CHIPS asked Capt. Christopher to explain the significance of the Department of the Navy (DON) business information technology enterprise initiatives that are underway just a few days before the DON Enterprise IT Industry Symposium August 8 - 11, in New Orleans.
CHIPS: What is your role in the Program Executive Office-Infor-mation Technology organization?
Capt. Christopher: I have two projects under my direction, one is the Enterprise IT Asset Management Program and the other is the Department of the Navy Enterprise IT Symposium, which takes place August 8 through 11 in New Orleans. The 2005 symposium is a successor to and builds on the IT symposiums we did in 2003 and 2004. Those focused on the Navy Marine Corps Intranet, which was appropriate, since the NMCI was the first big step in implementing the Navy's decision to start moving away from a locally owned, locally managed and operated IT inventory, and toward an enterprise IT portfolio wherein IT assets are planned, budgeted and acquired centrally.
This direction will require a change in behavior in the Department of the Navy, where we spent the last 35 years buying IT at the base, post or station level without a lot of control or oversight from the enterprise level. DON leadership wants to turn this around and exercise much more control and make more decisions at the enterprise level. That changed behavior, in which the NMCI has played a part, is going to require a change in behavior on the part of the IT industry. Basically, industry will have to change the way they market to the Navy because we are changing the way the Department buys IT.
The industry symposium was born from the need of under-standing what that future DON IT marketplace is going to look like. The first years our focus was the NMCI because NMCI was the big driver of activity in this realm. But after last year's symposium, we decided we needed to zoom out and take a look at the larger scope of all enterprise IT, of which the NMCI is a part, but certainly not the only part.
This year's symposium is taking a look at the broad range of things; how the Navy actually budgets for IT and how the Navy is going to acquire IT in the future. We are looking at industry. Large companies over the last decade have made this transition from local management to enterprise IT management. We want to reach into their successes and learn from them so the Department can make the same transition smoothly.
The industry symposiums are intended to be a dialogue. We talk and industry listens; industry talks and we listen. This annual event is a way to keep ourselves in synchronization as we move into the future and try to make the IT marketplace more efficient for us, the buyers, and the sellers.
CHIPS: Is the symposium geared more toward industry rather than government and Navy personnel?
Capt. Christopher: As I said, it is a conversation, a dialogue, between government and industry. We have had about a 60-40 split of industry and government attendees, and that seems appropriate. We hope it stays that way in the future. Vendors can understand what we are doing so they can adapt their behaviors to match ours. From our side, we can ask industry what they are doing, so we can take advantage of their lessons learned. It is also an opportunity to look at technology. Technology shouldn't be the driver, but it is important to know what is changing, what's emerging. So it is an opportunity for vendors to show us their new, cool stuff and, for us, an opportunity to tell industry what we need in the future.
CHIPS: Is it appropriate for average users to attend since they would not be involved in the executive-level decision process for acquisition or policy?
Capt. Christopher: It is highly appropriate for them to attend. They need to understand, in the same way industry needs to understand, how IT acquisition and management is changing in the DON. We haven't figured out exactly how the future is going to work. We have a sense of what the end state is, what we are driving toward, but how we get there and what happens while we are getting there is very much still up in the air.
There is important information that the average end user brings to the table that helps decision makers in the Department of the Navy and in industry. There aren't a lot of opportunities to hear these voices. It's an opportunity for an average user to sit down and have a conversation with the CIO from Sun Microsystems, for example. It's an opportunity for the end user to say these are the challenges I have, this is the way I see my mission evolving in the future. Having those kinds of conversations are very important. We certainly want the individual, average user to be there as well as the CIO and the technology officer.
CHIPS: Critics of the NMCI and centrally managed IT assets say that there is no room for an individual to make improvements.
Capt. Christopher: There is some merit in that discussion. What we need to do is figure out how to preserve space for innovation inside the context of the larger enterprise. I'm sure that we in the DON going through the first throes of this decision aren't the first to look at the different sides of this conundrum. On the one hand, we want to get those economies and efficiencies of being more centrally managed, but on the other hand keeping a space for that innovation and that new, cool stuff while making sure we are not buying ourselves into a technology straitjacket.
Entergy, for example, is one of the big corporations that made this decision. Entergy's CIO will be talking to us at the symposium. How did companies that made this decision ensure that user voices are heard? There have always been challenges to our various enterprise initiatives, and we want to look to other organizations to see how they ensured that grassroots concerns were elevated to the enterprise level and had impact on the decision process.
