Official websites use .mil
Secure .mil websites use HTTPS
At this year’s Department of the Navy Information Technology (DON IT) East Conference, members of the Program Executive Office for Digital and Enterprise Services (PEO Digital) team treated attendees to an impressive real-time demonstration of Flank Speed’s up-and-coming capabilities to demonstrate how users will access their work across any device, from any location – and their presentation ticked all the right boxes.
Single sign-on? Check. Fingerprint recognition? Check. Self-service? Check.
True to form, PEO Digital is moving at flank speed when it comes to the continuous implementation and modernization of the DON’s successful cloud-based initiative.
PEO Digital’s Acting Executive Director, Barry Tanner, and Product Owner for Endpoint Solutions, Mike Day, took the stage on May 18 to discuss future Flank Speed offerings and narrate the demo as Lead Engineer Kristopher Halvorson worked his magic from a laptop in the back of the room, the results of his every keystroke projected onto the big screen for the audience to see.
“Everything you’re going to see today is built on a zero trust foundation,” Tanner said. Zero trust, the cybersecurity architecture at the forefront of the DON’s efforts to modernize, innovate and defend its infrastructure and networks, is already built into Flank Speed’s capabilities.
While the build demo ran in the background – courtesy of a combination of automation and human input – Tanner and Day addressed a variety of hot topics, including the growth of Nautilus Virtual Desktop (NVD), endpoint device options and the substantial product improvements coming soon for their customers, i.e., U.S. Navy personnel.
“We're very, very happy to say that, as of today, we're over 25,000 users and growing fast. … The goal is 50,000 this year, but it will go beyond that,” Tanner said of NVD. He also mentioned Nautilus Plus, a developer-centric version of the virtual desktop which gives developers more power and capability through the same virtual experience, but tailored to what they need.
The availability of multiple endpoint devices, which is not limited to government issued laptops, but includes Bring Your Own Authorized Device (BYOAD) options – mobile phones, tablets, smart displays and thin clients – and is designed to extend customers’ ability to do the job wherever they are, in the easiest way possible, Tanner said.
“All of these things are all going to be managed from that central platform so that we have full visibility, full telemetry, operational control and securely deliver that data wherever it needs to be,” he said.
Day presented a welcome solution to one of the main sources of frustrations that users face whether they work remotely or in the office: the need to have a laptop reimaged.
“We’re done with that,” Day said. “There is no more reimaging – now we're resetting.”
Resetting your own device is a self-service option that can be obtained via the push of a button. After logging on, users can then easily obtain their data from OneDrive, the cloud storage environment provided as part of Microsoft 365.
“The self-service piece is about providing more capability with less disruptions,” Day said. “That’s a big piece to this, because if you're going to focus on trying to do your job, whatever it may be, this is a driver to advancing warfighter capabilities. It's a tool that helps the workforce drive innovation.”
All of this, he explained, ties into NVD. “Having the ability to connect from any device, anywhere, gives users more flexibility. It gives the workforce faster ability to connect up. It's really about doing things in a different way,” Day said.
PEO Digital is also exploring different methods of logging on to devices. Biometrics, including facial and fingerprint recognition, are top contenders that may eventually replace Common Access Cards. There’s even a chatbot in the works, which like NVD, is intended to increase user flexibility. “We have a long term plan, but for the pilot, we have a cycle of collecting information that the user can … access a chatbot … and say, ‘How do I reset my password?’ We don't want you to have to call IT service desk,” Day said, stressing the importance of decreasing the time users spend on common IT challenges.
The team is actively soliciting user feedback and utilizing the collected data to shape both long and short term plans. This data will be documented, categorized and evaluated to continuously improve the user experience. “We want as much user feedback as we can get,” Day said.
PEO Digital’s innovative approach also includes increasing security via containerization.
