A Combat Support Agency Cloud Computing: An Operational Perspective Henry J. Sienkiewicz Technical Program Director Center for Computing Services 27 February 2009 An Operational Perspective A Combat Support Agency • Warfighter-centric • Legacy & Web 2.0 • Internal & external services 2 Center For Computing Services A Combat Support Agency provide command and control Command & Control Global Command and Control System (GCCS) Global Combat Support System (GCSS) Missile Defense C2BMC Warfighter Logistics Defense Distribution Standard System (DSS) DLA Enterprise Business Management System Transportation and cargo movement systems Combat requisition and maintenance systems manage parts and replenish supplies DoD Financial and Security Military and Civilian Pay & Personnel Electronic business and contracting systems Public Key Infrastructure (PKI) provision ships pay the warfighters Health & Medical Readiness Composite Health Care System (AHLTA) manage transportation and maintenance Enterprise Services Global Content Delivery System (GCDS) DMZ Infrastructure Combat Support Computing provide medical care 3 DISA Computing Environment A Combat Support Agency • 4,000,000+ users • 13 facilities • 445,000 sq ft raised floor • 34 mainframes • 6100 servers • 3800 terabytes of Storage • 2,800 application / database instances • 215 software vendors Defense Enterprise Computing Centers (DECC) 4 Computing Services – Jan 2009 A Combat Support Agency Mechanicsburg Ogden Columbus Dayton Denver Chambersburg NCR St Louis Oklahoma City Hawaii Pacific Europe Huntsville Warner Robins Montgomery Pensacola San Antonio Systems Management Center (SMC) – @ 350 FTEs (Mainframe & Server processing) OCONUS Defense Enterprise Computing Center (DECC) Infrastructure Services Center (ISC) – @ 100 FTEs Headquarters Processing Element PE) – @ 13 FTEs 5 What is “Cloud Computing?” A Combat Support Agency • User: – – – – • Cloud provider automatically – – • – Doesn’t care about which servers, which databases, which hardware, how much memory (the cloud platform handles all of that) Users are totally free away from any technical complexity other than the service itself. Cloud provider – – • Provisions the services Scales the application and the database together User – • Builds a web application, Using a standard platform Using a standard database Upload this application to a cloud provider Decides how to cache content, how and where to deploy servers based on demand, performs backups, and even has the ability for the business to distinguish "production" from "staging" deployments. Has ongoing management and monitoring of the external service. User: – – Only pays for what s/he uses when s/he needs it. Everything else is an implementation detail. 6 A Combat Support Agency Clouds Complexity With A Promise Of …. • Application Flexibility – Standardized – Increasingly “click to run” services – Live in remote Internet data centers – Scalable to millions – Use shared IT infrastructure • Procurement – – – – Cloud Computing Storage Mindmap Efficient Rapid Commoditized “Pay by the sip” • Security – Simplified – Streamlined 7 Cloud Types and Cloud Development A Combat Support Agency Many Different Types Environment To Develop 8 Cloud Types: An Ontology A Combat Support Agency Different Types But All Services-centric 9 Cloud Types A Combat Support Agency • Platform-As-A-Service (PaaS) – – – The delivery of a computing platform, and/or solution stack as a service Facilitates deployment of applications without the cost and complexity of buying and managing the underlying hardware and software layers For example: • Web application frameworks – – – • • • The delivery of computer infrastructure as a services, typically platform virtualization For example: • • • • Full virtualization Grid computing Management Compute Applications-As-A-Service (AaaS) /Software-As-A-Service (SaaS) – Leverages the Cloud in software architecture – – Eliminates the need to install and run the application on the customer's own computer For example: • • • • • Web hosting Proprietary Infrastructure-As-A-Service (IaaS) – – • Ajax Python Jingo Ruby on Rails Peer-to-peer / volunteer computing Web application Software as a service Software plus services Database-As-A-Service (DaaS) – Leverages the Cloud for delivering database services Users Want To Use The “Cloud” Services 10 A Combat Support Agency Creating A “Cloud” Providers Think Of How To Build A “Cloud” 11 A Combat Support Agency Enabling the Cloud Environment Infrastructure – – – – – – Consolidation Global Information Grid Capacity Services Virtualization Rapid Provisioning Facility Analysis Software – Network-Centric Services – Software-as-a-Service (Saas) – Forge.mil Processes – ITIL – Security (Certification & Accreditation) – Computing Service Provider (CSP) Analysis – “Greening” Multiple Technology Rivers Merging 12 A Combat Support Agency Infrastructure 13 Legacy of Consolidations and Savings A Combat Support Agency Service/ Agency consolidation under DMRD 924 1990 • Reduced number of mainframe sites from 194 to 71 • Saved $320M/year DISA Megacenter consolidation – DMRD 918/BRAC 1993 • Reduced number of mainframe sites from 71 to 16 • Saved $206M/year DISA “SMART” consolidation under QDR and DRI 1998 DISA combat support computing transformation 2005 • Mainframe & Server • Reduced consolidation mainframe sites from 16 • 4 primary sites w/ remote system mgmt to 5 • Centralized all business • Saved functions $203M/year • Saved $143M/year Consolidation Helps But Co-location Is Not The “Cloud” 14 Network Services A Combat Support Agency Flexible SOA Foundation Network Aware Applications Single Authentication Site Common Storage & Retrieval Centralized Computing Services Shared LongHaul Transport For Services/ Agencies End-to-End MPLS Plug & Play Ad Hoc Connectivity Everything Over IP Integrated Network Services Are Critical To Delivering “Cloud” Services 15 Capacity Services A Combat Support Agency Concept • Acquire capacity as a service provided by vendor partners • Pay much like a homeowner pays for utilities, e.g., by CPU-hours or megabytes consumed Processor Orders to date • 439 total orders completed, with a $31.5M annualized value Average delivery timeline of 11 days • – – – 14 days for mainframe; 10 for server 113 orders took less than 5 days 208 orders took between 5 – 14 days Storage Orders to date • • 157 Total ESS Orders Completed, with a $9.6M Annualized Value Average Delivery Timeline of 14 Days – – – 7 Days for Disk 11 Days for Network Ports 24 Days for Tape Slot Capacity Speed, Agility, Utility Pricing, Reduced Overhead & Technology Currency 16 Virtualization & Tech Refresh A Combat Support Agency One Customer Infrastructure FY08 BEFORE Reduced Footprint Annual Sustainment: $25.9 M FY09 AFTER Annual Sustainment: $14.3 M • Increased server utilization • Significant savings • Faster provisioning Virtualized Not In Itself A “Cloud” 45 %Issavings 17 A Combat Support Agency Rapid Access Computing Environment Agile and responsive computing Authorized customers order and gain access to a Server in less than 24 hours Provides flexible development platform for Web, application or database Windows, Red Hat, SUSE Servers in less than 30 minutes MIPR or government credit card User Self-service 18 A Combat Support Agency Facility Analysis • • • • • • • • • • Building site Building controls Electrical systems Exterior structure Operations & maintenance service management Fire protection systems Security system HVAC systems & plumbing Interior structures Much, much more…… Comprehensive & Routine Facility Analysis Ensures “Cloud” Readiness 19 A Combat Support Agency Software Services: Bridging Developers and Operations 20 Net-Centric Enterprise Services A Combat Support Agency User Access Web-based Joint access to NCES using Defense Knowledge Online Collaboration People Discovery Locate specific information for people Real-time voice, text, video, application sessions Service Discovery Metadata Discovery Metadata Registry Ability to discover, develop & reuse services Service Security Ability to discover, develop & reuse data semantics Content Discovery NCES Ability to operate in a secure environment Enterprise Service Management Monitors services availability & reliability Access to data; improved content awareness Mediation Exchange data with unanticipated users & formats Messaging Real-time updates & alert notifications as data change Content Delivery Improved responsiveness & bandwidth usage 21 A Combat Support Agency Software as a Service (SaaS) Challenge SaaS Provider(s) • Large number of software vendors • Manage software on “usage” basis • 3M+ user baseline, continually changing and growing • Established negotiated prices • Dynamic processing requirements • Include future versions/releases • Software acquisition lead time • Provide maintenance and patches • Outyear capital projection for technology infusion Value Add • Ability to rapidly change/grow baseline • Allows technology infusion on timely basis • No outyear capital projections required • Partnership with vendor(s) 22 Forge.mil A Combat Support Agency • • • • • • • Collaborative environment supporting the development and sharing of open source and community source software within the DoD Limited