A Combat Support Agency
Cloud Computing: An
Operational Perspective
Henry J. Sienkiewicz
Technical Program Director
Center for Computing Services
27 February 2009
An Operational Perspective
A Combat Support Agency
• Warfighter-centric
• Legacy & Web 2.0
• Internal & external
services
2
Center For Computing Services
A Combat Support Agency
provide command
and control
Command & Control
Global Command and Control System (GCCS)
Global Combat Support System (GCSS)
Missile Defense C2BMC
Warfighter Logistics
Defense Distribution Standard System (DSS)
DLA Enterprise Business Management System
Transportation and cargo movement systems
Combat requisition and maintenance systems
manage parts and
replenish supplies
DoD Financial and Security
Military and Civilian Pay & Personnel
Electronic business and contracting systems
Public Key Infrastructure (PKI)
provision ships
pay the warfighters
Health & Medical Readiness
Composite Health Care System (AHLTA)
manage transportation
and maintenance
Enterprise Services
Global Content Delivery System (GCDS)
DMZ Infrastructure
Combat Support Computing
provide medical care
3
DISA Computing Environment
A Combat Support Agency
• 4,000,000+ users
• 13 facilities
• 445,000 sq ft raised floor
• 34 mainframes
• 6100 servers
• 3800 terabytes of Storage
• 2,800 application / database
instances
• 215 software vendors
Defense Enterprise Computing Centers (DECC)
4
Computing Services – Jan 2009
A Combat Support Agency
Mechanicsburg
Ogden
Columbus
Dayton
Denver
Chambersburg
NCR
St Louis
Oklahoma
City
Hawaii
Pacific
Europe
Huntsville
Warner Robins
Montgomery
Pensacola
San Antonio
Systems Management Center (SMC) – @ 350 FTEs
(Mainframe & Server processing)
OCONUS Defense Enterprise Computing
Center (DECC)
Infrastructure Services Center (ISC) – @ 100 FTEs
Headquarters
Processing Element PE) – @ 13 FTEs
5
What is “Cloud Computing?”
A Combat Support Agency
•
User:
–
–
–
–
•
Cloud provider automatically
–
–
•
–
Doesn’t care about which servers, which databases, which
hardware, how much memory (the cloud platform handles all of
that)
Users are totally free away from any technical complexity other
than the service itself.
Cloud provider
–
–
•
Provisions the services
Scales the application and the database together
User
–
•
Builds a web application,
Using a standard platform
Using a standard database
Upload this application to a cloud provider
Decides how to cache content, how and where to deploy servers
based on demand, performs backups, and even has the ability
for the business to distinguish "production" from "staging"
deployments.
Has ongoing management and monitoring of the external service.
User:
–
–
Only pays for what s/he uses when s/he needs it.
Everything else is an implementation detail.
6
A Combat Support Agency
Clouds
Complexity With A Promise Of ….
• Application Flexibility
– Standardized
– Increasingly “click to run”
services
– Live in remote Internet
data centers
– Scalable to millions
– Use shared IT
infrastructure
• Procurement
–
–
–
–
Cloud Computing Storage Mindmap
Efficient
Rapid
Commoditized
“Pay by the sip”
• Security
– Simplified
– Streamlined
7
Cloud Types and Cloud Development
A Combat Support Agency
Many Different Types
Environment To Develop
8
Cloud Types: An Ontology
A Combat Support Agency
Different Types But All Services-centric
9
Cloud Types
A Combat Support Agency
•
Platform-As-A-Service (PaaS)
–
–
–
The delivery of a computing platform, and/or solution stack as a service
Facilitates deployment of applications without the cost and complexity of buying and managing the underlying
hardware and software layers
For example:
•
Web application frameworks
–
–
–
•
•
•
The delivery of computer infrastructure as a services, typically platform virtualization
For example:
•
•
•
•
Full virtualization
Grid computing
Management
Compute
Applications-As-A-Service (AaaS) /Software-As-A-Service (SaaS)
–
Leverages the Cloud in software architecture
–
–
Eliminates the need to install and run the application on the customer's own computer
For example:
•
•
•
•
•
Web hosting
Proprietary
Infrastructure-As-A-Service (IaaS)
–
–
•
Ajax
Python Jingo
Ruby on Rails
Peer-to-peer / volunteer computing
Web application
Software as a service
Software plus services
Database-As-A-Service (DaaS)
–
Leverages the Cloud for delivering database services
Users Want To Use The “Cloud” Services
10
A Combat Support Agency
Creating A “Cloud”
Providers Think Of How To Build A “Cloud”
11
A Combat Support Agency
Enabling the
Cloud Environment
 Infrastructure
–
–
–
–
–
–
Consolidation
Global Information Grid
Capacity Services
Virtualization
Rapid Provisioning
Facility Analysis
 Software
– Network-Centric Services
– Software-as-a-Service (Saas)
– Forge.mil
 Processes
– ITIL
– Security (Certification &
Accreditation)
– Computing Service Provider
(CSP) Analysis
– “Greening”
Multiple Technology Rivers Merging
12
A Combat Support Agency
Infrastructure
13
Legacy of Consolidations and Savings
A Combat Support Agency
Service/
Agency
consolidation