“Part of zero trust is: don't install every application on the system; containerize it, and then do it as needed,” Day said. He noted that the move to containerization will help alleviate breaks on the applications while allowing updates and security features faster, without impacting users.
Day also highlighted Azure Information Protection (AIP), a Microsoft tool which, per their website, extends labeling, classification and protection capabilities. Simply put, it draws boundaries around data.
“We have a lot of options,” Day said. “A big challenge we have is not that the capabilities exist, but we're going to work on improving how those things get leveraged. Not a lot of people know these capabilities exist or how to use them, but the reality is they're very powerful.”
At this point in the discussion – only 20 minutes from the start of the presentation – the build demo had progressed significantly: identification features appeared, and policies were downloaded. The machine – a standard laptop – was configured, aligned to the platform and ready for log on with a fingerprint, using the internet provided by the hotel, which, as Tanner later pointed out, was not high bandwidth, nor high-speed.
Murmurs of excitement, appreciation – and perhaps a bit of awe – moved through the audience, who broke into applause as Halvorson’s fingerprint was recognized and accepted.
“The whole point of how we're building these devices is to make it so that once you get it, you can be working as fast as possible,” Tanner said. “This Nautilus Workstation experience is already working.”
As of mid-May, there were about 100 employees across the enterprise who are using Nautilus Workstations. These workstations provide a seamless experience, with fully integrated data and easy access to files via OneDrive.
“We need to continue to keep working to make this as production ready as possible,” Tanner said. He indicated that PEO Digital plans to add more testers from within the Navy community, with more environments and more permissions.
Flank Speed burst onto the scene mid-pandemic, replacing the Commercial Virtual Remote (CVR) environment put in place to accommodate thousands of remote workers throughout the DON. Along with the pandemic came the acceleration of the hybrid workforce. The success of the hybrid workforce depends on ease of access to the right capabilities – whether in the office, at home or on travel.
Bearing this in mind, PEO Digital is currently testing capabilities that will make this seamless experience a reality, including virtual whiteboards and integrated video conferencing. Tanner acknowledged that it’s early days for these capabilities; however, once they’re in place, the results can yield not only a more convenient user experience, but also a better collaborative environment, and time saved on planning, coordination and travel.
“We're looking at how some of these capabilities may improve collaboration in more locations than just one office close by, so we're testing different connectivity components. We're looking to field capabilities that allow people to collaborate from wherever they are, while still seeing the benefits of group work through things like virtual whiteboards and large connected displays,” Tanner explained.
Tanner also said that the team is testing different connections, including those available on Navy and public networks.
In the area of authentication, PEO Digital is working with the Department of Defense Chief Information Officer (DOD CIO) on alternatives to the Common Access Card, such as the YubiKey. As Day demonstrated the ease of use in real-time for the audience, Tanner explained the benefits of the YubiKey, a physical token which stores user certificates and can be used anywhere, on any device, even in secure environments.
Not only is it fast, this type of authentication also provides a pretty much instant evaluation of user certificates to verify authenticity and accuracy.
Yet another advancement that users can look forward to is phasing out the virtual private network, better known as VPN.
“VPN is a bad word for a lot of people,” Tanner said with a laugh.
The cloud will eventually eliminate the need to consider the network; the power to connect will be in the hands of the user. Flank Speed will provide the gateway, replacing the need for traditional VPN, Tanner explained.
“This is not your typical VPN; this is not like we do today, from a network-based approach,” Tanner continued as Day demonstrated the emerging cloud-based technology for the audience. “… Today, we say that you can't get here unless you're coming from a .mil network, or from a .gov network – that's how we've thought about it in the past. Now, it's not really about the network, it's about you.”
Establishing a connection through the cloud will not only be convenient for users, but secure – and fast.
“With this, you open up Outlook and you don't need the VPN, you connect directly to the cloud,” Day said. He also noted that pilot testing has yielded significant improvement to the quality of both MS Teams and video, welcome news to the legions of users throughout the DON enterprise.
