dod enterprise mobility
TRANSCRIPT
UNCLASSIFIED 1
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DoD Enterprise Mobility
Ms. Ashley Rozier
Deputy Division Chief, DoD Enterprise Mobility
28 October 2021
UNCLASSIFIED 2
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DISCLAIMER
The information provided in this briefing is for general information
purposes only. It does not constitute a commitment on behalf of the
United States Government to provide any of the capabilities, systems or
equipment presented and in no way obligates the United States
Government to enter into any future agreements with regard to the same.
The information presented may not be disseminated without the express
consent of the United States Government.
UNCLASSIFIED 3
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
Agenda
• DoD Enterprise Mobility Service Offerings
• DoD Mobility Unclassified Capability
• DoD Mobility Classified Capability
UNCLASSIFIED 4
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DoD Enterprise Mobility Service Offerings
UNCLASSIFIED 5
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DoD Enterprise Mobility Service Offerings
DoD Mobility Unclassified
Capability
DoD Mobility Classified
Capability - Secret
DoD Mobility Classified
Capability – Top Secret
Provides Government-owned mobile device access to Unclassified
Department of Defense Information Network (DoDIN) and commercial
information services.
• Enterprise Mobility Mgt – MDM, MAM• Mobile Application Stores (commercial
and private)• PKI Credentials (Purebred)
• Gov’t Email Access• M365 Tenant Support and Integration
• High Availability (Dual Gateways)• Commercial Voice
• 24/7 Service Support
Provides Government-owned mobile devices access to Classified Secret
Department of Defense Information Network (DoDIN) information services.
• CSfC Registered Solution• Mobile Device Management
• Global Service Area• Classified Email
• Data-in-Transit and Dual VPN / Data-in-Transition Protection
• Secure Enterprise (Secret) Voice• High Availability (Dual Gateways)
Provides DoD Limited Distribution service mobile device access to
Classified Top Secret Department of Defense Information Network (DoDIN)
telephony services.
• CSfC Registered Solution• Mobile Device Management and Policy
Enforcement• Federal Information Processing
Standards IP Security VPN
• Global Service Area• Secure Voice (TS Collateral)
• High Availability (Dual Gateways)• Phone only
Total Users = ~8000 DoD, NLCC, Federal*Total Users = ~142,000 DoD* Total Users = ~400 DoD, NLCC*, Federal
Phone/Tablet Phone/Tablet/Laptop (WINDAR-S) Phone Only
UNCLASSIFIED 6
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DoD Enterprise Mobility Service Offerings
DoD Mobility Unclassified
Capability
DoD Mobility Classified
Capability – Top Secret
Phone/Tablet Phone/Tablet/Laptop (WINDAR-S) Phone Only
NextGen Device (NGD)• Samsung Galaxy S20
• Delivery: TBD
Infrastructure/Network Changes• CMS/Gold Dialing
• DRSN Site Diversity
• Functions Domestically and Internationally
• Sensitive Compartmented Information (SCI)
Business Case Analysis
Increase User-Base• Increase beyond 500 devices
• Delivery: TBD
NextGen Devices (NGD) • Samsung Galaxy S20
• Samsung Galaxy TabS7
• Available via DISA
Storefront (DSF) BPA
• Dual Data-at-Rest (DualDAR)
• Secure Voice and Instant Messaging (IM)
• Offers Outlook Web Access and select
productivity applications
• Failover for Voice and Data, International
Access and Device Management
WINDAR-S • Dell Latitude 7320
• Available via DSF BPA
• Additional peripherals
• Delivery: Q4 FY21
M365 Mobile Applications
• Phase 1 Apps Now Available
• Phase 2 Apps Coming Jan 2022
M365 IL5 Tenant Integrations• DoD365: Completed
• Army 365: In-progress
Infrastructure Changes and Mobility
Gateway Capacity Expansion• Recently completed extensive capacity
expansion effort to support additional 365
users on VPN in Oct ’21
DoD Mobility Classified
Capability - Secret
UNCLASSIFIED 7
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DoD Mobility Unclassified Capability
UNCLASSIFIED 8
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DMUC Snapshot
Telecoms Supported
▪ 89 Carriers Globally (Verizon and
AT&T largest)
Countries Served
▪ Devices in 117 Countries
▪ 92% in U.S., 8% in other countries
▪ Hosting at 3 data centers within U.S.
