VDI Cyber Range Technical Requirements Ian Benwell March 2010 Copyright © 2010 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.
Critical Success Factors The following Critical Success Factors (CSFs) apply to the technical infrastructure designed for the Cyber Range environment: Fully functional environment that shows the benefits of our approach. It should provide the level of security as an operational production environment. Self-contained so it can be moved between locations and duplicated as required. There should be no dependencies on outside resource such as network authentication, backups, etc. High performance keeping in mind that this is not a fully operational enterprise environment. Scale should be limited wherever possible given the limited capabilities and size of the environment (8 virtual desktops). Reset-on-demand to limit downtime between test cycle. Any static data should only reside outside the environment. Application Development 2/26/2018
Technical Requirements Summary Component Solution Recommended Access Infrastructure VMware View 4.0 Connection Broker, administrator remote access to all machines via Microsoft RDP and local access via KVM Authentication Standalone Microsoft Active Directory 2008 implementation Backup and Restore External USB hard drives to restore complete system from server images, and additional storage for data exports Hardware specifications 2X HP ProLiant ML350 G6 E5530 2.40GHz Quad Core SFF 32GB Memory, 4TB disk (4X1TB disks to support RAID 1+0) Network Juniper SSG5 or SRX100 that combines router, firewall and IDS capabilities to limit configuration requirements and reduce server overhead Remote client device Wyse X90 thin client laptops configured to access virtual desktop infrastructure, with USB access enabled. Dell laptop to manage VMware virtual machines (console and management tools). Security Implement FDCC v1.1 guidelines and apply standard virtual desktop tuning configurations used on previous projects Server OS configuration Microsoft Windows 2008 x64 Server, or use partner provided virtual machine Solution Delivery Platform VMware vSphere to virtualize all desktops and servers Storage RAID1+0, supported by HP for optimal balance of performance and availability capabilities Virtual Desktop configuration Microsoft Windows XP SP2 and Vista SP2 32-bit workstation images Application Development 2/26/2018
Technical Requirements Access Infrastructure: VMware View 4.0 Connection Broker, administrator remote access to all machines via Microsoft RDP and local access via KVM Considerations Access to free licenses from VMware (View) and Citrix (XenDesktop) using our existing alliance agreements Initial Recommendations VMware View 4.0 Connection Broker since its included with vSphere and so we can use link clones to quickly re-provision virtual desktops between test runs. Rationale No need for advantages associated with XenDesktop such as ICA protocol for performance over WANs, HDX for multimedia or universal printing capabilities Application Development 2/26/2018
Technical Requirements Authentication: Standalone Microsoft Active Directory 2008 infrastructure Considerations Microsoft Active Directory required to manage XP and Vista deployed desktops Initial Recommendations Deploy a standalone Microsoft Active Directory 2008 infrastructure Evaluate Group Policies that may be required for the View and vSphere environment (i.e. VMware best practices) Rationale Integrate AD Group Policies into virtual desktop infrastructure to manage desktop environment Accenture Defense Team has experience deploying Microsoft Active Directory environments Application Development 2/26/2018
Technical Requirements Backup and Restore: External USB hard drives to restore complete system from server images, and additional storage for data exports Considerations Standalone environment with no data center backup services available Limited needed for backup since environment will be reset to baseline frequently between test runs Need to export data occasionally for further analysis Initial Recommendations Start with 6TB of USB 2.0 external drive space. Format drives as either ext2 or 3 since vSphere does not support NTFS over USB Create Symantec Ghost images of servers for quick restores (4TB) Maintain an additional 2TB of storage space for data exports Rationale Standalone portable environment limits backup options to USB hard-drives Application Development 2/26/2018
Technical Requirements Hardware specifications: 2X HP ProLiant ML350 G6 E5530 2.40GHz Quad Core SFF 32GB Memory, 4TB disk (incl. 4X1TB disks per server to support RAID 1+0). Considerations HP M-Class towers support Intel VT virtualization in a Tower form factor Initial Recommendation Procure 2X HP ProLiant ML350 servers to support the environment Also include KVM and monitor for direct access to the servers Utilize CPU and memory over-subscription feature in vSphere Host1: Virtual Desktop Infrastructure Host2: Data mining, analytics, admin Rationale Server tower form-factor makes it easier to mover servers Application Development 2/26/2018
