It Takes NERVE to Bring Isolated Labs, People TogetherMay 2017
Topics: Information Services, Cybersecurity, Computer Security, Computer-Communication-Networks, Software Engineering, Systems Engineering
For most software and network engineering teams, a research laboratory is a good place to collaborate, function, and access resources. But it's not so good when members of a team aren't in the same room even though the project would benefit from real-time interaction. Collaborating from different locations, across information-security barriers, can be costly, challenging, and time-consuming.
Now, imagine if individual laboratories could intersect and provide access to shared materials, data sets, and sensor feeds to partners and facilities located anywhere in the U.S.—all without researchers leaving their desks.
It's possible. And it's happening now at MITRE through a two-year-old initiative called NERVE—short for Networked Experimentation, Research, and Virtualization Environment.
A Growing Need for Secure Collaboration
Why did our researchers decide to create NERVE? Let's look.
Creating opportunities to collaborate with external labs and partners is both desirable and needed. But as the steward of proprietary data from our government sponsors, MITRE is understandably security-conscious. The security protocols in place make most access to the company's main network and connected physical labs off limits to those outside of MITRE.
The process for gaining this access involves navigating strict documentation and approval procedures outlined by the company's corporate information security team (called InfoSec for short). Until NERVE's creation, the security infrastructure needed to support such complex laboratory interactions just didn't exist.
"That's why we started NERVE," says Dylan Pecelli, a MITRE network engineer who helped launch the program. "Our team streamlines and handles the challenges of infrastructure access and security approvals." MITRE project teams that would normally have to work through these requirements on their own can instead take advantage of the knowledge and experience of the NERVE staff.
By removing those hurdles, Pecelli says NERVE users can get down to work faster and focus on program integration. "Our relationships with corporate IT allow us to compress project start-up times from months to just a couple of days."
There's More Than Meets the Eye Inside NERVE's Core
This is what opens the door: Once invited to a project team, participants simply log in via VPN (a secure networking protocol) from any location. This gains them access to the physical and virtual resources of that project.
NERVE's essential infrastructure, a combination of virtual machines and physical networking equipment, is distributed between MITRE's Bedford, Massachusetts, and McLean, Virginia, campuses. Its core is a big open space in the basement of a MITRE building in Bedford.
What's visible only provides a glimpse of NERVE's inner workings, Pecelli points out. In a single rack, 10 physical servers underlie more than 600 virtual computers, and a few network appliances provide all the required connectivity. Dedicated fiber-optic circuits carry access for various projects' private labs across the Bedford campus, while encrypted network tunnels fan out across the country. These tunnels tie in a secondary core with four servers running 150 more virtual computers at MITRE’s McLean campus, plus facilities at more than 10 other locations.
From their offices and benches, Pecelli's engineering team relies on these same remote-access functions to keep the data flowing on behalf of hundreds of MITRE project team members and their invited guests.
Still, "NERVE's crown jewels aren't technical. They're administrative," he notes. Not so glamorous, but vitally important.
He explains further. "NERVE's architecture and procedures were approved under extensive scrutiny from MITRE's InfoSec team, and NERVE's geographic distribution requires close coordination with our corporate network infrastructure team.
"Going through this process would be a daunting task for a single project trying to meet a near-term deadline. Because we tackled an even bigger administrative challenge—a blanket approval that can serve most projects—NERVE has permission to create new collaboration environments on-demand, usually within a few days of receiving a project's request." (See "One-Stop Shopping for Project Resources" below for an example.)
Meanwhile, NERVE also makes it possible for numerous other project teams and their systems to operate as invisible neighbors, a concept called "software multi-tenancy." Upon request, NERVE can unlock additional doorways between these resident projects, allowing teams and systems to intermingle without movement or reconfiguration.
The Future of Lab Connectivity Is Here
Pecelli likes to paint a familiar picture of MITRE's NERVE for those challenged to imagine a lab of the future—one that's both physical and virtual. He compares it to concepts from the 1999 sci-fi movie The Matrix (minus the evil doers and resistance members, of course).
Specifically, he likens the NERVE to the movie's "Construct." It's the dimensionless white room that figures prominently in the film. Inside this space, anything people need materializes with a computer keystroke. To each project, NERVE provides a similar blank space, accessible but empty.
"NERVE then helps to import the desired software systems, places, and participants—physical or virtual, common or unique—to produce the project’s ideal environment," Pecelli says.
And NERVE's impressively small team of eight full- and part-time staff undergirds it all. They work constantly to maintain, secure, and improve the service while managing relationships with their information-security colleagues, all in support of dozens of MITRE projects.
And that number is growing, Pecelli says. In 2016, the NERVE doubled in size, working with more than 50 different labs. Plans for NERVE include extending services to other MITRE locations and sponsor sites, expanding system capacity and resiliency, adding new remote-access features to simplify access for non-MITRE participants, and providing enhanced services to enable labs to address a growing list of required cybersecurity protections.
"Looking forward, I see NERVE as the place that all of MITRE's labs hook up to," Pecelli says. "And one day, perhaps almost all of MITRE's unclassified lab work will be done inside of NERVE. That's an ambitious vision, but it's where I see things going."
—by B. Denise Hawkins