FDCC model branches out

THE AIR FORCE started taking delivery in July on the first of 150,000 new PCs the service ordered through its latest Enterprise Buy program. Many of those computers won't look much different than the machines they're replacing, aside from desktop PCs that sport new 24-inch MPC monitors.

However, the new desktop and laptop PCs being delivered by Dell, Hewlett-Packard and Emtec will be distinct in one regard: They'll be the first to come equipped with their Windows Vista operating systems, including Internet Explorer 7, preset to meet Federal Desktop Core Configuration (FDCC) 2.1 standards.

The new PCs reflect the latest efforts by the Air Force ' and the federal government more broadly ' to standardize the security configurations not only for desktop PCs but also for a broadening array of devices destined for government use.

Projects are now under way to standardize configurations for servers, printers, cell phones and Apple Macs, said Ken Heitkamp, the Air Force's associate director of life cycle management and director of the service's IT Commodity Council (ITCC).

The FDCC grew out of the ITCC's initial efforts with Microsoft in 2006 to test and develop a standard software configuration. This was done in collaboration with the National Institute of Standards and Technology, the National Security Agency, the Defense Information Systems Agency and other agencies.

The desktop standard hasn't been free of controversy. A March 20, 2007, Office of Management and Budget memo that required agencies to implement the FDCC's Windows XP and Vista security standards by Feb. 1, 2008, creating a new layer of work requirements.

Nevertheless, the FDCC initiative has won praise for forcing the software industry to pay greater attention to the default settings of its products ' and as a way to reduce security vulnerabilities.

The Air Force has already implemented the XP FDCC version on more than 500,000 PCs, Heitkamp said. And all Windows-based PCs on Air Force networks will need to use the FDCC version of Vista by Dec. 31, 2009.

Server setups

It was only a matter of time before the Air Force ITCC began applying its standardization model to servers. The service is testing configurations for Microsoft Server 2008, based on similar work completed for Microsoft Server 2003 seven months ago, said Michael Harper, Microsoft Services Director.

'We took that guidance to create a base configuration for Server 2008,' Harper said, and the company will develop configurations for 'roles placed on top of the base configuration.'

Those include the file and print servers, the domain controller, Exchange, SQL Server, SharePoint, Web and Windows deployment services.

Heitkamp said the Air Force is building configurations jointly with DISA, NSA, the Army, the Navy, the Marines, and the Coast Guard. 'We're into a fivemonth period of testing,' he said. The server configurations are expected to be completed by the end of fiscal 2009.

Although reducing software security vulnerabilities might have been the driving force behind FDCC, the real impetus was to reduce costs.

'The commodity council focuses on the complete life cycle of products ' cradle to grave,' Heitkamp said. 'That's separate from software configuration. When we embarked on strategic partnerships of personal computers [to reduce costs], we needed a [common] software configuration to support a variety of hardware suppliers,' he said.

'It saves us $100 by pre-installing software at the factory rather than retrofitting a machine. When you consider we only pay $408 per PC, that savings is significant: If you assume we use it for four years, that's 30 cents a day for hardware. The Microsoft software is 36 cents a day,' he noted. The savings are more significant after adding the 25 cents per day in energy costs that can be reduced by pre-configuring Vista's energy management settings.

'That 25 cents doesn't sound like much, but if all 525,000 Air Force PCs are left on 24/7, that's $46 million a year,' he said.

Cutting power and maintenance costs were also key factors in the Air Force's decision to streamline the number of printing and imaging device categories to 11 ' and the number of suppliers to just HP, Lexmark and Xerox. Standardizing printer software configurations also makes it easier to manage network and document security, smart card identity systems, and duplex printing as a default setting.

Meanwhile, mobile devices are gaining increased focus. For now, the emphasis has been on strategic sourcing deals that simplify and lower monthly rate plan costs, Heitkamp said. But with advances in smart phones, including Apple's new 3G iPhone, the need to develop standardized and secure mobile operations systems is growing by the day.

About the Author

Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above