Unleash Your Potential - Namagunga Girls Coding Club
ATF & USMS Mobility Pilot, 9 Feb2011
1. Office of Science and Technology
ATF & USMS Mobility Pilot:
Deploying and Supporting iPads/iPhones
in the DOJ Environment
Rick Holgate
ATF Assistant Director for Science & Technology / CIO
DOJ Cyber Security Conference
February 9, 2011
2. Office of Science and Technology
Factors Driving Mobility at ATF (& USMS)
• Law enforcement and regulatory missions
– Most work happens away from the office
– Productivity enhancement
• Emergent situations
– Special operations, major events, ESF 13
• Increasing demand for real-time information
– “Knowing what we know”
• Telework / real estate costs
• Predominantly controlled unclassified information
9 February 2011 innovative applications of science and technology 2
3. Office of Science and Technology
Why A(nother) Mobility Pilot
• Spectrum relocation – video surveillance
• Highly mobile ATF (& USMS) workforce
• Right mobility model for the future
– Usability and functionality
• Lessons learned from mobility pilot v 1.0
– Affordability
9 February 2011 innovative applications of science and technology 3
4. Office of Science and Technology
ATF Organizational Snapshot
(round numbers)
Personnel Mobile Data Devices
12,000 12,000
150
Contractors / 1,800 Windows
10,000 Task Force 10,000 Mobile
Officers / Others
8,000 Other 8,000 3,100 BlackBerries
Professional
6,000 2,400 Staff 6,000
Cellular
Industry Broadband
4,000 1,738 Operations 4,000
Investigators 6,500
806 Laptops
2,000
Special Agents 2,000 (w/secure
2,560 WiFi)
- -
9 February 2011 innovative applications of science and technology 4
5. Office of Science and Technology
Overall Pilot Objectives
• Deliver meaningful functionality
• Test relevant and complete use cases
• Understand technical and cost obstacles and
implications
• Demonstrate the ability to secure and manage
the devices
…while maintaining device/OS-independence
9 February 2011 innovative applications of science and technology 5
6. Office of Science and Technology
Why iOS?
• Market and mind share
• Grass roots adoption
• Intuitive applications readily adopted for law
enforcement
• Appealing form factor(s)
• Easy to use
9 February 2011 innovative applications of science and technology 6
7. Office of Science and Technology
Mobility Solution
Centralized
Mobile
Secure Email Device
Workforce
Management
Security
Enterprise Provisioning
Features
Applications
Scalability and
Reliability Production
Features
Collaboration
Usability Applications Decommission
Features
9 February 2011 innovative applications of science and technology 7
8. Office of Science and Technology
Mobility Solution Architecture
End User Distribution Packaging ATF Enterprise
Mobile Devices
Enterprise
Applications
Outside Mobile
Sandbox Applications
(Apple, iTunes, Collaborating
Android Market) Applications
ATF
Security Policy
Application Profile
Distribution Store
Mobile Device Control
Secure Profiles Profile
Sandbox
Configuration
Profile
9 February 2011 innovative applications of science and technology 8
9. Office of Science and Technology
Core Technical Objectives
Device
Management
Application
Policy
Deployment
Implications
Strategies
9 February 2011 innovative applications of science and technology 9
10. Office of Science and Technology
Mobile Device Management Considerations
Feature & Security Enterprise
Platform
Functionality Compliance Integration
Security Apple iOS MS ActiveSync
FIPS 140
Data at Rest
Software
Android MS Exchange
Management
Asset Management Blackberry Active Directory
FIPS 140
Configuration Data OTA Tivoli, HP Operation
Windows Mobile
Management Manager, etc.
Performance &
Symbian ArcSight
Diagnostic
AES 256
Backup and
Palm WebOS BES
Restore
9 February 2011 innovative applications of science and technology 10
11. Office of Science and Technology
Mobility Scenarios
Functional User Scenarios
Application Deployment
Scenarios Executive Operational Operational Operational
ATF & USMS USMS 1811 ATF 1811 ATF 1801
Office productivity
X X X X
(email, calendar, contacts)
Legacy/desktop applications via Citrix X X X X
Document collaboration X X X X
App Store applications with
X X X X
enterprise data
Custom applications X X
Web applications (internal, external) X X X X
Video management X X
9 February 2011 innovative applications of science and technology 11
12. Office of Science and Technology
Application Deployment Strategies
Training and Reference
Materials
(internal content
Enterprise Apps: management)
• NFOCIS (ATF case
management)
• JDIS (USMS) Enterprise Data:
• MS Office Business Intelligence
• Content repository
Document Authoring,
Collaboration using
Sandboxed Access to
Enterprise Content:
Enterprise Productivity
• WebDAV
(Exchange, etc.),
• Enterprise Content Pinecone
Internal Web Apps
Management System
(ATFWeb, HRConnect)
• IDEA/MyFX (?)
9 February 2011 innovative applications of science and technology 12
13. Office of Science and Technology
Application Deployment Strategies
Personal accounts (?)
Gmail, Yahoo, Hotmail Dictation for
integration with
productivity apps
Personal applications
(?)
Video surveillance and
evidence management
(Provided as a cloud-
Pinecone
based service) External Web Apps:
• WebTA
• learnATF/learnDOJ
• eTrace
9 February 2011 innovative applications of science and technology 13
14. Office of Science and Technology
“How Big is My Sandbox?”