Operation Availability: January 23, 2009 General Availability: March 27, 2009 Common evaluation criteria and an agile certification process to accelerate the certification of reusable, netcentric solutions Limited Operational Availability: June 20, 2009 On demand application development and lifecycle management tools provided buy DISA CSD on a fee-forservice bases for private project or program use Availability: TBD Bridging Developers & Operations – Fosters The Cloud 23 A Combat Support Agency Processes 24 A Combat Support Agency • • • Information Technology Infrastructure Library A customizable framework of best practices designed to promote quality computing services in the information technology (IT) sector. A systematic approach to the provisioning and management of IT services, from inception through design, implementation, operation and continual improvement. Computing Services is a DoD leader in educating its professional staff in information technology ‘best practices’: • • • • Almost 100% of staff educated at the Foundation Level of ITIL concepts 100% Customer Management Executives (CMEs) are certified ITIL Practitioners in Service Level Management Over 100 GS-12 through GS-15s are Practitioners in Incident/Problem Management Approximately 50 key personnel are Practitioners in Change/Release/Configuration Management Continual Process Improvement Service Transition Service Design Service Strategy Service Operation Continual Process Improvement Providing The Community With A Common Language & Processes 25 A Combat Support Agency Computing Service Provider (CSP) Overview • A tactical tool that allows DISA to extend enhanced operational capabilities (NetOps) to non-DECC computing center environments. Two primary components: – Facility capability assessment – Integration of tools and processes to enable NetOps Capabilities • Applies a structured methodology to enable service management that ensures – Support for centralized visibility into the operation of key systems and services consistent with NetOps operational construct – Compliance and risk management under DISA’s IA program – Compliance with DoD requirements for computing infrastructure and operations processes appropriate to MAC Level • CSP is not a periodic audit/checklist – Requires specific process and technical changes to enable NetOps – Sustainment requires long-term coordination between DISA, system owner, system operator Data Center Operations “Best Practices” 26 Certification & Accreditation A Combat Support Agency • Various C&A approaches – “Traditional” Defense Information Technology Security Certification and Accreditation Process (DITSCAP) – Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) DIACAP – Emerging Models • Landlord/Tenant • Application Security Evaluation (ASE) • Appropriate approach based on risk identification and mitigation Ensuring Security Is Part Of Creating A “Cloud” 27 A Combat Support Agency Security Technical Implementation Guide (STIG) • Goals: – Intrusion Avoidance – Intrusion Detections – Response and Recovery • Focus Areas: – – – – Network/Perimeter Peripherals Operating Systems Users Standardized Procedures Critical To Enterprise-wide Security 28 “Greening” DECC Infrastructure A Combat Support Agency Challenge • Increasing energy costs • Increased cooling requirements to support more compact implementations • Increased regulatory environment Initiatives • Consolidation • Virtualization • Duct cooling • Variable frequency drives • Motion sensor lighting • Water reclamation “Greening” Is Part Of Good Stewardship 29 A Combat Support Agency Clouds Complexity With A Promise Of …. A Simple Idea • User: – Builds a web application, – Using a standard platform – Using a standard database – Upload this application to a cloud provider – Only pays for what s/he uses when s/he needs it. – Everything else is an implementation detail. • Cloud provider automatically – Provisions the services – Scales the application and the database together Clear Tenets • Application Flexibility – Standardized – Increasing “click to run” services – Live in remote Internet data centers – Scalable to millions • Procurement – Efficient – Rapid – Commoditized – “Pay by the sip” • Security – Simplified – Streamlined Multi-faceted Enablement • Infrastructure • – Consolidation – Global Information Grid – Capacity Services – Virtualization – Rapid Provisioning – Facility Analysis Software – Network-centric Services – Software-as-a-Service (Saas) – Forge.mil It’s A Journey • Processes – ITIL – Security (Certification & Accreditation) – Computer Service Provider (CSP) – “Greening” 30 A Combat Support Agency 31