Modernizing tactical infrastructure

By Matthew Bernhardt and Seiichi SugawaraNovember 24, 2025

Note: This article was originally written for publication on CrossTalk: The Journal of Defense Software Engineering.

Driving Army modernization

The U.S. Army has been pushing to transform itself to keep pace with rapid advancements in technology and the evolving pace of disruption in modern warfare. The tactical infrastructure fielded today was built for a war imagined over a decade ago. The capabilities of applications built for the Army are constrained by the infrastructure that hosts them. The Army is seeking agility, and that is a primary motivation for transforming its infrastructure. This leads to one of the fundamental layers of the technology stack that is being pursued in NextGen Command and Control. There is also the inflationary cost of goods that drives innovation and influences the Army to consider new alternatives.

The U.S. Army Communications-Electronics Command Software Engineering Center is incrementally modernizing its tactical infrastructure to set the stage for future applications and capabilities that enable resilient warfighting capabilities, keeping pace with the rapid advancements in technology and warfare while maintaining a cost that the Army can sustain.

What are the hurdles that need to be overcome?

With new change comes new challenges in technical implementation and user adoption. Practitioners of software engineering are expected to manage a delicate balance of maintaining existing capabilities while laying the foundation for future capabilities.

Several factors hinder adoption of new technology:

  • Legacy applications were built for a legacy environment
  • User adoption
  • Tactical deployments have unique challenges

Legacy applications were built assuming the production environment would be a bare-metal deployment such as a ruggedized laptop or a virtual machine operating in a VMware data center. Modern applications expect a production environment running in the cloud as a collection of pods in a Kubernetes cluster. For these capabilities to be modernized, the Army would need to make a heavy investment in re-architecting and rewriting these applications.

Warfighters are often overburdened by the grind of daily operations. They are tasked with operating and maintaining IT systems in extreme environments and conditions. Modernized infrastructure requires new skills and mental models to operate and maintain. Convincing warfighters to take on the task of migrating their systems and changing the way they maintain and operate these systems is typically a significant and unwelcome request.

Modern development workflows expect their applications to deploy to a modern production environment. This means these applications require ample bandwidth, storage, and computing resources in a sterile and stable environment. On the other hand, tactical infrastructure must operate in an environment that accounts for operating on Denied, Degraded, Intermittent, and Limited networks and limits its capacity due to Size, Weight, and Power constraints.

One of the primary challenges faced was managing air-gapped deployments. It’s critical to realize the lack of internet connection for deployment. Vendors often mistakenly provided solutions that relied on an internet connection to deploy. This is an example of the fundamental characteristics about the tactical environment that the private sector fails to consider.

What is CECOM SEC doing in its continuous transformation to support modernization?

CECOM SEC has initiated and partnered with Program Executive Offices to develop solutions that can enable the Army to address its need for agility. The following examples highlight some of the key initiatives CECOM SEC is currently implementing to minimize the Army’s reliance on VMware while investing in opportunities to modernize current capabilities. These efforts include:

  • Modernization of the Tactical Services Infrastructure v5 and v1 virtual infrastructures that provide an in-place upgrade from VMware to Microsoft Hyper-V while maintaining the unit’s operational data via a non-destructive upgrade
  • A partnership with Project Manager Mission Command/Tactical Mission Command to develop a cloud-enabled modular infrastructure in support of the Tactical Services Infrastructure v2 and v3 hardware variants
  • Modernization of the Distributed Common Ground System-Army system to implement a container-native architecture that improves efficiencies, reduces technical debt, and lowers the overall cost of ownership.

Tactical Services Infrastructure v5/v1 Microsoft Hyper-V in-place upgrade

One of CECOM SEC’s core missions has been the operation and maintenance of tactical Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance, and Reconnaissance weapon systems to ensure the operational software remains up-to-date and maintains a robust cyber posture for optimal readiness. The Tactical Services Infrastructure v5/v1 variants deliver comprehensive hosted tactical services infrastructure, extending from Corps through Brigade. It encompasses advanced computing, storage, networking, and virtualization capabilities to meet core infrastructure and enterprise service requirements, deployable to the tactical edge.

TSI utilizes VMware to provide robust infrastructure services and centralized management. However, due to funding limitations and to address the significant changes to VMware’s licensing model, which increases the total cost of ownership, an in-place upgrade solution was developed.

This non-destructive upgrade migrates existing VMware-based TSI stacks to a Microsoft Hyper-V platform, meeting core infrastructure and virtualization requirements while maintaining the integrity of unit configurations and data. This ensures operational continuity while preserving existing infrastructure investments by avoiding a costly and time-consuming, destructive rebuild. Hyper-V was chosen because the operator was already familiar with Windows Server, and it was already included in the licensing agreements established in existing enterprise license agreements.

