Click to edit Master title style Cloud Computing Initiative Vision and Strategy Document (DRAFT) February 2010 1 Federal Computing Click to Cloud edit Master title style Vision and Mission Cloud Computing Vision Statement Establish secure, easy to use, rapidly provisioned IT services for the Federal Government, including: • Agile and simple acquisition and certification processes; • Elastic, usage-based delivery of pooled computing resources; • Portable, reusable and interoperable business-driven tools; • Browser-based ubiquitous internet access to services; and • Always on and available, utility-like solutions. Cloud Computing Mission Statement Drive the government-wide adoption of cost effective, green and sustainable Federal cloud computing solutions. This information is draft and has not been published, please do not disseminate 2 Cloud Capabilities Tailored to Click to edit MasterMust titlebe style Government’s Unique Needs Federal Government Considerations for Cloud Computing Cloud Computing Services Software as a Service (SaaS) • • • • Citizen Engagement (Wikis, Blogs, Data.gov) Government Productivity (Cloud based tools) Business Enablement (Salesforce.com) Enterprise Applications (Core Mission & Business Svcs) Platform as a Service (PaaS) • Database and Database Management Systems • Developer / Testing Tools • Virtual Environments Infrastructure as a Service (IaaS) • • • Computing Storage Application hosting Security & Data Privacy Offer different levels of security and data privacy based on the application and nature of the services provided. Potential standardize Low, Med and High categories for Simplicity. Delivery & Operations Interoperability & Integration Enable adoption of Cloud Computing services in different Cloud models including Public, Private, Hybrid and Community models. Develop interoperability standards in conjunction with the industry to provide interoperability at the data infrastructure, platform and application levels. 3 The NIST Definition Offers Click to edit Master titleMultiple style Delivery Models for Cloud Computing Outsourced Trust (Security and Data Privacy) High Low Private Cloud Commercially Hosted: Publically available Cloud Computing services offered through commercial sources that are dedicated and separate from the Public both physically and logically and must to remain within the U.S. borders to support heighted data security and privacy requirements. Access to these services are provided through a dedicated Government Intranet and is not accessible from the Public Internet. Public Cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Government Cloud Sourcing Models Private Government Cloud : The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Private Commercially Hosted Cloud Government Dedicated Intranet Private Government Cloud Community Cloud Public Cloud Public Internet Hybrid Government Cloud Community Cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Hybrid Cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting). 4 Federal Computing Click to Cloud edit Master title style Goals and Objectives Establish and Manage Governance Develop Acquisition Vehicles to Ease Agency Procurement of Cloud Computing Solutions Coordinate across the Federal Acquisition community to ensure adoption and implementation of cloud-related procurement policies and processes Facilitate Adoption of the Cloud Computing Storefront Identify Common Cloud Services and Foster Standards Development and Security Policies Develop Architectures that Allow Agencies to More Effectively Implement and Leverage Cloud Computing Services Establish, Manage and Coordinate Cloud Computing Developer Communities and Application Libraries Enable the Reuse, Modularity and Interoperability of Cloud Computing Services Develop and Manage Business Case Templates Identify Core Evaluative Criteria Identify Cloud Computing Performance Metrics (Enterprise and Technical) Develop Case Studies, Best Practices/Lessons Learned to Specifically Demonstrate Support of Sustainability and Cost Effective Computing Operate as a Service Provider Assist and Guide Agencies to Implement and Roll out Cloud Solutions (e.g. Service Provisioning) Facilitate Identification of Agency Partners for Pilot Activities Develop Methodologies to Effectively Assess and Implement Services Develop and Disseminate Cloud Services Operating and Business Models Enable Sustainable & Cost-Effective Computing (Green IT, TCO) Drive Cloud Technology Innovation Enable Implementation and Adoption Provide Procurement Leadership Manage Cloud Computing Executive Steering Committee and Cloud Computing Agency Advisory Council Establish and Manage Communities of Practice and Working Groups Coordinate Policy and Strategy Development and Participation in other Governance bodies related to Cloud Computing activities (e.g. Security, Records Management, eDiscovery) Establish a Federal C&A Process Identify and Offer Government Wide Services (e-mail, instant messaging, Web 2.0 tools, etc) Assist Agencies in Determining Their Role in Developing/Hosting Services Facilitate Common Interfaces to Integrate Existing Federal Cloud service environments Conduct Outreach Activities Develop the Cloud Services Communications Plan Design and Implement a Central Information Portal for Federal Cloud Computing Develop and Manage Content for Communications Manage Cloud-related Wikis, Blogs, Portal, and other collaborative media Develop and present Training This information is draft and has not been published, please do not disseminate 5 Provide strategic roadmaps, best practices, and acquisition guidance Enable Provide cloud computing solutions in support of Federal agency missions Support Create Federal policies on security, standards, and governance Lead Federal Computing Click to Cloud edit Master title style Goals and Primary Objectives and Initiatives Goal Area Primary Objective Primary Initiative Establish and Manage Governance Establish a Security Working Group Establish Security Initiative and Implement and Manage a Federal C&A Process Drive Cloud Technology Innovation Identify Common Cloud Services & Foster Standards Development & Security Policies Develop Requirements for Portability Standards Provide Procurement Leadership Develop Acquisition Vehicles to Ease Agency Procurement of Cloud Computing Solutions Develop Acquisition Roadmap Facilitate Implementation Assist & Guide Agencies to Implement Cloud Solutions (e.g. Service Provisioning) Identify and Facilitate Cloud Computing Agency Pilots Operate as a Solutions Provider Develop the Cloud Services Business Model Develop Services Roadmap Conduct Outreach Activities Design and Implement a Central Information Portal for Federal Cloud Computing Establish Communications Initiative and Develop Portal Identify Cloud Computing Performance Metrics Establish Performance Metrics Initiative Define Data Center Optimization Strategy Develop Data Center Analysis and Agency Goals Enable Sustainable & Cost-Effective Computing (Green IT, TCO) This information is draft and has not been published, please do not disseminate 6 Federal Computing Click to Cloud edit Master title style Transition Plan Workstream 2010 … 2011 Manage ESC, CCAC and Working Groups (ongoing) Program Management/ Governance/ Communications Conduct Outreach Activities (Summits, Online Discussions, Training, etc.) Finalize Communications Plan Develop Portal Coordinate with Working Groups and Agencies to Collect Content for Portal (ongoing) Coordinate Policy and Strategy Development (eDiscovery, Records Management, Privacy, etc.) Identify Integration and Coordination Points between Working Groups and other Government Fora (ongoing) Develop Standards Roadmap Standards Work with Industry Standards Bodies (ongoing) Validate Standards Use Cases Identify Security Standards Requirements Work with Agencies on Enabling Standards Adoption (ongoing) Identify Manageability Standards Requirements Identify Interoperability and Portability Standards Requirements Stand Up Federal C&A Process Security Work with Agencies and Industry to Facilitate Use of the Federal C&A (ongoing) Fully Inventory Security Challenges (e.g. identify FISMA gaps) Implement and Manage Pilots Identify Pilots or Other Projects that can Test Security Issues Identify Security Policy Issues, Coordinate Feedback and Determine Recommendations Develop Acquisition Roadmap Acquisition/ Procurement/ Services Coordinate Across the Federal Acquisition Community to Implement Procurement Policies Develop Services Roadmap Award IaaS Release PaaS RFI Establish, Manage and Coordinate Developer Communities and Application Libraries Develop Guidelines for Leveraging Contract Vehicles Develop Draft SOWs Facilitate Adoption of Apps.Gov Maintenance of Apps.Gov (ongoing) Adoption and Implementation (Sustainable and CostEffective Computing and Data Center Consolidation and Optimization) Identify Technology Center Initiatives and Agency Pilots Implement, Manage Pilots and Capture Best Practices and Lessons Learned Develop Cloud Computing Maturity Model Develop Cloud Computing Implementation Guide for Agencies Establish Performance Metrics Initiative Develop Cloud Segment Architectures Develop Analytic Framework Conduct Data Center Analysis Identify Cloud Computing Performance Metrics Assist Agencies in Implementing/Providing Cloud Solutions and Services Develop Data Center Recommendations for Agencies Develop and Manage Templates Develop Data Center Assessment Guide and Maturity Model Identify Data Center Pilots and Develop Tools This plan is currently under consideration and should be considered Notional/Draft. Assist Agencies in Data Center Optimization Strategies 77 Cloud Computing Initiative: Click to edit Master title style Governance Model The Cloud Computing PMO is the nucleus of Cloud Computing Initiative for the Federal Government, setting direction, establishing guidelines and defining the future vision and architecture Gov Agencies • Data Call • Requirements • Interests & Feedback • RFI/RFPs • Definitions • Security Requirements • Standards Requirements • SLAs Cloud Computing Vision / Mission Information Portal Market Research / Use Cases Policies and Guidelines Enterprise Architecture Apps.gov / Procurement Support Information Dissemination Virtual Online Summits CC PMO • • • • • CCESC/ CCAC Vendors • Compliant Services and Offerings • Input to Standards • Collaboration on Developing Standards & Best Practices • • • • • • • • • Direction and Guidance • Facilitation • Schedule and Coordination Standards Requirements Security Processes Procurement Approaches Best Practices Gov-wide Communications Security Cloud Computing Working Groups Standards Comm Ops Excellence 8 Working Groups Provide Click to edit Master titleSupport style Across All of the Goal Areas and are Driven by the CCPMO Goal Area Establish and Manage Governance Cloud Computing Program Management Office Security Working Group Provide Procurement Leadership Standards Working Group Enable Adoption and Implementation Conduct Outreach Activities Drive Cloud Technology Innovation Identify Functional Leader and Membership Develop Objectives for Group Define Intended Deliverables Develop Operational Excellence Roadmap Assist and Guide Agencies to Implement and Roll out Cloud Solutions Develop Case Studies, Best Practices/Lessons Learned Facilitate Identification of Agency Partners for Pilot Activities Develop Methodologies to Effectively Assess and Implement Services Develop and Disseminate Operating Models and Business Processes Communications Working Group Enable Sustainable & Cost-Effective Computing (Green IT, TCO) Identify Functional Leader and Membership Develop Objectives for Group Define Intended Deliverables Develop Standards Roadmap will ultimately establish its own objectives and plan of action – items referenced here are just a sample Operational Excellence Working Group Operate as a Service Provider Identify Functional Leader and Membership Develop Objectives for Cloud Computing Advisory Council Security Working Group (e.g. Establish a Federal C&A Process) Define Intended Deliverables Each Working Group Develop Security Roadmap Identify Functional Leader and Membership Develop Objectives for Group Define Intended Deliverables Develop the Cloud Services Communications Plan Design and Implement a Central Information Portal for Federal Cloud Computing Develop and Manage Content for Communications Develop and Conduct Training 9 Government Model Click to edit Cloud MasterServices title style Online User Interface 10 Federal Computing Click to Cloud edit Master title style Cloud Program Services Model To deliver the Online User Interface, the government must address the following Service Components… 1 Provisioning / Admin Tools Application Library Cloud Services Cloud Standards / Interoperability 6 Online User Storage Customizable User Page • One stop shop/ single view for Users to manage interactions with Cloud Services 2 Application Library • Applications and content made available to Users through a simple GUI. These applications / content can be downloaded easily from the Library. 3 Online User Storage • Online storage for Users to maintain and manage individual User files, data and objects 4 Collaboration • Widgets that allow Users to collaborate and generate content. These widgets may include Wikis, Blogs, and IM 5 Access / Connectivity • Network connectivity and devices to access Cloud services 6 Cloud Standards / Interoperability • Cloud standards allowing the integration and interoperability of services from multiple Clouds 7 Provisioning / Admin Tools • Provisioning and administrative tools to provide control of User profiles, access technical support, and manage privilege, authorization to applications and content 8 Security / Data Privacy • Applying security framework and data privacy standards for Federal Cloud Computing Collaboration Access / Connectivity 5 Security / Data Privacy 3 4 Description 1 2 Customizable User Page 7 Components 8 11 Government Model Click to edit Cloud MasterServices title style Cloud Relationship View Government Private Clouds Behind the scenes are the core cloud services that support the daily functions for Government employees Government Private Clouds DMZ Commercially Hosted Private Clouds DMZ Government Hybrid Clouds Single Sign on Security C&A Provisioning Integration Procurement Financials Reporting Management Public Cloud Vendors Internet Public Cloud Vendors 12 Federal Computing Click to Cloud edit Master title style Draft Services Framework User Tools Application Integration Cloud Services Software as a Service (SaaS) / Applications Citizen Engagement Gov Productivity Wikis / Blogs Email / IM Social Networking Virtual Desktop Agency Website Hosting Office Automation Platform as a Service (PaaS) Testing Tools DBMS Directory Services Infrastructure as a Service (IaaS) Core Foundational Capabilities CDN Service Mgmt & Provisioning Security & Data Privacy Data Center Facilities Service Provisioning Data/Network Security Business Svcs Apps Core Mission Apps Legacy Apps (Mainframes) API’s Developer Tools Mobile Device Integration Data Migration Tools Storage Web Servers Server Hosting Inventory Mgmt SLA Mgmt Data Privacy ETL CoS/QoS Mgmt Certification & Compliance LAN/WAN Customer / Account Mgmt Analytic Tools User Profile Mgmt Data Mgmt Order Mgmt Reporting EAI Virtual Machines Routers / Firewalls Reporting & Analytics Gov Enterprise Apps Workflow Engine Database User/ Admin Portal Utilization Monitoring Authentication & Authorization Internet Access App Perf Monitoring Trouble Mgmt Knowledge Mgmt Billing / Invoice Tracking Product Catalog DR / Backup Operations Mgmt Auditing & Accounting Hosting Centers 13