COVID-19 aid for pfSense software users LEARN MORE

USNS Mercy Case Study

Overview

The USNS Mercy (T-AH-19) is the lead ship in its class of hospital ships in non-commissioned service with the United States Navy. Her sister ship is USNS Comfort (T-AH-20). Per the Geneva Conventions, the Mercy cannot carry offensive weaponry, and attacking her is a war crime. Both ships are serving the nation in its fight against COVID-19.

The Mercy - a 65,000 ton converted oil tanker which hosts 1000 hospital beds (including 80 intensive care beds) - is currently docked in the Port of Los Angeles to help the Southern California region cope with COVID-19. To appreciate her size and scale, the entire state of Maine has 1,061 total hospital beds, including 61 ICU beds.

With any hospital, secure networking communications are essential. The Mercy’s network must accommodate not only official naval vessel communications, but also civilian medical staff and patient communications. As with numerous US government agencies, the US Navy is a pfSense® software user, and so is the USNS Mercy.

Since the IT staff of the Mercy is charged with the task of providing secure reliable communications to a number of user groups on board, they are continually evaluating and improving network services on the ship. As part of the COVID-19 response mission, they needed network devices that could process large amounts of IPSec and GRE traffic, while applying traffic policies to ensure critical data would flow through bandwidth constrained ship communication circuits. This has historically included Netgate appliances such as the SG-4860.

However, upon arriving in the Los Angeles area, the ship was given a 1 Gb/s link to shore, a circuit much faster than is typically provisioned for the ship. To meet the unique requirements of this install, Mercy once again looked to Netgate and the XG-1537, a data center class product that can handle 16.4 Gbps of routed traffic, 14.5 Gbps of firewall-processed traffic, or 2.77 Gbps of IPsec traffic. Within an hour of being ordered, Netgate shipped the appliance to California overnight, and the device was operational the next day, replacing a SG-4860.

A faster link also brought new challenges from increased traffic. To develop traffic shaping policies that enabled the best experience for all of Mercy’s diverse users, the Mercy IT crew called on Netgate’s support team. Within a few hours, one of Netgate’s top engineers had listened to the concerns of the ship, and a policy design was proposed and implemented - allowing critical medical data to flow while patients were able to keep in touch with friends and family ashore.

The flexibility of the pfSense platform, providing robust routing, firewall, VPN, and traffic shaping technologies integrated in a small form factor, with responsive subject matter expert support, is a key enabler that made Netgate and pfSense stand out to the Mercy IT team, and is why they continue to play a central role during these critical missions.

CHALLENGES

  • Their network must accommodate and manage civilian, medical staff, patient, and official naval vessel communications securely
  • They needed network devices that can process large amounts of IPsec and GRE traffic, while applying traffic policies to optimize data flow
  • To combat COVID-19, the ship was given a 1 Gb/s link to shore, a circuit much faster than is typically provisioned for the ship
  • New challenges rose from the new link’s increased traffic. They required traffic shaping policies to ensure civilian traffic didn’t impact medical staff and patient throughput

SOLUTION

  • Deployed pfSense software on Netgate hardware and AWS Cloud for network security and management
  • Installed a new Netgate XG-1537 to properly handle the new 1 Gbps link to shore transmitting gigabit IPsec encrypted traffic to the ship
  • USNS Mercy leaned on the Netgate Global Support team to help with network design, deployment, and custom traffic shaping policies to create the best network user experience

RESULTS

  • In a crisis, USNS Mercy’s critical Netgate hardware upgrade was shipped overnight within minutes of being purchased and arrived hours later
  • New XG-1537 fully addresses current secure networking throughput needs and holds sufficient capacity for growth
  • The Mercy’s IT team was able to quickly and effectively adapt their network to COVID-19 related demands due to their quick collaboration with Netgate Professional Services and Global Support teams
  • USNS Mercy now has a high-speed network with traffic policies in place to prioritize the secure flow of critical medical data while patients are able to keep in touch with friends and family ashore