Search This Blog

Savings from Desktop Virtualization

The virtualization of desktops, which shifts manpower costs from onsite support to server farms managed by automated network control centers, offers savings by operating a large number of virtual workloads per blade server. Administrators then can manage standard desktop images on clusters of blade servers to streamline security monitoring, access control and provisioning for every desktop.

Applying a conservative version of the Defense Department TCO model indicates that the five-year cost of 4 million desktops could be reduced from $46.7 billion to $30.8 billion using a gradual implementation schedule.

After five years, the cost of desktops would continue to shrink as devices are replaced by mobile wireless connections and by thin clients. With the addition of desktops from the Reserve forces, the National Guard, the service academies and contractors, additional savings could be realized.

As the control of desktops migrates to a few network control centers, more savings could be realized as existing server farms are consolidated through PaaS cloud operations. There would be, however, large capital expense for more powerful servers so that PaaS migration can proceed simultaneously with desktop virtualization.

Desktop virtualization, the primary cash generator for the next five years, improves business continuity and disaster recovery by activating automatic failover technologies. Such high-level reliability is needed because of the increased dependency of virtual desktops on central servers. This will require at least 99.9999 percent uptime for server clusters. These will have to depend on redundancy and not on hardware reliability to avoid downtime for individual desktops. Consequently, Defense Department PaaS data centers will be able to operate with less reliable, less expensive servers, but be able to achieve uptime by tolerating failures of redundant devices.

Desktop virtualization eliminates planned and unplanned downtime for delivery of high service levels. This is achieved by means of server redundancy and not by buying highly reliable servers. As a result, the current large penalty that ranges anywhere from 50 to 500 hours of email unavailability annually can be eliminated and counted as savings in administrative time. In addition, the load-balancing features of desktop virtualization make it possible to manage the storage capacity, which improves asset utilization.

Desktop virtualization reduces capital and operating system costs because the workload peaks can be dispersed across geographically separate regions while improving the sharing of spare capacity as the department workload migrates across time zones. It reduces the need for most of the local information technology administrative staff, as well as the contractor overhead at hundreds of server farms. It centralizes security management, makes real-time surveillance affordable and speeds up deployment of application upgrades and bug fixes.

The TCO calculations assume that the Microsoft desktop environment will persist for another five years. Upgrading from Windows XP to Windows 7 desktops can be included as a transition method for much cheaper open-source office solutions. Open-source cloud computing allows the department to place its operations with multiple competing vendors.

Added savings from open-source office solutions are large. The increased rate of adoption by personnel of a variety of consumer-grade wireless desktops will steer the department toward the installation of centrally managed PaaS solutions.

Perhaps the most important feature for enabling desktop migration is the ability to encapsulate legacy applications for migration into a standard PaaS setting. Encapsulation isolates applications from their underlying legacy environment, which includes the legacy operating system. Each legacy application can be packaged into a single executable code that runs completely isolated from all other applications and from every separate infrastructure.

With encapsulation application packages can be redeployed simply by moving individual icons that originate from different Windows platforms. Such a move would eliminate costly recoding and testing.

Desktop virtualization breaks the links that individual contractors have traditionally wedged into each application. The department must break up the contractor-controlled versions of operating systems, along with the dependency on unique hardware. Virtualization eliminates the need to manage custom-fitted environments for each end-user device. After desktop virtualization is in place, a network control center can take over and deliver as well as update every legacy desktop and applications in minutes. This lessens the tasks of load balancing, testing, provisioning and supporting applications and desktops.

Desktop virtualization changes the way information security is implemented. Instead of managers installing antivirus and anti-malware solutions on individual personal computers, great improvement in security assurance can be realized by offloading almost all of the protection software and firewalls to centrally managed servers.

When fully implemented on a large scale, the annual TCO cost per seat has been quoted to be as low a $300 per year, based on seven-year depreciation. In this way, mobile Defense Department personnel will be able to connect with their personal desktop from any place in the world, while keeping up consistent security access restrictions.

Desktop virtualization also makes it possible to work offline, such as during airline travel or while on a military mission. Consequently, the virtual desktops offer a seamless and completely scalable user experience far superior to what currently is available.

The department should be able to standardize on similar client computing platforms so that equipment can be re-used instead of being junked when it loses its local utility. When each platform would be tracked with globally traceable radio frequency identification (RFID) tags, the multimillion dollar inventory of computing devices will make is possible to manage more than $28 billion worth of capital assets.

Centrally managed virtualized desktops can extend the management of local physical assets to third-party support contractors. This can include access by public cloud providers to process workloads not requiring compliance with Defense security requirements. This can be done without sacrificing control over security policies or administrative privileges. By using centrally managed oversight support, contractors would have no control over user authorization or user network access.

Virtual desktops are only a part of a greater puzzle of how the department can migrate to its objective operating in a private PaaS cloud. The adoption of virtual desktops can take place only after "commodity" applications such as email, calendars and collaboration methods are reorganized for cloud operations.

Adjusting both Funds and Mindsets in DoD

The tight coupling that currently binds Defense Department architecture - the infrastructure, communications, databases, applications, security and desktops into more than 2,200 unique silos - must be separated. Right now, each silo is the consequence of contracts in which all software is assembled into a one-of-a-kind collection of codes. The resulting software is costly to maintain; applications are not interoperable; and lack of compatibility complicates the exchange of data.

Defense Department applications are not built to controlled standards. Most department databases are not constructed for shared data definitions, and communication interfaces do not match.

Such diversity is excessive. It imposes on every system the burden of tooling more than 75 percent of the programming code to unique requirements, which results in every system possessing its own infrastructure. If the Defense Department could operate a standard information technology infrastructure, the application developers then could concentrate on building only 25 percent of the code. Diverse systems could be built on top of only a few universal infrastructures. Individual customers would be able to modify individual applications but would not be allowed to alter the code of the infrastructure, which would be centrally managed.

Only after separating the infrastructures from the applications will it be possible for the Defense Department to organize projects to fit into an enterprise architecture that is modular, interoperable, upgradeable, secure and inexpensive. Only then will it be feasible to place application-specific programs, without huge amounts of attached infrastructure code, on top of an enterprise standard environment, defined as the Defense Department private platform-as-a-service (PaaS) clouds.

Once PaaS is accepted as the ultimate architectural objective for defense computing, attention must turn to a most difficult challenge: how to migrate from thousands of incompatible legacy systems into an environment that is far less complex. That cannot be accomplished by retrofitting legacy systems with fixes, conversion routines, software bridges, emulations and patches. An overlay cannot be placed on legacy systems to make them look as if they were interoperable PaaS clouds.

To achieve cost reductions in information technology spending, the Defense Department must concentrate on generating short-term cash savings to finance the creation of PaaS clouds. In the long run, PaaS will create the greatest opportunities for cost savings for the department.

One of the military service chief information officers announced a cut in information technology expenses by 25 percent over the next five years. Consequently little money, if any, will be available to convert to PaaS-based infrastructures. The question then is what approach can be used to slim down information technology spending in the most expeditious way so that cash becomes available to start investing in PaaS in the next five years.

The department's information technology budgets for fiscal years 2012 through 2016 somehow must be structured to produce cash savings to fund cloud adoption investments. The current lack of funds also is aggravated by rapidly rising cybersecurity costs.

The Government Accountability Office just reported that fiscal year 2012's $3.6 billion for cybersecurity is not fully funded. Expenses classified as the costs of cybersecurity now are consuming 9 percent of total information technology spending. Cybersecurity is eating up most of the money that otherwise would be available for migration to a cloud environment. Spending on security will continue to grow and will have a higher priority than spending on cloud computing, despite large cost reductions that can be realized from PaaS. With a squeeze on information technology budgets where will the new funds come from?

The Defense Department currently spends 30 percent of its $36.5 billion information technology budget on new development and on upgrading existing systems. The department spends the remaining 70 percent on operations and maintenance (O&M), although that amount is understated because it does not include military and civilian personnel payroll.

Prying short-term cash from new development and upgrading to pay for PaaS is hard to do. Projects have multiyear durations. Urgent, immediate fixes also are needed to support warfare operations; these fixes cannot be deferred. Though some money could be obtained by eliminating redundant programs, the pending information technology budget shortfalls are too large to be made up through the cannibalization of development funds.

O&M funds must be the first ones approached as the immediate cash cow to finance PaaS cloud migration. Somehow, the required cash to support cloud migration must be extracted from the $26 billion spent annually on O&M. Assuming level information technology budgets for the next five fiscal years - 2012 through 2016 - this represents an optimistic pool of $130 billion from which to squeeze at least 10 percent savings. This is the amount most likely needed to accomplish a high level of migration into the cloud-computing environment. Only after the department begins collapsing thousands of costly silos into a handful of PaaS clouds can it hope to migrate toward lower-cost operations.

PaaS clouds, when finally installed, will offer superior service levels, be more secure and operate at lower costs than the current collection of legacy systems. The issue is not what is theoretically conceivable, but how much cash will become available in the next five years from cutting back on legacy O&M operations. The question is one of timing: Is there sufficient time to make the necessary reinvestments so that the Defense Department can continue operating without increasing its information technology budget?

The first step calls for a business case for checking the financial feasibility of a PaaS. There are several total cost of ownership (TCO) models available to make such calculations. For the purposes of this article, the most mature cloud model will be used (http://roitco.vmware.com/vmw). It was derived from the Alinean Corporation, where I was a founder and member of the board of directors.

I have estimated the five-year TCO costs for the Defense Department's 4 million desktops and 200,000 servers. That TCO is about $15 billion per year, or 41 percent of total information technology spending. This estimate includes the costs of telecommunications and rising expenses for security.

The largest share of the department's annual information technology costs is the average expense for the support of desktop operations, or $9.3 billion. This includes administrative support and downtime costs.
The average cost of $5.3 billion per year for servers is less than the cost for desktops. Though the department is concentrating on server virtualization, which can bring down server costs by more than 60 percent, this requires large-scale data center consolidation for which plans do not exist yet. Meanwhile, the largest short-term dollar gains can be realized from the adoption of virtual desktops. Concentrating on desktops can yield cash savings of up to $3.2 billion per year.

Estimated cash savings are based on TCO costs. Additional cost reductions could be obtained when a smaller number of PaaS clouds would shrink the expenses for existing data centers.


Needed: Guidance from the Office of Management and Budget

The reported spending for IT is set for FY11 by OMB as $79 billion. However that number does not include 58 independent executive branch agencies.  For instance exclusions include the Central Intelligence Agency, spending by the legislative and judicial branches of the Federal Government. In the case of DoD and DHS, which account for more than half of the $79 billion spending, the payroll costs of the uniformed and civilian payroll are also excluded. At close to $100 billion of IT spending, the Federal Government consumes close to 0.6% of global IT spending. As compared with the largest commercial enterprises, this exceeds their IT spending by a multiple of at least 30.(1)

The OMB budget also excludes IT costs that are components of operational systems such spacecraft’s ground systems (such as satellite command-and-control systems and satellite data-processing systems). There are also inconsistencies in how agencies report on IT spending included in R&D programs. Sometimes these costs are included, sometimes they are not.

The reported Federal Government IT costs are broken up into 7,248 investments, which account for a third of total IT budgets. As compared with commercial practice this is a high ratio because enterprises are able to operate with close to 80% of the budget because of effective spending for new projects. For instance, there are 1,536 separate development programs for improving the management of information technologies and particularly the management of the IT infrastructure. There are 781 investment programs for supply chain management and there are 661 investment programs for human resource management. Commercial practices would not tolerate such proliferation.

The Office of Management and Budget in the Office of the President OMB plays a key role in overseeing how federal agencies manage their IT investments. The source for this oversight is data about an agency’s investment portfolio (Exhibits 53) and capital assets planning (Exhibits 300). Additional web based “dashboards” summarize information about diverse projects, though the data and analysis are not reliable.

OMB does not provide oversight over IT spending expended in ongoing operations.
OMB and federal agencies have undertaken several initiatives to address potentially duplicative IT investments. Most of these efforts have not yet demonstrated results. Agencies also do not assess legacy systems to determine if they are duplicative.

The slow progress in managing Federal IT for greater efficiency can be traced to a lack of a coherent Federal Enterprise Architecture (FEA). When originally developed in 1999, the FEA was intended to provide federal agencies with a common construct for their architectures and thereby facilitate the coordination of common business processes and consistent system investments. As part of the fiscal year 2004 budget cycle, OMB required agencies to align proposed IT investments to the FEA reference models; this information was then used to develop the initial process improvement initiatives. Since that time, agencies have established individual enterprise architectures and used them to characterize their IT investments and to guide plans for the future. OMB’s Chief Architect reported that comprehensive changes to the FEA are planned for fiscal year 2012. But meanwhile the actual progress in rationalizing IT spending does not show progress.

