Re: [Fed-Talk] Urgent Apple Corp Engage Senior Army CIO/G6 Leadership Now
Re: [Fed-Talk] Urgent Apple Corp Engage Senior Army CIO/G6 Leadership Now
- Subject: Re: [Fed-Talk] Urgent Apple Corp Engage Senior Army CIO/G6 Leadership Now
- From: Michael Pike <email@hidden>
- Date: Tue, 07 Dec 2004 23:21:47 -0700
This is scary... It is much more difficult to get something "undone" once it
becomes a policy.
Since the objective is to connect to AD with NTLMv2, a broad message of "no
mac, no linux" should not be used.
The mandate should be "no workstations that cannot connect with NTLMv2".
This way when Tiger comes out (or if you have the application MacAdmit), it
is compliant the the AD/NTLMv2 requirement.
Making a requirement is one thing, but explicitly excluding a vendor
(specifically saying no Mac, no linux) is unethical.
I am not sure about the army or dod, but I know we cannot exclude a specific
vendor in our agency, or that vendor can file some type of "grievance".
Talk to your procurement department and find out the "official" term. The
only thing they can exclude from purchasing are items made in non-trade
compliant countries.
Flat out banning an entire platform (mac/linux) is not the right approach.
It should ban items that cannot meet a requirement, until such time that
requirement can be met.
Just trying help...
If you want to fight this "policy", pinpoint the objective of the policy,
which is "no non-NTLMv2" compliant workstations.
Explicit banning of a product based on brand (and they cannot deny they are
denying it based on brand, considering that Mac CAN meet the requirement
with MacAdmit), is grounds for the "favortism" clause, and can be brought
forth to the respective OIG (Office of the Inspector General) of your
agency.
This happened with a vendor we used... A procurement officer flat out said
he would never use a certain company, despite the fact this company could
perform the task order - that company filed a complaint with the OIG and
Congress, and now that vendor is active in our agency.
George is correct in this email... Please take action, if they get a mandate
of "no mac", it's going to be difficult to get it lifted.
Mike
On 12/7/04 3:15 PM, "george.polich" <email@hidden> wrote:
> It is imperative and urgent that Apple Corp representatives
> immediately engage with the senior Army CIO/G6 leadership; and
> additionally with DoD.
>
> In consonance with earlier postings to this forum, our DOIM has also
> issued the edict that, on connection of our local AD server with the
> CONUS Forest, we must, and will, disconnect any and all MAC clients
> from the network. According to them, this is mandated by the Regional
> CIO by direction from "higher authority"; no waivers are permitted.
> This network merger and disconnection is eminent.
>
> That means: 1- recent purchase of equipment, including some yet to
> be taken out of boxes is now wasted, and will remain so, until this
> policy is rescinded, if ever. 2- Apple Corporation will not be
> receiving any additional orders for Apple products. That "effect to
> the bottom line" should, I would think, energize Apple senior leaders
> enough to action. But, I must say, the dearth of information on this,
> or any other forum of which I know, does not give me confidence that
> this is so.
>
> The Netcom document referenced in an earlier post is quite clear on
> both counts. First, that the Army is committed to OS diversity on the
> networks. Second, that it does not currently have faith in the MAC
> client to be "Networthy" and, or compatibly secure with the current
> DoD/Army network architecture which, for better or worse, is MS(tm)
> Active Directory server farms.
>
> The migration to NTLMv2 and AD has been known for quite some time.
> Frankly, Apple knew enough in advance of and should have had in place,
> either NTLMv2 compatibility with release of OS 10.3 or recent patches
> before or with 10.3.6 update. The fact that Apple does not -- saying
> essentially "oh, well, we will just get around to it next summer with
> 10.4" -- only goes to further the CIO perception that Apple Corp has
> no real regard for network security. [I hear the objections, snorts,
> and snickers; and I will address that shortly]. The fact of Thursby's
> AdmitMac working to correct this -- and I can say from personal use, it
> does work as advertised, it is an excellent program -- unfortunately
> only serves to even further perpetuate the perception. For the CIO's
> rightfully ask why a 3rd party, no matter how good a product, has to
> "fix" what should be a basic OS component.
>
> Now, about all those FedTalk member's objections, snorts, and
> snickers. There is an absolute truism in dealing with human beings --
> perception is reality; let me emphasize: perception is reality. I do
> know many of the technical arguments that we could bring forth; and
> many on this list could add good, sound, additions as to why MACs
> really are more secure. But! It doesn't matter what the client's say.
> The DOIMs will implement policy from higher authority, not from users.
> Client users have no authority. The incontrovertible fact remains that
> the MAC Client can not natively "join" the AD architecture. Therefor,
> perception, then, is that MAC Clients are not "networthy", not secure
> enough for this architecture. (Parenthetically, there is also the
> legacy perception that MAC applications can not work friendly with
> MS(tm) applications and files are incompatible. Something else that
> can only be corrected "top down".)
>
> To repeat, the only means by which this will change is for Apple to
> engage the Army at the senior level and institute a top down policy
> change. I think that the Netcom people did meet Apple half way by
> officially supporting and listing the MAC OS and Apple platforms as
> alternatives to the more common platform. If Apple is truly serious
> about selling to the Army or DoD -- a potentially larger sales volume
> than any other federal agency -- then they will engage at the higher
> levels and take the next action, and do it now!
>
> Without the change in policy, then all talk and work on implementing
> such peripherals as Common Access Cards (CAC) is moot and worthless,
> since how does one use an Apple compliant card reader on a non-existent
> work station?
>
> Until such time as policy is changed and promulgated, my new G5
> powerbook will likely stay in the box; personally a very, very sad
> state of affairs. Sure, I could take it out, put it on the table in
> back and play with it as a "standalone". But without even being able
> to connect to the network; I will not even be able to apply necessary
> updates and security patches to the OS. And, what would be the point?
> It is as a colleague of mine states: "its like pissing in a dark suit.
> It feels good, but nobody notices."
>
> I hope Apple Corp leadership has not left me pissing in a dark suit.
>
> Since next week will be a month since this issue was first raised on
> this forum, and no corporate information has been given (except for a
> brief note from the Apple Federal Sales representatives saying that
> they would bring it up in a CAC meeting), I am afeared that I may be.
>
> George Polich
> Deputy Director
> Army Public Affairs Center, HQDA
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden