Department of
Defense Solutions
Best Practices for Implementing
and Managing a Mobile,
Multi-Device Environment
Actionable Advice for Optimal Results
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Table of Contents
Make Planning a Priority .................................................................................................................. 2
Comply with Military Mobile Policy ................................................................................................... 3
Manage the Migration....................................................................................................................... 3
Address Legacy Applications and Vendors...................................................................................... 4
Prepare IT Staff ................................................................................................................................ 4
Choose Client Technology to Empower End Users ......................................................................... 5
Maximize Security ............................................................................................................................ 6
Consider COOP ............................................................................................................................... 6
Evaluate Software Solutions ............................................................................................................ 7
Determine Necessary Hardware ...................................................................................................... 8
Achieve Migration Success .............................................................................................................. 9
Next Steps ........................................................................................................................................ 9
Partner with VMware.................................................................................................................... 9
VMware Contact Information ....................................................................................................... 9
Glossary of Terms .......................................................................................................................... 10
Addendum A ................................................................................................................................... 11
WHITE PAPER /1
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
As defense agencies adapt new and innovative technologies to support the warfighter, the way they operate
must also quickly adapt to maintain efficiency and maximize agility. The demands from an ever growing,
mobile workforce continue to increase, and keeping pace with the widening range of emerging technologies
can be challenging. As a result, agencies are transforming traditional technology silos into centralized IT
services that support users with multiple, mobile technologies. This innovation lets IT more effectively
manage users rather than devices, while also empowering warfighters with mobility and freedom to choose
the right device for each task and setting. Ultimately, the transformation to a modern, centralized IT
infrastructure can significantly improve command agility, security, efficiency, and productivity.
By implementing a number of best practices, you can help ensure success throughout the journey to a
mobile, multi-device environment:
•
Make planning a priority
•
Comply with military mobile policy
•
Manage the migration
•
Address legacy applications and vendors
•
Prepare IT staff
•
Choose client technology to empower end users
•
Maximize security
•
Consider Continuity of Operations Planning (COOP)
•
Evaluate software solutions
•
Determine necessary hardware
Make Planning a Priority
A virtual desktop infrastructure is an effective solution from a cost and security perspective. While its
benefits can be numerous, so can the related migration and management challenges. Before embarking on
any migration, a variety of alternative models should be evaluated to ensure that the final solution meets the
current and evolving mission needs of your agency, program, and joint operations.
As Dwight D. Eisenhower stated, “In preparing for battle, I have always found that plans are useless, but
planning is indispensable.” The same holds true for any system migration. Agencies are wise to engage in
careful evaluation and planning for each aspect of a multi-device environment before any steps toward an
actual migration are taken. This approach will help achieve optimal results from initial strategy development
all the way through post-migration management.
WHITE PAPER /2
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Comply with Military Mobile Policy
Department of Defense (DoD) policies continue to be examined and updated as mobile technologies and
virtual desktop infrastructures rapidly evolve. It is imperative that agencies and programs adhere to the
latest policies when implementing new technology. Current policies relating to mobile devices and the DoD
enterprise architecture include the following from the DoD and the Office of the DoD Chief Information
Officer:
•
•
•
•
•
DoD Mobile Device Strategy
DoD Commercial Mobile Device Implementation Plan
DoD Information Enterprise Architecture
DoD Cloud Computing Strategy
DoD CIO’s 10-Point Plan for IT Modernization
Another key initiative, the Virtual End User Environment (VEUE) (Thin Client Initiative), was released by the
Army Chief Information Officer/G-6 on December 19, 2011. This initiative discusses the importance of end
user computing devices paired with supporting infrastructure like servers and data storage.
Mobility Vision
“A highly mobile workforce equipped with secure access to information and computing
power anywhere at anytime for greater mission effectiveness.”
— Department of Defense Mobile Device Strategy 1
Manage the Migration
For optimum migration results, utilize the following components during the process:
•
•
•
•
Migration stakeholder team
Incremental plan
Back-to-front building approach
Pilot testing
From the outset, it is advisable to create a team of migration stakeholders across your agency or program to
help define and streamline the migration process from a variety of viewpoints. By doing this, you can best
leverage their windows into timing and build alignment throughout the migration. Even in the short-term, you
can achieve success by tying down one or two main timing elements.
