Intelligence analysts at the Defense Intelligence Agency often need to access four to seven levels of unclassified and classified information a day, each residing on a different network. That has meant three or more PCs on an analyst's desk--one each for the unclassified network, the classified SIPRNET, and the top-secret Stone Ghost network, for example--and multiple cables plugging into multiple sets of networking equipment.
Clearly, this setup isn't optimal. Systems management is further complicated by the computing infrastructure DIA inherited from U.S. military commands around the world that brought in multiple operating systems, applications, and versions of apps, each with their own patch levels, which made management more time consuming and PCs tougher to secure.
The cost, complexity, and challenges that come with having multiple PCs on each desk has led Mike Mestrovich, senior technology officer for innovation, to push for an agency-wide client virtualization initiative. The Next-Generation Desktop project will significantly cut the 40,000 PCs and about 11,000 thin clients the DIA has today. It will also make those PCs more manageable. The project aims to cull the well over a dozen client images the agency has to manage now down to a few master images that will be stored in DIA's data centers.
Mestrovich won't say how many PCs and thin clients DIA will have after the switch to virtual desktops. And he won't hazard a guess as to the savings--he says he's yet to see ROI studies with numbers that he considers reliable. There will be a "substantial" expenditure on infrastructure, he says, including adding servers in the data center. But the cost of managing DIA desktops, including patching and managing licenses, will drop significantly and security will improve, he's convinced. DIA may be able to reassign some system administrators to other positions, he says, and software licensing costs may go down because if a user doesn't use an app for a certain amount of time, that license will be automatically returned to a group pool.
Under Next-Generation Desktop, operating systems and applications will reside on servers (the exact number also undisclosed) composed of about 35 to 40 virtual machines per server core. They'll be streamed to desktops and thin clients at runtime. Operating systems, apps, and user profiles will be hosted separately.
End users will be presented with icons representing multiple networks. They'll still only be able to access one network at a time, but they'll be able to transfer files across the networks via gateways on the back end, if security restrictions allow it. On a PC, switching between networks may be as simple as a keyboard shortcut, making one PC a multilevel access device.
Download the InformationWeek Aug. 2010 Virtual Desktop supplement