Defence's double desktop could go thin

Defence's double desktop could go thin

Summary: Thin client computing and a switching solution from his US colleagues could provide Department of Defence CIO Greg Farr with a flexible solution to the problem of having to run two desktops each for a number of his users.


Thin client computing and a switching solution from his US colleagues could provide Department of Defence CIO Greg Farr with a flexible solution to the problem of having to run two desktops each for a number of his users.


Defence CIO: Greg Farr
(Credit: Australian Defence)

Two desktop PCs have sat on Farr's desk since he took up the Defence role in November 2007: one to access Defence's Secret Network and another for its Restricted Network.

According to Farr, a portion of the 90,000 PC users in Defence — "in the tens of thousands" — require access to both networks, meaning that those users require at least two desktops. "So there's two computers, two lots of power, air conditioning and all those things," Farr told in an interview.

In April last year, Farr said Defence was exploring how it could better exchange information with Australia's military allies with the use of public key infrastructure as the main form of authentication.

During that period, the question of how Defence staff accessed multiple security domains cropped up. Staff were unable to run both networks off a single desktop simultaneously, said Farr.

"You have to have a switching box to actually switch between whichever network you're in," Farr said at the time.

The problem manifested itself when staff, for example, required access to the Secret Network to support the Defence's military operations. If personnel information was required at the same time, staff are forced to switch over to the Restricted Network, negatively impacting the system's ease of use.

The primary solution to the switching problem was likely to come from the US, said Farr late last year. "We're just going to rely very much on our US colleague's solution," he said.

However, besides the user experience, which would be dealt with through what Farr called its US-developed "multi-security domain solution", the other issue to be tackled is the cost of running two desktops — a challenge Farr said could be overcome with the use of thin clients. "As thin computing continues on, the less number of processes that occur on the desktop the better things will be," he said.

Defence currently has a handful of users trialling the so-called "multi-security domain solution", and Farr hoped the program would be expanded in 2009.

However, it still could be some time before Defence broadly deploys thin computing and the new network switches. Defence's notoriously slow procurement of new technologies has in the past left staff with obsolete infrastructure.

"We've been able to make some significant improvements, but [technology procurement] is still not quick enough. We need to be able to field ICT solutions in a much quicker time than we're currently doing at the moment," said Farr, echoing concerns he expressed shortly after he took up his Defence post.

Topics: Government, CXO, Government AU, Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Military incompetance

    Get rid of the top 3 layers of military management and the problem will be half solved.
    The leadership and accountability culture is so bad that unless the organization is completely rebuilt it cannot be fixed.
    You have been warned! Australian Military leadership is massively incompetant!
  • Mil Incompetence

    I have heard and read those gutless comments for the past 60 years. Don't day dream but offer something constructive and workable.
  • Read the article

    You are an idiot.

    Read the article properly, and then perhaps you'll understand the reason why two networks are needed: one is secret, and the other is restricted. The two do not mix.

    If the CIO can bring a CPE rationalisation program, good luck. My guess is there'll be huge end user concern about accidentally sending secret data over the restricted network. This is probably the biggest stumbling block.

    I think you've been reading too much Norman Dixon, when you should have been using the Macquarie Dictionary instead.
  • Aussie EAL 7 product for this?

    I thought that there was a Aussie designed EAL7 (highest security) product that was supposed to do this?
  • virtualisation

    Why not use virtualisation?

    it would proberly be easier and cheaper to setup and u could have 2 screens on the 1 computer....
  • Not that easy?

    I'm not sure if it's quite that easy ... I'm not sure personally but I suspect Defence would have physically separate networks in some cases ... under virtualisation at a basic level all the data resides on the same physical PC. May not be as easy as that.

    Defence is certainly a different environment to the average corporate!


    Renai LeMay
    News Editor
  • EAL 7 Product

    There sure is! The Interactive Link!!! Been around for many years! An Aussie world beater, I think they've been selling it to the yanks for a while now! Talk about a boomerang technology!
  • EAL 7 Product

    For more information :
  • Yes, he mentioned it.

    There is. The "switch box" he's talking about in the article is an Interactive Link IL-MCS (Multiple Computer Switch.)

    The closest it gets is with the IL-KBS, which is essentially a box that switches your keyboard and mouse input between one network or the other, while displaying your lowside session in a window on the highside thin client.

    As for true multilevel desktop products, there isn't anything on the market at the moment evaluated to a sufficient assurance level to allow Restricted and Secret to be connected.
  • Virtualisation doesn't cut it yet.

    The problem at the moment is no software virtualisation solution provides sufficient security assurance to allow this.

    Research into this continues though, see
  • The Concept of Two Networks

    There is a Dilbert cartoon where the boss is asked, "Why do you mark envelopes which contain sensitive information with 'SECRET'?". The boss replies something to the extent, "Oh I don't want the spies opening all of the other envelopes in the Out Mail Tray." Having separate networks for varying levels of sensitive data is illogical. It doesn't provide better security and definitely allows foreign intelligence agencies to better focus their efforts. It would be better to use SSL between all computers and simply have one network. The suggestion by Farr of a thin client network is also not a good idea given that in every deployment bandwidth and connectivity have been a problem and, in any conventional war, comms are the first target of any attacking force. Land Forces need the ability to continue to operate when cut off. There is no chance of this if one has chosen to use a thin client or virtual box topology.