Transforming Mission SupportThrough MLS Secure Virtualization, Collaboration, and MobilityDavid Amoriell, Cisco SystemsGeo...
Driving an Ongoing Shift to BYOD andMobility                                                                        89%   ...
Paradigm Shift        •    Gartner Predicts “…By 2013, mobile phones will overtake PCs as the most common Web             ...
"To fundamentally change the way we do things in government, we    "                        need to seize on this mobile o...
Cyber threats impact the security and economic                                               viability of nations and busi...
Cyber threats impact the security and economic                                               viability of nations and busi...
Market Options Driving Transitioning to a Post-PC WorldNew choices being driven by Mobility, Agility and Customer Demand  ...
THE NETWORK        SECURITY, Accelerating Cyber-Threats        IT PRODUCTIVITY, Service and Network Management        GREE...
Multiple Devices                                                  Bring Your Own Device                                   ...
Presentation_ID   © 2008 Cisco Systems, Inc. All rights reserved.   Cisco Confidential   10
Trusted                                                                     WiF                                           ...
Aironet Infrastructure                                                                    Trusted                         ...
Trusted                                                                            WiF                                    ...
Untrusted WiFi                        Access: LimitedPresentation_ID   © 2008 Cisco Systems, Inc. All rights reserved.   C...
Hotspot 2.0                                                                                         Aironet Infrastructure...
3G/4G                  Access: Limited             No   Yes                        Electronic Medical Records             ...
3G/4G                                                                                         Identity Services           ...
Tr ust e                                                                                                                  ...
Presentation_ID   © 2008 Cisco Systems, Inc. All rights reserved.   Cisco Confidential   19
MLS CIUS Tablet, Provides MLS SVXI withMobility  Features                           Impact • Extends VDI/VXE              ...
MLS Handheld: One Device, Many Networks, COTS, MLS User Apps                          on Android Improved security, thin c...
Multiple Devices                                             Secure Mobility and BYOD                                     ...
Two Approaches: “Native” and “Virtual”                                              Native                                ...
Cisco VXIVirtualized End-to-End System                   Virtualized                                                      ...
Cisco Secure Virtualization Experience Infrastructure (SVXI)                                                          Rich...
Transforming Mission                   Support through Multilevel                     Secure Virtualization,              ...
Raytheon Trusted Computer Solutions (RTCS) Part of Raytheon Intelligence & Information Systems (IIS) since November 2010 K...
RTCS Product Line           ACCESS                           TRANSFER                           BROWSE   Trusted Thin Clie...
Overview           ACCESS           ACCESS                      What is Trusted Thin Client?                              ...
Current Information Access                 TOP SECRET                    SENSITIVE A                                      ...
Consolidation ApproachMultilevel Access from a single Thin ClientClassification levels clearly displayed       Consolidate...
Trusted Thin ClientHigh Assurance Multilevel Access (Intel/DoDScenario) CISCO VXC Thin Clients                            ...
Trusted Thin ClientHigh Assurance Multilevel Access (CivilianScenario) CISCO VXC Thin Clients                             ...
Virtual Desktop InfrastructureLeveraging CISCO VXI                                                                        ...
SecureOffice Trusted Thin Client Architecture                                   CISCO Virtualized Experience Infrastructur...
Deployments … many more pending Trusted Thin Client (TTC) Enterprise Deployments                 Civilian Deployments  Int...
Evolution Trusted Thin Client Capabilities  – Movement to remote computing access      Remote Access Implementation (TTC R...
Trusted Thin ClientRemote Access Implementation (RAI) Driven by the need to securely access information remotely – Growing...
TTC Remote Access Implementation Runs on most memory sticks – Encrypted Bootable Partition     Hardened Linux host OS with...
TTC RAI Overview Secure Remote access from a USB                                              Secure DMZ   stick          ...
Movement to Mobile Access Mobile Platforms are now ubiquitous – Phones, tablets, hybrids Multiple devices are not the answ...