Con- Calen-
Mail Camera
tacts dar
App Native (OS) or
Phone Web Notes
Store
App Store apps
AirWatch, Ever- Office2
BoxTone note HD
Pages Dragon Functionally
“Managed segregated
Space” Anno-
App eReader Camera
through tate
MDM Pinecone
File Calen- Dedicated
App Phone apps in a
Mgr. dar
FIPS 140-2
Good
sandbox
Con-
App Web Mail
tacts
9 February 2011 innovative applications of science and technology 14
15. Office of Science and Technology
“Demo”
9 February 2011 innovative applications of science and technology 15
16. Office of Science and Technology
Application Deployment Principles
• Don’t break the usability and convenience
• Strive for simplicity
• Identify minimum technology footprint necessary
to deliver the required functionality
• Deliver cross-application integration where
logical
• Provide single sign-on where/whenever possible
9 February 2011 innovative applications of science and technology 16
17. Office of Science and Technology
Policy Implications
• Personal vs. government devices
• Personal uses
– Applications
– Data
• Commercial application purchase and
distribution
9 February 2011 innovative applications of science and technology 17
18. Office of Science and Technology
iOS Devices: More Like a Browser or a PC?
Browser PC
Personal “Apps” Locked/Managed Desktop
(Facebook, YouTube, …) –
white/black list No User-Installed
(Personal) Apps
Secure. Managed Browser
(“Sandbox”) Device-Wide Management
Reasonable Use Device Encryption
9 February 2011 innovative applications of science and technology 18
19. Office of Science and Technology
Where This is Leading:
Notional Future Mix of User Devices
• Phone, Slate, Virtual Desktop Infrastructure
– Simple, manageable, highly functional mobile devices
– Apps and data available anywhere / from any platform
– Desktop interface and power if/when needed
• Office “kiosks”; home
– Tighter security management
– Significantly lower cost per user
9 February 2011 innovative applications of science and technology 19
20. Office of Science and Technology
Staying Engaged
• Regular progress meetings – open to DOJ
Components
• ATF POC
– Michael Wallace, michael.wallace@atf.gov,
(202) 648-9322
• USMS POC
– Roland Perez, roland.perez@usdoj.gov,
(608) 661-8225
9 February 2011 innovative applications of science and technology 20
22. Office of Science and Technology
Backup
9 February 2011 innovative applications of science and technology 22
23. Office of Science and Technology
Architecture:
ATF vs. Traditional Environment
9 February 2011 innovative applications of science and technology 23
24. Office of Science and Technology
Secure Email Solution
Security
• AES 256 bit encryption email and data
• Certified FIPS 140-2 cryptography
• Secure Sandbox solution and run time protection
• Secure browser, file manager, camera, and image storage in the sandbox
• ATF Application Distribution Store authentication
Scalability & Reliability
• Ownership of data, does not rely on external relay or Network Operation Center (NOC)
• Dedicated and secured relay
• Scalability by chained and redundant relays
• Provide ATF with a flexible deployment strategy. Different Sandbox IPA to target
different user groups
Usability
• Highly customized ATF Application Store
• Over-the-Air (OTA) download and install Sandbox to the handheld device
• Multiple home screen options inside the Sandbox
• Support ZIP file attachment
9 February 2011 innovative applications of science and technology 24
25. Office of Science and Technology
Mobility Workforce Solution
Enterprise Applications
• Dashboard
• Business Intelligence
• WebTA
• HRConnect
• FO PettyCash
• FO Documents Publishing
Collaborating Applications
• iWalkie
• Secure Chat Room
• GoToMeeting
• eReader
9 February 2011 innovative applications of science and technology 25
26. Office of Science and Technology
Centralized Device Management Solution
Provisioning
• Assign group membership and policies
• Configuring device for connectivity
• OTA delivery of management client
Production
• Track asset data
• Update/repair software
• Distribute and update Large Object Binary (LOB) data and files
• Software license usage and tracking
• Schedule and automate activities
• Remote control of devices
Decommission
• Disable lost/stolen device (remote kill/lock, access violation lock)
• Restore data, redeploy software assets, re-provisioning and re-image
device
9 February 2011 innovative applications of science and technology 26
27. Office of Science and Technology
Centralized Device Management Solution
Afaria AirWatch Boxtone MobileIron
Disable applications X X X X
Broadcast SMS, APNs X X X X
OTA Enrollment X X X X
Over-the-air download and update X X X X
Passcode policy enforcement X X X X
Platform - Apple iOS X X X X
Track inventory & audit compliance for corporate governance X X X X
OTA self-provisioning of devices with central control X X X X
OTA app deployment via enterprise app catalog X X X X
Certificate management & distribution (SCEP) X X X X
Enterprise Integration - Microsoft ActiveSync X X X X
Web-based console X X X X
AD integration (authentication, authorization, policy mapping) X X X X
Feature enable/disable (camera, SD, Bluetooth, WiFi, apps, iTunes, cookies) X X X X
Password enforcement (length, age, complex, inactivity, expiration, history) X X X X
Application Blacklisting X X X X
Application Whitelisting X X X X
Asset management X X X X
Fully integrated audit trail X X X X
Enterprise Integration - Microsoft ActiveDirectory & LDAP X X X X
Lockdown device port (Infrared, WiFi, Bluetooth) X X X X
WiFi pre-config (SSID, Hidden Network, Security Type, Password) X X X X
Detailed deployment & utilization by user, device, carrier, platform X X X X
9 February 2011 innovative applications of science and technology 27