Telecom Carriers & Global Reach
Customers Overview
▪ DMUC serves 50+ orgs across DoD
▪ ~140k DMUC Users
▪ ~ 3,000 VIPs
Devices and OS Overview
▪ 135k+ iOS 14.x
▪ 6k+ Android 9.x – 11.x
Customers & Devices
▪ $3.97 / Device / Month
▪ Mobile App Store (1,300+ apps)
▪ Tier II (24x7) & Tier III (8x5) Support
▪ Recent ATO, authorized Sept ’21
▪ Integrated with Army365 and DoD365
▪ Supported Products List, NIAP
Certified, FIPS 140-2 Validated
Customer Engagement
Proactive stakeholder and customer
engagement are critical to DMUC success:
▪ Interactive monthly meetings and Q&As
▪ Mobility Service Portal (MSP)
announcements and users guides
▪ DMUC System Health Status Page
updates for help desk and users
▪ Dedicated Product Support resources
Service Highlights
DMUC: DoD enterprise service offering enabling government-owned Mobile Devices access to Unclassified Department of
Defense Information Network (DoDIN), Microsoft 365 (M365) Impact Level 5 (IL5) tenants, and commercial information services.
Upcoming Initiatives
UNCLASSIFIED 9
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
VPN CapacityExpansion &
Routing Optimization
Effort: Completed efforts to expand VPN Capacity and upgrade circuits, to support up to 240k users (includes backup).
Impacts: VPN increase supports Army, DoD 365 users; streamlined routing improves the end user experience.
DMUC Highlights from Current and Upcoming Efforts
Mobile Endpoint
Protection (IOC)
Effort: Currently in the IOC deployment Phase, the Zimperium solution enhances DMUC mobile device security by protecting against threats at the application, network, and Operating System-levels and provides visibility and control over data leaks.
Impacts: Provides a path forward to open the App Stores for personal use and bolsters DMUC security posture.
M365 Support & Feature
Enhancements
Effort: Mobility engineering follow-on support for remaining DoD365 and Army365 migrations and customer requirements.
Impacts: Phase 2 apps-vetting and deployment; sub-org onboarding to DMUC; NPE Mailbox Enablement; ad hoc technical support.
Upcoming Efforts: DMUC is planning and targeting deployment of additional mobile service capabilities and features through FY23.
Current Efforts: DMUC is driving multiple efforts to enhance enterprise mobility service and customer experience.
• BYOAD – Operationalizes pilot effort, expands existing DMUC service catalog, enables access via non-GFE devices, and supports customer growth.
• M365 App Vetting and Deployment (Phase 2) – Additional mobile productivity apps will be made available to DMUC users; targeted for Jan ’22.
• Mobile Endpoint Protection (FOC) – Deploys Zimperium to remaining customers, provides path forward to open up App Stores for personal use, and bolsters DMUC security posture.
• Purebred Re-enrollment – PKI Certificate Authority (CA) change requires DMUC user PB reenrollment; supports 3rd party app developer changes, iOS testing, and reenrollment user task required for PB to continue working on DMUC devices.
• Multi-Tenant M365 Support – Enables MDM integration with multiple IL5 Tenants and aims to expand existing functionality of MI Core to share device compliance data with more than one IL5 tenant (i.e., DoD365, Army365, etc.).