TTC Mobile ArchitectureSecure Mobile Access                                         Users                                 ...
RTCS and Cisco Relationship Established and growing partnership – Synergy by offering multilevel or multi-sensitivity acce...
Thank you.             44
Upcoming SlideShare
Loading in …5
×

Transforming Mission Support | GSF 2012 | Session 4-4

1,235 views

Published on

Transforming Mission Support through MLS Secure Virtualization, Collaboration and Mobility

By: David Amoriell, George Kamis

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,235
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transforming Mission Support | GSF 2012 | Session 4-4

  1. 1. Transforming Mission SupportThrough MLS Secure Virtualization, Collaboration, and MobilityDavid Amoriell, Cisco SystemsGeorge Kamis, Raytheon TCS 1
  2. 2. Driving an Ongoing Shift to BYOD andMobility 89% 26% 75% 10% 36% 22% 1% 23% Device Diversity Is Here to StayPresentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Confidential 2
  3. 3. Paradigm Shift • Gartner Predicts “…By 2013, mobile phones will overtake PCs as the most common Web access device worldwide…” • 4+ Million iPhone 4s sold during the first weekend. • 17+ Million iPhones sold last quarter • 11+ Million iPads sold last quarter • 500k+ Applications built for Apple App Store • 400k+ Applications built for Android • 550+ New apps added daily • 700k Android Phones activated daily. • Gartner Predicts that by 2014, 92% of Internet packets will be video.Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Confidential 3
  4. 4. "To fundamentally change the way we do things in government, we " need to seize on this mobile opportunity both in how we serve the public and in how government employees work. " Steven VanRoekel U.S. Chief Information Officer “Whether it is a squad going out on a humanitarian effort or an entire division in major combat operations, you will connect to the network and your data will be there.” LTG Susan Lawrence Army CIO / G6 Our challenge today is ensuring our networks can securely support the information demands of our users – users who require access to information anywhere and anytime across the DoD Information Enterprise…” Teri Takai DoD CIO "I want to be the Chief Yes Officer” Roger Baker Veterans Affairs CIO© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  5. 5. Cyber threats impact the security and economic viability of nations and businesses alike Manipulation Theft & Espionage Disruption© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  6. 6. Cyber threats impact the security and economic viability of nations and businesses alike Target: Nasdaq OMX Target: Security and Target: Iranian Nuclear Defense Contractors Reactors Impact: “Flash Crash” of May 2010 Impact: Intellectual Impact: 2-5 Year Delay Property Theft, 2009- Exploit: Directors Desk 2010 Web-based Application Exploit: Siemens PLC Software Exploit: Multiple Zero- day Manipulation Theft & Espionage Disruption© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  7. 7. Market Options Driving Transitioning to a Post-PC WorldNew choices being driven by Mobility, Agility and Customer Demand PC World Post-PC World 7
  8. 8. THE NETWORK SECURITY, Accelerating Cyber-Threats IT PRODUCTIVITY, Service and Network Management GREEN, Energy Efficiency 8
  9. 9. Multiple Devices Bring Your Own Device (BYOD) Virtual Desktop Workspace MLS Secure VXI (SVXI)© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
  10. 10. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
  11. 11. Trusted WiF i Authenticate User Fingerprint Device Apply Corporate Config Enterprise Apps Automatic PoliciesPresentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
