DoD to issue commercial cloud policy directive

The Department of Defense will soon issue a commercial cloud computing policy, according to agency chief information officer Teri Takai.

“We’re going to be moving in many cases toward a private cloud construct, but we’re thinking about the possibilities for commercial cloud,” Takai told an audience at the annual Defense Information Systems Agency conference, according to Information Week. “One of the things my office is working on is, as we move toward commercial cloud, what does that mean and what do we need from a DoD perspective.”

Takai didn’t give any more details on the actual release of the policy.

Takai also discussed the Army’s new enterprise email system and what it means for other branches of the military. The Army’s system is built in the Defense Information Systems Agency’s private cloud. She said she would like to see others use it if they see value in it.

“Remember that enterprise email doesn’t necessarily mean that everybody goes to DISA. We have to get to a common identity management structure, we have to get to a common directory structure, we have to be able to collaborate. That’s really the infrastructure that’s critical here. We’re working with the Navy right now to say, ‘What does that look like for Navy?’ My preference is to work through the technical details to get to our end objective, because when you do that, you don’t have to dictate. Otherwise, if I dictated something, I’m going to be the bad guy every time somebody’s BlackBerry doesn’t work. That doesn’t get you to the end objective.”

This week in the cloud

Two big stories this week in the cloud computing arena being covered by Federal News Radio.

Two firms protest GSA’s email cloud RFP

The General Services Administration’s $2.5 billion email-as-a-service contract is under protest. The two vendors filing the pre-solicitation protests said GSA’s requirement to have a government-only cloud is a “restrictive specification” and therefore not allowed under federal acquisition rules. Federal News Radio’s Jason Miller reports GSA is continuing to evaluate offers while it waits for a decision by the Government Accountability Office, which is expected by Oct. 17.

Army cloud email a ‘pathfinder’ to enterprise services

After being on hold for the past month, the Army on Tuesday resumed the migration of its 1.4 million email users around the world to the cloud. Federal News Radio’s Jared Serbu reports, Army leaders are now aiming to have the entire migration completed by March of next year. The Army sees this as its starting point for greater use of the cloud. Once the email migration is complete, Mike Krieger, the Army’s deputy chief information officer, said his agency plans a new wave of enterprise services enabled by a more unified network, including collaboration tools in the cloud.

DoD, HUD, Interior ramp up cloud usage

Agencies across the federal government are increasing their use of the cloud. Over the past week, Federal News Radio has covered several agencies moving in that direction including Defense, Interior, and Housing and Urban Development.

The Defense Contract Management Agency told Federal News Radio’s Jason Miller moving to zero client computers is one of its top priorities. Jacob Haynes, DCMA’s chief information officer, said it’s the next step beyond thin client computers.

“A zero client device is the size of a small book and it sits on the desk and you plug all peripherals in to it, instead of having a hard drive or CD-ROM drive, all the things that forces mass in regular computers is done in the cloud,” he said. “That includes the storage, the computing power and anything else. The device is just there messaging.”

At the same time, the Interior Department announced its plans to transform its IT infrastructure. Interior says the four-year project will save $500 million from 2016-2020. Part of those money-saving efforts come in the form of cloud utilization, according to a separate report from Miller.

“We currently manage 13 stand-alone email systems at DOI, a result of the dispersed nature of the agency and a legacy of piecemeal development of IT at the bureau level,” agency CIO Bernard Mazer wrote in a CIO.gov blog. “We are in the process of consolidating these systems into a unified, cloud-based email service that will support 85,000 users across DOI. DOI.gov will also be moving to a cloud platform in order to better accommodate the five-million visitors per year who use the site. Of course, both of these initiatives will lead to cost savings, but the cloud also promises better service, such as guaranteed 99.9 percent uptime for both projects.”

After outsourcing much of its network infrastructure, HUD says it now wants to put it in the cloud.

“What is not there in a managed services contract is the business model of cloud. We do not have the elasticity. Prices do not go down when we use less,” Chief Technology Officer Mark Day said at a recent conference. “Managed services is what you might consider the high water mark price. If we ever bought that much of the infrastructure, we pay for that much of the infrastructure. In a cloud, you go up and down as your needs change. That is really what we are doing. It’s not a technical move for us. It’s a business model move in the procurement realm.”

DoD doesn’t rule out commercial cloud vendors

When it comes to using the cloud, Defense Department chief information officer Teri Takai says a private cloud will help her department achieve the highest level of security. But she didn’t rule out using commercial cloud services completely.

During a House Armed Services Subcommittee on Emerging Threats and Capabilities hearing last week, NextGov reports Takai said, “There will be instances where we [can] use commercial cloud providers…[if] they meet our standards.”

According to NextGov, Takai did not specify which types of cloud services DoD would consider purchasing from commercial vendors.

Cyber Command, NSA tout benefits of cloud computing

The head of U.S. Cyber Command says cloud computing is part of his plan for staying ahead of the cyber threats that face the Defense Department.

“A year from now we should be well on our way to having a hardened architecture proven and in place, which provides a new level of cybersecurity,” said General Keith Alexander.

“The idea is to reduce vulnerabilities inherent in the current architecture and to exploit the advantages of ‘cloud’ computing and thin-client networks, moving the programs and the data that users need away from the thousands of desktops we now use – each of which has to be individually secured for just one of our three major architectures (NIPRNet, SIPRNet, and JWICS) – up to a centralized configuration that will give us wider availability of applications and data combined with tighter control over accesses and vulnerabilities and more timely mitigation of the latter.”

Alexander testified about the use of cloud computing at a House Armed Services subcommittee hearing last week.

He told the Committee use of the cloud will help reduce DoD’s IT costs. Alexander also addressed the issue of cloud security.

“This architecture would seem at first glance to be vulnerable to insider threats – indeed, no system that human beings use can be made immune to abuse – but we are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data.”

Debora Plunkett, director of the National Security Agency’s Information Assurance Directorate, agrees with Alexander’s statements. She tells NextGov cloud computing is “the IT architecture of the future.”

Both believe the use of the cloud will help streamline the way their agencies operate.

“The idea is to transform the Department of Defense’s information systems from something to be passively guarded into a suite of capabilities that offer our commanders and senior leaders opportunities to adjust our defenses,” Alexander said during the hearing. “If people who seek to harm us in cyberspace learn that doing so is costly and difficult, we believe we will see their patterns of behavior change.”

Cloud fosters collaborative decision making

Ever had trouble making a decision and didn’t know what to do?

Well, cloud computing is fostering a new way of thinking called collaborate decision making.

Decision Lens is one company that’s doing this in the area — and with the federal government.

Today, Fed Cloud Blog talks with John Saaty, the company’s CEO, who explains how they bring companies and agencies together to facilitate decision making.

JS: We have a web-based, software-as-a-service product and there are certain federal agencies [where] the hosting of data is fairly sensitive to them — who’s hosting it and how it’s being accessed and things like that.

So, I would say, where cloud computing is right now — it’s really a hybrid, depending on the level of importance of the data. Sometimes we host it at our data centers . . . which are out in Ashburn, Virginia, [and] other times we actually deploy the entire web application right inside their network and they’re managing their own cloud.

It’s really kind of in between right now.

We are seeing some common hosting centers that are approved by the government that are starting to host all these different applications for different agencies. So, they’re starting to kind of corral around that kind of a concept — with an approved hosting center.

FCB: One of the biggest issues with cloud computing — and why some agencies are apprehensive about doing it — is because of security issues. If your data is not in your office or on your PC, who knows what’s going on with it? Talk a little about some of the broader implications of cloud computing and security. Have you some people changing their minds about cloud computing?

JS: I think you have to always weigh the costs versus the benefits, and the potential risks versus the upside and the opportunity of using cloud computing.

Cloud computing platforms are much easier to manage, much easier to deploy. The data is all residing in one area that is in the cloud that you can actually control a lot more effectively than if you are trying to manage desktops or laptops all over the organization.

So, I think that the biggest risk is between the person’s computer and the actual center and what happens to that data over those lines, but there are new types of encryption technologies that are making the transport of data very robust, very effective.

We actually use those at Decision Lens. I think, over time, as people start to experience it more and more that those type of concerns are outweighed by the benefits of hosting everything in the cloud.

FCB: What do you think is happening in terms of the onus of owning up to a [security breech]? Do you see it as more of the federal agency or the organization having to do their research, or do you see it as the onus lying completely on the person who’s hosting the data?

JS: That’s a good question. I think the onus is absolutely on the organization hosting the data, but something that happens — so, for example, we go through data audits all the time by our customers. Fortune 500 companies will do a complete end-to-end audit of how our data is handled — everything from the hosting center to our office locations to how we secure things, the different password types that we use.

I think it’s a little bit of both.

On the end of the company’s providing the service that it really benefits to have already thought through all of that information and provide it right up front in the buying process. We do that. We have something called a Technical Services and Security Handbook, and that goes to any client who’s going to be accessing our software to explain to them all the different processes, procedures, systems, security that we use — it’s been audited, here’s the results of the audit — so that they can be comfortable with how we’re handling the information.