UNCLASSIFIED 10
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DoD Mobility Classified Capability
UNCLASSIFIED 11
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DMCC-S: Provides Government owned mobile devices access to Classified Secret DoDIN information services
DMCC-TS: DoD Limited Distribution service providing mobile device access to Classified Top Secret DoDIN telephony services
DMCC-S & DMCC-TS Snapshot
DMCC-S Telecoms Supported
▪ AT&T
DMCC-S Hosting Sites
▪ Hosted and managed at DISA Data
Centers
▪ Deployed global load-balancing for NGD
DMCC-TS Telecoms Supported
▪ AT&T
DMCC-TS Hosting Sites
▪ Hosted and managed at DISA Data
Centers
Telecom Carriers & Global Reach
DMCC-S Customer Overview
▪ DMCC-S serves many DoD Orgs
▪ ~8000 DMCC-S Users
▪ ~1800 VIPs
DMCC-S Devices and OS Overview
▪ ~6000 Legacy Android Devices (S7/TabS3)
▪ ~300 Next Generation Devices (S20/TabS7)
▪ ~1500 WINDAR-S Devices
DMCC-TS Customer Overview
▪ Senior leaders and continuity stakeholders
across DoD and NLCC
▪ ~400 DMCC-TS Users
DMCC-TS Devices and OS Overview
▪ Samsung Galaxy S7
▪ AT&T Unite Express 2 Retrans. Device
Customers & Devices
DMCC-S
▪ NGD / SMR1 Deployment (S) – Q4 FY21
▪ NGD/DoD365 IL6 Integration (S) – Q2 FY23
▪ NGD / Productivity Apps
▪ $80.12 / DMCC-S Device / Month
▪ $290.38 / WINDAR-S / Month
▪ Tier II (24x7) & Tier III (8x5) Support
▪ MACP 2.1 & DARCP 5.0 Registered
DMCC-TS
▪ NGD / Infrastructure - Q2 FY22
▪ CMS / Gold Dialing – Q2 FY22 (projected)
▪ $80.12 / DMCC-TS Device / Month
▪ Tier II (24x7) & Tier III (8x5) Support
▪ MACP 2.1 Registered
Service Highlights
UNCLASSIFIED 12
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
NextGen Device /
Infrastructure (NGD/I)
ECD: Q2 FY22*
Evaluate, test, and deploy the Next-Generation DMCC-TS Device
Provides the next-generation DMCC-TS device baseline with new device features, enhanced security and device recency
DMCC Highlights of Current Efforts
CMS / Gold Dialing
ECD: Q2 FY22
Establish calling to Gold network via CMS to address MPEO/RAO requirement and technical exchange meeting between
PMO, WHCA and DRSN stakeholders
Increase capabilities for U.S. government senior leaders with a critical role in national security and defense
Current Efforts: DMCC-TS is upgrading device form factor and expanding critical classified services to support senior U.S.
government leaders.
Current Efforts: DMCC-S is rapidly expanding NextGen Device capabilities and focused on improving Mission Partner/user
experience.
Provisioning / Tier III
Improvement (S/W)
ECD: Ongoing
Evaluate current provisioning and Tier III processes and identify improvement and surge opportunities
Increases long term provisioning rate / output to reduce current backlog of devices and plan for legacy device reprovisions
Productivity App and
DoD365 IL6 Integration
(S)
ECD: Q2 FY23
Identify interim-productivity app. and plan for long-term integration with DoD365 (IL6) infrastructure and services
Leverages data-at-rest enablement to provides additional productivity apps and capabilities to improve user experience
UNCLASSIFIED 13
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DMCC-S Future Activities & Workstreams
Samsung Email Pilot (S)
Pilot Samsung Email client on NGDs
Enhances features, functionality, and user experience for MPs
(W) = WINDAR-S (S) = DMCC-S
Provisioning Enhancements
Future Device AoA (S)
Q1 FY22 Q2 FY22 Q3 FY22 Q4 FY22FY23
Next-Gen WINDAR-S (W)
Legacy Device Sunset (S/W)
MACP v2.5 and DAR 5.0 CP Registration (S/W)
Next Generation WINDAR-S
Develop and pilot test of Next-Generation WINDAR-S.