I always tell my daughters that while it's important to learn from your own mistakes; it's even better to learn from someone else's mistakes. So that's really what we are doing, learning from the people in other organizations and industries that are as large or close to the Navy in scope, so we can take advantage of what they did and do even better.
I am personally very interested in ensuring that there is a constant incorporation of innovation and new ideas into what we do. But how we do it is the kind of thing that I want to discuss at the symposium.
One of the things we have added this year is a whole track on venture capital and that's a good example of just the innovation problem you asked about. Venture capitalists bankroll a huge amount of the cutting-edge technology in our country. A lot is developed by large companies, but a whole lot is funded by venture capitalists, investing in something like 'Joe's Pizza & Software' as he works in his garage on a good idea that will change the IT marketplace in 18 months.
Venture capitalists expect to make money over a certain period of time, but the Navy is tied to the POM cycle, which means new money is almost always three years away, so it takes a long time to get that cutting-edge technology. The Navy budget cycle isn't aligned to the market's 18-month product cycle.
So we want to explore if there is some way for us to bridge that gap, to work with the venture capital world to get that technology into the enterprise more quickly. I don't know if there is or isn't, but this year we are going to open that discussion with key venture capitalists to see if there is some way we can get there so that new, slick technology doesn't get passé before Navy users get a crack at it. We also want to make sure the best buy is available to the Navy on that new technology.
CHIPS: Let's talk about your other program.
Capt. Christopher: That is the Enterprise IT Asset Discovery and Management project. What was interesting and not very clear when we implemented the NMCI in 2001 and 2002, is that we really didn't know or have a good understanding of what was in the Department's IT inventory. The NMCI contract is a paradigm shift; it was let as a service contract — not a stuff contract. We turn all our stuff over to the contracted company, and it sells services to us.
Part of the challenge for the DON was understanding what we had, what we were turning over, and what we were retaining. We began looking in 2001 and 2002 for something that could go out and find what was out there on our networks. We finally found it in 2003 with BDNA Corp.'s Enterprise IT Asset Management capability, which can explore the DON Internet Protocol address ranges, and discover and identify the hardware and software residing on our networks. It identifies anything that has an 'IP heartbeat' on the network, like workstations, servers, switches, routers — anything that is alive on the network. The tool is agentless, and enables scanning across all the enterprise networks from a central location.
We had been doing market research looking for something like this; so when we found it; we did some initial testing with the Marine Corps at Quantico and with the Navy at the Naval Sea Systems Command, and the results were very promising. So we looked at initiating the project for 2004. The Director of NMCI, who was at the time Rear Admiral Munns, the N6, who was Rear Admiral Zelibor at the time and the DON CIO, Dave Wennergren, all concurred that we should go forward.
In the summer of 2004, the PEO-IT agreed to execute the project, and in September a service contract was placed with BDNA Corp. to initiate the Enterprise IT Asset Discovery and Management project, an effort to actually get our arms around everything we have in our IT inventory.
The project is very interesting. What we are doing is analogous to the Lewis and Clark Expedition: We are sending our team to go out and find what's out there in the same way that Lewis and Clark were sent to discover what was in the Louisiana Purchase. The people in 'D.C.' knew the country now had this big uncharted territory, a whole lot of land, but nobody knew what it contained. So Lewis and Clark went and looked.
So we have begun scanning the DON network portfolio on a network by network basis, discovering a variety of information about the configuration of the network and what is on the network and pulling that all together into an enterprise re-pository. This is allowing us to draw metrics about the state of our enterprise to make the kind of important future business decisions we need to make.
CHIPS: Don't we already know what's on the NMCI?
Capt. Christopher: The current service contract covers all Naval shore networks — unclassified, non-tactical, CONUS and OCONUS, Alaska, Hawaii — both government-owned and contractor-owned networks, so it certainly includes the NMCI. It includes all networks that support the Department of the Navy. We have completed initial scanning for the Marine Corps' NMCI and legacy networks, and the Navy's NMCI network. We are making a slow march through the Navy's legacy networks.
I mentioned earlier how IT has always been acquired, managed and operated in a decentralized fashion, and we are discovering that certainly holds true in the organization and operation of our networks. Each one is a little different and each one has presented unique challenges to getting access to it and the various devices on the network itself.
The data from the networks we have so far are interesting, surprising and, in some cases, even alarming. For example, we have discovered a whole lot more Windows NT than we thought we would be finding. The large amount of Windows NT still in use has caused the DON CIO to stand up an NT Migration Working Group. Based on the data we have, we can take an enterprise approach to get us off the old NT stuff and migrated to new and supported server operating systems.
We are discovering that a single vendor has a large majority of Unix application servers on the networks that we have looked at. This suggests a couple of things. One, since we are so heavily invested in its servers, we ought to be very interested in that company's health, because we are so dependent on them; and two, since we are obviously such a good customer for them, we need to start looking at getting an enterprise price based on total ownership. All those servers were bought locally by a program manager, base, station, etc., but no one ever got a Department of the Navy price on those servers because they were all bought in relatively small lots.
As that example illustrates, when we make future enterprise IT decisions, such as, for example, server consolidation, we can make those decisions based on what we actually own and are operating, rather than estimates or data calls, which are notoriously inaccurate. BDNA's asset discovery and management capabilities enable a process that is highly accurate, rigorous, and repeatable. It enables the management of all IT assets (hardware and software) from a DON enterprise functional and financial view. The results of the scans provide visibility, analysis and accountability. Detailed analysis reveals data on utilization, standards compliance, obsolescence and possible overexposure to a certain vendor's product.
We are moving toward a monthly scheduled scan of our networks, so we have a constantly upgraded picture of what's on the networks, and also trends to see how our networks are changing. For instance, we are seeing more Linux in the environment than we thought would be there. That suggests we may need to have a Department-level policy about Linux usage. We haven't really been in a position to speak about these types of things before because we didn't have a good understanding of what was out there. As we continue to develop this portfolio inventory, it's going to allow us at every level — policy, management and acquisition — to do things smarter.
CHIPS: When you alluded to the inaccuracies of data calls, I thought of the data calls prior to implementing the NMCI. There turned out to be many more legacy systems than were reported.
Capt. Christopher: One of the things that comes at the end of my standard IT asset management briefing, is a slide with the words 'data call' with a red circle and bar over them – saying 'No more data calls' for IT asset management. We don't want to have people out there counting stuff.
Industry doesn't do business that way any more. In fact, Gartner Group says that doing a manual inventory costs $35 to $75 per device — if you hire a professional to do it for you. Using your own people could cost twice as much. If you apply that unit cost to tens of thousands of devices, and multiple data calls, you can see the impact. And a data call is a snapshot. What we are doing with an automated process is more like a stop-motion video. We can spot changes and trends, which are important to understand.
CHIPS: Data calls are a burden to the organization. They are a disruption to productivity, and in the end no one is happy with the results.
Capt. Christopher: You are completely correct. We are hoping that this is going to eliminate the necessity for data calls in most cases. We can't identify what base or building a machine is in, but almost everything about the machine physically itself we can collect, including the software. The system uses what's called 'fingerprints,' which when you think about it, is how people are positively identified. Similarly, BDNA uses fingerprints to identify hardware and software on machines by identifying unique characteristics that identify specific devices and applications.
Over time, we will develop fingerprints for all the different applications that the Navy has. We have fingerprints for virtually all the COTS applications. As we develop fingerprints for all the GOTS applications, it's going to be of great assistance to, for example, the FAMs (Functional Area Managers) to know exactly how many copies of a given software are running out there. They will be able to make decisions about what software to approve or disapprove for running on Navy networks, based on what is actually installed across the enterprise.
The FAMS can go to the IT asset management repository and look at the redundant application choices there, and really dive into a specific application to see how many users it has, for example. This analysis will help support business decisions without having to task individual people to go around and search for this information, which, again, avoids data calls which are repetitive and very expensive to do.
In summary, what we are doing with Enterprise IT Asset Discovery and Management positions the DON to make key business decisions, based on a solid, auditable understanding of the Department's IT Asset portfolio. Enterprise IT asset management gives rigor and structure to our understanding of what we really have in our IT asset inventory, and this supports rigor in all areas of IT acquisition and management.
We cannot do this with manual processes or data calls. We need the support of an automated, consistent, repeatable capability, currently being provided by BDNA. Considering the size of our IT enterprise, this process is critical to have; and having it now, we need take advantage of it and get on to the next steps.