DMS product delays threaten July rollout
Connecting state and local government leaders
Waiting for DMS? You'd better exhale. The Pentagon's long-anticipated Defense Message System is emerging from its vaporware stage, but it will be at least another year before the average user can rip the shrink-wrap off a package of DMS-compliant messaging and security services. At the first DMS Expo last October and in numerous interviews and speeches, senior Defense Department systems officials have set July 1996 as the target for initial operational capability, or IOC, for
Waiting for DMS? You'd better exhale.
The Pentagon's long-anticipated Defense Message System is emerging from its vaporware
stage, but it will be at least another year before the average user can rip the
shrink-wrap off a package of DMS-compliant messaging and security services.
At the first DMS Expo last October and in numerous interviews and speeches, senior
Defense Department systems officials have set July 1996 as the target for initial
operational capability, or IOC, for sensitive-but-unclassified messaging via DMS at
high-priority sites.
That goal is bolstered by unprecedented support from senior leadership across DOD's
service boundaries. Though the services have argued over what DMS should look like,
virtually everyone agrees that the high costs and limited capability of the aging
Automated Digital Network (AUTODIN) and security holes in Internet e-mail systems are
untenable.
Each service has staffed and funded a DMS program office, and last fall CIA Director
John Deutch ordered all the intelligence agencies to join the DMS effort.
But executives with companies preparing products for DMS said conformance testing
requirements and the complexity of integrating the system's numerous components make the
July target unattainable.
Prime contractor Loral Corp. must shepherd dozens of proprietary software products
through a five-stage conformance process of up to 3,000 individual tests. The Defense
Information Systems Agency, which procured and is managing DMS, designed the tests to
ensure compliance with X.400 and X.500 architecture, interoperability, functionality,
security and performance requirements.
DISA's Joint Interoperability Test Center at Fort Huachuca, Ariz., is overseeing the
conformance tests. Industry sources working with JITC said officials there are estimating
that a minimum of four to six weeks will be required for standard architecture conformance
testing, nine weeks for interoperability testing, and eight weeks for functionality,
security and performance testing. Even without a single hitch, that timetable adds up to
almost six months.
According to schedules distributed at DMS Expo, the tests were to have begun last
December, in time for the July IOC. But in written replies to questions, Loral officials
said no tests have been conducted and now they are not scheduled to begin until April.
Loral spokesman Allan Aptheker said, "There is still not a definitive answer as to
what DMS compliance testing looks like. That is still being defined."
Based on their understanding of the tests, Loral officials said it will take only 11 to
15 weeks to get a product through the whole cycle, and that the company is "working
with JITC to do more parallel test paths forward in the process, thereby minimizing the
impact [of the delays] to total schedule."
Several other factors are contributing to the delays. Microsoft Corp. and Lotus
Development Corp. are taking longer than anticipated to deliver DMS versions of messaging
products that will provide the user interface to DMS.
The commercial version of Microsoft's Exchange e-mail and groupware product is now
scheduled to ship in mid-March. The DMS version, according to a Microsoft executive, won't
be delivered to Loral for at least one month after that, and Loral will need to do
additional integration on Exchange before submitting it for conformance testing.
Lotus officials did not return phone calls from a GCN reporter, but sources said a DMS
version of Lotus Notes 4.0 was unlikely to be ready before April. "X.400 is just not
a very mature technology in the U.S.," one executive said. "We know companies
that are having to go to Europe to get help with DMS integration."
The Fortezza PC encryption cards that will provide DMS security requirements are
further complicating testing. During beta tests of Fortezza cards late last year, several
commercial messaging products crashed while trying to handle data generated by the card.
In a written reply to questions, the National Security Agency, which designed Fortezza,
said "most of the problems encountered during beta testing of cards were software
bugs that were easily corrected."
But Gary Visser, an engineer at Spyrus Inc. in San Jose, Calif., one of two contractors
providing Fortezza cards, said problems were due to inadequate PCMCIA standards for
encryption cards.
"When Fortezza was designed three years ago, PCMCIA standards were still very
immature," Visser said. "Now most client software for PC cards can't understand
Fortezza, so we're updating some software in the card and also proposing a new security
card standard extension to PCMCIA."
Spyrus and several other companies will propose the new standard at a PCMCIA general
committee meeting next month. According to Visser, the Unix world lacks PC-Card reader
standards comparable to PCMCIA. DMS is intended to support both environments.
At press time, DISA had not responded to questions from a reporter.