Ideally, your agency should take an incremental approach when transitioning to a mobile, multi-device
environment to ensure long-term success. This approach better prepares your infrastructure and your team
for change. A phased migration can be based on factors such as expiring service contracts, license
renewals, or end-of-life hardware. Often, end-of-year or program technology refresh cycles can help define
major acquisition timelines. While these and other factors like specific program funding lifecycles might play
a significant role in migration timing, incorporate a phased approach if at all feasible.
The back-end infrastructure serves as the foundation for the new environment and affects essentially every
aspect of system performance. Therefore, properly building the back-end first goes a long way toward
environment success.
Also, consider incorporating pilot testing whenever possible so test beds are used to build project
confidence as the implementation progresses. An optimal test choice is a classroom or training environment
where performance is not crucial to mission success. This affords team members the opportunity to evaluate
the technology and make adjustments in non-critical situations before rolling out a complete solution for use
by warfighters in the battlefield.
1
Department of Defense Mobile Device Strategy, Version 2.0, May 2012, Office of the DoD Chief Information Officer,
http://www.defense.gov/news/dodmobilitystrategy.pdf
WHITE PAPER /3
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Address Legacy Applications and Vendors
With the new configuration, application software will physically reside and process on servers in a
centralized IT environment rather than on desktop clients. Some legacy applications may be more difficult
than others to move to a server, depending on how they were written. Both application functionality and
licensing terms should be thoroughly addressed prior to implementation.
•
•
•
•
Take inventory of existing applications
Determine applications to be migrated
Consider any new applications to be added
Contact each individual software company
Handling legacy applications up front will minimize their impact during migration. Eventually, licensing and
software management will be centralized and less complex.
Prepare IT Staff
In a well-designed, multi-device environment, there are several key differences from traditional IT
infrastructures. Instead of managing applications and data on legacy desktop systems, powerful servers
host applications and data from a central location. This enables IT to manage users rather than devices,
ultimately improving security, overall system manageability, and empowering the user to utilize the devices
of their choice. This approach provides a very different landscape of less complex, more efficient operations.
In turn, this enhances the user experience, and the workforce is more productive.
•
•
•
•
•
•
IT can quickly add, delete, upgrade, and patch applications in the datacenter
IT no longer loses time troubleshooting and fixing hardware and software problems on hundreds of
decentralized PCs, although some PCs may continue to be used
New users can be up and running much more quickly on a mobile client
Client security and data protection are centralized and easier to maintain
Backup operations occur in the datacenter
Access to central resources can be easily extended to remote users as needed via mobile devices
The IT staff needs to be fully trained and focused on all aspects of the centrally managed hardware and
software resources to ensure the best transition possible. These back-end IT operations will be the
cornerstone for collaboration of all processes and critical during implementation. All end users will rely on
smooth and dependable IT operations.
Ultimately, improved IT efficiency in the new environment makes it easier to roll out and update data and
applications. Warfighters are armed with cutting-edge mobile technology to provide real-time data. In this
way, IT efficiency directly translates to a more efficient and agile warfighter.
WHITE PAPER /4
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Choose Client Technology to Empower End Users
Teri Takai, Chief Information Officer at the U.S. Department of Defense, states that “Information is our
greatest strategic asset.” 2 And empowering warfighters with the right information at the right time is critical to
mission success. A multi-device environment enables users to carry out their missions by providing them
access to information, applications, and data—anytime, anywhere—on any device.
Figure 1. Battlefield Mobile Network Configuration
Prior to implementation, it is important to determine the types of client technology needed by all users
at each step of the information pathway—from programmers to the tip of the spear. Carefully consider
each role and the client device(s) that will be most useful.
Regardless of the client hardware selected for the new environment, users will no longer lose time and
productivity as IT staff works to troubleshoot and fix problems on legacy desktop devices laden with
applications and data. Those IT services, along with applications and data, are migrated to datacenter
servers that provide high availability through multiple redundant environments. Downtime is reduced,
and users are freed from performing IT functions themselves, like software updates and patch
installations on client devices.
2
Chief Information Officer website: http://dodcio.defense.gov/
WHITE PAPER /5
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Even though the applications reside on centralized server(s) in a multi-device environment, users will
experience the full application features, like graphics displays, as if the applications were still loaded
on their local devices. And users are further empowered with a consistent interface experience across
all client devices; this allows them to focus on the information rather than the underlying device that
can change depending on mission objectives.
