Intelligence Community (IC)

Challenge

This IC customer had very specific problems to address: crowded desktops, facilities at capacity causing a strain on power, excessive cooling, limited floor space, network proliferation, decreasing annual budgets, and a need for cross-domain collaboration.

To solve these problems, they embarked on an enterprise-wide initiative for a multilevel security solution to support both high-end tactical operations support and low-end administrative users. In addition to multiple network access, the complete solution called for a data guard with self-release and reliable (two-person) human review capabilities. The overarching goal was for a desktop solution that can become the enterprise standard for the IC, achieving a “Culture of Collaboration.”

Solution

After evaluating various options, the customer selected the Forcepoint™ end-to-end solution to address their unique IT challenges.

The solution consists of three components: Trusted Thin Client® (front end), VMware View™ virtual desktop infrastructure (VDI) (back end), and Gateway System™ (data guard). Together, these components provide high-resolution video, two-way audio to a single host network, support for up to eight monitors from one thin client, PC over IP (PCoIP) protocol support for improved graphics quality, remote access, and secure multi-directional data transfer.

With one wire to the desk, Trusted Thin Client users simultaneously and securely access multiple classified domains from a single thin client. Trusted Gateway System allows for the rapid movement of data between networks of different classification levels. Through the Trusted Gateway System Quick Release feature, text or files can be rapidly transferred to configured levels, increasing knowledge transfer among disparate networks in near real time.

Virtual desktops, through VMware View, provide the ability to quickly remove a compromised virtual computer and create a pristine copy the next time the user logs in. VMware View also provides PCoIP support for enhanced graphics quality. This VDI environment optimizes existing equipment to create secure, virtualized servers and desktops. This centralization makes patch distribution easier, lowers maintenance costs, reduces the amount of equipment to be managed, and reduces recapitalization costs.

Results

Efficiencies have been gained in power, space, cooling, operations and maintenance. The solution will be able to replace 100 percent of the current multi-workstation functionality. The savings in space, power and cooling, significant enhancements in intelligence data integration and collaboration, and long-term savings in capital purchases and maintenance represent opportunities that need to be realized. Although less quantifiable, real savings are recognized in fiber infrastructure, software licensing and time saved in performing analytic functions. Deployment statistics show that the Forcepoint solution pays for itself in the first year of use through operational cost savings. ƒ

• Support for multiple workspaces on eight monitors, representing a 500 percent increase in desktop space and a significant impact on the amount of data an operator can manage.
• Enables remote access by forward deployed operators located at facilities around the globe. Thin clients have been deployed remotely at distances greater than 1,500 miles with no noticeable latency.
• New system requests have been reduced from days or weeks to minutes or hours.
• A significant reduction in the amount of contract labor required to move/add workstations. Currently, approximately 700 workstations are relocated per month, requiring multiple contracts before any action can take place. With the Trusted Thin Client solution, users no longer need specific workstations to move with them.
• By replacing three workstations with one thin client, the heat output in cubicles and office areas was significantly reduced. Floor space and desktop real estate was also reclaimed. The power savings in the first two years is expected to pay for the initial cost of the thin clients and monitors. With approximately 1,000 users across five networks, the power cost savings is estimated at $426,000 per year.
• Centralized administration of servers and back-end infrastructure equates to reduced workstation maintenance in the form of patching, re-imaging, service packs, updates, anti-virus signatures, workstation hardening, roaming profiles, workstation reboots and recapitalization of hardware/software. It is expected that the thin clients will have a seven-year refresh cycle, rather than three to five years with workstations and PCs. The full optimization of the front-end workstations saves in excess of $20 million over a seven-year period.

Summary

The Forcepoint end-to-end solution allows this IC customer to capitalize on a lower-cost, highly-efficient solution for enterprise thin client computing.