The Defense Intelligence Agency expects virtualization to let it get rid of multiple PCs per analyst.
Intelligence analysts at the Defense Intelligence Agency often need to access four to seven levels of unclassified and classified information a day, each residing on a different network. That has meant three or more PCs on an analyst's desk--one each for the unclassified network, the classified SIPRNET, and the top-secret Stone Ghost network, for example--and multiple cables plugging into multiple sets of networking equipment.
Clearly, this setup isn't optimal. Systems management is further complicated by the computing infrastructure DIA inherited from U.S. military commands around the world that brought in multiple operating systems, applications, and versions of apps, each with their own patch levels, which made management more time consuming and PCs tougher to secure.
The cost, complexity, and challenges that come with having multiple PCs on each desk has led Mike Mestrovich, senior technology officer for innovation, to push for an agency-wide client virtualization initiative. The Next-Generation Desktop project will significantly cut the 40,000 PCs and about 11,000 thin clients the DIA has today. It will also make those PCs more manageable. The project aims to cull the well over a dozen client images the agency has to manage now down to a few master images that will be stored in DIA's data centers.
Mestrovich won't say how many PCs and thin clients DIA will have after the switch to virtual desktops. And he won't hazard a guess as to the savings--he says he's yet to see ROI studies with numbers that he considers reliable. There will be a "substantial" expenditure on infrastructure, he says, including adding servers in the data center. But the cost of managing DIA desktops, including patching and managing licenses, will drop significantly and security will improve, he's convinced. DIA may be able to reassign some system administrators to other positions, he says, and software licensing costs may go down because if a user doesn't use an app for a certain amount of time, that license will be automatically returned to a group pool.
Under Next-Generation Desktop, operating systems and applications will reside on servers (the exact number also undisclosed) composed of about 35 to 40 virtual machines per server core. They'll be streamed to desktops and thin clients at runtime. Operating systems, apps, and user profiles will be hosted separately.
End users will be presented with icons representing multiple networks. They'll still only be able to access one network at a time, but they'll be able to transfer files across the networks via gateways on the back end, if security restrictions allow it. On a PC, switching between networks may be as simple as a keyboard shortcut, making one PC a multilevel access device.
Desktop virtualization may have side benefits for DIA employees. To increase manageability, the agency has had to require standard user interface settings, such as window and type colors, window backgrounds, and font sizes, but client virtualization can abstract user preferences out of the OS build and give users a lot more flexibility.
DIA is coordinating the desktop virtualization effort with other intelligence agencies, which Mestrovich hopes will let analysts access their agency's networks from other agencies' desktops. If the coordination effort works, Central Intelligence Agency, National Security Agency, and DIA analysts could someday soon all work side by side, he says.
"We could potentially have anybody working in anybody else's space," Mestrovich says. In those situations, virtualization dramatically cuts the time it takes to give people access to the networks and data, he says.
Among the other agencies that have worked with DIA on the project are the National Geospatial Intelligence Agency, which has done some application virtualization of its own; NSA, which has significant investments in desktop virtualization; and the National Reconnaissance Office, which has a project under way called the Desktop Optimization Program that includes desktop virtualization. Top-level military officials are in on it as well: Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, is among those who've been given a demo of DIA's project.
Two pilot projects began in February and ended in June, testing 250 endpoints each. They used VMware ESX hypervisors, Citrix XenDesktop for desktop virtualization, Citrix XenApp and Microsoft App-V 4.5 for app virtualization, AppSense for user profiles, NetApp for network storage, and a number of different thin and thick clients. DIA served desktops from data centers in Washington, D.C., and Virginia to analysts in the U.S. and as far away as South Korea. It tested a range of applications, including graphics-intensive multimedia ones such as Google Earth and Overwatch Geospatial RemoteView, used to analyze satellite imagery and geospatial data.
Several years ago, desktop virtualization technology, particularly for thin clients, had performance problems that limited the apps it could run. Mestrovich has been pleasantly surprised with current technology. Thin clients come with more computing power and features not previously available, like support of heavier graphics.
People using thin clients over satellite in Korea had poor performance due to latency, but everybody else in the pilot had a good experience. "Google Earth works brilliantly, and RemoteView, which we were told wouldn't work at all, also works fine," Mestrovich says. Mestrovich expects to use virtual desktops just about everywhere except the front lines of Afghanistan. For the foreseeable future, thin clients will be used where more security domains are required, and PCs will be used for heavy-duty apps like Google Earth.
Since the pilot, DIA has released a request for proposals to identify a contractor that will deploy the virtual desktops, which DIA will manage. Deployment will begin in October or November, and Mestrovich hopes to move all of the agency's thin clients to the new environment within the first year. He's less definitive about the PC switchover but says it would happen soon after project deployment started.
It's too early to say how much time and money desktop virtualization will save DIA, Mestrovich says, but the agency is expecting "massive improvement" in its ability to deploy new operating systems and applications. It also expects significant improvement in its security posture and ability to maintain a secure computing baseline, he says. That combined with the eventual hardware savings should yield an ROI of note.
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.