FCB: Let’s talk a little bit about the work you do with the federal government. I understand you do work with DoD’s Operationally Responsive Space. First, explain what that is and then how you’re working with them.

JS: It’s a very interesting office.

A couple of years ago, when space became open season for conflict between countries, what we realized was — the Chinese actually ran a test on blowing up a satellite — that if our satellites are taken out, typically the cycle time to get a new satellite in space is anywhere from three to five years.

So, if all of a sudden a variety of our satellites were taken out by an enemy of some sort, we’re going to be blind in the skies for a long period of time. So, the ORS — the Operationally Responsive Space organization was created to innovate how satellites and space assets are deployed — try to bring it from three to five years to roughly two weeks. They want to get new assets in place up in space in two weeks.

It requires a completely new way of thinking, where you’re using technologies that are known and maybe are assembling them in new and innovative ways to really move that cycle time up.

So, we actually work with them — without going into too much detail — they use Decision Lens to collaboratively decide on vendors that can provide them systems for satellite deployment. So — who are the most advanced companies in the space that can help provide either new technologies or delivery vehicles for them to get these things into space much more quickly than its ever been done before.

FCB: Without, again, going into too much detail . . . is this a process where you sit in an office with someone, or do you telecommute?

JS: Collaborate decision making — there’s two ways that it happens: either in meeting rooms where people have keypads and we’re actually facilitating a session where we’re talking about what the important criteria are for the judgement.

So, for example, if you were going to be selecting a car for yourself, criteria would be things like performance, style, safety, mileage — and then you would go and evaluate the alternatives — how do these different cars perform against the criteria that I’ve selected

So, we do that in a collaborative way in meetings, or we also . . . run collaborative decision sessions [on] the web where everyone’s participating live at the same time.

Next week — more with Decision Lens!

USAF looking at ROI on cloud computing

When it comes to cloud computing, where is the U.S. Air Force?

Fed Cloud Blog answers this question by talking with USAF chief information officer Lt. Gen. Bill Lord.

“We’re determining the return on investment right now and have already signed up to be partners with DISA. DISA is evaluating their rates to make sure their rates are as competitive as everybody else’s rates are in the commercial space. Then there’s a policy thing that we have to consider about where we’re permitted to allow DoD data to reside. So, we’re in the process of harmonizing those things so we can step out on it.”

Gen. Lord said the policy is generally around data and storage, and is not necessarily specific to the cloud, though cloud computing certainly applies.

“It’s generally around storage and data warehousing. Do we own the facility? Can we control the facility? Do we need to own the facility? In my personal opinion, there are plenty of very well-run commercial data storage locations that we could be well served by. So, we’re looking at those to make sure we’re getting the best return for the taxpayer dollars.”

He added that he doesn’t foresee a private cloud for the USAF at this point; rather, his branch would operate in conjunction with DISA.

“It would be in concert with the DISA cloud. So, there might be a public piece of that, but then then there might be our piece inside DoD cloud.”

As far as benefits, Gen. Lord says there are many.

“I think with with the virtualization that you get, quite frankly there are some wonderful green benefits, some COOP benefits that I think you can get by having your data all spread out — not all in the same location. So, I view it mostly on the positive side. Clearly we have to make sure that we’re comfortable with the security aspect of breaking all this stuff apart and then being able to put it back together and not having things change, but I think, for the most part, that technology is available.”

The USAF is looking at working more on cloud within the next six to nine months.

For more, check out Federal News Radio’s Ask the CIO.

And in other cloud news on Federal News Radio . . .

On In Depth, host Francis Rose spoke with former Deputy Assistant Secretary of Defense Steven Bucci about how to buy into the cloud while staying secure.

On the Federal Drive, hosts Tom Temin and Jane Norris talked with Phil Bond, president Tech America, about fallout from the China/Google dispute.

Deputy CIO Wennergren outlines why DoD is migrating to the cloud

---

Hear DoD Deputy CIO Dave Wennergren at ELC.

---

“Did you hear cloud computing is all the rage?”

That is a recent — and direct — quote from DoD Deputy CIO Dave Wennergren, who just talked to FederalNewsRadio about a new open source memo.

But that’s not all DoD is doing.

Wennergren recently talked about what his agency is doing in terms of the cloud at the Executive Leadership Conference.

He began his remarks by likening the cloud to a double-edged sword.

“I have this theory that, if you can ride the wave of change about enthusiasm for something that’s in the public psyche, then it makes it a lot easier to do change within your organization. If there’s a demand signal on the part of your constituencies — your clients [and] customers, then it becomes a lot easier to tell them that [in order] to get that, they’re going to have to do something different.”

