Transforming Mission Support | GSF 2012 | Session 4-4

1

Transforming Mission SupportThrough MLS Secure Virtualization, Collaboration, and Mobility

David Amoriell, Cisco SystemsGeorge Kamis, Raytheon TCS

22© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Driving an Ongoing Shift to BYOD and Mobility

Cisco Confidential

89%

10%

1% 23%

36%

26%

75%

22%

Device Diversity Is Here to Stay


Paradigm Shift

• Gartner Predicts “…By 2013, mobile phones will overtake PCs as the most common Web access device worldwide…”

• 4+ Million iPhone 4s sold during the first weekend.

• 17+ Million iPhones sold last quarter

• 11+ Million iPads sold last quarter

• 500k+ Applications built for Apple App Store

• 400k+ Applications built for Android

• 550+ New apps added daily

• 700k Android Phones activated daily.

• Gartner Predicts that by 2014, 92% of Internet packets will be video.

Cisco Confidential

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

"

“Whether it is a squad going out on a humanitarian effort or an entire division in major combat operations, you will connect to the network and your data will be there.”

LTG Susan Lawrence Army CIO / G6

Teri Takai DoD CIO

Our challenge today is ensuring our networks can securely support the information demands of our users – users who require access to information anywhere and anytime across the DoD Information Enterprise…”

"I want to be the Chief Yes Officer”

Roger Baker Veterans Affairs CIO

"To fundamentally change the way we do things in government, we need to seize on this mobile opportunity both in how we serve the public and in how government employees work. "

Steven VanRoekel U.S. Chief Information Officer


Manipulation Theft & Espionage Disruption

Cyber threats impact the security and economicviability of nations and businesses alike


Manipulation Theft & Espionage Disruption

Cyber threats impact the security and economicviability of nations and businesses alike

Target: Target: Nasdaq OMXNasdaq OMX

Impact: Impact: ““Flash CrashFlash Crash”” of of May 2010May 2010

Exploit: Exploit: Directors Desk Directors Desk WebWeb--based Applicationbased Application

Target: Target: Security and Security and Defense ContractorsDefense Contractors

Impact: Impact: Intellectual Intellectual Property Theft, 2009Property Theft, 2009--20102010

Exploit: Exploit: Multiple ZeroMultiple Zero--dayday

Target: Target: Iranian Nuclear Iranian Nuclear ReactorsReactors

Impact: Impact: 22--5 Year Delay5 Year Delay

Exploit: Exploit: Siemens PLC Siemens PLC Software Software

7

Market Options Driving Transitioning to a Post-PC WorldNew choices being driven by Mobility, Agility and Customer Demand

PC World Post-PC World

8

THE NETWORK

GREEN, Energy Efficiency

IT PRODUCTIVITY, Service and Network Management

SECURITY, Accelerating Cyber-Threats

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9

Multiple DevicesMultiple Devices

Bring Your Own Device (BYOD)

Virtual Desktop Virtual Desktop \\WorkspaceWorkspace

MLS Secure VXI (SVXI)


Trusted

WiFi

� Authenticate User

� Fingerprint Device

� Apply Corporate Config

� Enterprise Apps

� Automatic Policies


WiFi

Trusted

Apply defined policy profiles based on:�Device Type�User�Location�Application

Identity Services Engine

Mobile Device Management

Aironet Infrastructure

Prime Management


Trusted

WiFi

Electronic Medical Records

Mobile TelePresence

Email

Instant Messenger

YesNo

Access: FULL


Untrusted WiFi

Access: Limited


Hotspot 2.0

Aironet Infrastructure

ScanSafeIronPort


AnyConnect

WebExMobile 8



Mobile TelePresence

Email

Instant Messenger

YesNo

3G/4G

Access: Limited



AnyConnect

3G/4G

ASR



Mobile TelePresence

Email

Instant Messenger

YesNo

TrustedW i

F i

Access: FULL

20

MLS CIUS Tablet, Provides MLS SVXI with Mobility

• Extends VDI/VXE• Integrated Collaboration

• Voice, Video & Telepresence

• Support Mission Apps• GEOINT• Visualization• All-source

• MLS Driven by RTCS• Application integration

• Tactical Reachback• Data to the Edge• Battlefield awareness• Fused intelligence• Realtime analysis• Ad-hoc communication• Un-tethered information

