CTOs en masse

DESIGNING A VPN can be a daunting task for any enterprise, especially for a military laboratory with 22 locations nationwide supporting 5,900 employees whose missions range from designing new conventional weapons to researching the next generation of unmanned aerial vehicles.

The Air Force Research Laboratory (AFRL), based at Wright-Patterson Air Force Base in Dayton, Ohio, relied heavily on its CTOs — representing each of the laboratory’s 10 directorates — in its recent VPN design and deployment.

The 10 CTOs located throughout the United States worked together to compile a list of requirements detailing maximum bandwidth needs, ports, and protocols needed to traverse a VPN, and the applications that would be crossing a VPN. Then, a smaller team of the CTOs scoured literature to narrow down to a short list the vendors that could meet those requirements.

One directorate CTO took the lead in setting up a small lab to test vendors’ equipment through real-world simulations; afterwards each CTO evaluated the results and responded individually with their top two vendor choices. The CTOs then met to hammer out a final choice.

Many large enterprises like AFRL are finding that one CTO is not enough to coordinate technology standards and strategies across the far-flung reaches of the enterprise and to rally multiple divisions implementing these choices. Companies such as GE, Boeing, and General Dynamics boast multiple CTOs.

At AFRL, the CTOs have tackled issues such as designing a standard desktop configuration, launching a common active directory, consolidating servers, writing baseline security requirements, and compiling a policy for the use of PDAs. The CTOs videoconference once a week and meet in person two to four times a year to tackle various issues that cascade down from the lab’s commander, the CIO Council, or from the Secretary of the Air Force.

They take on any issue that requires input from more than one directorate, says Frederick Hall, corporate technology officer of the lab’s Information Directorate housed at the Rome Research Site in Rome, N.Y. For example, to implement the VPN, the group took into account multiple variables from various directorates, he says.

Different locations have different requirements, he says. “Rome is its own operating location, whereas Wright-Patterson sits on an air base with other tenants [so] their architecture had to be different from ours, but we had to make sure they could talk to each other.” Major advantages of the enterprisewide VPN, Hall says, include security in having information encrypted end-to-end over the internet, not paying for dedicated links, and the freedom to pass various protocols from site to site that normally would not be allowed through Air Force firewalls. “Also, we got a huge cost break by buying so many VPN units at a single time.”

Mandate: ten CTOs, one strategy

AFRL’s commander has mandated that the directorate work as one corporation for technology issues as opposed to multiple directorates. So the CTOs are working together to build an active directory and designing enterprisewide business processes for back-end systems.

“We know we want to work as one corporation, so we have to make sure that we all implement active directory in a similar manner and use similar naming conventions,” Hall says.

In defining a recommended desktop configuration the CTOs began, as they usually do with technology issues, by launching a discussion in person, defining requirements via e-mail and teleconferences, and finalizing the configuration at another meeting.

“Because of the diverse missions we all have, it’d be impossible to standardize across the board on a single configuration. Different locations have specialized applications they need to run,” Hall says. “It was actually a standard core ‘recommended configuration’ that most are adhering to — [encompassing] things like operating system, Office version, security settings, etc. to ensure we can easily share information between locations.”

The laboratory tends to rely on those directorates that have expertise in certain areas to guide them in infrastructure choices and setting policies. For example, Don Bradley, CTO at the lab’s Munitions Directorate at Eglan Air Force Base in Fort Walton Beach, Fla., worked on a committee to formulate a policy for PDA use at the lab. He and two other CTOs formed a small team to decide how PDAs should be used and the security software that would be acceptable.

“We can add more to that policy or make it more restrictive for our own directorate as long as we don’t change higher-level policy,” Bradley says. “We [the Munitions Directorate] wanted to reduce the amount of support that is need for PDAs. We don’t support every variety of PDA that is available on the market. Other organizations … support more than one kind.”

Lucky 13 drive units

Fairfield, Conn.-based GE also has CTOs posted to all of its 13-plus business units, who in turn report to the unit’s CIO and the corporation’s top CTO. This CTO community collaborates to define standards and implement projects throughout the corporation. The CTOs have developed a single sign-on architecture for the corporation and are now honing in on devising a common application development environment.

The architecture has been developed during the past three years. Now more than half the company’s Web-based applications are deployed using a single sign-on identifier. “[The CTOs] do a tremendous job of translating best practices,” says Tom Stumpek, CTO of Pittsfield, Mass.-based GE Plastics. “[Single sign-on] allows everyone within the corporation to log on to all the Web applications. It also lets people move from business to business without changing their identity. The business really drives what they work on. What we try to do is push that into other businesses as quickly as possible.”

Now, the corporation is struggling to develop a common application development environment by soliciting input from the CTOs that have expertise in various areas, such as J2EE, says Larry Biagini, GE top CTO. As they do for all new initiatives, the CTOs are analyzing success and failure stories from the different divisions while tapping the common needs stretching across the GE businesses to form best practices.

The CTOs will build on the lessons learned and determine what benefits they can apply. “The most common mistake is setting up an organization that is too rigid and doesn’t leave enough flexibility to account for different business lines having different requirements at different times,” Biagini says. “It’s important to understand that the CTO community will have different things that are important to them as individuals. … This cannot be a top-down group.”

Having multiple CTOs in a company can allow each executive to be more responsive to his own line of business and adapt more quickly to changes, says Tom Berray, executive director of executive search company Cabot Consultants in McLean, Va. “Most of those types of organizations do have an informal way for CTOs to work together behind the scenes where there is corporate governance model,” he says. “They discuss what the corporate group should be doing, what the divisions should be doing, and what activities should be shared.”

However, if the CEO of the corporation does not set the agenda for communication among the business units, CTOs could find themselves working harder to make sure there are efficiencies and synergies across the entire company, Berray adds.

“If the CEO doesn’t make it a priority [but intimates] ‘You run your own business, and I don’t care if you play together or not,’ then it will be very challenging for the CTOs,” Berray says. “It will be more challenging [for the corporation] if the CEO doesn’t set the playing field to do that.”