Not the end of the CENTCOM CVN rotation?

[DanMa1156]

Realistically, the Navy should switch from on-prem systems to thin clients that log into cloud VMs in a mix of both AWS and Azure IL5 regions around the country. Way more efficient upkeep costs and faster compute and storage than 5+ year old machines. Patching and deployments would be a breeze.

I barely understand half this jargon, but my impression is that GEMINI and/or Flank Speed are the beginning of this eventual move to cloud-based networking.

 

[squorch2]

Sorta - still gotta have those endpoints.

Flank Speed is DOD-compliant office in the cloud (M365, nee O365).

 

[nittany03]

Huh? No, you don’t install VMware on anything. The VM is managed by MS Azure or AWS GovCloud on an IL5-secure server (actually, lots of these servers, that already exist around the country). You can use any machine to get into this environment. Imagine it like you are only bringing the monitor, mouse, and keyboard with really long cords, and all your processing and data happems hundreds of miles away, on any one of thousands of machines. And these machines are redundant and invisible to you, so if one breaks you automatically get a free new one. If you want to see for yourself, AWS commercial cloud actually offers a free account for you to play around with.

This would be completely solved. Everything would be faster. Everything would be easier to keep up to date and uncluttered. And, you can actually give Navy users a variety of desktop options when they log in, so they can choose the desktop they need for that moment. For example:

• Linux, 4gb, dual-core 2ghz, w/ a variety of up to date browers for general browsing, NSIPS, BOL, Navy webmail, etc.
• Win10, 8gb, quad-core 3ghz, w/ MS Office installed for doing Word, Excel, Powerpoint
• something higher end with specific model & sim software or other special software
• etc

Sigh . . . I work in tech; you don't need to explain to me how cloud computing and virtualization work by telling me to imagine a keyboard and some cords. My point is that this is a military organization. By design, when we are doing our job against a peer competitor, people are trying to take away our C2. Very smart people. So you can't just handwave away the whole "hundreds of miles away" part, because the pipe between me the end user and all those pretty VMs and containers you're spinning up hundreds of miles away is now a vulnerability.

Does that mean it's not useful in some use cases? No. But if you're intending for that to be a single point of failure, it's now become what the War College folks would call a critical vulnerability, and that means you'd better have a damn fine risk mitigation plan to avoid being screwed. And the degree to which we do or don't have that at the moment is certainly not a conversation we're going to have here.

 

[Griz882]

Sigh . . . I work in tech; you don't need to explain to me how cloud computing and virtualization work by telling me to imagine a keyboard and some cords. My point is that this is a military organization. By design, when we are doing our job against a peer competitor, people are trying to take away our C2. Very smart people. So you can't just handwave away the whole "hundreds of miles away" part, because the pipe between me the end user and all those pretty VMs and containers you're spinning up hundreds of miles away is now a vulnerability.

Does that mean it's not useful in some use cases? No. But if you're intending for that to be a single point of failure, it's now become what the War College folks would call a critical vulnerability, and that means you'd better have a damn fine risk mitigation plan to avoid being screwed. And the degree to which we do or don't have that at the moment is certainly not a conversation we're going to have here.

Me?

 

[AllYourBass]

I think there is probably also a difference in work stations that are for many users, and those that are your own. We got windows 10 when I had my own, and it was kinda bad, but not horrible. Now I just hop on whatever computer is open, and it is an ordeal just to get it operating. Shutting down/restart helps a little, but I don't know if that is because it is clearing the 10 profiles currently loaded, or if it is just a placebo. I'm not exaggerating though......every single time it takes 15 mins, if not longer, to be able to open outlook, open chrome/explorer/whatever, and have the computer unfreeze enough to actually use. You absolutely cannot just log in real quick to check email or hop on SHARP. Those tasks are a 30 minute commitment. I only log into NMCI about once a month now, because of this.

Maybe somebody smarter can comment on this, but I am fairly sure the weak link in most the DoD PCs I've sat in front of is the old, failing HDDs. Throw as much RAM/CPU power as you want in there, but if the Read/Write is jammed up to 100%, that's all you're getting.

Whenever your computer is like this, Ctrl + Alt +Delete and open the Task Manager. Check to see if Disk is at 100% (it will be) and check to see the culprits (they will likely be McAfee and Tanium).

Memory/CPU usage is barely scratched by the paltry software loads demanded by DoD desktops, but the HDD just gets absolutely obliterated during that logon sequence.

 

[Jim123]

I eat breakfast three hundred yards five hundred miles* from four thousand Cubans who are trained to take away my C2...



(Sorry, I just had to. Apropos of nothing, of course.)


* It's true: PNS-HAV is 516nm direct.

