Converting the Army's Pentagon-based headquarters from a traditional desktop environment to a virtual desktop infrastructure (VDI) is expected to slash total operating costs for those computers by about 50 percent.
And, in five years the savings will be enough to recoup the infrastructure-related expenses of virtualizing those 18,000 desktops. That's according to Thomas Sasala, chief technology officer for the Army's Information Technology Agency (ITA), and Joel Cassell, ITA's engineering director. Both officials spoke during a recent C4ISR & Networks webcast, "DoD Virtualization: Creating visibility for the next-generation network."
See it: Watch the webcast.
The Army virtualization project is taking place now. ITA has already conducted a similar task for 2,000 Joint Staff desktops. Virtualization creates a shared working environment that enables greater real-time collaboration within and between agencies.
With virtualization, many non-IT agencies will get out of the business of managing their own IT hardware, freeing them up to focus on their core missions, according to the ITA officials. Man-hour savings will also come from IT technicians being able to install updates without visiting individual desktops.
"You've got desktops sprawled out over multiple locations, and some of them are not on all the time, [so] it's hard for them to be patched," Cassell said. "With VDI, it's much easier. You're patching on the back end and keeping the infrastructure current from a vulnerability perspective. We've seen that's been a tremendous benefit for us."
Virtualization is expected to improve ITA's ability to monitor network demand and manage network capacity accordingly. It will also provide better "data analytics," or insight into desktop user patterns, which could help with both counterintelligence and network performance.
"We'll be able to start gathering that telemetry and hopefully get to the point where we can start predicting failures before they actually happen," Sasala said. Such monitoring could include "watching outages or variances in the network or performance degradations over a period of time."
But virtualization will not usher in an online utopia. Instead, it will introduce a new set of challenges. Bob Kimball, chief technology officer for Ciena Government Solutions, cautioned that greater flexibility in a network means that security measures must be versatile enough to adapt to rapid change.
"The physical infrastructure is becoming extraordinarily more dynamic and more responsive and it is basically the engine that's powering some of these very interesting new concepts of how to virtualize the way we work," Kimball said. "The security environment needs to keep pace with that pace of innovation as well."
Virtualization has other limitations. While some suggested that ITA virtualize 95 percent of the Army headquarters desktops, the agency is aiming for the lower and more realistic goal of 80 percent, according to Sasala and Cassell. While virtualization is meant to be "device agnostic," some computers, such as laptops used by traveling employees, are not suitable for virtualization and need "localized computing capacity," Sasala said. Burning CDs does not work well in a VDI environment, either.
Like other agencies, ITA is grappling with the growing use of encrypted communications. Sasala said his agency is implementing "additional tools" to more effectively monitor such traffic.
"We're almost at the stage now where more than 50 percent of our traffic is encrypted, which is a huge blind spot from an intrusion protection perspective and an intrusion detection [perspective], as well as the data loss prevention perspective," Sasala said. "So we are deploying tools to assist us in that manner."
ITA is also assessing how virtualization will affect "cross-domain devices," which share intelligence information among multiple security levels.
"I don't believe there's going to be too much of an impact there as long as the access control permissions and privileges that allow the bit to transfer … are still there," Sasala said.
Watch the full Editorial Webcast at www.C4ISRNET.com/webcasts