Like IT managers elsewhere, the U.S. Department of Defense would like to supply its forces with mobile computing, but doing so risks the possibility that data being carried on a device will fall into the wrong hands.
"The challenges we face are the same ones you face in the corporate world," says Michael Metrovich, senior technology officer for the Defense Intelligence Agency, although he was referring to risks over and above the possibility that a laptop will disappear at airport security. Nevertheless, if virtual desktops are the DOD's answer to end user computing security, IT managers should pay attention to how they do it.
Last week at Citrix Systems annual user group meeting, Synergy, two different spokesmen involved in creating a secure mobile DOD client said a new form of virtual desktop was available and part of their approach to equipping their forces with more computing power. Indeed, they elevated the discussion of virtual desktops away from how can we engineer them for easier, less costly operations to how secure can we make the desktop and how far afield can we let it roam? It was explicit that not only was the virtual desktop locked down but that it could be readily adapted to run on different mobile devices.
As IT faces the overwhelming problem of supporting employees who have brought their preferred consumer device to work and plan to take it with them on their next business trip and European vacation, the DOD effort clearly offers some lessons learned about launching, managing and controlling virtual desktops.
More work has been accomplished on this front than I realized, until I heard Metrovich talk about his own desktop. Metrovich is responsible for secure communications between his agency and commanders of the war in Iraq, the war in Afghanistan, NATO headquarters in Europe, NATO operations in Libya--you get the idea. Because of that, he once had 16 physical PCs, each tied by its own cabling to the wiring closet with switches for secure networks, as his personal, composite desktop.
Today he has one physical machine and 16 virtual desktops, each tied by a virtual network through one cable to a switch in the wiring closet. The virtual desktops he needs have different characteristics and the networks he uses require different degrees of security, but that's not a problem because in both instances, the desktop and its network are running in their own virtual machines.
The transformation that's taken place on his desktop is now taking place throughout the agency as it implements end user virtualization using new security controls. So far 400 desktops have been virtualized. There's still a long ways to go with his agency's 50,000 users in 200 countries, but Metrovich said Thursday at Synergy, "There have been no major security issues to report so far."
That reflects growing confidence to provide secure client hypervisor operation, even when the hypervisor may have entered enemy territory. Citrix Systems and other virtualization vendors are making use of new capabilities built into the latest generation of Intel vPro chips and motherboards that check the 70,000-line hypervisor as its components are assembled from the client's disk.
When the user calls for his hypervisor to be activated, a client using Intel's Trusted Execution Technology can measure the hypervisor components as they are booted and check those measurements against its knowledge of their exact specifications, which has been stored on the motherboard. If the hypervisor has been intruded upon, tampered with, or experienced some unanticipated update, the boot is interrupted and a fresh version downloaded from a trusted server.
"We believe XenClient has the potential to be very secure," Metrovich says. He's created his agency's virtualized desktops with XenClient XT, the lightweight hypervisor Citrix designed to run on client machines and announced May 25. VMware is a user of a Intel's TXT self-checking capability as well with its ESXi hypervisor, the one that's built into and ships with servers that will serve as hosts for multiple virtual machines.
Metrovich says he recently had to supply a secure network to "a small community" that planned and executed the mission to invade Osama bin Laden's compound in Pakistan. Secrecy was an absolute priority and was maintained, he says.
In the past, U.S. agents or military teams could not take sophisticated computing devices across potentially hostile borders, "the threat of losing the device was too great." But he suggested that ample client computing power had accompanied the Navy SEALs incursion into Pakistan in their pursuit of Osama bin Laden. "With virtual desktops, all the data remains on a central server, with a remote user able to access and work with it, regardless of where he might be," he says.
"The key is nothing permanently resides on the computing device," says Metrovich, which opens up new possibilities for missions behind enemy lines. U.S. intelligence agencies and the military are extremely interested in what missions secure virtual desktop might enable, he says.