The US Defense Intelligence Agency has an extensive IT environment to service 50,000 users working in 200 countries. It includes 14 major data centres, 44,000 PCs, 12,000 thin clients, and 16 distinct networks.

The reason for having so many networks is to segregate data with different classifications. The downside is that can mean having 16 PCs on one person's desk, as well as 16 sets of network devices.

An IT reinvention program has been modernising the DIA's infrastructure, and part of that process has been the use of virtualisation along with trusted separation devices to allow individual PCs to connect to multiple security domains, Michael Mestrovich, DIA senior technology officer for innovation, told the Citrix Synergy 2011 conference.

All virtual desktops and virtual applications are delivered to thick and thin clients in the same way, he explained. Some users really do need the full power of a PC on their desks as they use graphically and computationally intensive applications.

 

Michael Mestrovich, DIA senior technology officer for innovation

The big advantage of virtualising applications is that they will work as expected wherever the are run, and the isolation provided means there is no need to recertify the security of a configuration after an application has been added. Previously, accrediting a new or modified application could take as long as a year - "that just doesn't work any more," he said, but fortunately is no longer necessary.

CONTINUED

---

Furthermore, application virtualisation reduces the need for integration testing, and allows applications to be more easily shared with partner agencies. Centralising the data also reduces the management and support effort required.

It also provides a mechanism for securely delivering specific data to mobile workers as the data doesn't need to live on their devices, he said. And setting up and winding down short-term communities of people working on particular projects is simplified for the same reason.

The benefits of virtualising desktops include reduced downtime. Mestrovich noted that some Windows patches had caused problems in the DIA's environment, but virtual desktops can be instantly rolled back to the last working version when that occurs, and all users need to do to recover is log out and in again. Support staff can then work on the problem without inconveniencing users.

And if you have storage headaches, spare a thought for Mestrovich. The DIA spends more on storage than any other IT category, he said. Over a period that saw personnel numbers double, the amount of data being stored increased fivefold. That's partly due to the increasing richness of the data (eg, geographical representations rather than plain text), but the volume of emails - two million per day - is also a consideration. "[by law] I can't throw anything away," he said.



Disclosure: the writer travelled to San Francisco as the guest of Citrix.