Maximize Security
Security is a top priority for the DoD and can be dramatically enhanced through virtualization
technology. Virtualization is the foundation to implementing and managing a secure, mobile
environment. Instead of handling hundreds or thousands of desktop devices requiring individual
protection, IT manages security functions primarily on datacenter and network resources. Network
protocols, such as NIPRNet and SIPRNet, can be configured as needed to preserve the necessary
clearance levels. After end user assets are transformed into centralized services, they can be
managed, secured, backed up, and kept current from a single location.
Consolidated security management criteria should be evaluated and incorporated into the migration
plan. Tracking user events like login, logout, entitlement, and user provisioning can alert IT to
anomalous connections from potential attackers. And disallowing automatic logins, along with other
software measures, will help protect mission-sensitive networks. Hardware security measures such as
a smartcard reader for use with a Common Access Card (CAC) can still be used at each client access
point, station, or computer that requires that level of authentication.
In addition to centralized system security measures, virtualization software itself works to increase
security. Policy-driven access and delivery will safeguard vital data and ensure compliance.
Demilitarized zones (DMZs) can be incorporated to help minimize risks associated with components on
the internal network interacting with the Internet. The security capabilities of any vendor require careful
evaluation for functionality and ease of use. Virtualization software solutions provided by VMware, for
example, shield virtualized applications and data with unified, easy-to-use security across all levels; its
protection can make virtual assets even more secure than the most fortified physical environment.
Consider COOP
Like security, COOP 3 can be enhanced in a virtualized environment. For warfighters and other users
who need constant access to critical applications and information, loss of connectivity could jeopardize
the mission. Providing those users with non-stop access to applications and data should be a focal
point of migrating to a new environment. By adding redundancy in the datacenter, in both infrastructure
and networking resources, IT can ensure that the field teams have a single window of access to
multiple redundant environments, providing them with non-stop access to applications and information,
regardless of infrastructure outage issues. Also, since local desktop support is essentially eliminated
with centralized applications and data, the deployment of application services to users requires only
minutes for the installation of a mobile client. This prevents the loss of connectivity due to local
hardware failures. In the event of an emergency or disaster, this almost-instant access to services
contributes greatly to increased warfighter mobility and readiness.
3
Lawyer, Calvin D. Colonel, Continuity of Operations Planning (Coop): A Strategy For Implementation,
http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA431738
WHITE PAPER /6
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Evaluate Software Solutions
The choice of hypervisor software is the single most important decision to be made before a DoD
agency or program can proceed with the virtual desktop infrastructure (VDI) required for a multi-device
environment. 4 Essentially the virtualization platform, the hypervisor partitions a physical server into
multiple virtual machines that can run simultaneously, sharing the physical resources of the underlying
server. VMware vSphere® is the most trusted and highly deployed virtualization platform, delivering
industry-leading performance and scalability while setting a new bar for reliability, security, and
hypervisor management efficiency. Thousands of software providers, including Oracle, SAP, Microsoft,
and IBM, endorse and support deploying their applications on the vSphere platform.
In addition to the virtualization platform, software referred to as mobile middleware is needed to
streamline and simplify operations by turning disparate operating systems, applications, and data into
centralized services deliverable on any device. The software essentially transforms end user assets
into centralized services that are administered from a single location. It should provide policy-driven
access and delivery to protect vital data and ensure compliance. The software needs to galvanize user
productivity by delivering a consistent, intuitive and collaborative computing experience across all
devices—anytime, anywhere. VMware® Horizon Suite is one such solution, delivering a personalized,
high-fidelity experience for end users across sessions and devices.
Your agency or program should carefully evaluate all software factors, including IT deployment
processes and software interfaces, provisioning functionality, and end user experience, to determine
the best solution for all personnel interacting within the environment. Ultimately, virtualization software
solutions need to work with a wide variety of hardware and software, including storage, networking,
and security products. An open, standards-based approach to licensing and interoperability is most
advantageous, allowing you to use the solutions that best meet your needs without being locked in to
specific vendors.