 

[MIDNJAC]

Maybe somebody smarter can comment on this, but I am fairly sure the weak link in most the DoD PCs I've sat in front of is the old, failing HDDs. Throw as much RAM/CPU power as you want in there, but if the Read/Write is jammed up to 100%, that's all you're getting.

Whenever your computer is like this, Ctrl + Alt +Delete and open the Task Manager. Check to see if Disk is at 100% (it will be) and check to see the culprits (they will likely be McAfee and Tanium).

Memory/CPU usage is barely scratched by the paltry software loads demanded by DoD desktops, but the HDD just gets absolutely obliterated during that logon sequence.

Yeah I am not as computer savvy as a lot of you other guys, but I've been suspecting that it is this confluence of issues that is creating this disaster.

 

[squorch2]

Maybe somebody smarter can comment on this, but I am fairly sure the weak link in most the DoD PCs I've sat in front of is the old, failing HDDs. Throw as much RAM/CPU power as you want in there, but if the Read/Write is jammed up to 100%, that's all you're getting.

Memory/CPU usage is barely scratched by the paltry software loads demanded by DoD desktops, but the HDD just gets absolutely obliterated during that logon sequence.

This is indeed the bottleneck.

Assuming a 1:3 laptop-to-desktop ratio, there are about 300,000 NMCI desktop endpoints that need SSDs.

500 GB SSD is about $50 retail, so about $15M for parts.

The difficult parts are contract change fees & endpoint integrity checks. (i.e., you can't just copy the drive over bit-for-bit cause NMCI will throw up)

In conclusion, don't sign 10 year IT contracts.

 

[Hair Warrior]

Sigh . . . I work in tech; you don't need to explain to me how cloud computing and virtualization work by telling me to imagine a keyboard and some cords. My point is that this is a military organization. By design, when we are doing our job against a peer competitor, people are trying to take away our C2. Very smart people. So you can't just handwave away the whole "hundreds of miles away" part, because the pipe between me the end user and all those pretty VMs and containers you're spinning up hundreds of miles away is now a vulnerability.

Does that mean it's not useful in some use cases? No. But if you're intending for that to be a single point of failure, it's now become what the War College folks would call a critical vulnerability, and that means you'd better have a damn fine risk mitigation plan to avoid being screwed. And the degree to which we do or don't have that at the moment is certainly not a conversation we're going to have here.

Of course. If the fiber gets severed to your base, who you gonna email your Powerpoints to anyway?

Cloud services fail-over to different zones and regions automagically. If all of the zones and regions are down at once, we have different problems, and your traditional standalone machine probably isn’t able talk to anyone else anyway.

It’s no more of a critical vulnerability than anything else that relies on CONUS internet.

 

[squorch2]

Cloud services fail-over to different zones and regions automagically.

this is... not the case.

netflix aws outage - Google Search

www.google.com

It seems like you want the latest and greatest, which hell yeah, latest and greatest! At the same time you've got two folks who work in tech telling you "this ain't it, chief."

(also thin client has been around for decades - the calculus remains unchanged)

 

[IKE]

This is indeed the bottleneck.

Assuming a 1:3 laptop-to-desktop ratio, there are about 300,000 NMCI desktop endpoints that need SSDs.

500 GB SSD is about $50 retail, so about $15M for parts.

The difficult parts are contract change fees & endpoint integrity checks. (i.e., you can't just copy the drive over bit-for-bit cause NMCI will throw up)

In conclusion, don't sign 10 year IT contracts.

Yes, but low RAM volume exacerbates it as the PC is forced to use swap space.

 

[squorch2]

That’d be the case if it wasn’t endpoint protection apps scanning the whole disk over and over.

 

[ChuckMK23]

The AF is moving to a surprisingly flexible scheme for work - using DOD CHES O365. For my day to day UNCLAS admin type work and meetings, I can be at home on my own personal PC (or Chromebook, or Mac) point my web browser to One Drive, log in with CAC and PIN and work via web apps from everything from Teams, to Outlook, to PowerPoint and Excel. No printing or downloading, but revising or authoring docs is pretty straightforward. For FOUO its pull out my crappy DOD gov issued HP laptop and VPN in from home. Anything above FOUO or any non cloud apps, require my presence in the office with a AF blue wire.

But I am far more productive on my home PC with 32" curved HD display, mechanical keyboard and high end ergo gaming mouse. 99% of my daily world is unclas, so I'm not typical. But the CHES DOD O365 cloud is available - pretty much always. Teams on the web is actually decent too.

+1 on the cycle sucking endpoint protection apps on my crappy GI HP laptop - it's an i7 and SSD, but crawls due to constant scanning

 

[squorch2]

Anything above FOUO

Great thing about cloud is that‘s temporary at worst - Flank Speed is already cleared for FOUO, CUI, LES, etc.

 

[picklesuit]