I may be naive here, but how are they going to install 776,000 copies onto their computers at once? Or do they have to do this one system at a time (still doable, but that could take years)?
Build a package in SCCM and hit go.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
I may be naive here, but how are they going to install 776,000 copies onto their computers at once? Or do they have to do this one system at a time (still doable, but that could take years)?
I may be naive here, but how are they going to install 776,000 copies onto their computers at once? Or do they have to do this one system at a time (still doable, but that could take years)?
News Flash, their email is already going through the internet... So cloud or no cloud, you have the same data going over the internet anyway.
Second News Flash, most of the people in charge of securing that e-mail, network traffic, and internet access points are contractors.
Third News Flash, communications are already dependent on contractors.
And just on another note, so far all the cloud services that have been used with the DoD have had a number of restrictions and obligations agreed upon by the company providing the services. DoD has already been using AWS for awhile, they also have contracts with Google Cloud and have been in business with Microsoft for a long time. All of them have to comply to most of the same STIGS, RMF, and other IA compliance issues that other programs deal with. If they do not, they are not allowed on the network.
NIPR is encrypted from base to base, and the boundary to the internet is heavily guarded.
The difference now is that all the exchange accounts and data will be passed to Microsoft servers/infrastructure. Sure, it’ll be encrypted, but it’s being passed to a domain the DOD doesn’t control.
And no, most of the people doing secure aren’t contractors.
Actually not exactly. And just because something is encrypted, doesn't mean it is not vulnerable. Also with 365, you will still have the same encryption being used. So I fail to see the difference there.
How do you know the DoD does not control that domain? Have you seen where the servers are located? The DoD controls most of their AWS assets.
Lol okay. Who do you think provides the encryption and communication channels technology? Who controls the comm lines? Who engineers the solutions? Who writes all the processes being used? And who is in the watch room? Because I can tell you, that is all contractors.
Is it just me or does it concern anyone else here that no one seems to realize that Office 365 is also installed locally on the computer? You know, Office 2016 or whatever version is out at that point.
You’re so far off that I won’t bother.
NIPR is encrypted from base to base, and the boundaries to the internet are heavily guarded.
The difference now is that all the exchange accounts and data will be passed to Microsoft servers/infrastructure. Sure, it’ll be encrypted, but it’s being passed to a domain the DOD doesn’t control.
And no, most of the people doing secure aren’t contractors.
I was going to reply to his post but when he said most of the people doing security aren't contractors i tuned out. Not worth bothering.You’re so far off that I won’t bother.
I was going to reply to his post but when he said most of the people doing security aren't contractors i tuned out. Not worth bothering.
i'm saying the opposite, there are more contractors than military personnel, i used to be one i know.I think you mean to say, that I said most of the people securing the connections are contractors. Or are you suggesting that only military personnel engineer the solutions. Only military personnel develop the tactics to install the solutions. Only military personnel are the ones that install the solutions. Only military personnel are the ones that support the solutions. Only military personnel are the ones that monitor the comm lines. Only military personnel are the ones that monitor the traffic. Only military personnel are the ones that write the search algorithms to alert on. Only military personnel are the ones that configure the firewalls, routers, and rules to secure the network. Is that what you are suggesting?
I think you mean to say, that I said most of the people securing the connections are contractors. Or are you suggesting that only military personnel engineer the solutions. Only military personnel develop the tactics to install the solutions. Only military personnel are the ones that install the solutions. Only military personnel are the ones that support the solutions. Only military personnel are the ones that monitor the comm lines. Only military personnel are the ones that monitor the traffic. Only military personnel are the ones that write the search algorithms to alert on. Only military personnel are the ones that configure the firewalls, routers, and rules to secure the network. Is that what you are suggesting?
It's actually a lot more than just that. It means you have less servers to run things like Exchange, Lync, Federated Services, etc and less admins needed to manage it. Aside from just servers, your security compliance requirements drop off, as you have less services. You'll easily have 1000+ GPO security settings that need to be implemented to meet STIG (Security Technical Implementation Guide) requirements.
We build ours out into multiple GPOs for computer and users settings for each requirement. Office STIGs, Lync STIGs, Exchange STIGs, workstation OS STIGs, server OS STIGs, etc. Then you have exemption GPO settings, as usually the STIG will break something. So you need to reverse the setting and then stuck with paperwork to say why you have that setting different from the STIG setting.
STIGs also release like every few months. You're looking at a week of work for each GPO (making, testing, implementing). If you no longer have Lync or Exchange servers, that's at least 2 GPOs gone. If Office is no longer deployed out, that's some STIGs gone there. You'll also have to SCAP scan each server and fix any vulnerabilities that aren't fixed from the GPOs or patches.