Enhanced security for MPs and additional device diversity
Legacy Device Sunset (S/W)
Sunset for legacy DMCC-S devices and retransmission devices
Supports security and maintaining compliance with NSA
requirements
MACP v2.5 and DAR 5.0 CP Registration (S/W)
Register against NSA CSfC CPs
Validates security compliance with NSA CSfC CPs
Future Device AoA (S)
Early evaluation and testing of next DMCC-S device
Deployment of new DMCC-S device to MPs
Provisioning Enhancements
Deploy next gen devices
Deployment of new DMCC-S device to MPs
DoD365 IL6 Integration (S)
Integrate with DoD365 infrastructure and services
Deploy DoD365 enterprise services to MPs*Full prod. integration start TBD
Samsung Email Pilot (S)
Projected Transition to Enterprise Gray PKI
Transition devices 12-month interim-Gray certs. to
Enterprise Gray CA
Security and compliance with NSA requirements
Project Transition to Enterprise Gray PKI
DoD365 IL6 Integration (S)*
UNCLASSIFIED 14
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DMCC-TS Future Activities & Workstreams
SCI Evaluation
Q1 FY22 Q2 FY22 Q3 FY22 Q4 FY22
MA CP 2.5 Integration
FY23
Next-Gen DMCC-TS Deployment
DRSN Site Diversity
NextGen DMCC-TS Deployment
Develop the next generation DMCC-TS Device
Provides a next-generation DMCC-TS device baseline with new
device features, enhanced security and device recency
MACP 2.5 Registration
Register against NSA CSfC CPs
Validates security compliance with NSA CSfC CPs
DRSN Diversity
Establish additional DRSN site
Additional DRSN site to reduce operational impact to DMCC-TS
Mission Partners
Sensitive Compartmented Information (SCI) Evaluation
Evaluate business case for SCI capability and SCI consolidation
Informs DISA on viability of deploying TS/SCI service offering
given current policies, infrastructure, and constraints
Provisioning Organization Consolidation
Realign and consolidate resources for DMCC-TS provisioning
Resources remain agile, facilitates cross-training, and
maximizes skills and abilities of personnel across the
workforce
Provisioning Org. Consolidation
UNCLASSIFIED 15
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
DEFENSE INFORMATION SYSTEMS AGENCY
The IT Combat Support Agency
/USDISA @USDISADisa.mil
UNCLASSIFIED 16
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
Obtaining DMUC Service Process Overview
UNCLASSIFIED 17
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
Approximately 10-17 Days Total Business Days
Devices, Licensing, Hotspots, and service
plans available
DISA
Dependencies
Device is onboarded
User and device certificates are
generated; Devices are placed in queue
MP contacts SMIT to indicate interest
Device is configured, hardened, and shipped
to MP
MP has SIPR account (receipt of PIN), has authorized devices, completed documentation, DISA Storefront (DSF) access and information (Program
Designator Code (PDC), Authorized Requesting Official (ARO) & Authorized Funding Official (AFO) roles): https://disa-storefront.disa.mil/dsf/home
MP has provided all order approvals
Secure Mobility Infrastructure Team (SMIT) / Provisioning
MP completes internal DSF
approvals
Approx. 5-10 Days
3. User Configuration1. Preparation4. Device
Provisioning2. Ordering
Approx. 5-7 Days
Mission Partner
Certificates are generated, services
available
Ensure access to services MP (may require
additional whitelist)
Mission Partner (MP) SMIT
Mission Partner Request Fulfillment Process OverviewDMCC-S and WINDAR-S
Interactions with DoD Mobility (SD) as needed
UNCLASSIFIED 18
UNCLASSIFIED
DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!
Approximately 10-17 Days Total Business Days
Devices, Licensing, Hotspots, and service
plans available
DISA
Dependencies
Device is onboarded
User and device certificates are
generated; Devices are placed in queue
MP contacts SMIT to indicate interest
Device is configured, hardened, and shipped
to MP
MP has SIPR account (receipt of PIN), has authorized devices, completed documentation, DISA Storefront (DSF) access and information (Program
Designator Code (PDC), Authorized Requesting Official (ARO) & Authorized Funding Official (AFO) roles): https://disa-storefront.disa.mil/dsf/home
MP has provided all order approvals
Secure Mobility Infrastructure Team (SMIT) / Provisioning
MP completes internal DSF
approvals
Approx. 5-10 Days
3. User Configuration1. Preparation4. Device
Provisioning2. Ordering
Approx. 5-7 Days
Mission Partner
Certificates are generated, services
available
Ensure access to services MP (may require
additional whitelist)
Mission Partner (MP) SMIT
Mission Partner Request Fulfillment Process OverviewDMCC-S and WINDAR-S
Interactions with DoD Mobility (SD) as needed
▪ Increase Provisioners▪ Upgrade Provisioning
Stations
5
▪ Expedite Certificate Generation
▪ Decentralize Admin. Processes
4
▪ New Knowledge Management Portal
▪ Standardize Forms
▪ New Mission Partner Documentation
▪ NextGen Devices▪ New Retrans. Devices
1
3
2
Enhancements will address inefficiencies, improve technical capabilities, leverage training and reduce site-related challenges to
improve the service delivered to MPs.