Navy rolls out virtualization plan

The U.S. Navy is mandating the simulation of hardware, or virtualization, for its existing IT infrastructure by 2018, according to a memorandum issued this week by the service’s chief information officer.

The July 29 memo from CIO Terry Halvorsen states that the Navy must virtualize all of its current servers and server-based systems and applications by the end of fiscal 2017 (September 2018). Navy and Marine Corps deputy CIOs were instructed to submit a service virtualization plan no later than the end of November, according to Halvorsen’s memo.

The goal of the virtualization initiative is to reduce the Navy’s IT costs at a time when service operation and maintenance budgets are being slashed while also increasing the flexibility of the service’s IT infrastructure.

The shift to virtual machines would, for example, allow the Navy to run multiple operating systems and applications on a single server. Future Navy network components will be developed to operate in virtual environments, wrote Halvorsen, who assumed his current post in November 2010.

“Virtualization is one of multiple efficiency efforts that the [Navy] must pursue to achieve cost reductions,” Halvorsen stressed, adding that the plan “does not preclude any other path to greater efficiencies and savings.”

Halvorsen said the Navy would take a “graduated approach to virtualization” that will allow for parallel efforts in areas like “system/application rationalization,” standardization and data center consolidation.

Specific milestones of the Navy virtualization plan include:

• Conversion of at least 15 percent of Navy IT networks annually until full virtualization is achieved.
• Setting standards for enterprise virtual platforms and ensuring compliance.
• Establishing mechanisms for quarterly progress reports on virtualization and ensuring that “all future systems and applications” can operate in a virtual environment.

Acknowledging that some Navy IT systems and apps may not function properly in a virtual environment, the memo allows for waivers to the new policy that must be submitted by Sept. 30, 2014, to the Navy and Marine Corps deputy CIOs. The one-year waivers would be subject to annual reviews, the memo stated.

The Navy’s virtualization plan is part of a larger DOD effort to securely shift its IT infrastructure to software-based virtual machines and eventually to the cloud. Security experts note that the shift to the cloud means classified data residing in virtual environments will require greater security controls and role-based monitoring to prevent future security breaches.

“You can take an entire virtual machine with you in a [security] breach,” warned Eric Chiu, co-founder and president of HyTrust Inc. In-Q-Tel, the CIA’s investing arm, recently announced an investment in the Silicon Valley cloud security specialist. Virtual machine specialists like VMWare have also invested in HyTrust.