One of the folks who knows more about developing the use of the cloud for the government’s purposes is Peter Mell. He’s a Senior Computer Scientist and cloud computing project lead at the National Institute of Standards and Technology and the co-author of NIST’s draft working definition of cloud computing which was just revised on August 19th.
Mell is pretty methodical about how he explains cloud computing. He wants everyone to fully understand the great capabilities it promises but also the specific challenges to government it poses. WFED spoke with Mell about what makes cloud computing what it is and how it can be useful to federal agencies.
WFED: Let’s start out with the basic question. What exactly is cloud computing?
PM: First we have to explain why we’re defining it. A lot of people say it can’t be defined or it doesn’t matter if you define it. Let’s just use it, let’s just talk about it. [NIST] feels it’s really important because without defining it you can’t get the benefits from it that you want. And so we tried to put our whole hands around the industry and say “what is truly cloud” in the industry today? Because you know that every vendor out there wants to be on the latest bandwagon and everyone is saying they are doing cloud. As a government, how can we truly understand what it is? And to do that we had to look at a lot of the benefits that you want to get. So we want significant economic benefits. We want to decrease the use of power. We want to reduce our carbon foot print. What is just as important is we want to be able to Agilely deploy our enterprise operations; to quickly provision and get those applications out there.
WFED: Seems so simple. Why hasn’t this been invented before?
PM: Cloud computing in a way isn’t anything new. It’s the convergence of many different technologies and initiatives that have been maturing over the years and they tried to converge together several times in the last decade but the timing just wasn’t quite right. And I think that we we’ve entered a maturation among enough of these technologies that they truly can converge together now and their convergence can revolutionize our usage of information technology – which gets me back to the definition. What is cloud computing? Computation capabilities provided as services and that’s correct but in the heart of it, where we’re really trying to get the benefit is we’re trying to optimally access and use our data centers. So cloud computing is fundamentally about data center technology.
WFED: NIST has put together 5 of the characteristics of cloud computing to help define it.
PM: Cloud computing is a model for enabling available convenient on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. That hopefully gives you a glimpse of it. [This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.]
To understand, it you have to get into the five characteristics. The first one is On-Demand Self-Service. This is all about the business user, not the CIO shop but the business user being able to decide “I want this” and got get it themselves unilaterally grabs it an the CIO shop maybe managing it or overseeing it to ensure security and compliance and so forth. But it enables the business user to get access to technology.
The second one is Ubiquitous Network Access. So that you can get it over the network through standard mechanisms, through heterogeneou thin, thick clients. It’s very available to you.
The third one is Location Independent Resource Pooling. This is the most technical characteristic. You may not immediately understand why [the government] cares, but it’s critical. The idea is that all of your hardware resources are pooled together in a collective. And as a collective, they are offering computational power to all the customers at the same time. And the software is actually abstracted away from the hard ware so that you don’t know or don’t care even exactly where your processes are running and where your data is stored within that data center.
The fourth is Rapid Elasticity. The ability to quickly expand your use and to decrease your use of the computational capability that’s being provided. So it’s not just scalability. Scalability is your ability to increase the architecture to allow for more demand. But the idea [with Rapid Elasticity] is maybe you have a lot of demand today. Maybe you need to go from ten servers to ten thousand servers today. You can do that within minutes and then once your demand is gone, you can scale back down to one hundred servers.
The fifth has been revised from Pay Per Use to Measured Service. That clouds enable a metering of services being used to automatically control and optimize the resource use. And typically that is often done through Pay Per Use where you have to pay for server time so you’re not going to hog all the servers in the system. I know that one agency built essentially a private internal cloud and they wanted to do the Holy Grail of cloud computing: to increase server utilization from ten percent to eighty percent. What this agency found is that since there was no measuring of the service or optimizing usage by the business users, [the agency] was just using everything that was available. So their server utilization went up to eighty percent but they didn’t actually free up any resources.
WFED: You mentioned security being a big concern for the government. What is NIST doing to make sure vendors understand the needs?
PM: NIST is publishing a series of documents on cloud computing that will discuss security; advantages as well as challenges because we do see those. At the same time the vendor community for the most part understands that for [the government] to use cloud computing we need it to be secure and so they are ramping up their security architectures to provide as robust solutions as possible.