Official websites use .mil
Secure .mil websites use HTTPS
In February 2020, the DON released the Information Superiority Vision (ISV), which emphasized the importance of shifting to a platform agnostic environment that would ultimately allow end users to access their work environment from any approved device. To achieve this vision, PEO Digital began with the core functionality of Microsoft 365 (M365) services in a virtual Windows 10 environment and quickly evolved into a fully mission-capable solution. Through iterative Agile development, new functionality will continue to roll out. The solution, NVD, enables secure access to services that would have previously required Department of Defense Information Network (DoDIN) access. Users are now able to log into their Flank Speed accounts using Microsoft Authenticator or CAC through nearly any device – anywhere, anytime.
The Navy Reserve has benefited immensely from the pilot-to-production rollout of NVD, as it gives Reservists a nearly complete NMCI-like experience when compared to the limited access they had previously. Given that the Navy Reserve does not issue government-furnished equipment (GFE) to each of its 55,000 Sailors, this access is transformational as most drilling reservists previously had to drive some distance to reach a DoD workstation. Highlighting the appetite for this increased capability, Peppel said, “In its infancy, manual sign-up attracted 1,800 Sailors in the first 84 days. When we automated the sign-up process – using Flank Speed tools to remove barriers – we signed up another 1,800 in the next three days. We are now over 9,000 NVD requests and counting. NVD has changed the way we work, allowing us to recoup time and be more efficient and more effective in the pursuit of maximizing warfighting readiness.”
NVD, approved for all levels of controlled unclassified information, is a cloud-based environment that provides users with the same basic NMCI-like capabilities using personal devices. Bring Your Own Compatible Device (BYOCD) enables users to connect via Microsoft’s Remote Desktop client, allowing access from anywhere they have an internet connection. Capabilities include encryption, decryption, digital signature, and downloading from and saving to OneDrive. BYOCD includes devices from Windows, Apple, Apple Mobile and Chromebooks. Supported web browsers include Microsoft Edge, Apple Safari, Mozilla Firefox and Google Chrome. Whether a desktop, laptop, tablet or smart phone, NVD will pass through the personal device’s camera, microphone and smart card reader without requiring GFE or a virtual private network (VPN) connection (on most platforms).
There were some challenges rolling out NVD at scale. The NVD team was able to leverage an Exception to Policy (E2P) from DoD’s Chief Information Security Officer (CISO) to mitigate barriers of delivering enterprisewide. NVD also faced a challenge with the virtual desktop service being able to communicate through the DoDIN network resulting in many DoD network-only websites being unavailable to NVD users. To address this, experts from Naval Network Warfare Command, Microsoft and PEO Digital collaborated with the Defense Information Systems Agency’s (DISA) Cloud Computing Program Office to implement an information as code architecture to route all traffic securely through the DISA Boundary Cloud Access Point. This new engineering solution yielded a scalable, highly available product that meets user experience needs and ensures Navy users have secure access to nearly all DoD/Navy websites inside of the DoD network.
Navywide, there has been strong interest in getting access to NVD since the initial pilot. Therefore, the relatively small NVD team turned to automation to enable deploying and operating the system that thousands were starting to use with only a few NVD engineers. Contract Technical Representatives are using a special SharePoint site to input prospective users on a list for NVD team to quickly approve, generating an automated “Welcome to NVD” message to each user along with special permissions granting access to the system. The implementation of SharePoint automation has allowed for quicker approval times while simultaneously tracking the users joining each month. The NVD team leveraged daily “Ask Me Anything” sessions using Microsoft Teams meetings to interface with the growing number of onboarding users. By doing so, users were able to access the online meeting where an NVD team member was assisting large groups. User feedback is a valuable biproduct of these sessions. The NVD team used the dialog and feedback from the meetings to continuously improve onboarding instructions, which in turn enhances the user experience.
In spite of some early challenges, NVD offers an alternative to traditional GFE access and is a virtual machine that allows users to work from any device, anywhere with internet connection. Users are able to work from devices that might outperform GFE and by default do not experience disruptions from mandatory updates and upgrades. Additionally, due to the Azure backbone, the experience remains the same independent of number of concurrent users (effectively infinite computing power). Since the initial implementation of NVD, the time it takes to get end user accounts has been significantly decreased, giving users the ability to access their work and be productive sooner.
The introduction of NVD has been a huge benefit for Navy users and is proving to be a game changer for many naval communities by enabling flexibility and supporting a distributed workforce. NVD Product Owner Olivia Briscoe said that she uses NVD from her personal device daily while working from home. “It allows me to not be concerned with table space, as I can set my GFE to the side unless I need it. When I go into the office, I use NVD on my GFE, as it is faster and I can complete my tasks quicker and in an efficient manner,” she explained.
Navy mission partners have also been able to take advantage of the benefits of NVD, as they gain the ability to begin work faster and provide services to the Navy quicker than ever before. With cybersecurity threats increasing and a workforce that travels and works from nearly anywhere, the importance of a secure solution such as NVD is crucial. “NVD, even in its early phases, is proving to be a great solution to a lot of the workforce’s problems. From giving the reservists the ability to complete tasks to giving our civilians and contractors the ability to get to work faster without having to wait for a GFE, NVD is allowing users to work anytime from anywhere,” Briscoe said.
Since the release of the DON ISV in 2020, a fiscal year 2023 (FY23) Campaign Plan to achieve the overall vision has been released. This FY23 Campaign Plan specifies adopting enterprise services as a key focus area and explicitly notes NVD scaling as a near-term goal. Navy leaders anticipate NVD to persist as a transformative tool, providing virtual desktop access to those that currently do not have access to their traditional hardware seats. There is presently a goal to onboard 50,000 NVD users by the end of FY23, and an overarching goal of 200k users with NVD access Navy-wide. Pilot-to-production and Agile development are the keys to speed-to-capability and delivering digital services at scale to the DON. NVD has created a lot of buzz between the Navy users who have used it thus far, with the term “NVD for all!” continuing to make its way around internally.
For more information, please check out the recorded Flank Speed Special Edition Town Hall: Nautilus Virtual Desktop at https://www.aka.ms/FSNVDTownhall.
Established in May 2020, the Program Executive Office for Digital and Enterprise Services (PEO Digital) is the DON acquisition agent focused on the delivery of enterprise IT infrastructure and core digital services to maintain the competitive edge while meeting demand signals from our user communities. PEO Digital is transforming systems and delivering modern capabilities and technologies needed to connect Marines and Sailors across the globe.
Originally published in CHIPS Magazine: https://www.doncio.navy.mil/chips/ArticleDetails.aspx?ID=16248