RealTime IT News

No Secret: NSA Taps VMware For Virtualization

In a coup for fast-growing VMware  , defense contractor General Dynamics  has tapped the virtualization leader as a sub-contractor for development of a highly secure workstation based on commercial products.

The High-Assurance Platform (HAP) is being developed by General Dynamics' subsidiary General Dynamics C4 Systems, which is the main contractor on the National Security Agency deal.

Defense and security agencies stand to save a lot of money on hardware, support and energy costs by going the virtualization route because it will reduce the number of systems its needs.

Since the passage of the Intelligence Reform and Terrorism Prevention Act of 2004, Federal security policy mandates that access to government network assets requires security features and certified assurance that exceed commercial-grade enterprise security standards.

In practice that means users with multiple security clearances, such as members of the U.S. Armed Forces and Homeland Security personnel, must use separate physical workstations. The result is a so-called "air gap" between systems to access information in each security clearance level in order to uphold the government's security standards.

VMware said it will provide an extra layer of security in its virtualization software, which lets these users run the equivalent of physically isolated machines with separate levels of security clearance on the same workstation.

Aileen Black, vice president of federal sales at VMware, said the company has been working with the NSA since 2000. HAP builds on the current solution based on VMware, called NetTop, which allows simultaneous access to classified information on the same platform in what the agency refers to as low-risk environments.

For HAP, Black explained VMware has added a thin API  of fewer than 5,000 lines of code to its virtualization software that can evolve over time. NetTop is more static and has to go through a lengthy re-approval process as changes are made. "This code can evolve over time as needs change and the accreditation process is much quicker than just addressing what's new," Black told internetnews.com.

She said HAP encompasses standard Intel-based commercial hardware that could range from notebooks and desktops to traditional workstations. She estimates the government agencies will see a minimum 60 percent reduction in their hardware footprints and greatly reduced energy requirements.

"They only have so many plugs, this reduces the number of items they have to support and how many power generators they need," said Black.

HAP will allow for one system to maintain up to six simultaneous virtual machines. In addition to Windows and Linux, Black said support for Sun's Solaris operating system is planned.

Prescott B. Winter, former director of the NSA/CSS Commercial Solutions Center (NCSC) and now CTO at the NSA, said the agency "has a strong interest in leveraging innovative commercial technologies to provide a secure workstation environment for the government community.

"The NSA HAP program is interested in developing the next generation of standards and technologies that will be the foundation of secure platforms that allow access to different classified domains and the ability to securely share data between different classified enclaves," he continued.

"We look forward to the delivery of a secure workstation product designed to be an effective solution for any government agency subject to strict security mandates."