search menu icon-carat-right cmu-wordmark

Tactical Cloudlets: Bringing the Cloud to the Tactical Edge

Created March 2022

Making cloud computing resources available to military personnel and first responders in the field presents accessibility and security challenges. Tactical cloudlets provide secure, reliable, and timely access to cloud resources to help military and emergency personnel carry out their mission at the tactical edge despite unreliable connectivity to the cloud.

The Power—and Challenges—of Tactical Cloud Computing

The Department of Defense (DoD) and emergency response agencies have increasingly leveraged mobile devices and cloud-based software applications to perform tasks that support their missions, including speech and image recognition, language translation, and situational awareness.

These missions often take place in hostile “tactical edge” environments with

  • limited computing resources
  • rapidly changing mission requirements
  • high levels of stress
  • unstable connectivity
  • limited battery power
  • limited technical skills in the field
  • security vulnerabilities due to limited infrastructure and hostile action (e.g., cyber attacks)

Providing secure, reliable, and flexible computing resources in these environments means that there is a need to “carve out” a piece of the cloud to make it accessible at the tactical edge in a secure, reliable, and timely manner.

 

How Tactical Cloudlets Support Missions

The SEI has developed “tactical cloudlets,” which are forward-deployed, discoverable computing nodes that can be hosted on vehicles or other platforms to support missions by providing

  • extended computing power. Computation-intensive applications and large data sets that exceed computation and storage capability on mobile devices can be hosted on nearby cloudlets.
  • forward data staging. Data sets needed for a mission can be pre-loaded on cloudlets to support disconnected operations (i.e., cloudlets disconnected from the enterprise).
  • data filtering and formatting. Cloudlets can remove unnecessary data from streams intended for dismounted warfighters to deal with reduced bandwidth and human attention or reformat data to address physical limitations of mobile devices such as reduced screen size.
  • data staging. Cloudlets can serve as collection points for data collected in the field from sensors and human input. Data is then uploaded to enterprise repositories as connectivity and bandwidth become available.
  • secure credential generation and exchange. Stable connectivity to a centralized credential validation capability in the cloud is not needed to ensure that only authorized personnel have access to cloudlets deployed in the field.

The following diagram illustrates an example of how tactical cloudlets can be deployed in the field to connect personnel to computing capabilities and data sources.

Illustration of tactical cloudlet deployment process

While connected to the cloud, cloudlets are loaded with the capabilities that are needed for a mission. After deployment in the field, users can securely connect to the cloudlet to access those capabilities without the need to be connected to the cloud. For some capabilities, the cloudlet may need to reach back to the cloud when connectivity becomes available, particularly for data synchronization.

Software and Tools

KD-Cloudlet

August 2015

Cloudlets are discoverable, generic, stateless servers located in single-hop proximity of mobile devices that can operate in disconnected mode and are virtual-machine based.

download

Looking Ahead

Our work to refine tactical cloudlets continues as technologies change.

Because tactical cloudlets are meant to be reusable, they need to have authority to operate (ATO) every time they are reprovisioned. One focus area for future efforts is to automate the cloudlet provisioning process and make cloudlets ready for ATO to reduce operational time and effort.

Our future efforts also involve

  • including network configuration for the cloudlet in the process so that it is mission ready and ATO ready
  • exploring solutions to improve establishing trusted identities in disconnected environments
  • integrating solutions for opportunistic data synchronization with the cloud

We are seeking collaborators to extend this work. We also want to hear about users’ experiences with tactical cloudlets. If interested, please contact us.

Learn More

Secure VM Migration in Tactical Cloudlets

Secure VM Migration in Tactical Cloudlets

December 11, 2017 Conference Paper
Grace LewisSebastián EcheverríaDan J. Klinedinst

The goal of this paper is to present a solution for secure VM migration between tactical cloudlets based on secure key generation and exchange in the field.

read
Delay-Tolerant Data Sharing in Tactical Environments

Delay-Tolerant Data Sharing in Tactical Environments

October 02, 2017 Conference Paper
Sebastián EcheverríaGrace LewisMarc Novakouski

In this paper we propose a solution for delay-tolerant data sharing, in particular file sharing, using well supported, common networking protocols.

read
Establishing Trusted Identities in Disconnected Edge Environments

Establishing Trusted Identities in Disconnected Edge Environments

December 08, 2016 Conference Paper
Sebastián EcheverríaDan J. KlinedinstKeegan M. Williams

The goal of this paper is to present a solution for establishing trusted identities in disconnected environments based on secure key generation and exchange in the field.

read