Though the closure of a number of data center is proceeding, federal agencies’ data center inventories and consolidation plans are incomplete and do not as yet reflect verifiable net cost reductions.
OMB has also announced its trusted Internet connection initiative to improve security by reducing and consolidating external network connections. However, none of the 23 participating agencies had yet met all of this initiative’s requirements.

A major new initiative from OMB is the FedRAMP project, which is to provide, among other functions, continuous security monitoring of cloud computing systems for multiagency use. This project is currently behind schedule, and has not yet defined all performance metrics.

 The FedSpace project, which is to provide federal employees and contractors collaboration tools for cross-agency knowledge sharing, is also behind schedule and has not defined its performance metrics.

SUMMARY
The nation’s actual annual spending for IT is much higher than the $78.8 billion identified by OMB. Agencies do not routinely evaluate legacy systems to determine if they are duplicative and can be eliminated or consolidated.

(1) Reported in GAO-11-826

The Status of DoD ERP Systems

An Enterprise Resource Planning (ERP) solution is an automated system using commercial off-the-shelf (COTS) software consisting of multiple, integrated functional modules that perform a variety of business-related tasks such as general ledger accounting, payroll, and supply chain management.  The major vendors providing ERP solutions are Oracle, SAP and IBM.

For more than a decade, DOD has dominated GAO’s list of federal programs, including all of the current eight ERP programs, as high risk of fraud, waste, abuse, and mismanagement. The DOD systems environment that supports these functions can be characterized by (1) little standardization across the department, (2) multiple systems performing the same tasks, (3) the same data stored in multiple systems, and (4) the need for data to be entered manually into multiple systems.

The following ERP systems are currently in progress:
The General Fund Enterprise Business System (GFEBS), initiated in October 2004, is intended to support the Army’s standardized financial management and accounting practices.
The Navy Enterprise Resource Planning System (Navy ERP), initiated in July 2003, is intended to standardize the acquisition, financial, program management, maintenance, plant and wholesale supply, and workforce management capabilities at Navy commands.
The Global Combat Support System–Marine Corps (GCSS-MC) initiated in September 2003, is intended to provide the deployed warfighter with enhanced capabilities in the areas of warehousing, distribution, logistical planning, depot maintenance, and improved asset visibility.
The Defense Enterprise Accounting and Management System (DEAMS), initiated in August 2003, is intended to provide the Air Force the entire spectrum of financial management capabilities, including collections, commitments and obligations, cost accounting, general ledger, funds control, receipts and acceptance, accounts payable and disbursement, billing, and financial reporting for the general fund.
The Expeditionary Combat Support System (ECSS), initiated in January 2004, is intended to provide the Air Force a single, integrated logistics system—including transportation, supply, maintenance and repair, engineering and acquisition—for both the Air Force’s general and working capital funds.
The Defense Agencies Initiative (DAI), initiated in January 2007, is intended to modernize the defense agencies’ financial management processes by streamlining financial management capabilities and transforming the budget, finance, and accounting operations.

According to GAO six ERPs have experienced schedule delays ranging from 2 to 12 years, and five had incurred cost increases totaling an estimated $6.9 billion.(1) Four ERP programs—DEAMS, ECSS, GFEBS, and GCSS-Army—did not develop reliable schedule and cost estimates. None of these programs had developed a fully integrated master schedule that reflected all activities, including both government and contractor activities. The DOD IG reported that the Army estimated it will spend $2.4 billion on the implementation of GFEBS but had not identified all of the requirements and costs associated with the project. The Army also used unsupported and incomplete life-cycle cost estimates to determine $1.4 billion in cost savings and used an inappropriate methodology to determine the estimated $3.9 billion in benefits.

SUMMARY
Even with extended periods of development, ERPs are missing interfaces needed to integrate them with existing systems while others, slated to replace legacy systems, are delivered without some of the functionalities performed by the systems they are expected to replace.
Consequently, DoD continues to operate largely in the duplicative, stove-piped environment its legacy systems as well as ERPs that are attempting to provide the military with innovative replacements.

(1) GAO-12-177T, Implementation of Business Systems Could Impact Audit Readiness Efforts