The Defense Department is migrating to a new official enterprise collaboration tool, Defense Collaboration Service (DCS), according to the Defense Information Systems Agency.
DCS will replace the popular Defense Collaboration Online (DCO) tool used by an estimated 1 million DoD users.
The primary drivers behind the migration are cost and the end of contract life, said Alfred Rivera, DISA Director for the Business and Development Center, in a brief to reporters Feb. 9.
DCO, developed by Carahsoft and Adobe, offered DoD users an enterprise collaboration solution for online meetings, eLearning and webinars.
Costs were continuing to escalate for DCO software licensing because of the expanding number of users, Rivera explained. The current bill for the DCO software is $40 million annually, he said.
“It was a good time to evaluate alternatives,” said Rivera, who was joined in the brief by other DISA officials, “We had reached the end of the contract.”
The DCO contract will end June 24, 2015.
Based on the Joint Staff requirement for a department-wide online collaboration tool, DISA conducted an analysis of alternatives and came up with DCS, an open-source-based capability available to anyone worldwide with a common access card, or CAC, on the unclassified NIPRNET, or to anyone with a SIPRNET token on the classified network.
DCS provides secure web conferencing capabilities including the ability to record and playback sessions, perform desktop sharing, white boarding, text chat, and polling/voting, explained Karl Kurz, DISA program manager for DCS. Users also have the ability to share documents, he said.
DCS supports Microsoft Word, PowerPoint, Excel, and PDF formats.
DCS can provision about 250 users in one session, Rivera said, and it supports the same services offered under DCO but at a lower cost to the government.
“DCS will cost about $12 million annually,” Rivera said.
As part of a “DISA First” initiative, the agency transitioned all its employees to DCS in mid-December 2014. DCS reached full operational capability Jan. 30, 2015, Rivera said. U.S. Transportation Command and the Joint Staff will transition to DCS between January 30 and February 28.
DISA worked with U.S. Cyber Command, which released a message in January directing the configuration of local networks across the department to support DCS.
Many DoD organizations have already configured their local networks and completed system testing, Rivera said. The Navy Marine Corps Intranet is expected to be able to offer DCS by the end of February. DCS has already been accredited to operate, the NMCI testing is specifically related to the DCS chat capability, he said.
DCS is hosted on the DoD’s milCloud and is integrated with other enterprise services which delivers efficiencies and secure communication services across the department, Rivera explained.
milCloud is a cloud-service portfolio, featuring an integrated suite of capabilities designed to drive agility into the development, deployment and maintenance of DoD applications. milCloud leverages a combination of mature commercial-off-the-shelf and government-developed technology to deliver cloud services tailored to needs of the DoD.
The benefits of milCloud include cost savings, more flexibility and control for DoD users to manage resources and control their computing environment, and greater security in the processing and storage of classified and controlled unclassified information. DCS leverages milCloud to provide secure infrastructure as a service in DoD data centers.
The migration to DCS is another step forward for the DoD’s unified capabilities vision. Capabilities sought include a broad set of voice, video and data-sharing solutions that will enable unprecedented joint collaboration among the military services, combatant commands and defense agencies.
“The move to DCS is a two-pronged approach,” Rivera said, “it is the follow-on to the DCO, and is also setting up the framework to support unified capabilities holistically and go beyond DCS.”
All DoD users are requested to transition to DCS no later than May 30, 2015.
Global Video Service
Desktop-based Global Video Service (GVS) is an enterprise grade service that provides video teleconferencing capabilities to desktop users. The service is offered over a secured but unclassified, high quality video teleconference over NIPRNET.
A room-based GVS is also available via high quality video teleconference over a secured but unclassified IP data network. The room-based GVS system enables collaboration between desktop (PC) and room-based users.
The NIPRNET option became available in November. The SIPRNET version should be available by June, said GVS program manager, Heidi Cotter. GVS currently has 8,000 registered users, she said.
The GVS solution saves money because commands no longer have to employ a VTC facilitator who must maintain equipment and schedule services. GVS replaces the studio VTC with a unique meeting solution, Cotter said. GVS does not require new software installation or new hardware.
Under the legacy solution, users had to schedule a VTC session 24 to 48 hours in advance. Now options are web-based and completely self-service, Cotter explained.
Enhancements to GVS were enabled by a $30 million cost-savings effort with DoD, Cotter said.
Cotter explained that DISA is working with the Navy to offer GVS over the NMCI. Tests are expected to be concluded in the next four months.
GVS desktop services will be available 24x7x365.
Cloud Security Requirements Guide
DISA released a new cloud security requirements guide (available from the Information Assurance Support Environment website: http://iase.disa.mil/Pages/index.aspx ) in January that provides guidance and policy to commercial cloud service providers and DoD agencies as they explore cloud computing options.
The DoD is trying to move as much non-sensitive data as possible to the commercial cloud, the Acting DoD Chief Information Officer Terry Halvorsen said in January because costs are lower. Simplifying some of DoD's requirements, streamlining processes and aligning procedures more closely with existing standards for cloud security can help industry meet the DoD requirements for data security for storage and processing.
The SRG highlights that different types of data require different levels of protection. Four data Impact Levels, between Level 2 and 6, are defined with Level 6, Secret, requiring the most protection.
Cloud providers who have already met the government-wide FedRAMP standards are eligible to handle DoD's less sensitive "Level 2" data without any additional security requirements.
FedRAMP is a government-wide program that offers a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.
There are currently seven industry cloud offerings that meet the security requirements for Level 2 data, Rivera explained, and five ongoing DoD pilots above Level 2. DISA and the Navy are both conducting pilots testing network defense and cloud access points — the security protections to data that move back and forth between the cloud.
The first cloud access point (CAP), stood up in October, is an example of a security mechanism developed to aid in the department's use of the cloud, according to DISA. The cloud access point provides an interface between pilot sites DISA has in the Amazon Cloud and the DoD Information Network (DoDIN).
CAPs must be approved by the DoD CIO.
The Army and Air Force are conducting cloud pilots with the DoD CIO. Each of the pilot hosts meets regularly and shares lessons learned and techniques, tactics and procedures (TTPs), Rivera said.
There is no explicit DoD requirement that industry cloud solutions must be interoperable with each other, Rivera said, but by meeting the SRG standards, industry cloud solutions should provide sufficient support for DoD missions.
DISA is also evolving its own computing services offerings to be more cloudlike in nature, providing both software as a service and infrastructure as a service.
The cloud computing SRG establishes the DoD security objectives to host DoD missions up to and including Secret on commercial service offerings. Missions above Secret must follow existing applicable DoD policies and are not covered by the SRG.
DISA Restructured for Agility
In October, DISA began a reorganization that centralized project management to better align with its business lines and resources. The restructuring is intended to make DISA more responsive to rapid changes in technology and to its mission responsibilities.
One way the current reorganization will help DISA put an emphasis on speed and agility is through the new Infrastructure Development Directorate, part of the Development and Business Center.
“It centralized the requirements process and aligns resources to the [DISA] director’s priorities, one being the cloud, and how much quicker we can deliver on cloud procurement and our ability to support our mission partners,” Rivera said.