How DISA Is Shifting to DEOS Cloud Tools as Interim Telework Solutions Sunset

The Defense Information Systems Agency’s effort to provide enterprisewide, cloud-based collaboration tools faced a contract re-award following bid protests and a global pandemic, but the implementation of the multibillion-dollar Defense Enterprise Office Solution project is gaining steam, according to officials. 

Vice Adm. Nancy Norton, former DISA director, said before she retired last month that 16,000 users had already been migrated to the Microsoft 365 platform, which is being provided through a blanket purchase agreement for up to 10 years with General Dynamics Information Technology’s CSRA. During a Tuesday Federal News Network event, DISA and GDIT officials working on the project elaborated on implementation progress as the June expiration deadline approaches for the interim Commercial Virtual Remote, or CVR, solution stood up to enable mass teleworking during the pandemic. 

Caroline Bean, DISA’s DEOS program director, said that 16,000 number is now over 17,000 DISA and Joint Force Headquarters-Department of Defense Information Network, or JFHQ-DoDIN, users. 

“We have a lot of lessons learned to share with the DOD agencies that are now going through this process,” Bean said. 

Early Challenges

Bean said DISA is building a “pretty lengthy document” filled with lessons from the agency’s own experience moving onto solutions provided by DEOS. The document will continue to evolve as more users move over, Bean said. It functions as a checklist to help agencies determine their readiness for migration and it also includes a comparison of pre- and post- migration capabilities and limitations, she added. 

Some issues agencies will deal with relate to local network configuration to ensure everything from routers, ports and protocols, and firewalls allow for ready access to Microsoft 365, Bean said. But Bean said one of the biggest hiccups related to migration has been navigating the in-between period: when users are moving over to the permanent Impact Level 5 DEOS solution but the Impact Level 2 CVR solution is still in use. 

“There was a bit of an education that needed to occur as far as you know, make sure you're looking at whether this meeting is on CVR or whether it's on your IL5 instance because it does matter,” Bean said. “So there [was] definitely a lot of user-type education that we needed to do just to figure out how to maneuver through these different chat capabilities now that we have at our fingertips.”

Lyle Kellman, the DEOS deputy program manager at GDIT, said the first step for migration is helping organizations with getting licensing. In the past, mailboxes would have had to move to the cloud prior to turning on licenses, he said, but Microsoft has “gone to great lengths to make the system more flexible.” 

“Migrations are very limited based upon network bandwidth, availability of the infrastructure,” Kellman said. “Turning on a license, frankly, is just a script, we turn the licenses on, we make the end users available. Our biggest challenge is making sure that our service desks know we're going to suddenly turn on all that capability at once.”

Kellman added figuring out how to automate more steps of the migration process and clearly explain to users what to expect out of the process are areas for continued improvement.  

Security Changes

Both Bean and Kellman emphasized the security benefits of DEOS as well. Not only does centralizing resources help agencies free up resources, it also allows for the establishment of unified, consistent protection schemes across a smaller number of threat vectors, according to Bean. 

Kellman said DEOS will allow for more responsiveness when it comes to security. 

“Currently, we have this process by which we have to follow policy,” Kellman said. “So we move at the speed of policy. The challenge is technology doesn't wait for policy. So we can now use policy as a code if you will, and as changes are made those changes then can be updated in an evergreen environment and evergreen is what Microsoft uses to update the versions of their software.”

That’s in contrast to patch updates, according to Kellman. With evergreen, when Microsoft sends updates, they “just take effect,” Kellman said. Evergreen is a model or IT philosophy that calls for keeping components and infrastructure up to date.

How DEOS May Evolve 

There are several open problems associated with the move to DEOS left to tackle, and also multiple ways the program may evolve. For example, DISA still needs to figure out how to provide DEOS services for outside the continental United States, or OCONUS, users. Bean said DISA has been meeting with CSRA to figure out an OCONUS strategy. 

Microsoft is also working toward Impact Level 6 certification, which would allow for classified workloads. Storage is another area that may evolve: right now, DISA is looking at one terabyte of OneDrive space per user, Bean said. But if users brush up against capacity, they have the ability to purchase more units, which is “really the beauty of the cloud and how we’re operating,” Bean said. 

Bean also explained that the contract explicitly leaves room for evolution. 

“We ensured that we placed in the contract language about commercial parity,” Bean said. “We know technology's going to change, we know that Microsoft 365 is going to be something else in the future. And so we definitely have the language in the contract to continue to evolve in this area.”