4
Strassmann, Paul A. Desktop Virtualization Offers Benefits Now, Signal Magazine, January 2011,
http://www.afcea.org/content/?q=node/2498
WHITE PAPER /7
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Figure 2. With VMware Horizon View, a component of the Horizon Suite, administrators can leverage an existing infrastructure to secure
and manage data on mobile devices
Determine Necessary Hardware
All hardware elements for the new environment require thorough evaluation. Capacity and sizing
requirements for each component—including existing hardware to be leveraged—must be determined to
ensure optimal function in relation to overall system performance.
Work closely with your virtualization software vendor to ensure that all elements of the architecture design
are properly estimated. The vendor can provide a standard, scalable design that is adaptable to your
environment and special requirements. Key details about requirements for memory, CPU, storage
capacity, network components, and hardware will give IT architects and planners a practical
understanding of what is involved in deploying a virtualized solution.
The most common problem when configuring hardware is underestimating performance requirements when
scaling. Proper consideration should be given to virtual machine overhead associated with the hypervisor and
features specific to middleware. Remember that any existing challenges with infrastructure support, capacity
plans, and network monitoring will surface as you approach the migration from the back-end infrastructure.
A hybrid environment is likely to evolve with the infrastructure and on the client side. Existing desktop
hardware, including PCs (also referred to as heavy or thick clients), may continue to be used alongside
laptops, tablets, mobile phones, and other mobile (thin or zero) clients. While a PC is fully functional
without a network connection, it is considered a client when connected to a server. In your virtualized
environment, PC hardware could possibly be reconfigured for security reasons to more closely resemble
a mobile client. For the most part, heavy applications and data will reside on centralized servers, and
mobile clients will be used to access those applications and data.
WHITE PAPER /8
Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Achieve Migration Success
In summary, many factors affect the implementation and management of a multi-device environment.
First, planning across the spectrum of system elements is imperative. It is important to provide the
appropriate balance for performance, capacity, operation simplicity, and future requirements of the client
devices and centralized IT services. Software selection is critical, and careful management of all
migration aspects is crucial to success.
All of these factors directly or indirectly influence the human element of end user acceptance and
satisfaction, which is essential to the overall success of a multi-device environment. As the virtual desktop
landscape continues to mature at an aggressive pace, all elements contributing to system success will
become more clearly defined. Already, efforts associated with migration endeavors are being reduced as
more vendors and partners converge on solutions. Together with your vendor of choice, your agency or
program can implement a multi-device environment that best supports your organization’s unique mission
requirements.
Next Steps
Partner with VMware
The Department of Defense and its administrative agencies, all branched of the United States armed forces,
and all joint commands rely on VMware technology to enhance and enable battlefield operations. Today,
organizations are already benefiting from VMware’s end-user computing solutions, enabling IT to manage
desktops as a cloud-based service—while realizing substantial cost savings. VMware end user computing
solutions for defense organizations are specifically built to meet the needs of the warfighter by securely
supporting end users across devices and locations. It combines VMware View™ and an ecosystem of
products and services to meet requirements for security, rapid and automated provisioning, bring-your-own
device (BYOD) initiatives, as well as mobile access across devices. With VMware as a partner, the DoD can
confidently move forward into a new era of resource agility, enabling warfighters of today and tomorrow.
VMware Contact Information
For information or to purchase VMware products, call 1-877-VMWARE (outside North America, dial +1-650427-5000), visit http://www.vmware.com/products, or search online for an authorized reseller. For detailed
product specifications and system requirements, visit http://www.vmware.com/products/view/overview.html.
WHITE PAPER /9
Using VMware® Best Practices for Implementing and Managing
a Mobile, Multi-Device Environment
Glossary of Terms
Client-Server Architecture – Environment in which server hardware houses the applications and data that
are provided to a client system.
Demilitarized Zone (DMZ) – A firewall network set up between an organization and an untrusted network
such as the Internet.
Hypervisor – Software that allows for a physical device, such as a server, to share its resources among
multiple virtual machines running as guests on top of the physical hardware.
Mobile Client (thin or lean client) – Low-cost, centrally managed computer or mobile device devoid of
extraneous hardware and heavy software applications and data.
Mobile Middleware – Software that uses a variety of transparencies to connect disparate mobile
applications, programs, and systems, hiding the complexities of working in mobile environments.
Provisioning – Granting application and data access to clients from a server.