BCCS/TSI VMware to Microsoft Hyper-V Comparison
BCCS/TSI VMware to Microsoft Hyper-V Comparison (Photo Credit: U.S. Army) VIEW ORIGINAL

To future-proof this solution, containerization support as part of the core infrastructure services was enabled by integrating Docker Swarm with Portainer (initial minimal viable product).

Docker Swarm with Portainer offers a lightweight yet robust container orchestration solution, enabling quick deployments, scalability, and simplified management of isolated workloads. This approach optimizes infrastructure resources while providing flexibility to support dynamic mission requirements.

CECOM SEC has also established a partnership with another program manager to develop the virtual management and control system. VM&C’s MVP is the first step in providing baseband and terminal systems with a modernized, common virtualized infrastructure. This effort reuses the same design implemented for TSI v5/v1 to virtualize applications that are still tied to hardware.

Cloud-enabled modular infrastructure

CECOM SEC partnered with PM MC/TMC to develop an infrastructure solution that will transform TSI’s v2/v3 variants VMware-based virtualized infrastructure, enabling containerization and cloud capabilities down to Tactical (Brigade) Echelons. This modernized TSI baseline comprises physical hardware components designed in modular units, allowing for flexible scaling and customization while seamlessly integrating with cloud services. Developed with adaptability in mind, CEMI ensures this tactical infrastructure will meet the ever-changing future needs of the warfighter by providing a modular infrastructure that includes:

  • Modular design: individual components, such as compute, storage, and network modules, can be combined and reconfigured as needed, allowing for tailored infrastructure to meet specific workloads.
  • Scalability: easily add or remove modules to scale capacity up or down quickly to meet fluctuating demands without major system overhauls.
  • Cloud integration: modules can be managed and accessed through cloud platforms, providing centralized control and resource access.
  • Rapid deployment: pre-configured modules and containers can be quickly deployed on-site, minimizing installation time and disruption.
  • Cost efficiency objective: assessing low-cost operating system software, such as Linux and open-source options for Microsoft, VMware, and Oracle to reduce over-provisioning and optimize costs.
CEMI Architecture Layout
CEMI Architecture Layout (Photo Credit: U.S. Army) VIEW ORIGINAL

CECOM SEC coordinated demos and Soldier touchpoints to ensure warfighter feedback and refine requirements that led to user interface automation and infrastructure management updates.

Distributed Common Ground System-Army system container-native architecture

The previous examples demonstrated CECOM SEC supporting initiatives that leveraged other hypervisor solutions to alleviate the Army’s dependence on VMware. In support of the DCGS-A software system, providing critical Army intelligence and operations support, CECOM SEC’s infrastructure modernization demonstrates a different approach by implementing a container-native architecture, leveraging modern development practices to improve efficiency, reduce technical debt, and lower costs. By adopting this container-native architecture using Red Hat OpenShift, CECOM SEC has enabled rapid, automated, and scalable deployments of the DCGS-A software.

Getting tactical infrastructure to the future

To preserve current capability, CECOM SEC has had to bridge the gap for legacy applications to continue operating while future applications progress through the acquisition lifecycle. This means migrating applications down the technology chain from hardware to VM to container. One key method was hosting legacy VMs inside containers using kubevirt to manage their lifecycles within a Kubernetes deployment.

For operators, the aim was to ease the transition burden to the new technology stack. This involved providing tools and automation for deployments and migrations, prioritizing user interfaces to enable point-and-click operations, and engaging users during the development process through Soldier touchpoints events to ensure that what was implemented was something the warfighter could readily adopt.

The issue of air-gapped deployment was tackled by utilizing niche tools like Defense Unicorns’ zarf and Rancher’s Hauler. Package registries and container registries were also incorporated into the infrastructure to enable deployments, containers, and ease of maintenance.

Lessons learned
  • Engaging in Soldier touchpoints to get valuable feedback from the warfighter is critical. Not all warfighters are interested in becoming Kubernetes subject matter experts, so the burden of deploying and maintaining systems must be minimized.
  • Automated deployment and understanding the automation are essential.
  • Skilled IT personnel want manual deployment options for troubleshooting
  • Less skilled personnel want ease of deployment.
  • The Army needs to mature policy and tools for containers. The community DevSecOps project is addressing issues such as base container images, security scanning, and hardening for containerized applications.
  • Containerization of existing capability requires significant investments, so bridging solutions like kubevirt is necessary.
Conclusion

CECOM SEC continues to be a key partner in the Army’s continuous transformation journey by incrementally modernizing tactical infrastructure, enabling materiel developers and warfighters to field new capabilities at a sustainable cost while minimizing operator burden. This demonstrates that old and new workloads can coexist to meet current needs while laying the groundwork for the future.

RELATED STORIES