  12. 12. Aironet Infrastructure Trusted WiF i Identity Services Engine Apply defined policy profiles based on: Device Type User Mobile Device Location Management Application Prime ManagementPresentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
  13. 13. Trusted WiF i Access: FULL No Yes Electronic Medical Records Mobile TelePresence Email Instant MessengerPresentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
  14. 14. Untrusted WiFi Access: LimitedPresentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
  15. 15. Hotspot 2.0 Aironet Infrastructure ScanSafe IronPort Identity Services Engine AnyConnect WebEx Mobile 8Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
  16. 16. 3G/4G Access: Limited No Yes Electronic Medical Records Mobile TelePresence Email Instant MessengerPresentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
  17. 17. 3G/4G Identity Services Engine AnyConnect ASRPresentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
  18. 18. Tr ust e d W i F i Access: FULL No Yes Electronic Medical Records Mobile TelePresence Email Instant MessengerPresentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
  19. 19. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
  20. 20. MLS CIUS Tablet, Provides MLS SVXI withMobility Features Impact • Extends VDI/VXE • Tactical Reachback • Integrated • Data to the Edge Collaboration • Battlefield awareness • Voice, Video & • Fused intelligence Telepresence • Realtime analysis • Support Mission Apps • Ad-hoc • GEOINT communication • Visualization • Un-tethered • All-source information • MLS Driven by RTCS • Application integration 20
  21. 21. MLS Handheld: One Device, Many Networks, COTS, MLS User Apps on Android Improved security, thin client, cloud hosted; infrastructure consolidation, reduced cost 21
  22. 22. Multiple Devices Secure Mobility and BYOD Virtual Desktop Workspace MLS Secure VXI (SVXI)© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
  23. 23. Two Approaches: “Native” and “Virtual” Native Virtual IronPort IronPort Directory Exchange Email Web Virtualized Virtualization-Aware Virtualized Data Center Borderless Network Collaborative Workspace Cisco Collaboration MS Office Applications CISCO CLIENTS MDM Mgr NCS Prime Microsoft OS BRANCH ISE Desktop Virtualization Software CDN Cius Business Tablets Partner Hypervisor MDM Cisco WAAS WAN Virtual Unified Cisco Desktop Virtualization CM ISR Endpoints Nexus Thin Client Ecosystem Virtual CSM/AS Quad Co DM Com p mpute ute SS WAAS UC C U ACE AC NAM AC VPN with Cloud Web Security The Network needs to be ready for bothPresentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Confidential 23
  24. 24. Cisco VXIVirtualized End-to-End System Virtualized Virtualization-Aware Virtualized Data Center Borderless Network Collaborative Workspace Branch Cisco Clients CDN Cius Business Tablets Si WAAS ISR Virtual Access switching Unified CM w/PoE Cisco Virtualization Experience Clients Nexus Thin Client Ecosystem WAAS Virtual Quad Com pute S UC ACE End-to-End Security, Management and Automation 24
  25. 25. Cisco Secure Virtualization Experience Infrastructure (SVXI) Rich Media – Voice, Video, Collaboration & Mobility Data Center Multi-level Security Virtualization Cisco Cisco SVXI SVXI Secure Virtual Workspace Borderless Mission Application Collaboration Networks Support Integrated Solution - Enterprise Resource Management 25
  26. 26. Transforming Mission Support through Multilevel Secure Virtualization, Collaboration, and Mobility George Kamis Chief Technology Officer Kamis@TrustedCS.com 703-318-7134 Copyright © 2012 Raytheon Company. All rights reserved.Customer Success Is Our Mission is a registered trademark of Raytheon Company.