Technical Requirements Network: Juniper SSG5 or SRX100 that combines router, firewall and IDS capabilities to limit configuration requirements and reduce server overhead Considerations Must support uploads to ArcSight repository (directly, or via UTM interface) Scale to support logging required during demonstrations Initial Recommendations Juniper SSG 5 or SRX100 to simplify configuration and offload network resources from server infrastructure (e.g. when virtualizing network components) Enable DNS proxy on Juniper device to cache DNS requests (still needs DNS configured on Active Directory) Rationale Offload processing to dedicated hardware Reset between tests can be done quickly from console Application Development 2/26/2018
Technical Requirements Remote Client Device: Wyse X90 thin client laptops configured to access virtual desktop infrastructure, with USB access enabled. Dell laptop to manage VMware virtual machines (console and management tools). Considerations Need low-maintenance device that provide direct access to virtual desktops Use laptop form factor for thin client devices to reduce physical footprint during demonstrations Initial Recommendations Procure Wyse X90 thin client laptops, configured to access the Cyber Range virtual desktop infrastructure for demonstrations Produce Dell laptop to host VMware management tools Rationale Use thin client laptops for low maintenance that are easy to configure with less moving parts than a standard PC or laptop Application Development 2/26/2018
Technical Requirements Security: Implement FDCC v1.1 guidelines and apply standard virtual desktop tuning configurations used on previous projects (in addition to overall security configuration being enabled by McAfee, Triumf, ArcSight and SAS) Considerations Demonstration users will be granted full access to virtual desktops Need to match environment to a typical Dept of Defense agency setup Initial Recommendations Implement FDCC v1.1 guidelines for standard Windows XP and Vista desktops Enable access to USB drives for testing during demonstrations so users can run tools to test the security of the environment Rationale: Need to ensure virtual desktops meet FDCC requirements Application Development 2/26/2018
Technical Requirements Server Software configuration: Microsoft Windows 2008 x64 Server, or use vendor provided virtual machine Considerations: Access to free licenses from Microsoft technologies using our existing alliance agreements Authentication will be managed using Active Directory services Initial Recommendations: Deploy Microsoft Windows 2008 x64 Server when as the default choice when a virtual machine is not provided by a vendor Rationale: Accenture Defense team has experience deploying Microsoft Windows servers Application Development 2/26/2018
Technical Requirements Software Delivery Platform: VMware vSphere to virtualize all desktops and servers Considerations: Need to virtualize all software components to maintain agility in the environment so we can run multiple iterations of use cases over short periods of time during demonstrations. Access to free licenses from VMware (vSphere), Citrix (XenServer) and Microsoft (Hyper-V) virtualization technologies using our existing alliance agreements Initial Recommendations: Deploy VMware vSphere to support virtualization infrastructure for the Cyber TechLab. All OS components will be virtualized. Rationale: Accenture Defense team has experience with VMware virtualization technologies including ESX and View We can start building virtual machines now using existing VMware TechLab hosted by Accenture Defense Team Application Development 2/26/2018
Technical Requirements Storage: RAID1+0, supported by HP, for optimal balance of performance and availability capabilities Considerations: Access to free licenses from Microsoft technologies using our existing alliance agreements Authentication will be managed using Active Directory services Initial Recommendations: RAID1+0, supported by HP that will require 4 separate disks (disk 2 will mirror 1 and 3 will mirror 4 and then ½ and ¾ will contain a stripe set. Rationale: San Antonio team has experience deploying Microsoft Windows servers Application Development 2/26/2018
Technical Requirements Virtual Desktop configuration: Microsoft Windows XP SP2 and Vista SP2 32-bit workstation images Considerations: FDCC Major Version 1.1 (as with all previous versions) applies only to Windows XP SP2 and Vista desktop and laptop computers. Infrastructure will be deployed using vSphere and View technologies Initial Recommendations: Deploy XP SP2 and Vista SP2 to match current FDCC standards. Use 32-bit to ensure maximum compatibility with software drivers and typical workstations builds deployed Department of Defense and other potential clients. Rationale: Support key business requirements of environment to test FDCC compliance. Environment can support additional desktop configurations as required. Application Development 2/26/2018