The Air Force’s Business and Enterprise Systems (BES) Directorate is no stranger to modernization. BES’ Integrated Logistics System — Supply (ILS-S) has been in a state of near constant modernization since the early 1980s, when its main component, the Standard Business Supply System, transitioned from assembly code to COBOL. Since then, it’s been through multiple mainframe consolidations, two failed efforts to implement an enterprise resource planning system, and multiple attempts to better streamline and integrate...
The Air Force’s Business and Enterprise Systems (BES) Directorate is no stranger to modernization. BES’ Integrated Logistics System — Supply (ILS-S) has been in a state of near constant modernization since the early 1980s, when its main component, the Standard Business Supply System, transitioned from assembly code to COBOL. Since then, it’s been through multiple mainframe consolidations, two failed efforts to implement an enterprise resource planning system, and multiple attempts to better streamline and integrate its various moving parts and processes. More recently, BES moved the system into the cloud, specifically Amazon Web Services’ Cloud One.
Along the way, BES has picked up a number of lessons learned about major system modernizations.
“Whenever you change your entire infrastructure, it’s basically a baseline release. I mean, it’s not a minor release, it’s not a patch,” said James Harbison, ILS-S lead engineer for BES. “It’s a baseline release. And so we had to basically test our entire code base.”
Harbison said BES had to divide up all of ILS-S’ functionalities, write test descriptions, and then decide what would be automated and what would be manual. The most critical functions, he said, were the best candidates for automated testing. They ended up with roughly 10,000 automated scripts that ran continually. Harbison credited that continuous testing for why the fielding was almost error free.
Another major takeaway was the need to avoid scope creep; Harbison said trying to do too much at once has been the downfall of Air Force projects in the past. The problem with changing too much at once, he said, is when you run a test and get a different output, you don’t know which change caused it.
Harbison also praised the decision to use open source code rather than a commercial-off-the-shelf solution. He said that 95% of the code in the ILS-S system is open source.
“The only thing we have in our system that’s not open source is the Oracle relational database, which is a COTS product,” Harbison said. “Because if you’re not careful, you’ll get a software stack that you can’t afford. You’ll do all this work and coding, but just spend all your money in software licensing.”
BES found that the open source version of Java is a fully functional third generation language that does everything they need it to. ILS-S’ application server and big data solution are both open source as well.
Harbison said one of the advantages for using open source solutions over COTS is the benefits of having a community of thousands of developers that maintain the code, as long as you stick to the big products over the niche ones. And if something does go down, BES has a sustainment contractor to fall back on because they have access to the source code.
Another advantage to open source solutions is the ability to peel back the code and examine what’s inside of it. Harbison said people often hold up the possibility of vulnerabilities in open source code as a reason to choose COTS products instead, but what they don’t consider is those COTS products are just as reliant on open source code as well. It’s just not economical to code every line from scratch. But that same open source community that maintains the code also makes it more likely that, if there is a vulnerability, someone will discover it and report it before anyone can exploit it.
That combination of community maintenance and built-in threat information sharing is something that many have struggled to foster between the public and private sectors.
“In COTS, sometimes you just don’t know that you have a threat, because they won’t share the code with you,” Harbison said. “But believe me, they are full of open source too; they just won’t tell you.”
Harbison did caution, however, that this approach does require developers to stay on top of the most current release versions in order to stay up to date on security patches. That can be a challenge.
He also cautioned not to overestimate cost savings in moving to the cloud. Some people predicted that cloud would be 10% the cost of using the Defense Information Systems Agency’s mid-tier servers, but Harbison said it was closer to half the cost. That said, he said BES did save about $22 million getting off of Unisys mainframes. Earlier this year, Harbison said, they’ve also implemented reserve instances, which is on track to reduce costs even further, to the tune of somewhere between $2 million and $3 million.
Adopting agile development principles also paid dividends, Harbison said. Before making that change, BES was delivering around 10 releases a year on the waterfall method. Since switching to agile in 2018, Harbison said BES has increased the rate of releases to one a month.
Harbison said next up, BES is looking to reproduce its successes in modernizing ILS-S — which is the Air Force’s retail supply system — on their stock control system, which is wholesale supply.
“Basically, we’re going to move them off an IBM mainframe, we are going to move them to the cloud at the same time, because that’s the requirement. And it’s a four to five year effort, but we’re going to use the same kind of concept,” he said. “We’re doing lots of automated testing. So we’re using the basic same constructs, and everything for this parallel effort.”