under DMRD
924
1990
• Reduced
number of
mainframe
sites from 194
to 71
• Saved
$320M/year
DISA
Megacenter
consolidation
– DMRD
918/BRAC
1993
• Reduced
number of
mainframe
sites from 71
to 16
• Saved
$206M/year
DISA
“SMART”
consolidation
under QDR
and DRI
1998
DISA combat
support
computing
transformation
2005
• Mainframe & Server
• Reduced
consolidation
mainframe
sites from 16 • 4 primary sites w/
remote system mgmt
to 5
• Centralized all business
• Saved
functions
$203M/year
• Saved
$143M/year
Consolidation Helps But
Co-location Is Not The “Cloud”
14
Network Services
A Combat Support Agency
Flexible
SOA
Foundation
Network Aware
Applications
Single
Authentication
Site
Common
Storage &
Retrieval
Centralized
Computing
Services
Shared LongHaul
Transport
For Services/
Agencies
End-to-End
MPLS
Plug & Play
Ad Hoc
Connectivity
Everything
Over IP
Integrated Network Services Are Critical To
Delivering “Cloud” Services
15
Capacity Services
A Combat Support Agency
Concept
• Acquire capacity as a service provided by
vendor partners
• Pay much like a homeowner pays for utilities,
e.g., by CPU-hours or megabytes consumed
Processor Orders to date
•
439 total orders completed, with a $31.5M
annualized value
Average delivery timeline of 11 days
•
–
–
–
14 days for mainframe; 10 for server
113 orders took less than 5 days
208 orders took between 5 – 14 days
Storage Orders to date
•
•
157 Total ESS Orders Completed, with a
$9.6M Annualized Value
Average Delivery Timeline of 14 Days
–
–
–
7 Days for Disk
11 Days for Network Ports
24 Days for Tape Slot Capacity
Speed, Agility, Utility Pricing, Reduced Overhead &
Technology Currency
16
Virtualization & Tech Refresh
A Combat Support Agency
One Customer Infrastructure
FY08
BEFORE
Reduced Footprint
Annual Sustainment: $25.9 M
FY09
AFTER
Annual Sustainment: $14.3 M
• Increased server utilization
• Significant savings
• Faster provisioning
Virtualized
Not In Itself A “Cloud”
45 %Issavings
17
A Combat Support Agency
Rapid Access
Computing Environment
Agile and responsive computing
Authorized customers order and gain
access to a Server in less than 24
hours
Provides flexible development
platform for Web, application or
database
Windows, Red Hat, SUSE Servers in less
than 30 minutes
MIPR or government credit card
User Self-service
18
A Combat Support Agency
Facility Analysis
•
•
•
•
•
•
•
•
•
•
Building site
Building controls
Electrical systems
Exterior structure
Operations & maintenance service
management
Fire protection systems
Security system
HVAC systems & plumbing
Interior structures
Much, much more……
Comprehensive & Routine Facility Analysis
Ensures “Cloud” Readiness
19
A Combat Support Agency
Software Services:
Bridging Developers and Operations
20
Net-Centric Enterprise Services
A Combat Support Agency
User Access
Web-based
Joint access to NCES
using Defense
Knowledge Online
Collaboration
People
Discovery
Locate specific
information for
people
Real-time voice, text,
video, application
sessions
Service
Discovery
Metadata
Discovery
Metadata
Registry
Ability to discover,
develop & reuse
services
Service
Security
Ability to discover,
develop & reuse data
semantics
Content
Discovery
NCES
Ability to operate in
a secure
environment
Enterprise
Service
Management
Monitors services
availability &
reliability
Access to data;
improved content
awareness
Mediation
Exchange data
with unanticipated
users & formats
Messaging
Real-time updates
& alert notifications
as data change
Content
Delivery
Improved
responsiveness &
bandwidth usage
21
A Combat Support Agency
Software as a Service (SaaS)
Challenge
SaaS Provider(s)
•
Large number of software vendors
•
Manage software on “usage” basis
•
3M+ user baseline, continually changing and growing
•
Established negotiated prices
•
Dynamic processing requirements
•
Include future versions/releases
•
Software acquisition lead time
•
Provide maintenance and patches
•
Outyear capital projection for technology infusion
Value Add
•
Ability to rapidly change/grow baseline
•
Allows technology infusion on timely basis
•
No outyear capital projections required
•
Partnership with vendor(s)
22
Forge.mil
A Combat Support Agency
•
•
•
•
•
•
•
Collaborative environment supporting the development and
sharing of open source and community source software
within the DoD
Limited Operation Availability: January 23, 2009
General Availability: March 27, 2009
Common evaluation criteria and an agile certification
process to accelerate the certification of reusable, netcentric solutions
Limited Operational Availability: June 20, 2009
On demand application development and lifecycle
management tools provided buy DISA CSD on a fee-forservice bases for private project or program use
Availability: TBD
Bridging Developers & Operations
– Fosters The Cloud
23
A Combat Support Agency
Processes
24
A Combat Support Agency
•
•
•
Information Technology
Infrastructure Library
A customizable framework of best practices
designed to promote quality computing services in
the information technology (IT) sector.
A systematic approach to the provisioning and
management of IT services, from inception
through design, implementation, operation and
continual improvement.
Computing Services is a DoD leader in educating
its professional staff in information technology
‘best practices’:
•
•
•
•
Almost 100% of staff educated at the Foundation
Level of ITIL concepts
100% Customer Management Executives (CMEs)
are certified ITIL Practitioners in Service Level
Management
Over 100 GS-12 through GS-15s are Practitioners in
Incident/Problem Management
Approximately 50 key personnel are Practitioners in
Change/Release/Configuration Management
Continual Process Improvement
Service
Transition
Service
Design
Service
Strategy
Service
Operation
Continual Process Improvement
Providing The Community
With A Common Language & Processes
25
A Combat Support Agency
Computing Service
Provider (CSP) Overview
• A tactical tool that allows DISA to extend enhanced operational
capabilities (NetOps) to non-DECC computing center
environments. Two primary components:
– Facility capability assessment
– Integration of tools and processes to enable NetOps Capabilities
• Applies a structured methodology to enable service management
that ensures
– Support for centralized visibility into the operation of key systems and services
consistent with NetOps operational construct
– Compliance and risk management under DISA’s IA program
– Compliance with DoD requirements for computing infrastructure and operations
processes appropriate to MAC Level
•
CSP is not a periodic audit/checklist
– Requires specific process and technical changes to enable NetOps
– Sustainment requires long-term coordination between DISA, system owner, system
operator
Data Center Operations “Best Practices”
26
Certification & Accreditation
A Combat Support Agency
• Various C&A approaches
– “Traditional” Defense Information
Technology Security Certification and
Accreditation Process (DITSCAP)
– Department of Defense Information
Assurance Certification and
Accreditation Process (DIACAP)
DIACAP
– Emerging Models
• Landlord/Tenant
• Application Security Evaluation (ASE)
• Appropriate approach based on risk
identification and mitigation
Ensuring Security Is Part Of Creating A “Cloud”
27
A Combat Support Agency
Security Technical
Implementation Guide (STIG)
• Goals:
– Intrusion Avoidance
– Intrusion Detections
– Response and Recovery
• Focus Areas:
–
–
–
–
Network/Perimeter
Peripherals
Operating Systems
Users
Standardized Procedures Critical
To Enterprise-wide Security
28
“Greening” DECC Infrastructure
A Combat Support Agency
Challenge
•
Increasing energy costs
•
Increased cooling requirements to support
more compact implementations
•
Increased regulatory environment
Initiatives
•
Consolidation
•
Virtualization
•
Duct cooling
•
Variable frequency drives
•
Motion sensor lighting
•
Water reclamation
“Greening” Is Part Of Good Stewardship
29
A Combat Support Agency
Clouds
Complexity With A Promise Of ….
A Simple Idea
•
User:
– Builds a web application,
– Using a standard platform
– Using a standard database
– Upload this application to a cloud provider
– Only pays for what s/he uses when
s/he needs it.
– Everything else is an implementation
detail.
•
Cloud provider automatically
– Provisions the services
– Scales the application and the database
together
Clear Tenets
•
Application Flexibility
– Standardized
– Increasing “click to run” services
– Live in remote Internet data centers
– Scalable to millions
•
Procurement
– Efficient
– Rapid
– Commoditized
– “Pay by the sip”
•
Security
– Simplified
– Streamlined
Multi-faceted Enablement
•
Infrastructure
•
– Consolidation
– Global Information Grid
– Capacity Services
– Virtualization
– Rapid Provisioning
– Facility Analysis
Software
– Network-centric Services
– Software-as-a-Service (Saas)
– Forge.mil
It’s A Journey
•
Processes
– ITIL
– Security (Certification &
Accreditation)
– Computer Service Provider
(CSP)
– “Greening”
30
A Combat Support Agency
31