  27. 27. Raytheon Trusted Computer Solutions (RTCS) Part of Raytheon Intelligence & Information Systems (IIS) since November 2010 Key focus area: building commercial cross domain products to meet most stringent security requirements – Accessing and transferring data across security domains at a high level of assurance Cross domain solutions for DoD, IC, and Civilian Government include: – Trusted Thin Client, High Speed Guard, Trusted Gateway System, SimShield, and WebShield Established technical and business relationship with CISCO – Work natively in the field of VXI with Cisco thin client and server hardware – Leverage Cisco products for secure connectivity – Leverage off of mobile synergy to provide high assurance data access Cross Domain Products in Operational Systems Around the World Page 27
  28. 28. RTCS Product Line ACCESS TRANSFER BROWSE Trusted Thin Client® Trusted Gateway WebShield System™ Secure Access to Multiple Secure HTTP Traffic Throughout Domains from a Single Secure Multi-Directional Data the Enterprise Including Browse Connection Point: Transfer and Search Capabilities via Web Thin Client, PC Virtual Client, or Proxy Remote Access High Speed Guard Automated, High-Performance Data Transfer Supporting Full Motion Audio/Video Page 28
  29. 29. Overview ACCESS ACCESS What is Trusted Thin Client? – How it is being used by DoD, Intel, and Trusted Thin Client® Civilian customers – The transformation from Desktop to Trusted Secure Access to Multiple Thin Client access with VXI services Domains from a Single Multi-sensitivity access from a single termal Connection Point: Thin Client, PC Virtual Client, or Remote Access Evolution from a Thin Client computing model to meet current and future needs – Movement to remote computing access Teleworker Memory stick based computing for BYOD applications – Evolution to mobile and tablet platforms Secure access to multiple sensitivity levels Page 29
  30. 30. Current Information Access TOP SECRET SENSITIVE A SECRET SENSITIVE B SENSITIVE D SENSITIVE C Page 30
  31. 31. Consolidation ApproachMultilevel Access from a single Thin ClientClassification levels clearly displayed Consolidated access with Trusted Thin Client Page 31
  32. 32. Trusted Thin ClientHigh Assurance Multilevel Access (Intel/DoDScenario) CISCO VXC Thin Clients Cost-Effective CISCO Virtualized Experience Infrastructure (VXI) • Inexpensive commodity hardware for both Users thin clients & servers Data Storage Enterprise-Ready Servers • Scalable with failover Traditional Top Secret • Consolidates the user environment • Expandable network connections Flexible Distribution • Wide variety of client options: thin client, PC, Console virtual machine, memory stick, etc. Data Storage • Microsoft and UNIX system access via Multiple Monitors Servers Terminal Services, Citrix ICA, VMware Secret CISCO UCS PCoIP, etc servers • Hardware independent: Servers, Blades, Dedicated storage, etc. Remote Access Secure • Based upon Security Enhanced (SE) Linux Data Storage Servers • Meets DoD and IC security requirement for Sensitive processing multiple classification levels Virtual Access Page 32
  33. 33. Trusted Thin ClientHigh Assurance Multilevel Access (CivilianScenario) CISCO VXC Thin Clients Cost-Effective CISCO Virtualized Experience Infrastructure (VXI) • Inexpensive commodity hardware for both Users thin clients & servers Data Storage Enterprise-Ready Servers • Scalable with failover Sensitive • Consolidates the user environment Traditional • Expandable network connections Flexible Distribution • Wide variety of client options: thin client, PC, Console virtual machine, memory stick, etc. Data Storage • Microsoft and UNIX system access via Multiple Monitors Servers Terminal Services, Citrix ICA, VMware Internal CISCO UCS PCoIP, etc servers • Hardware independent: Servers, Blades, Dedicated storage, etc. Remote Access Secure • Based upon Security Enhanced (SE) Linux Data Storage • Meets DoD and IC security requirement for Servers Public processing multiple classification levels Virtual Access Page 33
  34. 34. Virtual Desktop InfrastructureLeveraging CISCO VXI CISCO Virtualized Experience Infrastructure (VXI) Users Data Storage Servers Top Secret Traditional Virtualized Data Center Distribution Console Enterprise Storage Multiple Monitors Data Storage Servers Secret Virtualized Data Center MS Hyper-V, Citrix XenServer, VMware ESX Server, etc. Server Hardware Remote Access Each user has a dedicated “virtual” complete operating system Servers Data Storage Broker directs users to VDI sessions Virtual Access Other Enclaves Can utilize application streaming User environment is created from a read-only image Page 34
  35. 35. SecureOffice Trusted Thin Client Architecture CISCO Virtualized Experience Infrastructure (VXI) Users Data Storage Servers Top Secret Traditional Distribution Console Data StorageMultiple Monitors Servers Secret Remote Access Data Storage Servers Sensitive Virtual Access Page 35
  36. 36. Deployments … many more pending Trusted Thin Client (TTC) Enterprise Deployments Civilian Deployments Intelligence Community – DHS – Large Enterprise TTC deployment – DOJ underway – Thousands deployed with many Unique Deployments other agencies – Aircrafts, submarines, etc DoD – Air Force Central Command, COAC- International Deployments X – Thousands deployed elsewhere with – Australia NGD other DoD components – UK – Canada Page 36
  37. 37. Evolution Trusted Thin Client Capabilities – Movement to remote computing access Remote Access Implementation (TTC RAI) Secure access from anywhere Aimed at the teleworker / first responder / road warrior – Evolution to mobile phone and tablet platforms (in development) Secure mobile access to data Support multiple sensitivity levels and a variety of mobile desktops 3/22/2012 Page 37
  38. 38. Trusted Thin ClientRemote Access Implementation (RAI) Driven by the need to securely access information remotely – Growing teleworker and first responder workforce – Supports BYOD model Portable, lightweight TTC Client in a Remote Environment that offers the benefits of TTC – Secure cross domain access – Consolidation of multiple desktops on different networks into a single client Runs on a standard media device (i.e., USB flash drive, SD memory card) Launched by booting host machine (i.e., laptop, netbook) from media device – Local hard disk not enabled or accessed Works on most x86 machines regardless of OS No Installation required on host machine 3/22/2012 Page 38
  39. 39. TTC Remote Access Implementation Runs on most memory sticks – Encrypted Bootable Partition Hardened Linux host OS with many connectivity and security features Native TTC Client runs within a hypervisor – Unencrypted Partition (Optional) Looks like a normal memory stick Network connectivity – NIC, WiFi, Cellular (3G/4G) Cisco AnyConnect VPN Client 3/22/2012 Page 39
  40. 40. TTC RAI Overview Secure Remote access from a USB Secure DMZ stick Users Data Storage Traditional Servers Network A Distribution Console Multiple Monitors Data Storage Servers Network B Virtual AccessTTC RAI Device Servers Data Storage Remote Access w/ Cisco AnyConnect USB flash drive Encryption Cisco ASA Security Network C Appliance 3/22/2012 Page 40
  41. 41. Movement to Mobile Access Mobile Platforms are now ubiquitous – Phones, tablets, hybrids Multiple devices are not the answer – Personal, business, etc Emphasis on BYOD – Sensitive data should not be comingled with personal information – Personal devices now have access to protected network assets – No control of the end points (also applies to government and corporate provided devices) Hard to protect once physical access is granted How to provide access to multiple sensitivity domains? – Trusted Thin Client (TTC) Mobile Based on the same security concepts as TTC Multi-sensitivity access from a mobile platform 3/22/2012 Page 41
  42. 42. TTC Mobile ArchitectureSecure Mobile Access Users Data Storage Traditional Servers Network A Distribution Console Multiple Monitors Data Storage Servers Network B Virtual Access Servers Data Storage Cisco AnyConnect Encryption Cisco ASA Security Network C Appliance 3/22/2012 Page 42
  43. 43. RTCS and Cisco Relationship Established and growing partnership – Synergy by offering multilevel or multi-sensitivity access with VXI access Thin clients and mobile platforms – Hardware options with certified Cisco VXC thin clients and Cisco UCS server hardware Moving to better voice and video support – Trusted Thin Client integration of Cisco Unified Communications Mobility – Benefiting from CIUS tablets and leveraging VXI infrastructure – Leveraging off Cummings Secure Sleeve for security network connectivity Validated Reference Architecture for Secure MLS SVXI 3/22/2012 Page 43
  44. 44. Thank you. 44

×