Thick Client (heavy client) – Full-featured computers that are connected to a network. Unlike thin clients,
which lack hard drives and other features, thick clients are functional whether or not they are connected to a
network.
Thin Client – See mobile client.
Virtualization – Virtualization allows several operating systems and applications to run on one physical
server or “host.” Each self-contained “virtual machine” is isolated from the others and uses as much of the
host’s computing resources as it requires. Click here to see a virtualization overview video.
Zero client (ultrathin client) – a computer with no software and minimum hardware (display, audio and USB)
to provide an ultra-low-cost solution for use in a client-server architecture.
VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com
Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Document Title
Addendum A
Checklist for Migrating to a Mobile, Multi-Device Environment
Numerous factors affect the implementation and management of a multi-device environment. Ample
planning prior to deploying your mobile solution is the single most important step your defense organization
can take to ensure a smooth and successful migration. VMware has created the following checklist to help
guide you in your mobile migration strategy and implementation—offering best practices from initial strategy
development through post-migration management.
Migration Elements and Best Practices
☑
Comply with Military Mobile Policy
• DoD Mobile Device Strategy
• DoD Commercial Mobile Device Implementation Plan
• DoD Cloud Computing Strategy
For additional military mobile policies you should consider, see Comply with Military Mobile Policy
in Best Practices for Implementing and Managing a Mobile, Multi-Device Environment.
☐
☐
☐
Manage the Migration
• Create a team of migration stakeholders
• Plan a phased implementation approach
• Build the system from back to front
• Conduct pilot testing
☐
☐
☐
☐
The best pilot program choices are in Manage the Migration in Best Practices for
Implementing and Managing a Mobile, Multi-Device Environment.
Address Legacy Applications and Vendors
•
•
•
•
Take inventory
Determine applications to be migrated
Consider new applications needed
Contact software companies
☐
☐
☐
☐
Software management and licensing are ultimately centralized and less complex in a multidevice environment. See Address Legacy Applications and Vendors in Best Practices for
Implementing and Managing a Mobile, Multi-Device Environment.
Prepare IT Staff
• Plan for hardware and software training
• Transition to centralized operations
☐
☐
See Prepare IT Staff in Best Practices for Implementing and Managing a Mobile, MultiDevice Environment to discover the most critical IT role during implementation.
Choose Client Technology to Empower End Users
• Determine devices needed for all types of users
• Empower users with consistent interfaces
What does the DoD consider its greatest strategic asset? See Choose Client Technology
to Empower End Users in Best Practices for Implementing and Managing a Mobile, MultiDevice Environment.
☐
☐
Document Title
Migration Elements and Best Practices
☑
Maximize Security
• Determine a plan for centralized data security
• Develop a device security mitigation plan
• Align hardware and network security with authentication levels
• Capitalize on security measures provided by virtualization software
☐
☐
☐
☐
See Maximize Security in Best Practices for Implementing and Managing a Mobile, MultiDevice Environment for details.
Consider Continuity of Operations Planning (COOP)
• Evaluate virtualization in coordination with COOP
• Plan for non-stop access with redundancy in datacenter infrastructure and
networking resources
☐
☐
For more critical planning details, see Consider COOP in Best Practices for Implementing
and Managing a Mobile, Multi-Device Environment.
Evaluate Software Solutions
• Select hypervisor software for virtualization
• Select mobile middleware solution
☐
☐
Which software decision is the most important? See Evaluate Software Solutions in Best
Practices for Implementing and Managing a Mobile, Multi-Device Environment.
Determine Necessary Hardware
• Evaluate all hardware elements for new environment
• Determine capacity and storage requirements including legacy hardware to be
leveraged
• Estimate virtual machine overhead
• Work closely with solutions vendor
Avoid the most common problem when configuring hardware. See Determine Necessary
Hardware in Best Practices for Implementing and Managing a Mobile, Multi-Device
Environment.
Find Out More
By implementing a solution that supports multi-devices and end user mobility, your defense organization will
realize the benefits of a more productive, dynamic, and untethered workforce—empowering warfighters for
mission success. As a trusted partner to the federal government, VMware can help your defense organization
implement solutions to meet the challenges of your missions.
For information or to purchase VMware products, call 1-877-VMWARE (outside North America, dial +1-650-4275000), visit http://www.vmware.com/products, or search online for an authorized reseller.
☐
☐
☐
☐