Features Impact

21

MLS Handheld: One Device, Many Networks, COTS, MLS User Apps on Android

Improved security, thin client, cloud hosted; infrastructure consolidation, reduced cost

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22

Multiple DevicesMultiple Devices

Secure Mobility and BYOD

Virtual Desktop Virtual Desktop \\WorkspaceWorkspace

MLS Secure VXI (SVXI)

2323© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_IDCisco Confidential

Two Approaches: “Native” and “Virtual”

The Network needs to be ready for both

Native Virtual

ISE

CSM/ASDM

PartnerMDM

MDM Mgr

AC VPN withCloud Web Security

IronPortWebDirectory Exchange

NCS Prime

AC NAM

IronPortEmail

WAAS

ISR

BRANCH

Virtualization-Aware Borderless Network

CDN

Compute UCS

MS Office

Desktop Virtualization Software

Virtualized Data Center

WAAS

Nexus

Microsoft OS

ACE

Hypervisor

Virtual Unified

CM

Virtual Quad

Cisco Collaboration Applications

Thin Client Ecosystem

CISCO CLIENTS

Cius Business Tablets

Virtualized Collaborative Workspace

Cisco Desktop Virtualization Endpoints

Cisco WAN

Compute UCS

24

WAAS

ISR

BranchBranch

Virtualization-Aware Borderless Network

CDN

End-to-End Security, Management and Automation

Cisco VXIVirtualized End-to-End System

Compute UCS

VirtualizedData Center

WAAS

Nexus

ACE

VirtualUnified CM

Virtual Quad

Thin Client EcosystemThin Client Ecosystem

Cisco ClientsCisco Clients

Cius Business Tablets

Virtualized Collaborative Workspace

Cisco Virtualization Experience Clients

Access switching w/PoE

SiSi

25

Collaboration BorderlessNetworks

Data CenterVirtualization

Secure VirtualWorkspace

Cisco SVXI

Cisco SVXI

Mission Application Support

Multi-level Security

Rich Media – Voice, Video, Collaboration & Mobility

Integrated Solution -Enterprise Resource Management

Cisco Secure Virtualization Experience Infrastructure (SVXI)

Copyright © 2012 Raytheon Company. All rights reserved.Customer Success Is Our Mission is a registered trademark of Raytheon Company.

George KamisChief Technology Officer

[email protected]

Transforming Mission Support through Multilevel

Secure Virtualization, Collaboration, and Mobility

Raytheon Trusted Computer Solutions (RTCS)

� Part of Raytheon Intelligence & Information Systems (IIS) since November 2010

� Key focus area: building commercial cross domain products to meet most stringent security requirements

– Accessing and transferring data across security domains at a high level of assurance

� Cross domain solutions for DoD, IC, and Civilian Government include:

– Trusted Thin Client, High Speed Guard, Trusted Gateway System, SimShield, and WebShield

� Established technical and business relationship with CISCO

– Work natively in the field of VXI with Cisco thin client and server hardware

– Leverage Cisco products for secure connectivity

– Leverage off of mobile synergy to provide high assurance data access

Cross Domain Products in Operational Systems Around the World

RTCS Product Line

Trusted Thin Client®

Secure Access to Multiple

Domains from a Single

Connection Point:

Thin Client, PC Virtual Client, or

Remote Access

ACCESS TRANSFER BROWSE

Trusted Gateway

System™

Secure Multi-Directional Data

Transfer

High Speed Guard

Automated, High-Performance

Data Transfer Supporting Full

Motion Audio/Video

WebShield

Secure HTTP Traffic Throughout

the Enterprise Including Browse

and Search Capabilities via Web

Proxy

Overview

ACCESS � What is Trusted Thin Client?

– How it is being used by DoD, Intel, and Civilian customers

– The transformation from Desktop to Trusted Thin Client access with VXI services� Multi-sensitivity access from a single termal

� Evolution from a Thin Client computing model to meet current and future needs

– Movement to remote computing access� Teleworker� Memory stick based computing for BYOD

applications

– Evolution to mobile and tablet platforms � Secure access to multiple sensitivity levels

Trusted Thin Client®

Secure Access to Multiple

Domains from a Single

Connection Point:

Thin Client, PC Virtual Client, or

Remote Access

ACCESS

Current Information Access

TOP SECRETSENSITIVE BSECRET

SENSITIVE D

SENSITIVE A

SENSITIVE C

Consolidation Approach Multilevel Access from a single Thin Client

Classification levels clearly displayed Consolidated access with

Trusted Thin Client

Trusted Thin Client High Assurance Multilevel Access (Intel/DoD Scenario)

Cost-Effective• Inexpensive commodity hardware for both

thin clients & servers

Enterprise-Ready• Scalable with failover• Consolidates the user environment• Expandable network connections

Flexible• Wide variety of client options: thin client, PC,

virtual machine, memory stick, etc.• Microsoft and UNIX system access via

Terminal Services, Citrix ICA, VMware PCoIP, etc

• Hardware independent: Servers, Blades, Dedicated storage, etc.

Secure• Based upon Security Enhanced (SE) Linux• Meets DoD and IC security requirement for

processing multiple classification levels

Users

Top Secret

Data Storage

Servers

Distribution Console

Secret

Data Storage

Servers

Sensitive

Data Storage

Servers

Traditional

Multiple Monitors

Remote Access

Virtual Access

CISCO UCS servers

CISCO Virtualized Experience Infrastructure (VXI) CISCO VXC Thin Clients

Trusted Thin Client High Assurance Multilevel Access (Civilian Scenario)

Cost-Effective• Inexpensive commodity hardware for both

thin clients & servers

Enterprise-Ready• Scalable with failover• Consolidates the user environment• Expandable network connections

Flexible• Wide variety of client options: thin client, PC,

virtual machine, memory stick, etc.• Microsoft and UNIX system access via

Terminal Services, Citrix ICA, VMware PCoIP, etc

• Hardware independent: Servers, Blades, Dedicated storage, etc.

Secure• Based upon Security Enhanced (SE) Linux• Meets DoD and IC security requirement for

processing multiple classification levels

Users

Sensitive

Data Storage

Servers


Internal

Data Storage

Servers

Public

Data Storage

Servers

Traditional

Multiple Monitors

Remote Access

Virtual Access

CISCO UCS servers

CISCO Virtualized Experience Infrastructure (VXI) CISCO VXC Thin Clients

Virtual Desktop InfrastructureLeveraging CISCO VXI

Server Hardware

Top Secret

Data Storage

Servers

Secret

Data StorageServers

Other Enclaves

Data StorageServers

Enterprise Storage

MS Hyper-V, Citrix XenServer, VMware ESX Server, etc.

� Each user has a dedicated “virtual” complete operating system

� Broker directs users to VDI sessions

� Can utilize application streaming

� User environment is created from a read-only image



CISCO Virtualized Experience Infrastructure (VXI)

Users

Traditional

Multiple Monitors

Remote Access

Virtual Access


Users

Top Secret

Data Storage

Servers


Secret

Data Storage

Servers

Sensitive

Data Storage

Servers

Traditional

Multiple Monitors

Remote Access

Virtual Access

SecureOffice Trusted Thin Client ArchitectureCISCO Virtualized Experience Infrastructure (VXI)

Deployments … many more pending

Enterprise Deployments

� Intelligence Community

– Large Enterprise TTC deployment underway

– Thousands deployed with many other agencies

� DoD

– Air Force Central Command, COAC-X

– Thousands deployed elsewhere with other DoD components

Civilian Deployments

– DHS

– DOJ

Unique Deployments

– Aircrafts, submarines, etc

International Deployments

– Australia NGD

– UK– Canada

Trusted Thin Client (TTC)

Evolution Trusted Thin Client Capabilities

– Movement to remote computing access � Remote Access Implementation (TTC RAI)

� Secure access from anywhere

� Aimed at the teleworker / first responder / road warrior

– Evolution to mobile phone and tablet platforms (in development)� Secure mobile access to data

� Support multiple sensitivity levels and a variety of mobile desktops

3/22/2012

Trusted Thin Client Remote Access Implementation (RAI)

� Driven by the need to securely access information remotely

– Growing teleworker and first responder workforce

– Supports BYOD model

� Portable, lightweight TTC Client in a Remote Environment that offers the benefits of TTC

– Secure cross domain access

– Consolidation of multiple desktops on different networks into a single client

� Runs on a standard media device (i.e., USB flash drive, SD memory card)

� Launched by booting host machine (i.e., laptop, netbook) from media device

– Local hard disk not enabled or accessed

� Works on most x86 machines regardless of OS

� No Installation required on host machine

3/22/2012

TTC Remote Access Implementation

� Runs on most memory sticks

– Encrypted Bootable Partition� Hardened Linux host OS with many connectivity and security features

� Native TTC Client runs within a hypervisor

– Unencrypted Partition (Optional)

� Looks like a normal memory stick

� Network connectivity

– NIC, WiFi, Cellular (3G/4G)

� Cisco AnyConnect VPN Client

3/22/2012

TTC RAI Overview

3/22/2012

Remote Access w/USB flash drive

TTC RAIDevice

Secure DMZ

Cisco AnyConnect Encryption

Users

Traditional

Multiple Monitors

Virtual Access

Network A

Data Storage

Servers

Network B

Data StorageServers

Network C

Data StorageServers

Cisco ASA Security Appliance


Secure Remote access from a USB stick

Movement to Mobile Access

� Mobile Platforms are now ubiquitous

– Phones, tablets, hybrids

� Multiple devices are not the answer

– Personal, business, etc

� Emphasis on BYOD

– Sensitive data should not be comingled with personal information

– Personal devices now have access to protected network assets

– No control of the end points (also applies to governmentand corporate provided devices)� Hard to protect once physical access is granted

� How to provide access to multiple sensitivity domains?

– Trusted Thin Client (TTC) Mobile� Based on the same security concepts as TTC

� Multi-sensitivity access from a mobile platform

3/22/2012

TTC Mobile ArchitectureSecure Mobile Access

3/22/2012

Cisco AnyConnect Encryption

Users

Traditional

Multiple Monitors

Virtual Access

Network A

Data Storage

Servers

Network B

Data StorageServers

Network C

Data StorageServers

Cisco ASA Security Appliance


RTCS and Cisco Relationship

� Established and growing partnership

– Synergy by offering multilevel or multi-sensitivity access with VXI access� Thin clients and mobile platforms

– Hardware options with certified Cisco VXC thin clients and Cisco UCS server hardware

� Moving to better voice and video support

– Trusted Thin Client integration of Cisco Unified Communications

� Mobility

– Benefiting from CIUS tablets and leveraging VXI infrastructure

– Leveraging off Cummings Secure Sleeve for security network connectivity

� Validated Reference Architecture for Secure MLS SVXI

3/22/2012

44

Thank you.Thank you.

Transforming Mission Support | GSF 2012 | Session 4-4

Technology

Transcript of Transforming Mission Support | GSF 2012 | Session 4-4