Air Force Explores Zero Thin Client solution

The current initiative calls for:
• NIPRNet access via Common Access Card ([CAC], 5 volt) and SIPRNet access via Smart Card (SIPRNet Token, 3.5 volt) access on from any AF base (NIPRNet/SIPRNet) or through any data network (NIPRNet) via compatibility with all applicable and approved DoD/NSA Smart Card Readers as well as username/password
• Must support up to 1,000,000 users on NIPRNet across the globe at 100+ bases Guard, Reserve, and recruiter locations (~400 total including previous bullet)
• Must support up to 220,000 users on SIPRNet across the globe at 100+ bases
• Must also support various Guard, Reserve, and recruiter locations (~400 total including previous bullet)
• Must support up to 700,000 concurrent users on NIPRNet
• Must support up to 75,000 concurrent users on SIPRNet
• Persistent storage of user profile information (e.g., e-mail settings, printer settings, user documents, internet favorites)
• Clean desktop presented to user each time they log in
• Management of master image at the enterprise level
• Highly available pool of virtual desktops (24/7/365 usage for some portion of systems at each base)
• Following master image updates, individual pool of virtual desktops refreshed with updates within 30 minutes of selecting it to be updated
• Anti-virus integrated, but without causing input/output operations per second (IOPS) storms
• Disconnected operations capability for portion of users from each base
• Ability to utilize existing desktop systems (fat clients) until hardware can be tech refreshed with zero client
• Ability to stream individual applications (e.g., standard desktop configuration-based applications as well as custom apps such as command and control systems) based on users' security groups
• Ability to use existing building network infrastructure at user location
• Capacity planning tool utilization at each base prior to roll out of solution for those users
• Support unified communications through video/messaging/voice/presence/collaboration, including the ability to run Defense Connect Online (DCO)
• User experience at least as good as current desktop fat-client system for any/all applications being used for at least 80% of the user base
• Support a pilot roll-out with 9000 users on NIPRNet and 6200 users on SIPRNet at Scott AFB IL
• Training for AF/Government personnel to manage all aspects of the enterprise
• Device should allow for separate USB port management
• Device management suite to allow control/upgrades/etc. to be performed at the enterprise level
• Significant transport layer delay not acceptable, possibly introducing the need for virtual desktop servers at each base, yet managed at the enterprise level
• Capability should be device agnostic supporting commercial mobile devices (NIPRNet only requirement)
• Support telework
• Compliant with Unified Capability 2008 Rev 3 (http://www.disa.mil/_large_files/DOD_UCR_2008_Change_3.pdf) and future revisions

Submissions should answer the following questions:
Overall:
1. How does the vendor's capability/concept support the AF goal/vision for the effort?
2. How well does your solution scale?
3. Does the proposed capability/concept rely on any proprietary standards to meet any of the Air Force's or Department of Defense's requirements?
4. Can your concept be remotely administered?
5. How does the proposed concept manage/support disaster recovery?
• Can the solution/concept support Full, Differential, and Incremental back-ups directly to an off-site location? An on-site location?
• Can the solution/concept support automated client/server back-ups?
6. What fault tolerance measures are utilized/supported by the proposed solution?
• RAID levels, redundant power supplies, etc.
7. How much bandwidth does your capability typically use?
8. What other vendors are you partnered with and support the proposed solution?
9. What type of Active Directory architecture changes would need to be made to implement your solution?
10. How does your solution support port security through DoD and AF PKI certificate-based 802.1x?
11. What features whether listed above or not, are in development and will be available in future releases.
• Describe in detail.
• What standards are the features based on?
• Is the proposed technology proprietary?
12. How many monitors does your environment support off of one desktop system (fat/thin/zero)?
13. Does your solution support commercial mobile devices, like iPads, smart phones, Android tablets, etc.?
14. Does your solution support wireless (e.g., 801.11G, N)?
15. What is the typical/peak bandwidth utilization per client/server?
16. Discuss your system's resilience in degraded network conditions on both the near and far ends and how it presents degradation in its logs.
17. Discuss what networking infrastructure is required and/or recommended to support the environment and why.
18. Discuss how your solution would work with security identifiers (SID) and global unique identifiers (GUID) in Active Directory. An enterprise solution of this size requires the ability to re-use these to avoid running out.

Cost of Ownership:
19. What is the general projected Total Cost of Ownership (TCO)? Please provide a generic commercial cost of hardware/software investment needed to stand up a solution for users across multiple bases and the recurring annual cost(s). Also address associated training costs.
20. What equipment will be required to fulfill the solution? How does the solution use existing equipment? Is any of the equipment proprietary?

Security:
21. Does the solution for NIPRNet support Common Access Card (CAC) and DoD Public Key Infrastructure?
22. What ports and protocols does the proposed solution/concept use?
23. What measures/mechanisms are used to ensure data is accessible to authorized individuals/systems?
24. Does the solution for SIPRNet support the SIPRNet Token and DoD Public Key Infrastructure (PKI)?
25. Describe how the solution addresses Network Access Protection (NAP) and Network Access Control (NAC) considerations in an environment that includes mixed clients.
26. What capabilities does the solution provide for containing viruses and malicious code?
27. What capabilities does the solution provide to deal with a Classified Message Incident (CMI) or other event where information of a higher classification is found where it should not be? For example, SECRET info on the NIPRNet servers; Top Secret or Secure Compartmented Information info on the SECRET systems.

System Administration:
28. What is the expected administrator to user ratio?
29. Explain how the solution load balances resources and ensures high availability/continuity of operations during high periods of high volume usage and outages? Are there any critical points of failure and what are mitigating actions?
30. How is the solution managed over a WAN? - Consider an enterprise that serves hundreds of thousands of users in many countries and in many autonomous systems.
31. How will the solution automatically and securely accept and apply centrally (AFNETOPS) pushed patches and upgrades? Will manual processes be required to apply patches?

Environment:
32. How does the solution scale over an enterprise? Does it operate over a Wide Area Network (WAN)? What is the largest deployment you have accomplished with your proposed solution?
33. What are the infrastructure requirements for local area networks (LANs), metropolitan area networks (MANs) and WANs? What limitations, if any, exist for each case?
34. What are the physical server space requirements per user? What about power and cooling requirements?
35. What actions are required by the AF to prepare our environment (storage, user profile changes, email applications) to ensure successful implementation of your product?
36. If there will be multiple server sites, how will sites back-up each other in case of disaster? For example, if servers at base A go down, users would be diverted to servers at base B.

Data Backup and Recovery:
37. What kind of data backup method is used?

Business Case:
38. From a business case perspective, how does your product improve operations for your customers? What kinds of returns do they see?
39. Can you provide positive examples of the benefits resulting from adoption on your solution?
40. What has been the impact on performance and security for customers switching to your technology?
41. Can you provide examples of savings reported by your customers resulting from decreased system management/support costs?
42. Can you provide examples of total cost of ownership savings reported by your customers as a resulting of implementing your solution?
43. Has or can your product provide benefit to users working in a multi-domain security environment? Has its use been evaluated/accredited in such an environment?