The architecture is based on open standards. The solution provides the Navy with a platform enabling consistent software development based on common standards & configurations, as well as streamlined operations to simplify execution for the sailors that are supporting & leveraging these mission critical systems.
System Design
The Project Thor system design leverages open standards to reduce vendor lock-in & provide a flexible, next-generation architecture for the Navy. Product selection criteria emphasized interoperability and automation through software defined capabilities to include the following:
Tactical Compute
The Cisco UCS C220/240 M6 Rack Server is a 2-socket, tactical server offering industry-leading performance & expandability. Cisco UCS C-Series M6 Rack Servers can be deployed as standalone servers as part of a Cisco Unified Computing System (Cisco UCS) managed environment, & now with Cisco Intersight to take advantage of Cisco’s standards-based unified computing innovations that help reduce customers’ Total Cost of Ownership (TCO) & increase their tactical readiness
In response to ever-increasing computing & data-intensive real-time workloads, the enterprise-class Cisco UCS C220/240 M6 server extends the capabilities of the Cisco UCS portfolio in a 1RU or 2U form factor. It incorporates 3rd Generation Intel Xeon Scalable processors, supporting up to 40 cores per socket & 33 percent more memory versus the previous generation
The C220 M6 rack server brings many innovations to the rack server portfolio. With the introduction of PCIe Gen4 for high-speed I/O, DDR4 memory bus, & expanded storage capabilities, the server delivers significant performance & efficiency gains that will improve your application performance
-
Supports the third-generation Intel Xeon Scalable CPU, with up to 40 cores per socket
-
Up to 32 DDR4 DIMMs for improved performance including higher density DDR4 DIMMs (16 DIMM per socket)
-
16x DDR4 DIMMs + 16x Intel Optane persistent memory modules for up to 10 TB of memory
Cisco Intersight leverages the familiar capabilities of UCS Manager with service profiles, templates, & policy-based management to enable rapid deployment and help ensure deployment consistency. It also allows end-to-end server visibility, management, and control in virtualized & bare-metal environments
Automation & Orchestration
The automation & orchestration engines of this solution enable rapid deployment, updates, upgrades & re-programmability with intuitive self-service interfaces to simplify operations for developers, engineers & sailors. In order to accelerate deployment, configuration and repurposing of the infrastructure, the team chose an Infrastructure as Code methodology. Initial configurations and updates can be packaged in small text based configuration files, making it possible to easily & efficiently deploy updates to shipboard environments where bandwidth is intermittent & limited
To enable Compile to Combat 24 (C2C24), a multi-cloud orchestration engine is configured to work with not only private, on-ship clouds, but also enables automated application development & testing on commercial public cloud systems such as Amazon Web Services, Microsoft Azure, or Google Cloud Platform. This solution automates the deployment, migration and/or upgrade of applications. It provides an intuitive self-service interface for developers or end users to deploy applications, eliminating user input error from the process of deploying or upgrading applications
Compute Infrastructure
The compute infrastructure is based on standard Intel processors with open support for all major operating systems & virtualization hypervisors
The software defined management features of the computing platform allowed for rapid re-programmability to meet dynamic mission requirements. Additionally, the Hyperconverged Infrastructure’s centralized resource management & provides parity for each cloud deployed creating maximum efficiency
Virtual Desktop Infrastructure
A Virtual Desktop Infrastructure is deployed in the Thor architecture enabling zero, thin & thick clients to access virtual desktops and applications. The VDI architecture is GPU capable
Network Infrastructure
The network architecture is based on a software defined network platform. This network is capable of 100gbps of throughput, service chaining & micro-segmentation providing the combat system a secure, high performance, future-proof network based on policies that are not coupled to physical design. The policies use easy to understand syntax to help deploy the administrator’s intent for the network
Security Infrastructure
In addition to the micro-segmentation natively available in the network, the system design includes access, perimeter & insider-threat cyber security solutions:
Access: Network access is controlled with 802.1x certificate-based authentication & policy based posture checking for all non-server devices connecting to the network
Perimeter: A next generation firewall and intrusion detection systems are deployed to protect & inspect all inbound traffic into the network. This firewall can also terminate VPN sessions for remote access to the ship
Insider Threat: Netflow records are analyzed using machine learning techniques & alerts administrators to any traffic anomalies generated on the network. Netflow records are collected from all network devices, hardware and virtual.