[Fed-Talk] Urgent Apple Corp Engage Senior Army CIO/G6 Leadership Now
[Fed-Talk] Urgent Apple Corp Engage Senior Army CIO/G6 Leadership Now
- Subject: [Fed-Talk] Urgent Apple Corp Engage Senior Army CIO/G6 Leadership Now
- From: "george.polich" <email@hidden>
- Date: Tue, 07 Dec 2004 17:15:03 -0500
It is imperative and urgent that Apple Corp representatives
immediately engage with the senior Army CIO/G6 leadership; and
additionally with DoD.
In consonance with earlier postings to this forum, our DOIM has also
issued the edict that, on connection of our local AD server with the
CONUS Forest, we must, and will, disconnect any and all MAC clients
from the network. According to them, this is mandated by the Regional
CIO by direction from "higher authority"; no waivers are permitted.
This network merger and disconnection is eminent.
That means: 1- recent purchase of equipment, including some yet to
be taken out of boxes is now wasted, and will remain so, until this
policy is rescinded, if ever. 2- Apple Corporation will not be
receiving any additional orders for Apple products. That "effect to
the bottom line" should, I would think, energize Apple senior leaders
enough to action. But, I must say, the dearth of information on this,
or any other forum of which I know, does not give me confidence that
this is so.
The Netcom document referenced in an earlier post is quite clear on
both counts. First, that the Army is committed to OS diversity on the
networks. Second, that it does not currently have faith in the MAC
client to be "Networthy" and, or compatibly secure with the current
DoD/Army network architecture which, for better or worse, is MS(tm)
Active Directory server farms.
The migration to NTLMv2 and AD has been known for quite some time.
Frankly, Apple knew enough in advance of and should have had in place,
either NTLMv2 compatibility with release of OS 10.3 or recent patches
before or with 10.3.6 update. The fact that Apple does not -- saying
essentially "oh, well, we will just get around to it next summer with
10.4" -- only goes to further the CIO perception that Apple Corp has
no real regard for network security. [I hear the objections, snorts,
and snickers; and I will address that shortly]. The fact of Thursby's
AdmitMac working to correct this -- and I can say from personal use, it
does work as advertised, it is an excellent program -- unfortunately
only serves to even further perpetuate the perception. For the CIO's
rightfully ask why a 3rd party, no matter how good a product, has to
"fix" what should be a basic OS component.
Now, about all those FedTalk member's objections, snorts, and
snickers. There is an absolute truism in dealing with human beings --
perception is reality; let me emphasize: perception is reality. I do
know many of the technical arguments that we could bring forth; and
many on this list could add good, sound, additions as to why MACs
really are more secure. But! It doesn't matter what the client's say.
The DOIMs will implement policy from higher authority, not from users.
Client users have no authority. The incontrovertible fact remains that
the MAC Client can not natively "join" the AD architecture. Therefor,
perception, then, is that MAC Clients are not "networthy", not secure
enough for this architecture. (Parenthetically, there is also the
legacy perception that MAC applications can not work friendly with
MS(tm) applications and files are incompatible. Something else that
can only be corrected "top down".)
To repeat, the only means by which this will change is for Apple to
engage the Army at the senior level and institute a top down policy
change. I think that the Netcom people did meet Apple half way by
officially supporting and listing the MAC OS and Apple platforms as
alternatives to the more common platform. If Apple is truly serious
about selling to the Army or DoD -- a potentially larger sales volume
than any other federal agency -- then they will engage at the higher
levels and take the next action, and do it now!
Without the change in policy, then all talk and work on implementing
such peripherals as Common Access Cards (CAC) is moot and worthless,
since how does one use an Apple compliant card reader on a non-existent
work station?
Until such time as policy is changed and promulgated, my new G5
powerbook will likely stay in the box; personally a very, very sad
state of affairs. Sure, I could take it out, put it on the table in
back and play with it as a "standalone". But without even being able
to connect to the network; I will not even be able to apply necessary
updates and security patches to the OS. And, what would be the point?
It is as a colleague of mine states: "its like pissing in a dark suit.
It feels good, but nobody notices."
I hope Apple Corp leadership has not left me pissing in a dark suit.
Since next week will be a month since this issue was first raised on
this forum, and no corporate information has been given (except for a
brief note from the Apple Federal Sales representatives saying that
they would bring it up in a CAC meeting), I am afeared that I may be.
George Polich
Deputy Director
Army Public Affairs Center, HQDA
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden