The Energy Department is setting up a new technology infrastructure that will be modeled after the electric grid, in which users just plug their application in and go.
The OneNNSA network is a big part of its modernization strategy, developed along with the National Nuclear Security Administration (NNSA) to create a technology infrastructure backbone with seamless identity management and collaboration services in the cloud.
“It’s under its official test program right now, and the plan is to turn it into production later this fiscal year,” said Bob Brese, Energy’s chief information officer. “We will prove it can scale and all those things around virtual desktop interface, security, cloud and mobility are linked together and supported by this test program with NNSA.”
Brese said, despite the departures of two of the chief architects of the OneNNSA network, — Anil Karmel left earlier this year to start his own business and Travis Howerton is joining Oakridge National Lab later this month — it is thriving as a key piece of Energy’s broader technology infrastructure modernization effort.
“Because NNSA acts like an enterprise, they are going to mandate this underlying approach to their federal employees and their labs and plants. But it’s really that underlying infrastructure. It doesn’t get into the details of the applications and activities that are performed locally. What it really does is ties everyone together in a much more secure and collaborative environment,” he said. “So we expect this to scale well, and we will be able to scale this across the department. A large number of our labs and plants as well as our program offices have been involved in this activity, staying in touch with it so when we are ready to scale it, everybody will be ready to move on to that. They still will be able to run their own applications and platforms on top of it. It will not reduce the level of autonomy they need to be successful in their mission. What it will do is ease the burden of managing or overseeing some of the underlying connectivity and collaboration infrastructure.”
VDI moves out of pilot stage
And Brese has been busy over the last two years developing the services from virtual desktop interface to mobility to security to plug into the OneNNSA network in the coming months.
Energy is using a pilot program to test out virtual desktop interface to full production mode.
Brese said about 500 use VDI now, and he plans to increase to about 2,000 by the end of the year. He said Energy plans to add the rest of the department’s employees over the next 18 to 24 months.
He said beyond the cost savings and security benefits, VDI is a key piece to Energy’s cloud strategy.
“It’s pretty reliant on our ability to get to these infrastructure-as-a-service models because, as things scale up or down during usage, we want to be able to pull that infrastructure back during times of low use and then scale it up during the work day, or during times of a continuity of operations exercise,” he said. “VDI is a great enabler. Our security team is working very closely with our IT operations team to make sure that as we wrap this thing up, we are not endangering ourselves at a single point of failure.”
Brese said Energy will use the thin client flavor of VDI that will provide savings in energy usage of about 90 percent desktop and a reduction of end points from a security perspective.
“That will free up our security operations center to spend less time on solving all these point solutions and point challenges, and being able to spend time on continuously evaluating the network as a whole and looking for intrusion attempts, odd behavior on the network and that type of thing,” he said.
Brese said the Joint Cyber Coordination Center (JC3) reached initial operating capability in 2013 and continues to expand.
The goal of the JC3 is not to manage every network in Energy, but more of a cyber collaboration tool. Brese said the center provides information sharing, analysis, reporting and coordination of incident response.
“The JC3’s job is to pull in this information from the enterprise sensors, from the incidents and issues being reported by all of our sites, going through those and doing comprehensive cross-site analysis and then providing tipping, queuing and threat vectors to our men and women defending their own networks,” he said. “There was some concern that we would either try to duplicate or take over local network security. We had to work a lot of meetings and technical discussions, but I really don’t see is as an issue anymore. We can clearly show how this is an enterprise function. It’s one that’s not performed locally, can’t be performed locally, but, at the same time, doesn’t duplicate efforts that are being performed locally.”
Mobile policy close to being completed
The final piece to the IT infrastructure modernization effort is mobility.
Brese said Energy has consolidated mobile contracts, pooled minutes and better control usage among employees. He said that effort has provided Energy hundreds of thousands of dollars in savings.
“We’ve been working very hard on a mobile device management, mobile application management and mobile security management solution,” he said. “We now have a department policy that is almost completely approved and that will lay out some of the high level expectations of our mobile infrastructure. It’s probably not as detailed as you might see from like a Department of Defense, but we think it will provide a consistent policy that we can appropriately tailor for our program offices. Clearly, we don’t want to have too little security in our National Nuclear Security Administration or in some cases, too much security in our open science program.”
Brese said he expects the policy to be approved and released this summer.
In the meantime, there are some local policies at the National labs, but this framework will bring all these efforts together in a more coherent fashion.
Brese also joined Federal News Radio for an online chat where he took questions from readers on a variety of topics including cybersecurity, mobility and cloud computing. View an archive version of the chat.