Throughout history, he said, it’s been the same. Not everyone wanted to use a personal computer when they first rolled out; nor did everyone trust the Internet at first; however, forward-thinking organizations demonstrated how to use this new technology in a beneficial manner, and thus got clients on board.

“You have that going on right now with cloud computing — which is the good side. The tough side is that, when you have so much hype . . . then you have that, as Gartner would say, the great risk of the trough of disillusionment. So, trying to do expectation management about — what does cloud computing mean to you and how would you leverage it and what would you leverage for? It’s not going to be the same for everybody.”

Though it is different for every organization and agency, Wennergren highlighted what DoD is currently doing in order to give everyone at ELC a better idea of how the cloud might work.

“So we have this vision in the Department of Defense that you’re going to be able to get on any computing device, slap your card in and find the people and information that you need to get your job done. That’s a different world than the one we live in today, but there is a whole bunch of activity that’s going on to break down those barriers.”

Currently, these activities range from leveraging Web services and move to a more service oriented approach to doing business to eliminating stovepipes to utlizing Web 2.0 tools.

“In DoD speak, we’ve been talking about net-centric for a long time, which is what this is all about. This movement to the cloud is a culmination of a data-focused approach, a service oriented approach and the ability to have your infrastructure ubiquitously available along with the services.”

Overall, Wennergren said DoD’s goal is having a massive ability to collaborate in a secure environment.

“If you do it right, you could actually do this better in a world that involves the cloud.”

DoD developing apps store; DISA rolls out RACE

The Federal Cloud Blog just spoke with Henry Sienkiewicz, Technical Program Director for DISA’s Computing Services Directorate, who told us all about how DISA is moving into the cloud with its Rapid Access Computing Environment (RACE) . . . and about the fact that the Defense Department plans to launch an apps store of its own!

---

Listen to Henry Sienkiewicz talking with FCB

---

Federal Cloud Blog: This platform that you’re building. So, you’re in DoD and you want to try something. Walk us through the steps [and] how this works.

Henry Sienkiewicz: It’s actually very straightforward. We model the portal as if we were a commercial hosting site. So, under disa.mil, at the very top of the homepage right now, you’ll see the RACE logo. Or you can go through the computing services page on the side of the DISA portal to get to the RACE environment. You just literally log on there. You have to use your CAC card. . . . You log onto the portal and you just sign yourself up. You can pick and choose a variety of options. While we’ve tried to highly standardize the environment, we recognize that some users will need more computing, some will need more storage, so we’ve given them a mix-and-match portfolio to be able to pick a variety of options, although we’ve tried to keep it standardized with a LAMP stack as well as a Windows stack.

FCB: It seems like, in some ways, you may actually be able to improve the security levels of what most servers [have] because this is something you guys focus on all the time.

HS: That’s absolutely correct, although . . . one of the other neat pieces of the portal is that we actually are able to take a NIPR, which is the way we transfer money inside the department, or a government credit card online. We launched that, actually, in October of last year and it was one of those things that took a great deal of time and effort from the rest of the team — to figure out how to do — and our friends at Treasury helped us with the process. But it was a great success story on — how do we actually allow people to have that flexibility to order as they need it [while] making sure the money trail is completely and totally followed properly? We can spin up on virtual operating environments as fast as everyone else. 23 plus of those hours from our test and development environment — I’m able to provison right now in 24 hours — [and] 23 plus of those hours is actually moving the money. So, for us it’s been a great story.

FCB: You’ve been in development and you’ve been testing. What are some of the lessons that you learned from the test platform that actually ended up going into the live platform?

HS: We actually were able to use almost all of the code, all of the process, all of the procedures. When we thought it out at the very beginning, we established a very solid baseline at that point in time. Over the course of the last year, we’ve added additional options. We’ve done incremental releases, so we’re not believers in a big bang release of just one major code release a year.

FCB: And that is something particular with cloud computing. It gives you that ability to do that — and it makes those kind of iterative releases [easier]. It doesn’t become the ordeal that it could be.

HS: By keeping it standardized underneath the covers, we’re able to gradually and gracefully release and bring the customer base along with us, as opposed to forcing them to do massive migrations all at once, we’re able to go there and gradually allow them the ability to keep moving forward.

FCB: Is this something that would be available through the Apps store, even thought [it is] seen as largely commercial products?

HS: We are not going to put it as part of the GSA apps store. We’re going to be working with the DoD CIO as they’re developing an application store, as well. So we’re going to be folding our efforts in there; however, the team that has worked on the GSA apps store and my team have been actively engaged and participating in a lot of the same venues and a lot of the same conferences and we are more than willing to share what we have done with the rest of the federal community. My boss . . . and I are routinely talking, both in public forums, as well as in government forums, on these very topics. Our team is routinely interacting outside the agency and across the department with other people who are trying to establish the exact same thing.

