DoDIIS NexGen Desktop Concept Architecture

A presentation at DoDIIS Industry Day in May 2010 in Washington, DC, USA by Shawn Wells

Slide 1

Slide 1

DoDIIS NexGen Desktop Concept Architecture Shawn Wells sdw@redhat.com Intelligence Community Programs 443-534-0130

Slide 2

Slide 2

Conceptual Overview GOAL: A light weight Red Hat Enterprise Linux based device which has the ability to have multiple concurrent Citrix sessions, each one tied to a specific network (CIA Desktop, DoDIIS Desktop, etc). Alpha Alpha Network Network Bravo Bravo Network Network Charlie Charlie Network Network MLS Network Guard MLS Network Guard & & Citrix Server Citrix Server Alpha Citrix Client Bravo Citrix Client Red Hat Enterprise Linux Workstation Charlie Citrix Client 2

Slide 3

Slide 3

Base Desktop View 3

Slide 4

Slide 4

Virtual Connection View: Single Desktop 4

Slide 5

Slide 5

Virtual Connection View: Multi Desktop 5

Slide 6

Slide 6

Desktop System Security  Relevant U.S. Government Red Hat Enterprise Linux 5 security certifications ●  EAL4+ Common Criteria Certification (LSPP, RBAC, CAPP) on IBM & HP hardware ● DCID 6/3 (used up to PL5) ● DISA STIG Devices will run in “kiosk” mode ● ● No ability for users to retain information or configuration locally on the system via SELinux Traffic shaping technology secures network traffic to appropriate desktop/Citrix instance ● No local users ● No local data files ● 6

Slide 7

Slide 7

Desktop System Management   Full management by Red Hat Satellite Server, a systems management platform designed to provide complete lifecycle management of the operating system and applications. ● Standardized Provisioning (“golden builds”) ● Centralized software management (security patches, hardware drivers, etc) Same management software for both servers and desktops; one standard management suite for both Red Hat Provided Content Custom Content RHN Satellite Software • Software Distribution • Account Management • Channel Management • Monitoring • Provisioning MANAGED SERVERS MANAGED DESKTOPS 7

Slide 8

Slide 8

Desktop System Management: Update Automatically update systems with the latest security fixes Easily obtain security updates, patches, and new OS versions Remove undesired packages through RHN Satellite Software the simple RHN web • Software Distribution • Account Management interface • Channel Management • Monitoring • Provisioning 8

Slide 9

Slide 9

Desktop System Management: Manage Easily obtain security updates, patches, and new OS versions Manage groups Manage groups of of systems as systems as easily easily as as a a single single system system Assign permissions Assign permissions to administrators to administrators for managing for managing different groups or different groups or roles roles Remove undesired RHN Satellite Software • Software Distribution packages • Account Management • Channel Management • Monitoring • Provisioning Schedule updates Schedule updates to occur to occur during during maintenance maintenance windows windows 9

Slide 10

Slide 10

Desktop System Management: Provision Undo problematic changes with snapshots and rollback Provision existing or bare metal systems using predetermined profiles or system cloning Improve consistency by RHN Satellite Software using RHN to • Software Distribution • Account Management manage and deploy • Channel Management • Monitoring configuration files • Provisioning 10

Slide 11

Slide 11

Desktop System Management: Monitor Easily obtain security updates, patches, and new OS versions Manage Dozensgroups of low-of impact systems probes as easily can asbe a single set forsystem each system Assign permissions Group probes into to administrators suites for fast for managing deployment different groups or roles Remove undesired RHN Satellite Software • Software Distribution packages • Account Management • Channel Management • Monitoring • Provisioning Receive email or Schedule updates pager notices when occurreaches during a atoprobe maintenance predefined warning windows or critical threshold 11