DISA reforges app development for a net-centric world

DISA's Federated Development and Certification Environment program would usher in a major change in applications development in the continuing quest for net-centricity.

Officials at the Defense Information Systems Agency have known for years that the traditional software development paradigm can only take them so far. They are well aware there won’t be time for long-term, self-contained development projects in the fast-moving world of network-centric warfare.

DISA officials have long dreamed about a future with rapid and collaborative development, low barriers to testing new ideas, and for successful projects, universally accepted testing and certification criteria.

On the other side of that hoped-for transformation is the promised land described by service-oriented architecture, with no more rigidly coded monolithic applications. Instead, there would be bite-sized services capable of flexible assembly into new agile combinations -- an environment in which services are reusable building blocks for dynamic application development.

However, it's one thing to imagine the future and another to make it real.

“As you moved from a client/server environment to building capability on the network, it became apparent that you needed some sort of mechanism to provide some order and governance to this developmental process,” said Bernal Allen, former chief of DISA’s Enterprise Application Division and now an executive at Computer Sciences Corp.

The lack of a supporting infrastructure was one of the obstacles that prevented programmers from realizing a world of quickly developed, commonly shared, reusable services. Another was the lack of commonly accepted testing and security standards. On top of that, there was a money problem. Even a perfect system requires money to build.

Nudging the Defense Department into the future of software development is the goal of DISA’s Federated Development and Certification Environment. After coming up with the idea for a DOD-wide FDCE, DISA finally got $4.6 million in funding in September 2007 to make it happen, said David Mihelcic, DISA's chief technology officer.

“What we need to do is bring net-centricity to the software development world,” said Rob Vietmeyer, FDCE program manager at DISA. To meet that objective, officials aim to create that hoped-for environment of collaborative design and common certification.

Dynamic collaboration
Taking a cue from the open-software movement’s dictum that having a large pool of developers means that problems will be quickly found and solved, one component of FDCE will be a centralized area for open-source project development. It will offer tools such as version control, issue tracking and wikis, and host projects for free, Vietmeyer said.

“If we’re going to be sharing services back and forth, we need to enable a dynamic, collaborative environment,” he said.

That environment would essentially be a .mil version of SourceForge.net, Mihelcic said. The latter is a popular open-source collaboration site that brings together volunteer programmers.

Program managers could also take advantage of FDCE’s capabilities, with the software-as-a-service model providing a template, Vietmeyer said. “Project [managers] can call us up and say, ‘Hey, I need software development tools,' ” he added.

Through FDCE, officials are also seeking to resolve one of the bigger problems that hinder service reusability by making the security certification process more transparent. DOD organizations that want to incorporate new software are required to minimize the associated risk. But even though DOD has worked toward a common risk-mitigation process, many internal organizations balk at accepting another agency’s security certification.

In part that’s because many certification documents are inaccessible outside organizational boundaries, Mihelcic said. Documentation is often collated into a giant binder or onto a secure hard drive that’s locked in a safe somewhere, he added. “This, I think, is one of the reasons that people want to repeat the process -– because they can’t easily examine the evidence,” he said.

FDCE will reveal that documentation, assuring program managers that security risks have been addressed, Vietmeyer said.

In addition, FDCE will link with DISA’s Net-Centric Enterprise Services program. Like FDCE, the object of NCES is to propel DOD's technology environment into a SOA, but it concentrates on a different aspect of the problem. Because an enterprisewide SOA requires more than reusable services, NCES provides foundational components such as a data messenger, enterprise service management (a monitoring tool), hosting, and other software and hardware infrastructure elements.

A service in the NCES registry might require particular software, and FDCE could be in a position to supply it, Vietmeyer said.

Software requires hardware. Unfortunately, DOD’s software development programs are sometimes stymied by the time it takes to buy hardware, which can be as long as a year, Mihelcic said. Therefore, DISA offers server space through its Rapid Access Computing Environment. The agency can validate funding documents and assign server space in 24 hours.
“Rather than having to go out and buy hardware, install it, and configure it for your development needs, we’ll be able to turn on any number of machines that you need for your project,” he said.

Inspired by eBay
FDCE might not have adopted its final form without the example of online auctioneer eBay. Surfing the Web site at the behest of his son, Allen said he became fascinated with how vendors created virtual stores on eBay.

The site “provides a very rich development environment, where developers can go and get samples of code” and experiment with combining services, he said. He built his own kiosk as a test and realized eBay was on to something.

“As we move into Web 2.0 environments where there will be rapid provisioning of capabilities onto our networks, we need a mechanism to provide governance,” he said, adding that the more he thought about it, the more he realized that bringing net-centricity to the development world was a matter of governance.

Meanwhile, other SOA proponents also describe the future in terms of human perceptions rather than technology changes. One major hurdle to widespread SOA adoption has been organizations’ unwillingness to rely on capabilities outside their direct responsibility.

When organizations attempt that, it can go wrong enough to validate the critics’ arguments. However, better insight into application development status could change that attitude, said Bob Gourley, former CTO at the Defense Intelligence Agency. Transparent collaboration “will help change attitudes because it will prove that you can rely on others.”

“This is an important game changer,” he added.