Title: Desktop Virtualization in the United States Navy
Author(s): John Sprague and Dave Kinsman; World Wide Technology
Navy users regularly collaborate on multiple systems including unclassified, classified, NATO, Coalition, TS Coalition and the list goes on and on. Each of these domains creates not only a personal organizational challenge (for example dealing with three different storage systems) but also the challenge of maintaining three disparate architectures. Issues ranging from physical security of data / hardware to updating multiple operating systems with the appropriate patches continue to exponentially challenge all IT professionals and cyber security practitioners alike. Working with (at least) three desktops when dealing with classified systems does not provide that luxury. A deployed user might be able to reach back for an email account, but stored messages and the access to the desktop are just not currently possible utilizing a multiple desktop configuration. As the commercial industry continues its exploration of cloud technologies, users are becoming accustomed to being able to access their mail / desktop / search engines from anywhere and have it look and feel the same. Additionally, user interaction with IT systems has change dramatically over the last 10 years. Gone are the days where a user was required by technology to be physical in one location to access IT systems. The ability exists today to work from multiple different devices from any location while maintaining a consistent user experience. Mobility, consistent user experience and access to the same data anywhere are driving many DoD programs to fielding a virtualized desktop (VDI) solution. VDI is being fielded throughout the US Department of Defense to handle multiple requirements. One of those requirements is driving requests to remove multiple PCs from a user’s workstation while still allowing users to securely access separate classifications of desktops. VDI is being used to address this request as well as simply meeting the desktop needs of the US Department of Defense in a more secure, dynamic and cost effective way. While the technology exists to field excellent performance on operational systems there is still large risk when not designed correctly. While virtualization solutions have proven fruitful in other branches of the US Department of Defense, they have particular benefit to the Navy when properly employed. When designing shipboard systems power, cooling and space considerations are a top priority. VDI allows for IT hardware to be centralized in a space designed and reduces the footprint for the proper cooling and power on ship. Consolidation also provides ease of maintenance for gear swap out for maintenance purposes. For a shore command this applies to real-estate that is used to maintain and monitor the many classifications of networks to work with a Navy environment. By using VDI as well as collapsing the physical infrastructure, this allows the war fighter to collapse his network footprint as well as maintain his Data into a centralized storage container. This abstract discusses how these Virtual Desktop Infrastructures (VDI) can plug into Multi Level Security (MLS) solutions to accomplish the goal of removing those multiple desktops from an end users workspace. Additionally, the following details will be covered: • Sizing virtual desktop infrastructure correctly. • Persona management in a physical and virtual end user computing environment. Explaining the differences between the persona managers in the market landscape and how they apply to a properly architected virtual desktop infrastructure. • Different storage technologies are reviewed and discussed to enable VDI • Application virtualization. As the Navy looks to application layering technology what application virtualization means in the VDI environment and how this affects the virtual desktop infrastructure. • Cyber security and malware detection are at the forefront of cyber defense conversation across the federal government. The realization to how important this is to a properly architected system is front of mind for anyone designing computer systems. Creating a centralized infrastructure reduces the surface area for hackers to exploit while allowing security professionals the ability to secure a manageable infrastructure.