Friday Oct 31, 2008

Trip Report: DoD Open Conference sponsored by AFEI

Yesterday I attended the DoD Open Technologies conference sponsored by the Association For Enterprise Integration. The presentation slides have been posted. It was a well attended event at the Reagan building in Washington DC.  The keynote address was provided by Sun Federal's president and COO Bill Vass.  Bill pointed out how, during his time working at OSD (before he came to Sun), the intelligence agencies were beginning to adopt open source software for a number of reasons:

  • More secure
  • Higher quality
  • Lower procurement barriers
  • Faster deployment
  • Lower cost to exit
  • Allows government participation and customization

He also pointed out that software (whether open source or proprietary) is developed in Russia, India and China. He left no doubt that the government is using and should continue to use Open Source software throughout their IT programs.  Feel free to review all of Bill's slides.

Mark Tolliver (formerly of Sun) for Alamida software discussed the importance of software component analysis (SCA).  SCA is the process of auditing your software to determine:

  • What OSS components you are using
  • What licenses apply
  • What vulnerabilities might exist

In one example, he used his company's tools to scan a piece of ISV software and found that 65% of it consisted of OSS software.  His experience shows that the industry average is now up to 50%.  This causes a number of issues because licensing issues and vulnerabilities in OSS software become YOUR issues when you deliver a product to your customer.  If you are not fully aware of all of the components, you may be passing on vulnerabilities from older versions of software that have already been fixed in the community.  SCA is important because you can't secure what you don't know that you have.

His recommendations to the government included:

  • Require vendor to document OSS code contents
  • Audit code acquired
  • create a strategy for application security
  • Enforce ongoing training for engineers on how to get the code, vet the code and integrate the OSS code
  • Document the use of all code for future generations of maintainers
  • Use automated scanning tools (his product, of course)
    • Static Analysis
    • Dynamic Analysis
    • Compositional analysis
    • Anti-virus

John Garing CIO of Defense Information Systems Agency (DISA) described how the Hitler had trouble invading Russion because of differences in the train guage standards between the two.  He drew parallels between this and his current personal problem in the DoD where they have contracted with two different Collaboration solutions (to provide competition).  A person chatting in one community can't "see" or interact with a person in the other community.  To summarize, open standards and open interfaces are key to getting services faster to the warfighter.

A panel of government and industry discussed a variety of topics related to open source.

Dan Risacher of OSD/NII reported that a new OSD guidance memo was expected to be released soon.  Dan is a big advocate of open source in the government.

Bdale Garbee of HP is an open source participant in the industry and suggested that government needs to go further to allow both government employees and system integrators to participate and contribute to OSS projects without running afoul of government property rights, employer policies or patent issues.  They also discussed the issues surrounding license and ITAR export control.

The afternoon panel discussed how tactical approaches to open source are being carried out.

Stu Lewin of BAE systems described their detailed creation of a governance board, processes, documentation and training to ensure that the OSS brought into BAE projects is properly vetted, licensed, documented and maintained.

Allan Hardy of Lockheed Martin described how they audit OSS use and perform risk mitigation.  He noted that OSS touches every stage of the software life cycle from proposal through design, test, documentation and support.  He credited a strong process as well as ongoing training of engineers to a successful use of OSS.

Colin Roufer is a lawyer at Boeing and discussed the legal issues surrounding OSS. Important points include:

  • There is no negotiation of a license such as the GPL.  Get over it
  • The GPL does NOT require that you give the source to everyone in the world, one those who receive the binary
  • The recipients of GPL code are bound by the same requirement to pass source code and license down to second level recipients

Peter Vescuso of Black Duck software described a case study of a small company who provided OSS to Broadcom.  The Broadcom chip was in turned built into a Linksys router. Linksys was in turn bought by Cisco.  At this point, Cisco did not know that there was OSS content as was not properly conveying that information to its customers.  OSS management requires a cross-function team including:

  • legal
  • purchasing
  • export control
  • QA
  • Configuration management
  • engineering


Open source is good for the government.  It can lower costs, improve quality and reduct time to mission accomplishment.  Sun Microsystems is the largest contributor of open source software in the industry.  You can take advantage of OpenSolaris, MySQL, Netbeans, OpenStorage and many other products today at low cost.

 Please join our OpenStorage launch on November 10th to learn more.

