Friday, April 23, 2010

Defence Next Generation Desktop Project

The Australian Department of Defence has issued a request for Expression of Interest for the "Defence Next Generation Desktop Project" (CIOG 198/10, 22-Apr-2010). The NGD Project aims to provide a simplified desktop interface for defence users and lower costs. Companies have to respond to the EoI to be considered for the RFT. A briefing on the RFI will be conducted in Canberra 5 May 2010.

There are three PDF documents provided via the government tender system:
  1. ITR Conditions (515Kbytes)
  2. Information provided to Requestors (860Kbytes)
  3. Information to be provided by Requestors
Part 2: Information provided to Requestors, describes what Defence wants from the system:
Table of Contents
1.1 Purpose ....2
1.2 Background...2
1.3 Document Structure......3
1.4 Acquisition Objective ....4
1.5 Acquisition Process ......4
2.1 Overview...5
2.2 Desktop Delivery ......5
2.3 Virtualisation .....6
2.4 Applications ......6
2.5 Desktop Security Environment .....6
2.6 Existing Network...7
3.1 Intent.....8
3.2 Contracting Model ....8
3.3 Requirements ...9
3.4 Desktop Delivery ....10
3.5 Application Presentation.....12
3.6 Desktop Security Environment – Multi-Level Security ...13
3.7 Integration...14
3.8 Implementation ...15
3.9 Project Management ......17
3.10 Support ...18
3.11 Commonwealth Activities ...18
5.1 Existing Thick -Client Specification ....20
5.2 Existing Server Specification ......20
5.3 Current End-User Devices......20
5.4 Current Peripherals ....20
5.5 Current Capacity Profile .....20 ...

2.2 Desktop Delivery
2.2.1 The current Defence desktop delivery method uses two alternative mechanisms to deliver a desktop to a user:
(a) traditional PC thick client environment; or
(b) server-based computing (SBC) using Citrix XenApp 4.5.

2.2.2 The majority of Defence Information Environment (DIE) users across Defence connect via traditional PC-based technology using the SOE 125 desktop platform. The SOE 125 platform uses the Windows 2003 server back-end and Windows XP desktop solution.

2.2.3 Presently SBC users on the DIE equate to approximately ten percent of the user base.

These users fall into four categories:
(a) remote access users (DREAMS);
(b) Defence thin-client system (DTCS) users;
(c) users of point solutions for applications (such as the Defence Estate Management system and Aircraft Inventory Management System); and
(d) users who support non-Windows-based systems, for example Linux and Sparc.

2.2.4 The sites using the DTCS are based on a use case scenario. DTCS technology is used in almost all locations outside Australia as the delivery system of choice.

2.2.5 Defence has implemented a roaming system so that a user’s desktop environment is not associated with a specific hardware device. A user can access their desktop environment from any machine, provided it meets minimum requirements for physical and other security issues for both security networks (Defence Restricted Network [DRN] and Defence Secret Network [DSN]).
: : : : PART 2: Information for Requestors

2.3 Virtualisation

2.3.1 The use of virtualisation technologies is mainly contained within Defence’s Central Data Centre (CDC). The CDC is operated by the Defence Computing Bureau (DCB). Server virtualisation is currently managed using VMware and Citrix products and application virtualisation is managed via Citrix technology. There are up to 1,000 server infrastructure devices within Defence facilities and an additional 700 virtualised servers on this infrastructure.

2.4 Applications
2.4.1 Local
2.4.2 The majority of Defence users have a desktop or laptop running Microsoft Windows XP.

These users are provided with standard Microsoft Office 2003
applications, file and print services and most users access at least one corporate application hosted in the CDC. In addition, these users may require access via the DRN and/or DSN to other systems hosted either in the CDC or a variety of locations around Australia.

2.4.3 Other applications presented locally may include, but are not limited to, Adobe Acrobat, Apple QuickTime and Macromedia Flash Player.

2.4.4 Defence uses a wide range of applications; an indication of which is provided at APPENDIX II – .

2.4.5 Corporate
2.4.6 The DCB currently delivers a large number of enterprise applications hosted centrally to users across the DIE. Some applications use the Citrix Published Application and Citrix Application Streaming mechanisms to deliver these applications.

2.4.7 Most applications are delivered by a traditional client server model. These may include, but are not restricted to, ADFPAY (in-house), OpenPlan Professional, PMKeys (PeopleSoft), Roman (SAP) and SDSS/MIMS (logistics management).

2.4.8 Defence uses a wide range of applications; an indication of which is provided at APPENDIX II – .

2.5 Desktop Security Environment
2.5.1 Services are delivered primarily through two major network environments: the DRN being the largest and the DSN being the second largest. To meet the requirements of the Protective Security Manual (PSM), Information Security Manual (ISM) and Defence Security Manual (DSM), using traditional technology solutions, these two environments are physically separated and consist of a wide variety of information systems, communication equipment, hardware, software and application components. Both networks utilise a Microsoft Windows Server 2003 Active Directory (AD) for user authentication.