DoD’s Chief Information Officer Discusses the Cloud

FCB recently sent out a questionnaire about cloud computing. The following are answers, provided via email, from John J. Shea, (SES) Assistant Secretary of Defense (Networks & Information Integration) DoD Chief Information Officer.

Federal Cloud Blog: Does your agency/organization used shared services in IT? If so please describe.

John Shea: With regards to Services defined by a Service Oriented Architecture – Enterprise (SOA – SOE), the department has most definitely been sharing Services as demonstrated by DISA’s Net-Centric Enterprise Services (NCES) program. One example is their highly successful GIG Content Delivery Service (GCDS) which uses Akamai technology, to provide intelligent routing and forward deployed caching of web-based content. This Service achieves up to 30 times better user performance while offloading up to 90% of the “reach-back” hits to DISA data center infrastructure.

FCB: If you do use shared services, what was your motivation? Have the results been what you expected? What has not gone as well as you’d expected.

JS: In terms of motivation, that’s a simple question to answer. Industry has proven the Services construct to be superior method of delivering capability (in the form of an information advantage). Reuse, shared, scalable, extensible are applicable attributes when describing the Service construct.

The results within the DoD framework have been somewhat slower to realize due in part to the complexity of our applications, the interdependency of the applications and the criticality of associated command and control requirements. However, the maturity of NCES is helping to overcome these issues.

FCB: Now let’s talk about cloud computing. We’ll define it as having a third party host your applications and storage, accessible via the internet in a business model in which you pay. Are you investigating, piloting, using or not considering moving to the cloud? Are you currently doing more than one of these things.

JS: We are investigating and piloting.

When it comes to Cloud Computing, it’s important to understand that it is a “disruptive technology” that requires a new foundation of knowledge to understand. With that said, we are just now beginning to understand this next-generation phenomena.

Additionally, Cloud Computing is still in the “hyper-buzz” phase and still requires several years of maturity before we can adopt in earnest. This doesn’t mean that we should keep our heads in the sand…. just the contrary. When Amazon rolled out their highly successful Amazon Web Services (AWS) it was only done after a five-year planning process.

In terms of investigation, we are actively participating on the Federal Cloud Computing Working Group for early adoption guidance (policy and standards). The work by this WG (directed by Mr. Vivek Kundra and led by the Federal CIO Council) is ground breaking and will set the course for the entire federal government.

Right now, we are not looking at a 3rd party hosting model for the department, but rather planning to utilize DISA’s Rapid Access Computing Environment (RACE) as our primary provider of Cloud Computing Services (Infrastructure, Software and Platform as a Services).

RACE will be coming online early in 2010.

FCB: If you are investigating, piloting or using, which services are part of your efforts: storage, e-mail, other communications (such as instant messaging), office productivity applications, agency-specific applications?

JS: All the above.

RACE Infrastructure as a Service (IaaS) will deliver an “elastic” provisioning of virtualized Certified and Accredited IT hardware components (storage, processing stacks, etc).

Enterprise applications (like E-Mail) and mission specific applications will operate in a multi-tenant environment.

RACE will be coming online early in 2010.

FCB: Please describe your service level agreement, for example, what is required in terms of up time, how fast new users are provisioned, security. That is, what are you getting contractually?

JS: We are just now starting to look at Cloud Computing SLA’s.

FCB: Describe how you pay for cloud services. For example, per user? Per hour agency wide? Is there an initial startup fee for the agency? For each user as he or she is added?

JS: There are a couple of pay-for-service models we are looking at. RACE is looking at offering a “pay only for what you need, month-to-month with no annual maintenance fee” model.

Others will be considered as we complete further investigation and learn as we grow.

FCB: Is your cloud coming from a commercial entity, another agency, or your own agency?

JS: Right now, DISA is our primary Cloud Computing provider.

FCB: Were there any unexpected issues that arose when you initialized your cloud arrangement? If so, please describe it/them.

JS: We are just now in the planning phase for our Cloud Computing Pilots.

FCB: Who (by position, not individual) was part of the decision to move to the cloud model?

JS: Within the Department, the decision to move to a “cloud model” has been an evolutionary process directed by the ASD NII/DoD-CIO.

FCB: Please describe the non-technical issues you had to work through for cloud. For example, agency culture, skepticism from the technology shop or other contractors.

JS: It’s too early to say; however, we feel the biggest barrier will be culture and not technology.

Our DoD Acquisition process for IT could — and I emphasize could — also be a factor.