As previously mentioned, PEO Digital plans to manage applications using a containerized approach. In addition to the benefits of containerization – e.g., operating system updates won’t interfere with applications – Tanner explained that it will also result in commands being able to tag their specific needs as a set.
“Somebody can say, ‘give me the stuff for the CAD [computer-aided design] drawing division guides,’ and boom – all of that stuff will come down,” he said.
In addition, the concept of working hours will be built into applications, which translates into users being able to schedule updates outside of their workday.
“You don’t work around it, it works around you,” Tanner said.
Next up was a demo of a thin client – essentially, a small box that allows remote access to the cloud. Because of their size, thin clients provide flexibility and convenience; the devices can be virtually anywhere, and any work completed on them will automatically appear on users’ other devices – laptop, tablet, desktop – thanks to the cloud connection.
Tanner said the idea is to meet people where they are, and ultimately, to give them capabilities that let them work smarter.
While the concept of thin client usage is still in the early stages, Tanner said that the team has successfully demonstrated that it works. “We've started really kicking the tires with the NVD instances to make sure that this is ready to go,” he said. “And once we've got the devices in good shape, we plan to work with teams that are doing distributed workforce to figure out some other places to test this out and really get some feedback from those users.”
Following the demo, the discussion turned to the need to have workforce accounts and devices up and running faster.
“We need our folks ready on day one,” Tanner said. To help make this happen, PEO Digital has partnered with Naval Air Systems Command (NAVAIR). As a result of their shared experience, the team is working on the goal of “having everything ready,” as Tanner put it – within a 12-24 hour time period, so users can hit the ground running.
That is a significant improvement over the previous wait times to establish accounts, which could take as long as 30 days. “It’s a whole lot better, but we’re going to keep driving it down,” Tanner said.
And that’s where Nautilus Virtual Desktop – the game changer – comes in. NVD, which began its rollout on June 1, allows new users to get to work right away – even if their machine isn’t ready.
From a logistical standpoint, it can be difficult to get machines in the hands of users; however, NVD stops that problem in its tracks. Using the NVD approach, onboarding employees can use their own devices and have immediate access to the necessary capabilities while waiting for the hardware to catch up, Tanner said.
He also said that PEO Digital is continuing to work on this process, partnering with commands and gathering feedback to better understand user needs.
While obtaining endpoint devices can be frustrating, Tanner noted that there is a light at the end of the tunnel.
“And no, it’s not a train,” he said, as the audience laughed.
According to Tanner, PEO Digital was at that time shipping out over 5,000 devices. While the team has replaced more than 350,000 machines in recent years, PEO Digital plans to stop mass rollouts in the future in favor of a more level approach.
“There’s a plan in place now – to do it smart, to do it predictable, to do it consistently – and not overwhelm the teams on the other end, right? Logistics are hard; getting physical machines into people's hands is hard. Let's try to get ahead of that,” he said, noting once again the importance of partnership – in this case, logistics teams and vendors.
The presentation concluded with a discussion about new account wait times; good news abounds. Their goal? To drastically reduce user wait times. PEO Digital continues working diligently to automate the process of receiving a new account; the new and improved process takes anywhere from 24 to 96 hours.
“Ninety-six is when we have something hard,” Tanner noted.
But the good news didn’t stop there. According to metrics pulled just that morning, the average wait time of 48 hours was down to 36, with most accounts being established under 24 hours’ time – PEO Digital’s optimal goal, Tanner said.
Part of the reason for the improved numbers are the teams working with PEO Digital, Tanner explained, giving a shout out to their partner commands. “They’ve gotten really, really good at knowing what to submit and how to do that,” he said.
Looks like teamwork really does make the dream work.
For more about the future of Flank Speed, check out CHIPS Magazine’s interview with PEO Digital’s Barry Tanner, Mike Day and Kristopher Halvorson here.
Originally published in CHIPS Magazine: