How DISA is using secure clouds

Security is always a concern, but nowhere is it more important than at a place like the Defense Information Systems Agency.

Henry Sienkiewicz, chief information officer at DISA and tells us all about how they’re using secure clouds at his agency.

FCB: DISA runs RACE. It runs forge.mil, which was just used by the Army for its Apps for the Army program. What does the future hold?

HS: We actually just see a continual growth and emphasis on this. We, as an organization, have completely embraced the idea of agile dynamic provisioning — secure, scalable, elastic — I don’t want to keep using all of those buzz words, because I think, at times, we have all been Power Pointed to death, but using partnerships like Apps for the Army, has been able to allow us to recraft this as a market offering.

We internally learned a lot of lessons. We learned lessons about private code branding so that we were able to give the Army their own portal. We learned lessons about allowing middleware applications. I think you’re going to still see those other partnerships, or you’re going to see partnerships with organizations that are also pushing this envelope, like Transcom — where [leaders] are creating things like the Knowledge Management Lab out at Scott Air Force Base that are really embracing the exact same principles.

So, you’re going to see us having that continued emphasis on innovative service delivery — RACE, forge.mil. Also, when you look across that entire stack of cloud computing — global content delivery system — we’re just seeing more and more adoption of that. The 56 nodes are up and running and we’re adding more products every day. We’re working on things like enterprise recursive services.

You’re still seeing DISA looking across the entire stack and using [NIST’s] definition of the cloud for platform and infrastructure applications and software. You’re seeing a concerted push across all of those environments from the DISA family.

FCB: From your perspective internally, now, obviously you used to look more externally, now you’re looking more internally. Are you guys within DISA using RACE and forge.mil to address internal needs?

HS: Most assuredly. We have to embrace internally and use ourselves as the initial test bed for some of these things. I think one of the better examples — we were the test bed [for the DoD Visitor].

We put it up, we installed it onto our internal production system immediately. It is that ability to use your CAC card to login and sign in to a computer anywhere in the department. I was the one who accredited it for the department, and in my role as the DISA CIO — I also was the first one to install it on a production network. So, you’re going to see more of that activity, as well. We’re going to test and try it internally before we launch it out to the rest of the marketplace.

FCB: Has this been tested and tried so far within DISA?

HS: We actually have it up on our production network already, and we’re also seeing adoption across the department.

Hear more from Henry Sienkiewicz on Ask the CIO.

Always have an exit strategy when looking at cloud

Last week, Fed Cloud Blog promised to bring you more of our chat with Gunnar Hellekson, chief technology strategist for Red Hat’s U.S. Public Sector Group.

Today he starts out by explaining how Red Hat has been supporting the federal government, and also has some tips for what agency CIOs should be looking for when it comes to looking at the cloud.

GH: Red Hat has been supporting the federal government in cloud computing in a number of ways.

First, on a basic technology level, much of the innovation that’s going on in cloud computing and virtualization has been happening in the open source world, specifically, in the open source Linux project.

Red Hat is best known as a vendor of Linux services and support and our engineers have been working for many years on virtualization technology, and doing what it is that we’ve always done with the open source community, which is creating an enabling layer that sits between your hardware and your applciations and actually gives your applications access to some of the really interesting innovations that are going on down in the hardware. So, in the role as a hypervisor — in the role as a software that hosts virtual guests in a cloud computing environment, we’ve been working in that space for some time.

Second, I think it’s really interesting that if you look at some of the clouds that are being stood up now, like the RACE project over at DISA and elsewhere, you’ll see that these cloud computing environments are really offering two platforms to their end users. One is Windows and one is Linux, most often specifically Red Hat Enterprise Linux.

So that’s kind of heartening to see, in conjunction with this move toward cloud computing, we’re seeing a consolidation on to those two operating system platforms. That really, though, is just about technology and delivering low-cost, high-quality, very secure operating systems, which is something we’ve been doing for the federal government for 10 years now

I think what’s more interesting is the way in which we’re able to provide some guidance and some best practices to federal agencies, specifically through our cloud provider certification program. These programs give providers a set of best practices so that they know they will be protected against what is a very quickly moving market. Red Hat is providing them a template for success.

FCB: Is there something specific, in terms of that template, of what a CIO at agency ‘X’ should be thinking about if he or she is looking at cloud computing?

GH: There are a number of concerns, obviously.

Cloud computing is extremely disruptive. So, the CIO has a whole lot to think about.

In most cases, you won’t be providing your own cloud services. In most cases, a CIO will be a consumer of cloud services. So, as a consumer, you’re interested in ensuring that you have a supportable, standard build of you operating system so that you have a stable and predictable platform on which you can put your applications. You want the ability to post for those virtual guests — you want those to be portable.

Cloud computing isn’t just about providing cheap computing cycles, it’s also about the ability to compete the hosting of your applications with much less friction than you have today. Today, if you outsource your data center or you’re hiring another organization to host your computing workload, you have to worry about — am I going to pickup backup, and then I’ve got to take backup and go restore it to a new provider — it’s an extremely costly process.

The premise of cloud computing is to provide enough interoperability and have enough standards so that you should be able to easily move your workload from one provider to another, which creates a . . . much more competitive market than you would have before.

As you’re evaluating cloud providers, you want to be thinking about — what is their interoperability? How well would they work with another cloud provider? How easily can I move my workload from one provider to another?

For the last 10 years, Red Hat has really made its name taking folks from proprietary operating systems that were often tied to hardware . . . [and] getting them off of these proprietary hardware systems and proprietary operating systems and moving them onto commodity hardware. . . . One of the big reasons why people wanted to make that move is so that they could compete their hardware. If you had IBM, you wanted to be able to collect bids from Dell and HP, as well. That competitive market drives down the cost of your hardware.

In cloud computing now we see all of that progress of the last 10 years starting to get undone as people move onto these cloud environments. There’s a danger that you’re going to get locked into a particular hosting provider, a particular virtualization technology. So, as you’re evaluating these hosting providers, you want to be paying a lot of attention to interoperability. You want to make sure that there’s a safe exit strategy

ACT-IAC’s cloud SIG needs you

2010 has already been deemed by some as the year of the cloud.

ACT-IAC is a non-profit, public-private partnership dedicated to improving government through the application of information technology.

They recently started a shared interest group (SIG) on cloud, and Habib Nasibdar is its chair.

He sat down with the Fed Cloud Blog to talk about why ACT-IAC decided to take this step.

Fed Cloud Blog: Tell us a little about this shared interest group. What are your ultimate goals?

Habib Nasibdar: The cloud computing shared interest group — SIG, as we call it — was created [in 2009] and it’s really a forum where industry partners get together with government executives in solving some of the core issues around cloud computing.

FCB How difficult was it to get people together from industry and the federal sector?

HN: It’s never easy to have people on the same page, but I guess the momentum put forward by the administration around cloud computing as part of the federal agenda [helped].

ACT-IAC’s leadership of immediate involvement to drive a dialogue around cloud computing helped tremendously.

FCB: When you have these discussions . . . are you finding that it’s harder for private industry to move forward or public, government agencies to move forward with cloud?

HN: It is actually difficult on both sides. Innovation is always driven by industry, and the government being the client, it drives and fuels that innovation.

It is difficult for government to adopt cloud, at times, because of the issues that they’re facing and trying to resolve.

I believe the dialogue is constant around some of the issues and challenges that federal agencies face in resolving those issues first, before the adoption begins.

FCB: Have you discovered anyone on [either] side who’s got a great set of best practices that everybody else might follow? Or are you still trying to figure out who that is?

HN: This whole cloud computing arena itself is so big, it would be unfair to say that anyone has any best practices, but there are certain federal agencies that have demonstrated, quite effectively, how they have adopted some of the core principles of cloud computing.

For example, you have RACE based out of DISA. They have done an exceptional job. Forge.mil is another DoD initiative. [Also] Nebula out of NASA. And, certainly, there’s Apps.gov.

So you have programs that are out there, but best practices are still in the works.

FCB: Do you see cloud computing as a whole facilitating the implementation of best practices [in other areas of government]?

HN Certainly. Cloud computing has a lot of promise.

That’s the reason there’s so much momentum behind it.

The short answer is, certainly, and again, as the discussions go on around cloud computing and federal adoption with industry innovation, I see things getting better.

FCB: Anything else you’d like to add?

HN: We, as a cloud computing SIG, are open to any industry partner who’s a member of IAC.

We have representatives from different perspectives, different functional organizations on our SIG.

What I would like to do is give a shout out to everyone . . . to participate, and help drive this dialogue further.

Find more details about how you can join here.

DISA building on what’s already been done in terms of cloud

Last week, AFCEA held its monthly luncheon in Arlington.

January’s topic was DISA 2010 and Beyond.

Anthony Montemarano is the Component Acquisition Executive at DISA and was one of the panelists.

After the lunch, Fed Cloud Blog caught up with him to chat a little bit about where DISA is going in terms of purchasing cloud services.

Fed Cloud Blog: From the acquisition perspective, is there anything that you guys are doing? Are you looking at cloud in any new ways, or is it more going down the same path?

Anthony Montemarano: You’re not going to see a cloud computing contract. Just like you see forge.mil — that’s cloud computing. Same thing with RACE. Even [the] Global Content Delivery Service. That facilitates cloud.

It’s going to be components that are forming the cloud. You’re not going to see a Web 2.0 solicitation from us. You might see social networking.

You’re not going to see anything from us [in terms of a contract], but those components may contribute to the cloud solution.

FCB: Obviously, there’s a lot of work going on. GSA with Apps.gov — the idea of IaaS, SaaS, PaaS — is that a path you guys are going down at all? Or is your focus really going to be about cloud being part of the bigger solution that meets the mission?

AM: The cloud is part of the bigger solution, but as far as those specifics, it’s going to be on a case-by-case basis. Remember what I say, and I’ll say it again — if GSA is doing it, why am I going to do it?

I will tell you as the acquisition executive at DISA, we are going to exploit what’s already been done. If they’ve done it already, let’s keep going with it.

I wish I could exploit what industry has for collaboration.

Why do I want to get something special? Well, it turns out what they have doesn’t quite make it; it has to be different.

I want to take what’s available.

I want to get out of the software writing mode. That’s no fun anymore.

Later this week — a conversation with Google Federal!

Upcoming cloud events around town

Today we bring you news about events around town regarding the cloud.

Dec. 8, 2009
First up — we already told you about FedScoop’s Cloud Computing Shoot Out. It’s their second event that will focus on U.S. CIO Vivek Kundra’s five pillars of transparent government. This time, panelists will address concerns related to issues surrounding cloud portability, interoperability and security.

Some of the attendees:

• Werner Vogels, CTO, Amazon.com
• Yousef A. Khalidi, Distinguished Engineer, Cloud Computing, Microsoft Corporation
• Michael G. Hill, Vice President, Enterprise Initiatives IBM
• Prasad L. Rampalli, Vice President, Intel Architecture Group, Intel Corporation
• Eran Feigenbaum, Director of Security, Google Enterprise
• Kaveh Vessali, Vice President of Public Sector Solutions, Salesforce.com
• Jeff Bergeron, Chief Technologist, U.S. Public Sector, HP

The Shoot Out will be held at the Newseum and starts at 8 a.m. Register here.

Dec. 9, 2009
The Digital Government Institute presents its Cloud Computing Conference.

Chris Kemp, Chief Information Officer, Ames Research Center, NASA, will deliver the keynote, Government Cloud Computing for 2010: Moving Towards Efficient Operations.

Also, Chris Dorobek of DorobekInsider and Federal News Radio’s Daily Debrief will moderate the panel How to Take Advantage of Cloud Computing Today.

You can register for it here.

Dec. 17, 2009
Also, AFCEA Bethesda Chapter presents IT Infrastructure Management as part of its monthly breakfast series.

The panel will focus on how cloud computing environments, such as NASA’s Nebula and DISA’s Rapid Access Computing Environment (RACE), are changing the landscape of government IT infrastructure management, as well as helping to streamline system, network and storage management.

Speakers include:

• Casey Coleman, Chief Information Officer, General Services Administration (moderator)
• Chris Kemp, Chief Information Officer, NASA Ames Research Center
• Alfred Rivera, Director, Computer Services Directorate, Defense Information Systems Agency
• Keith Trippie, Executive Director, Enterprise System Development Office (ESDO), Office of the Chief Information Officer, Department of Homeland Security
• Pete Tseronis, Associate Chief Information Officer, Department of Energy

Register here.

FCB will, of course, attend all of these events and report back, just in case you can’t make it.

DoD developing apps store; DISA rolls out RACE

The Federal Cloud Blog just spoke with Henry Sienkiewicz, Technical Program Director for DISA’s Computing Services Directorate, who told us all about how DISA is moving into the cloud with its Rapid Access Computing Environment (RACE) . . . and about the fact that the Defense Department plans to launch an apps store of its own!

---

Listen to Henry Sienkiewicz talking with FCB

---

Federal Cloud Blog: This platform that you’re building. So, you’re in DoD and you want to try something. Walk us through the steps [and] how this works.

Henry Sienkiewicz: It’s actually very straightforward. We model the portal as if we were a commercial hosting site. So, under disa.mil, at the very top of the homepage right now, you’ll see the RACE logo. Or you can go through the computing services page on the side of the DISA portal to get to the RACE environment. You just literally log on there. You have to use your CAC card. . . . You log onto the portal and you just sign yourself up. You can pick and choose a variety of options. While we’ve tried to highly standardize the environment, we recognize that some users will need more computing, some will need more storage, so we’ve given them a mix-and-match portfolio to be able to pick a variety of options, although we’ve tried to keep it standardized with a LAMP stack as well as a Windows stack.

FCB: It seems like, in some ways, you may actually be able to improve the security levels of what most servers [have] because this is something you guys focus on all the time.

HS: That’s absolutely correct, although . . . one of the other neat pieces of the portal is that we actually are able to take a NIPR, which is the way we transfer money inside the department, or a government credit card online. We launched that, actually, in October of last year and it was one of those things that took a great deal of time and effort from the rest of the team — to figure out how to do — and our friends at Treasury helped us with the process. But it was a great success story on — how do we actually allow people to have that flexibility to order as they need it [while] making sure the money trail is completely and totally followed properly? We can spin up on virtual operating environments as fast as everyone else. 23 plus of those hours from our test and development environment — I’m able to provison right now in 24 hours — [and] 23 plus of those hours is actually moving the money. So, for us it’s been a great story.

FCB: You’ve been in development and you’ve been testing. What are some of the lessons that you learned from the test platform that actually ended up going into the live platform?

HS: We actually were able to use almost all of the code, all of the process, all of the procedures. When we thought it out at the very beginning, we established a very solid baseline at that point in time. Over the course of the last year, we’ve added additional options. We’ve done incremental releases, so we’re not believers in a big bang release of just one major code release a year.

FCB: And that is something particular with cloud computing. It gives you that ability to do that — and it makes those kind of iterative releases [easier]. It doesn’t become the ordeal that it could be.

HS: By keeping it standardized underneath the covers, we’re able to gradually and gracefully release and bring the customer base along with us, as opposed to forcing them to do massive migrations all at once, we’re able to go there and gradually allow them the ability to keep moving forward.

FCB: Is this something that would be available through the Apps store, even thought [it is] seen as largely commercial products?

HS: We are not going to put it as part of the GSA apps store. We’re going to be working with the DoD CIO as they’re developing an application store, as well. So we’re going to be folding our efforts in there; however, the team that has worked on the GSA apps store and my team have been actively engaged and participating in a lot of the same venues and a lot of the same conferences and we are more than willing to share what we have done with the rest of the federal community. My boss . . . and I are routinely talking, both in public forums, as well as in government forums, on these very topics. Our team is routinely interacting outside the agency and across the department with other people who are trying to establish the exact same thing.