2.5.2 There are approximately 75,000 users of the DRN. Approximately 20 percent of these are also users of the DSN. The majority of Defence ICT users can be put into three groups:

(a) those who use only the DRN;
(b) those who use both the DRN and the DSN; and
(c) a limited numbers of users who use only the DSN.

2.5.3 The current architecture requires users of both networks to have individual desktops for accessing each network, resulting in duplication of hardware for those users.

2.6 Existing Network
2.6.1 The Defence Wide Area Communications Network (DWACN) is a major sub-system of the Defence Strategic Communications Network (DSCN) and provides core transport services for the majority of Defence electronic communication nationally and internationally. It provides voice and data communication services to over 300 sites. Services include the carriage of some 31 IP Virtual Private Networks (VPNs) and voice communications to 150 sites. The DRN and DSN represent two VPNs. Figure 1 shows the DWACN within the context of the broader Defence Strategic Communications Network (DSCN).

2.6.2 Defence utilises the TCP/IP suite of communication protocols.
2.6.3 The current bandwidth of the Defence network for the DRN and DSN across all locations ranges between 512kB to 1GB.

PART 2: Information for Requestors

3.1 Intent
3.1.1 The Commonwealth’s intention in undertaking this NGD project acquisition process is to identify the most suitable Contractor/s capable of supporting the NGD project. In order to support the NGD project, the successful Contractor/s will need to provide:

(a) technical design, supply and installation of a solution which covers desktop delivery, application presentation and a single desktop security environment;
(b) implementation of the pilot and proposed solution;
(c) integration of the solution with Defence’s current environment;
(d) implementation and project management of the pilot and solution; and
(e) support of the system components and pilot.

3.1.2 Key to this will be the Contractor/s:
(a) capability to provide a solution which meets the requirements of the project;
(b) experience in providing a similar solution in a similarly complex environment;
(c) ability to deliver a complex project within tight timeframes, to a high level of quality; and
(d) assessed level of risk in delivering the solution.

From: Part 2: Information provided to Requestors, Defence Next Generation Desktop Project, CIOG, Department of Defence, 198/10, 22-Apr-2010

The "Glossary of Terms and Acronyms" in part provides an insight into the thinking on Defence:

Term: Meaning
ABN: Australian Business Number
ACN: Australian Company Number
ADO: Australian Defence Organisation
APS: Australian Public Service
ARBN: Australian Registered Body Number
C4I: Command, Control, Communications, Computers and Intelligence
CDC: Central Data Centre
CIOG: Chief Information Officer Group ...
Confidential ITR: Confidential information pertaining to this ITR ...
Criminal Code: Division 137 of the Criminal Code available from
CV: Curriculum vitae
Data Centre Consolidation: Project to reduce Defence’s data centre numbers to less than ten...
DCB: Defence Computing Bureau
Defence: The Department of Defence
DIE: Defence Information Environment
DOSD: Defence Online Services Domain
DPPM: Defence Procurement Policy Manual (1 April 2010 edition) available from
DREAMS: Defence Remote Electronic Access and Mobility Service
DRN: Defence Restricted Network
DSCN: Defence Strategic Communications Network
DSM: Defence Security Manual
DSN: Defence Secret Network
DTCS: Defence thin-client system
DTSN: Defence Top Secret Network
DVN: Defence voice network
DWACN: Defence wide area communications network
FedLink: Secure communications network between Australian Government agencies
Fair Work Act (Cth) 2009 Fair Work Act (Cth) 2009 is available from
ICT: Information and communication technology
ILSP: Integrated logistics support plan ...
IP VPN: Internet protocol virtual private network
ISM: Information Security Manual
ITR: Invitation to Register Interest ...
JORN: Jindalee Over-the-horizon Radar Network
KPI: Key performance indicator.
LAN: Local area network
L2 VPN: Layer 2 virtual private network
NGD: Next Generation Desktop ...
OGO: Other government organisations ...
PSM: Protective Security Manual
PSTN: Public switched telephone network ...
RFT: Request for tender
SBC: Server-based computing ...
SOE: Standard operating environment
SRP: Strategic Reform Program ...
TACINT: Tactical interface
TCP/IP: Transmission Control Protocol/Internet Protocol ...
VoATM: Voice over asynchronous transfer mode
VPN: Virtual private network
VTC: Video teleconferencing.

From: Part 1, Defence Next Generation Desktop Project, CIOG, Department of Defence, 198/10, 22-Apr-2010

No comments: