Tresys Technology | Virtualization Security TCO Example

Virtualization Security:

Tresys releases secure desktop

virtualization solution that

enables large total cost of

ownership (TCO) gain.

Virtualization reduces TCO by improving resource utilization and reducing the environmental impact associated with these resources. Tresys VM Fortress Desktop provides additional TCO benefits due to the improved security provided to the host and the guest operating systems. Power, HVAC, and space costs vary widely based on location and usage profiles. Using a single system to replace several existing systems generally means a more powerful system will be required (more RAM, CPU power, disk space). Even taking this into account, the reduction in the number of systems required and the reduced environmental impact can be significant.

Customer Environment
This customer provides test and evaluation services to its organization. Their organization is comprised of 400 analysts throughout their network enterprise. They have 4 separate networks used for testing, production, and information segregation. To meet their stringent operational, security, and external regulatory requirements, it is critical that the systems on each network are isolated from the other networks. However, to enable each of the 400 users with access on each of the networks requires 4 separate hardware platforms for each user – a total of 1600 workstations!

Challenge
There are five major challenges that this organization faces. First, each user requires four separate desktops for performing their work. Second, deploying, managing and supporting 1600 workstations can be a challenge for many organizations – any time you can reduce the amount of supported workstations then the more cost-effective and efficient your organization can become. Third, the power, heating/air conditioning, and space requirements are also a serious issue as this organization is faced with office and space limitations. Fourth, new "green computing" initiatives are dictating a reduction in overall power consumption thereby triggering an analysis of where workstations can and should be reduced.

Based on the first four challenges virtualization would sound like an easy solution to solve their challenges? However, the fifth challenge is a major barrier of entry…the aforementioned operational, security, and regulatory requirements. These prohibit workstations from residing on each of the networks simultaneously. They stipulate data integrity and security standards that specify strong separation at the workstation level (e.g., running test environments on production is not allowed, having confidential / internal-only data accessible on the network with an internet connection is not allowed, etc.).

Solution
Tresys VM Fortress Desktop enables the organization to consolidate 1600 workstations to 400 while meeting all operational, security, and regulatory requirements. Each user still has access to 4 systems but each system is running as an isolated virtual machine on a single hardware platform. Data separation is maintained using the strong security mechanisms provided by the base workstation operating system[1]. This provides significant cost savings in terms of hardware, power, HVAC, and space. The table below outlines the total cost of ownership (TCO) for both the original configuration and the consolidated solution using Tresys VM Fortress. Note that this does not include the potential cost savings by enabling strong MAC that is used to mitigate threats and vulnerabilities in the environment.

w/o Tresys VM Fortress

with Tresys VM Fortress

Hardware costs/system[2]

$4000

$8000

Systems per user

4

1

Hardware cost/user

$16000

$8000

Annual HW Depreciation

$5333.33

$2667

Support costs per user per year[3]

$7200

$1800

Microsoft operating system and other application costs/year

$1200

$1200

Heating / year

$400

$120

Cooling / year

$400

$120

Accommodation / year[4]

$600

$150

VMware Workstation + maintenance / year[5]

$125

Tresys VM Fortress Desktop + maintenance / year[6]

$736.23

RedHat Enterprise Linux Workstation[7]

$286.45

Migration cost per desktop per year[8]

$667

Cost per user per year

$15,133.33

$7,871.68

3 year cost per user

$45,399.99

$23,615.04

TCO for 3 years & 400 users

$18,159,996

$9,446,016

TCO savings

$8,713,980

% saved

48%

Summary
Our customer, by leveraging the power of VM Fortress Desktop, implemented an environment that addressed all their major business challenges, has an enterprise environment that is easier to manage and is more effective, increased their overall security and data integrity profile, and is looking at a TCO savings of almost $9M over three years. All while satisfying their stringent operational, security, and regulatory requirements. Compelling indeed.

[1] Mandatory Access Control (MAC) via Security Enhanced Linux (SELinux) provided by RedHat Enterprise Linux v5.

[2] Hardware requirements were raised for the Tresys VM Fortress systems to permit the simultaneous execution of 4 virtual machines with no performance impact (better CPUs, more RAM, faster and larger hard disks).

[3] Support costs per system for an installation this size were calculated by the customer to be $1800 per system, regardless of the hardware specifications.

[4] Heating, cooling, electricity, and space costs per year can vary widely. The numbers used are industry standard numbers averaged from various sources. Heating and cooling costs were increased for the Tresys VM Fortress system to account for the more powerful hardware.

[5] VMware Workstation costs $250 initially plus 25% per year for maintenance in years 2 and 3 for a total of $375/system for 3 years, or $125/year.

[6] Tresys VM Fortress Desktop with 4 sandboxes costs $1699 plus 15% per year for years 2 and 3 for a total of $2208.70 or $736.23/year

[7] RedHat Enterprise Linux Desktop costs $337/year with a 15% discount for the installation size for a 3 year total of $859.35 or $286.45/year.

[8] Customer estimated that it would cost $2000 per user to migrate from the current system and train new users.