I just don't know if the Pros will outweight the Cons.
USAF was on a big push to just get rid of personnel in general. They're finally realizing the massive mistake they made, but they made cuts so deep that they lost all their knowledge. Can't do OJT, when those teaching don't know either. Those that did, got cut years ago and never had the chance to pass along the knowledge.
I don't think them choosing to go contractors is so much a choice they want to do, but they have to do. They need to regain some of that knowledge from somewhere and anyone who's gone through an IT tech school in the USAF knows it doesn't teach you much.
The entire reason the USAF and DOD at large is doing this is because there has been a major push on getting rid of the communications enlisted/officers and contracting everything out. The less infrastructure/in house stuff the DoD needs to maintain they think is better due to the cost savings.
What these idiots haven't really totally thought through is what happens if there is ever actually a war and now all your communications are completely dependent on contractors coming into work. You also have to hope that Microsoft (Or wherever the cloud is) will adequately protect their services.
Their plan will save money, but is it really worth the operational risk?
And yes, the DoD has SIPRNET/JWICS/Etc for the real mission, but anyone who's been in knows how dependent we've become on NIPR for anything personnel/logistics related. Never mind the fact that big data analytics on all those unclass emails is a major OPSEC threat.
Office will still be installed on your local machine, what it does it allow the AF to shutdown 1000s of servers for network file shares, sharepoint, email and migrate those users to O365. If the AF was run well at all (and it isn't) it would result in significant reduction in staff to support all those systems,
No it doesn't. The Air Force doesn't run their own exchange, hasn't for years.. It's managed by the DoD which is why everyones' email account is now @mail.mil
(I have to correct this, apparently the Air Force has not yet transitioned to the DoD exchange service and do still run their own exchange, but this is going to happen and they will not be going to Office365 for their email.)
Office will not be on the local machines, that is what Office365 is, a cloud based Office app. And transitioning to Office365 doesn't mean the Air Force has decide to move their data repositories and sharepoint farms to a cloud service and relinquish direct control of their file servers. Did you see that stated in the article because I did not, and it would not be a requirement in order to adopt Office 365.
it doesn't have to be classified to be valuable.
Point taken, but I was trying to point out that the Classified Networks are in no way threatened by this move.
I may be naive here, but how are they going to install 776,000 copies onto their computers at once? Or do they have to do this one system at a time (still doable, but that could take years)?
Just a correction, there is a link between every classified network and the internet. Its just not lNot completely, military email accounts are not [email protected], they are all @mail.mil meaning a single unified exchange domain for the entire DoD, a change to Office 365 won't effect that and many other services at all because those services are not local to the branch but span the DoD as a whole.
And again I will reiterate, 10 of the DoD network footprint is unclassified work, the other 90% is classified on networks that are not connected to the internet so you can't off-load these services to commercial vendors and commercial services. At best you can replicate them in house on each of these many classified networks which really can cut back on the savings and benefits. I work on four different networks, off loading users on one of them to Office365 just means I have one less but I still have to do everything on the others, I'm still being paid and were still buying licenses and servers.
its not real cloud, its basically remote hosted managed services with dedicated machines and equipementHow do they properly deal with CMI's on Microsoft owned terrain? We're also making the assumption Microsoft isn't compromised in some way.
No, classified networks aren't threatened. If you've got free wheeling access to every NIPR email/exchange account out there though that gives a good window into revealing Ops as it is. Never mind all the other avenues it opens to fucking with logistics, security/PII management, and people's pay.
its not real cloud, its basically remote hosted managed services with dedicated machines and equipement
How do they properly deal with CMI's on Microsoft owned terrain? We're also making the assumption Microsoft isn't compromised in some way.
No, classified networks aren't threatened. If you've got free wheeling access to every NIPR email/exchange account out there though that gives a good window into revealing Ops as it is. Never mind all the other avenues it opens to fucking with logistics, security/PII management, and people's pay.
Just a correction, there is a link between every classified network and the internet. Its just not l
its not real cloud, its basically remote hosted managed services with dedicated machines and equipement
They don't even share the same physical communications equipment, not even a common satellite.
If it's just going to be an internal to AFIN contracted out solution then I don't have a problem with it. Of course, then I have to ask why the fuck the USAF is wasting more money on their own solution and not conforming to DISA/JIE by going with mail.mil.. Because while this will be cheaper then locally managed exchange servers at every base it's still not moving to @mail.mil which means we're just wasting more money on another interim step.
You aren't correct, and I won't say much more - But needless to say almost everything rides over the same commercial backbones leased by DISA at some point. There can be exceptions, but that's not the norm.
There are a fuck ton of contractors, but that’s not what I’m talking about.
You aren't correct, and I won't say much more - But needless to say almost everything rides over the same commercial backbones leased by DISA at some point. There can be exceptions, but that's not the norm.
So please explain what you are talking about because...
Which is managed and secured by who again? That's right, contractors, which brings us back to the my point in the first place. Also there are quite a few exceptions to what rides over those comm lines. But those leased lines are managed, monitored and maintained by contractors.
Contractors do some of it - Yes. At the end of the day there are a number of critical functions that contractors simply aren't doing because they aren't allowed to do it.
I will just continue to let you live in that fantasy then. I am just sitting here thinking about who the WOs are, right, contractors. And then who do they go to when there is an issue, oh right, contractors. Who advises and helps write the filter rules, oh right, contractors. I could go on and on. I am not sure what critical functions you think are being "controlled" without any inclusion of contractors.
So I work in this software development activity and the entire IT team is contractors, but we do have a DA civilian who is in charge of the server room. He makes all the decisions regarding our work. But he comes to us on everything, asks us about everything, it's our recommendations he relies on for his decisions. Now that doesn't mean he does what we tell him to do, because sometimes he has to make choices based on directives we might not even be told about. But he certainly listens to us and values our input and he comes to us when he wants to learn how things work. That's because he isn't a data center guy, he was a developer who became a GS and now he's in charge of a data center but has no data center experience. But he listens and for that we are thankful.
As for guys in uniform, I'm sure there is a Colonel or two up there somewhere, but we never see or hear from them, not that anyone on our team cares about. We do the work, we configure and maintain and do it according to security standards and guidance and the govy makes all the decisions and we keep ourselves straight by remembering that it's his (the govy's) server room and it's his equipment, and we just have the privilege to work on it, and to work with someone who values our work and diligence.
As messed up as some things can seem, there are worse ways to make a buck.
You guys realize that all the comms down at the tactical level are largely maintained by soldiers/sailors/airmen, correct? Yes - Contractors largely are doing day to day for the big enterprise mothership, but once the enterprise delivers to a base boundary / tactical level it's all done largely by blue suits. On top of that, contractors aren't even allowed to do crypto that all the transport leases rely on, and they aren't doing much on the Cyber ops side either besides development - But they aren't executing.
We appreciate your hard work but your perspective is limited to what you know..
Our company went to O365 and EVERYONE (who has a clue) hates it. It is SO SLOW compared to regular Outlook. But the exec's think they saved a few bucks so they're happy. Most of them are using Macbooks anyway, so what do they know.
You guys realize that all the comms down at the tactical level are largely maintained by soldiers/sailors/airmen, correct? Yes - Contractors largely are doing day to day for the big enterprise mothership, but once the enterprise delivers to a base boundary / tactical level it's all done largely by blue suits. On top of that, contractors aren't even allowed to do crypto that all the transport leases rely on, and they aren't doing much on the Cyber ops side either besides development - But they aren't executing.
We appreciate your hard work but your perspective is limited to what you know..
that is true in a general sense, but there are links. There literally isn't a 100% segregated network (this really pisses me off)They don't even share the same physical communications equipment, not even a common satellite.
You guys realize that all the comms down at the tactical level are largely maintained by soldiers/sailors/airmen, correct? Yes - Contractors largely are doing day to day for the big enterprise mothership, but once the enterprise delivers to a base boundary / tactical level it's all done largely by blue suits. On top of that, contractors aren't even allowed to do crypto that all the transport leases rely on, and they aren't doing much on the Cyber ops side either besides development - But they aren't executing.
We appreciate your hard work but your perspective is limited to what you know..
Not completely, military email accounts are not [email protected], they are all @mail.mil meaning a single unified exchange domain for the entire DoD, a change to Office 365 won't effect that and many other services at all because those services are not local to the branch but span the DoD as a whole.
And again I will reiterate, 10 of the DoD network footprint is unclassified work, the other 90% is classified on networks that are not connected to the internet so you can't off-load these services to commercial vendors and commercial services. At best you can replicate them in house on each of these many classified networks which really can cut back on the savings and benefits. I work on four different networks, off loading users on one of them to Office365 just means I have one less but I still have to do everything on the others, I'm still being paid and were still buying licenses and servers.
You guys realize that all the comms down at the tactical level are largely maintained by soldiers/sailors/airmen, correct? Yes - Contractors largely are doing day to day for the big enterprise mothership, but once the enterprise delivers to a base boundary / tactical level it's all done largely by blue suits. On top of that, contractors aren't even allowed to do crypto that all the transport leases rely on, and they aren't doing much on the Cyber ops side either besides development - But they aren't executing.
We appreciate your hard work but your perspective is limited to what you know..
Speaking for the Navy (and somewhat the AF), we've got contractors all over the place. When you deploy, it's all sailors, but as soon as you hit port with broken gear, contractors show up to fix it. When your shit breaks underway, the guy on the other end of the help desk call is a contractor or GS 90% of the time. Contractors are all over the place in cyber ops as well. The only reason they don't get attached to the more mobile cyber teams is because it's cheaper to send active duty guys.
Limited to what I know... So when you deploy, who controls the comms and maintains the equipment at the main AO HQ? Those are contractors. They work with the soldiers, but all the engineering, most of the maintenance, and almost all the original TTPs are written by the contractors. As far as the cryptos, that is not correct either. Contractors apply for and receive leases for many crypto devices. They also set up most of the main VPN, TLS, MPLSs that are used. Yes at forward deployed bases where you don't usually have any contractors, soldiers maintain that equipment, but also note they have far more outages there.
But what do I know...
No, no they aren't. The entire DoD does not use @mail.mil, cause they don't want to be under DISA control, nor pay for those services. So....
USAF = @us.af.mil
USN = @navy.mil
USMC = @usmc.mil
USA = @mail.mil
It's only a matter of time until they can offload classified workloads to commercial vendors. There's a reason they have already made the different impact level classifications. Once a company is approved for Impact Level 6, they can start taking over classified services up to Secret. As of right now, there isn't any, but I know Amazon is gearing up for it.
Another thing to look as is workload, not what the network is actually being used for, but what work the admin has to do to maintain it and keep it within security compliance. Since it touches the outside world, there's a lot more work to do on it to keep those unauthorized out. The less services, the less you need to have to STIG.
https://www.govtechworks.com/why-most-of-dod-still-wont-buy-defense-enterprise-email/The Air Force moved its Washington, D.C., headquarters to the DEE system, but that amounts to fewer than 10,000 email users – about 2 percent of Air Force email users, said David Brown, deputy chief of the Air Force’s Information Environment Mission Area.
The Air Force has also moved 150,000 classified email accounts to the DEE system, and it is in the process of transferring the Air National Guard to the enterprise system, Brown said. That’s substantial: More than 105,000 airmen are in the Guard, plus civilians. Beyond that, the service is considering other options, including commercial email systems, he said.
http://www.153aw.ang.af.mil/News/Ar.../869676/153rd-airlift-wing-migrates-to-afnet/The Joint Information Enterprise (JIE) has launched in Europe and in the Pacific, and most Air Force components have migrated to defense enterprise e-mail (DEE).
PETERSON AIR FORCE BASE, Colo. -- Starting Oct 15th, Peterson Air Force Base will migrate the Air Force-owned SIPRNet email services to a cloud-like DoD Enterprise Email (DEE) - SIPRNet provided by DISA.
You say the Air Force isn't transitioning to DEE (DoD Enterprise Exchange) under the JIE, but that isn't nearly as true as you claim.
Starting in 2015;
https://www.govtechworks.com/why-most-of-dod-still-wont-buy-defense-enterprise-email/
And now in 2017;
http://www.153aw.ang.af.mil/News/Ar.../869676/153rd-airlift-wing-migrates-to-afnet/
http://www.peterson.af.mil/News/Display/Article/734030/siprnet-email-to-migrate/
But it does look like my information is dated and or, just incorrect. It looks like much of CONUS based Air Force will not go to DEE because they just awared a lrge contract for cloud services to a contractor team, sole sourced.
In fact, I suppose it's even possible that after the Navy takes everything that's not already on DEE and gets it's cloud up and running, they could even migrate their DEE accounts underneath their new cloud service as well.
And it still looks like the Navy/Marines are wanting to stay with what they have.
Crow tastes so yummy on an early Monday morning.
I didn't think the AF took to DEE, as I'm still stuck having to deprovision their SIPR DEE and NIPR DEE accounts, when they leave this command. The problem with having a DEE account, then going to a place that doesn't have it, is that the email on your CAC/Alt token gets set as an alias on the DEE account. So anyone on DEE sending you an email to that non-DEE email, it'll go to the DEE account, not the non-DEE email account. So they have to get deprovisioned.
Guess I was wrong on them not moving to it. Looks like quite a few have, based off the GAL.