008, FAA records show.
International intelligence analytical firm Stratfor reported a similar system outage back in 2000. Another was reported in June 2007 in addition to the Aug. 21 and Aug. 26 crashes. Those are the ones we know about; we don’t know how many others were never made public information.
“The lack of redundancy and dynamism demonstrated … by the latest NADIN crash makes a cyber-attack against critical U.S. infrastructure all the more feasible,” Stratfor said at the time in an editorial commentary.
But all of these issues may now be in the past. It took a grand total of about five years, but the FAA has done its research, found several million dollars to pay for new hardware, software and services, and is well into the process of updating all of its systems.
“We’ve just about finished our transition from the legacy system over to the new system,” FAA IT administrator Jim McNeill told eWEEK. “The main new system is for NADIN, built on Stratus Technology servers with virtualization, and handles all the legacy [mainframe] functions as well as new FAA-owned IP systems.”
Key Requirement: Separate Data Flows
McNeill said there was a key requirement that had to be met in order for the new system to comply with FISMA (Federal Information Security Management Act of 2002) regulations: The FAA had to separate government-created data from non-government data.
“We were required to provide a separate server to support public data flows, due to the inherent security issues in TCP/IP,” McNeill said. “In this interpretation, ‘public data flows’ means non-NAS systems. In the nature of our business, a lot of our clients are non-NAS systems; we’re dealing with airlines, we have connections to 26 international agencies-these are all non-NAS systems. Basically, they’re all private companies who provide value-added services to general and commercial aviation.
“What we’re doing is providing a portal into the FAA system for these general and commercial aviation companies to file all flight plans, and keeping it separate from everything else.”
The new, virtualized system-the first for the FAA-is built on new heavy-duty Stratus FTserver 6400s, which run on Intel Xeon quad-core processors. The system was designed by Lockheed Martin engineers, replacing two 21-year-old Phillips DS714 mainframes-located in Atlanta and Salt Lake City-that first went live in 1989 and have been cranking away ever since.
Overall, the old Phillips mainframes did yeoman’s work on a 24/7 basis for two decades-ingesting, storing and processing an average of 1.5 million data points per day. The system and its designer deserve kudos for working all those years, but just like people, every system needs to be replaced at some point.
Security Improved by Separate Portals
Security Improved by Separate Portals
Security for the new FAA system is connected to an NAS-approved security gateway, McNeill said.
“The system has a limited numbers of Internet access ports to the NAS system. We will keep the system inside one of their approved security gateways,” McNeill said.
“Our biggest use of virtualization is that it allows us to install one physical server, then provision services across that server in a much faster manner, without having to do any modernization, upgrades or hardware installations,” McNeill said.
To do maintenance on the old Phillips mainframe, the entire machine had to be taken down, with all the functions being transferred across the country while the mainframe was offline. The FAA will have a lot more options now.
“Additionally, we can support multiple service requirements and keep them all isolated from each other,” McNeill said. “We can run one virtual machine for generic TCP/IP users, we can have another VM for international connections, and then we’re having discussions about other agency services that have external data requirements. This allows us to provision them in a quick time frame and keep them isolated from each other in terms of data flow.”
Virtualization a Real Cost-Saver
Virtualization erases much of the cost and time used in replacing a physical server, McNeill said.
“It’s travel to a facility for a hardware installation, power modification, training-it’s very costly and time-consuming to have to do all that,” McNeill said. “Now with this common server using virtualization, we can have a template for an operating system and provision a new service in days, requiring no facility upgrade or travel.”
All the data that gets ingested into the non-FAA portal and servers gets ported into the main system’s back end, where it is processed and used in production, McNeill said.
This new Stratus virtualized system is basically a new front end for all the FAA’s service providers, McNeill said. Pilots will not file their own flight plans any longer; general aviation pilots will file their flight plans through a service provider or a flight station. Pilots for airlines and private air services employ service providers around the world to send the flight plans through the non-NAS server into the FAA system.