16 January 2009

Defence Information Infrastructure

Tim Worstall asked for help evaluating the performance, reported by The Sun, of the Ministry of Defence's bit IT project, the Defence Information Infrastructure.   He thought the cost, in terms of total spend divided by number of terminals, was too high by at least an order of magnitude.

The Sun was reporting on the publication of the House of Commons' Public Accounts Committee's report into the project.  I always try to avoid drawing conclusions from newspaper articles when primary sources are available. (Also including the NAO report from last July)

The short answer is that the project is expensive, but Tim is mistaken in looking at it as fundamentally a big pile of desktop PCs.

The project is intended to put all of the Ministry of Defence on a "terminal" type  IT architecture, where  applications run on central servers, and data is stored only on central servers,  and desktop PCs are used to remotely access the servers.

This architecture has two huge advantages:  First, it allows data to be controlled.  If it never escapes the servers, but is only presented on the PC, the chances of data leaking out is much reduced, and the chance of large bulk data escaping is almost eliminated.  This is a great advantage in a commercial environment, and much more obviously so in the case of the MOD.

The second advantage is robustness - since every desktop terminal is effectively identical, alternative working areas can be prepared with a high degree of confidence that users will actually be able to use them when necessary.  There remains the necessity of replicated server facilities and data, but that, while not easy, is less hard than duplicating desktop configurations in an alternative locations.

These are valuable advantages, but there are drawbacks.  The demands on network infrastructure are much heavier than when applications run locally and communicate with central resources only when necessary to share or archive data.   The project involved installing new cabling in every MOD building, right down to shabby old TA  headquarters, and the unexpected difficulties of doing that were blamed for the long delays the project has experienced so far.

The other drawback is that, while software can be written to work perfectly well from a remote terminal, most common software isn't.  The user experience is made marginally better by making software more responsive to the user's incomplete action - things like highlighting buttons as the mouse moves over them, suggesting completions of words as they are typed.   These features tend to become obstructive over high-latency links, as by the time the user gets the "response" to a part-completed action he has already gone past that.   Also some of the graphical optimisations in the latest desktop systems (Windows Vista's flashy effects and Linux's X compositing extensions) work by communicating more directly with the graphics hardware - communication which is not generally possible over the protocols used for remote desktops.  The project included provision of customised general-purpose office software for word processing, messaging etc.  This also turned out more difficult than anticipated and resulted in delays.

Those points aside, the state of the project is not outrageous.  Despite the delays, it is not vastly over budget .

The increase in announced cost, from just under 6 billion pounds to just over 7, is not an overrun, it is caused by the department not announcing the full cost of the project until all of it is contracted - the last billion is for extra work that was always intended, but which was not included in what they said they were going to spend prior to the contracts being signed to spend it.  Not incompetence, just dishonesty "in accordance with normal practice" (p.Ev14 of the PAC report).

The relationship with suppliers seems to have been managed better than in the normal public-private car crash.  Of course the MOD has longer experience with large private contracts than other government departments.  The contractor is paid for delivery, so the 18-month delay has not increased the budget significantly.

Not that everything is rosy.  The system, according to Wikipedia, is built on Windows XP.  Now much as I hate Windows, I have to admit that it has one large advantage, that everybody is familiar with it.  But, in using it as a terminal, and running applications remotely, that advantage is lost.  Even if the server applications are running on Windows servers, using a Linux-based terminal is cheaper, more reliable, easier to manage, and more efficient.

Secondly, the system is installed for some users and running, but further work is needed to make it usable for information classified as Top Secret.  Security is not usually something that can easily be added onto IT systems - you can add capability to a system, but making it secure is not adding capability but taking away capability - the capability of doing the things you don't want it to do.  It really needs to be designed in from the start.

Having said that, I must admit I don't really know anything about the "I could tell you but then I'd have to kill you" stuff.  There might be some subtle point that makes me wrong about it.

The most significant question was the one asked by Austin Mitchell:  given the difficulty of these very large IT projects, are they really worth doing?    Sir Bill Jeffery's reply was "Because there is business benefit in having a single infrastructure and in particular single points of access."   This is undoubtedly true.  But is there seven billion pounds worth of benefit?  Given the proven risk of these projects going vastly over budget, it would need to be much more.  Large private-sector organisations tend to struggle on with a multiplicity of systems.  They complain about it, and make powerpoint after powerpoint of rationalisation plans, but in revealed preference the flexibility and safety of multiple systems seems to survive against the genuine benefits of single infrastructure.

No comments: