Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Energy's new plug-and-play technology infrastructure
Friday - 5/9/2014, 7:35am EDT
The Energy Department is setting up a new technology infrastructure that will be modeled after the electric grid, in which users just plug their application in and go.
The OneNNSA network is a big part of its modernization strategy, developed along with the National Nuclear Security Administration (NNSA) to create a technology infrastructure backbone with seamless identity management and collaboration services in the cloud.
"It's under its official test program right now, and the plan is to turn it into production later this fiscal year," said Bob Brese, Energy's chief information officer. "We will prove it can scale and all those things around virtual desktop interface, security, cloud and mobility are linked together and supported by this test program with NNSA."
Brese said, despite the departures of two of the chief architects of the OneNNSA network, — Anil Karmel left earlier this year to start his own business and Travis Howerton is joining Oakridge National Lab later this month — it is thriving as a key piece of Energy's broader technology infrastructure modernization effort.
"Because NNSA acts like an enterprise, they are going to mandate this underlying approach to their federal employees and their labs and plants. But it's really that underlying infrastructure. It doesn't get into the details of the applications and activities that are performed locally. What it really does is ties everyone together in a much more secure and collaborative environment," he said. "So we expect this to scale well, and we will be able to scale this across the department. A large number of our labs and plants as well as our program offices have been involved in this activity, staying in touch with it so when we are ready to scale it, everybody will be ready to move on to that. They still will be able to run their own applications and platforms on top of it. It will not reduce the level of autonomy they need to be successful in their mission. What it will do is ease the burden of managing or overseeing some of the underlying connectivity and collaboration infrastructure."
VDI moves out of pilot stage
And Brese has been busy over the last two years developing the services from virtual desktop interface to mobility to security to plug into the OneNNSA network in the coming months.
Energy is using a pilot program to test out virtual desktop interface to full production mode.
Brese said about 500 use VDI now, and he plans to increase to about 2,000 by the end of the year. He said Energy plans to add the rest of the department's employees over the next 18 to 24 months.
He said beyond the cost savings and security benefits, VDI is a key piece to Energy's cloud strategy.
"It's pretty reliant on our ability to get to these infrastructure-as-a-service models because, as things scale up or down during usage, we want to be able to pull that infrastructure back during times of low use and then scale it up during the work day, or during times of a continuity of operations exercise," he said. "VDI is a great enabler. Our security team is working very closely with our IT operations team to make sure that as we wrap this thing up, we are not endangering ourselves at a single point of failure."
Brese said Energy will use the thin client flavor of VDI that will provide savings in energy usage of about 90 percent desktop and a reduction of end points from a security perspective.
"That will free up our security operations center to spend less time on solving all these point solutions and point challenges, and being able to spend time on continuously evaluating the network as a whole and looking for intrusion attempts, odd behavior on the network and that type of thing," he said.
Security is a second piece to his infrastructure modernization effort.
Brese said the Joint Cyber Coordination Center (JC3) reached initial operating capability in 2013 and continues to expand.
The goal of the JC3 is not to manage every network in Energy, but more of a cyber collaboration tool. Brese said the center provides information sharing, analysis, reporting and coordination of incident response.
"The JC3's job is to pull in this information from the enterprise sensors, from the incidents and issues being reported by all of our sites, going through those and doing comprehensive cross-site analysis and then providing tipping, queuing and threat vectors to our men and women defending their own networks," he said. "There was some concern that we would either try to duplicate or take over local network security. We had to work a lot of meetings and technical discussions, but I really don't see is as an issue anymore. We can clearly show how this is an enterprise function. It's one that's not performed locally, can't be performed locally, but, at the same time, doesn't duplicate efforts that are being performed locally."