Thursday Apr 24, 2008

Sun at the DISA Customer Conference

Each year the Defense Information Systems Agency hosts a customer conference all their customers.  DISA is responsible for hosting, designing and operating DoD datacenters, networks and critical command and control programs. The DISA customer conference is attended each year by 3000-4000 IT professionals throughout the US DoD and other countries. This year's conference is in sunny Orlando and Sun Federal will again be attending to demonstrate some of our advanced technologies for desktop virtualization, security, identity management and more. Here's a preview of what you will see when you visit our booth (or in case you can't come to the conference).  The Sun team at the booth will be happy to answer any questions you have about this or any of Sun's products and services.  Among the things you need to know about Sun is that we are the largest commercial contributor to the open source software communities. Come visit us May 5-8 at booth # 331.

Sun Ray Ultra-Thin Client Technology

This innovative solution to current desktop cost and management issues can significantly reduce costs while increasing user flexibility, mobility and security.  Weighing less than a pound and with no moving parts Sun Ray is ecologically better than a PC.  It last longer, uses less energy, makes less noise and fills fewer landfills. The Sun Ray DTU can be used to display a Solaris, Windows, Linux or mainframe desktop environment. 

Trusted, multi-level Operating System 

Do you need to share confidential data while knowing exactly who has access? Sun's award winning open source Solaris 10 operating system with Trusted Extensions provides a robust, scalable security solution for customers with multiple levels or compartments of data access.  Sun, HP, IBM and Dell platforms (Sparc or X64) are fully supported.  Dell, Fujitsu and IBM are OEMs for Solaris on their platforms. Solaris 10 is Common Criteria evaluated.

Screenshot: Solaris 10 displaying MS Windows and Red Hat 5 in windows of different classifications on the same screen.

Identity management implementing the DoD 2875 process

The 2875 demonstration was created to show the feasibility of using the Sun Java Systems Identity Manager Suite to manage the SYSTEM AUTHORIZATION ACCESS REQUEST (SAAR) process. This process is used through out the Federal Government as a method for end users requesting access to systems. Sun IDM automates, audits and simplifies the process.

Sun Modular DataCenter

The Sun Modular Datacenter is a low cost, quick deploying solution for those who are running out of data center space and need additional computing power quickly with lower real estate, power and cooling costs.  Although the actual Modular Datacenter truck will not be here, we will have a scale model for you to enjoy.

Photo: The Sun Modular Datacenter on tour at the Pentagon in April with a small contingent of the Sun Federal Sales and Marketing team. 

Windows/Linux interoperability

Sun is a full OEM for MS Windows and Red Hat operating systems.  We sell and support both OSes on our market leading Intel and AMD based servers.  As a licensee of MS technologies, Solaris interoperates well with your existing desktop infrastructure. 

Capacity based computing

Sun is one of the winners in the DISA Capacity Computing contract awarded in 2006.  Using this contract, DISA purchases Solaris computing cycles as a managed service based upon actual metered utilization. Sun provides systems and capacity management in DISA datacenters while speeding procurement cycles, reducing capital expenditures and consolidating applications. Ask us about how this contract can work for you.

Partners joining Sun in our booth include:

Mitel is a leading provider of communications solutions for a range of organizations.  Their integration of Sun's Ultra-thin client with a VOIP telephone handset can significantly reduce desktop device costs while increasing flexibility, security and user mobility.  This intelligent phone ties your phone session and you desktop computing session to your identity and smart card for increased convenience.

BlueSpace - sponsored by Sterling Computers. BlueSpace is an enterprise software company based in Austin, Texas, that provides electronic messaging and mail software as well as multi-level secure (MLS) middleware to enable MLS applications. TransMail Trusted Edition is a version of TransMail specifically designed for the defense and intelligence communities. It integrates with Solaris 10 with Trusted Extensions to provide label security support, while providing the user with a single, multi-level inbox. TransMail Trusted Edition is the first commercial-off-the-shelf (COTS) end user, multi-level secure application.

Dynamic Systems is an information technology infrastructure expert and Sun Microsystems Value Added Reseller.  Dynamic Systems holds the SSTEW contract which offers extended warranty, maintenance, education, and professional services for all Sun Microsystems® products. The extended warranty and maintenance covered in this contract includes flexible and comprehensive hardware and software support ranging from basic to mission-critical service.This 8(a) set aside Blanket Purchase Agreement that offers time and money saving options through order consolidation and volume discounts. SSTEW is an Enterprise Software Agreement (ESA) under the DoD Enterprise Software Initiative (ESI).

We're looking forward to seeing you in Orlando. 


Jim Laurent is an Oracle Sales consultant based in Reston, Virginia. He supports US DoD customers as part of the North American Public Sector hardware organization. With over 17 years experience at Sun and Oracle, he specializes in Solaris and server technologies. Prior to Oracle, Jim worked 11 years for Gould Computer Systems (later known as Encore).


« June 2016