Thin and Zero Clients Meet Military Security, Environmental Requirements




Because of the increased security and cyber attacks, the Department of Defense is actively pursuing programs to replace virtually all their “fat” PC systems with Thin or Zero Clients.

Due to recent data disclosures and cyber attacks, the Department of Defense is actively pursuing programs to replace virtually all their “fat” PC systems with Thin or Zero Clients. The Air Force is planning on replacing 1.2 million PCs with Thin Clients in 2014. In addition, in 2013, the Army released an architecture document—”U. S. Army Thin/Zero Client Computing Reference Architecture Version 1.0 March 2013.” In the architecture defined by the Army, a user’s applications, data, processing and storage are hosted on an installation processing node, or server, and user access is via a Thin or Zero Client.

The Networked PC and How We Got Here
With the development of workstations, personal computers and the local area network (LAN), data and applications migrated out of the data center and onto the user’s desktop.

With this networked approach, users share data in an informal way and each user potentially might have a different version of the same application—resulting in chaos if the users’ local machines are not tightly controlled. Not only are outdated applications and duplicate data rampant across the network, but loss of data or undetected data theft is possible.

Notwithstanding data security, application security and control issues, the cost of maintaining users’ standalone computers is very expensive and time consuming. The solution is to go back to the centralized system but under a new label. Cloud Computing and Virtual Desktop Infrastructure (VDI) are two of the most common names describing this new paradigm that’s a new twist on the former “dumb” architecture.

The client server diagram shown in Figure 1 is the latest methodology to provide the user with controlled applications and secure data. The amount of control and security provided is dependent on several things, but the most important is the type of client that is used to access the system.

fig1
Figure 1. The server-client environment where the servers are centrally located with the data storage and the user clients can be PC’s, Zero/Thin Clients, Tablets or Smart Phones. By changing the names of servers to “mainframes” and clients to “dumb terminals,” the computer center of the 1970’s is shown.

Cloud Computing: Another Name for the Former Data Center?
The new VDI environment, or Cloud Computing if you prefer, is a leap forward due to several technical features. First, the availability of LANs with speeds up to 1Gb/s provides very efficient data flow between the servers and the user. Also, servers with multi-processor, multi-core technology, multi-GHz clock speeds and large memory capacities to 512GB allow each user to have a virtual connection to a dedicated CPU core and multi-GB of main memory. These are all features that were not available in the timesharing systems of the past.

The structure in Figure 1 can be separated into two pieces—client side and server side. In addition, for military use there is a requirement to be able to implement the system in a harsher environment than the controlled environment of a traditional air-conditioned computer room.

The client side can be implemented using a PC, “Dumb Terminal,” or a Thin/Zero Client. For the purposes of implementing the Structure in Figure 1 the client side description will focus on the Thin/Zero Client. For the server side of the figure an implementation that is portable and usable outside of a controlled environment will be described.

Zero/Thin Client Defined
There is a difference between Zero and Thin Clients. Thin Clients are endpoint devices with a locked down operating system such as Linux or Windows Embedded that is stored in Flash Memory. The Thin Client has more traditional features such as a CPU motherboard and graphics card, and runs such applications as browsers, e-mail clients and PDF viewers. The application is rendered (for viewing) at the Client terminal and provides for user interaction with the program running on the centralized server. This makes it difficult to get a virus or other malware. The Thin Client is PC-like from a hardware standpoint, including size, fans and ports.

Thin Clients are more flexible than Zero Clients as they offer much more peripheral support since they’re configurable and suited for multi-protocol environments. One downside of a Thin Client is that the ability to add peripherals, such as removable USB drives, might compromise security and facilitate unauthorized data transfer. However, USB and other ports can be disabled by the server.

Zero Clients, on the other hand, do not have an OS but are designed with a custom processor that runs a specific protocol such as PC-over-IP (PCoIP). The PCoIP protocol specification, developed by Teradici Corporation (www.teradici.com) defines custom CODECs used dependent on the type of data being transferred. The image is rendered on the host server, and only the compressed pixels and keystrokes are transmitted over the network. This reduces the bandwidth required on the network and improves overall performance. The Zero Client does not require software updates and is immune to viruses.

Other advantages of a Zero Client is that it has a very small footprint and a very low power design, which eliminates the need for forced air cooling. Its small, low-power design renders it usable in harsh environments such as a military forward operating base or tactical operations command (TOC). Coupled with a ruggedized set of two or even three displays, keyboard and mouse, the Zero Client is ideal for deployment by military users or other users who need access to a lot of area for data visualization and situational awareness in the field.

From the military user’s perspective the Zero Client provides a better solution because it contains no disc drives, no operating system and very limited access to the USB ports. The USB ports on a Zero Client are used to connect a keyboard and mouse and cannot be used to add removable storage devices. Therefore there is no way a Zero Client can be used to download sensitive data from the network or load a virus from a removable storage media. At the same time if the Zero Client device has to be left behind there is no data that can be extracted by an unauthorized user.

The Zero Client and displays shown in Figure 2, designed by Chassis Plans (www.chassis-plans.com), is an example of a ruggedized system that can be provided for field use. Using modified LCD displays with ruggedized coatings on the screen and modified backlight systems for full sunlight use in a tri-fold, case the system is easy to transport, setup and use.

The display system is designed to work with several COTS Zero Clients available today. Example manufacturers of Zero Clients are Dell Computers, ClearCube and Raytheon Trusted Computer Systems (RTCS). Both ClearCube and RTCS market Zero Clients with additional security features for use by the Department of Defense.

fig2
Figure 2. An example of a ruggedized display system for use in a military or industrial field installation for Zero Client systems. In this example the Zero Client is installed in the base of the displays, and the three displays are connected to the Zero Client box.

Cloud Computing with Zero Clients for a Harsh Environment
The Zero Client based system shown in Figure 2 provides the client interface of the server-client system shown in Figure 1. In order to implement the server function shown in Figure 1 for use in a non-climate controlled environment the system must be designed, implemented and packaged to operate in a harsh environment.

As an example the server platform shown in Figure 3, also provided by Chassis Plans, with two eight core multi-thread Xeon processors and 128Gb of main memory would easily support twenty-three Zero Clients with multiple displays on each Zero Client. This configuration has a number of benefits to the user:

fig3
Figure 3. A server in a shock-mounted 6U transit case supports a 2U military-grade server. This configuration provides two multicore Intel XEON processors, multiple PCIe expansion slots, and RAID storage unit with up to 48TB of disk storage.
  1. Increased security as the clients are not running the application software directly, nor do they store the data itself. The applications run on the server and the data is stored in managed mass storage. Only keystrokes and screen refreshes are transmitted over the internal network.
  2. Protection against cyber-attacks as the clients are connected to a managed internal network with central auditing, not directly to the Internet.
  3. The ability to block transfer of data from the data center to the client for offloading to a USB stick or other mass storage device.
  4. Protection of data as only one large device contains the data versus the current implementation of multiple laptops, each with secure applications and data installed.
  5. Mounted in a transit case for ease of transportation and setup.

By combining the server shown in Figure 3 with one or more of the clients shown in Figure 2, a complete data center can be deployed where it is required.


steve_travisSteve Travis is VP sales and marketing, Chassis Plans

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • TwitThis

Tags:

Extension Media websites place cookies on your device to give you the best user experience. By using our websites, you agree to placement of these cookies and to our Privacy Policy. Please click here to accept.