federal cloud computing it quarterly forum q1 2009 - cloud computing - an operational perspective...

31
A Combat Support Agency Cloud Computing: An Cloud Computing: An Operational Operational Perspective Perspective Henry J. Sienkiewicz Technical Program Director Center for Computing Services 27 February 2009

Upload: shahid-n-shah

Post on 13-Nov-2014

385 views

Category:

Documents


1 download

DESCRIPTION

This talk was presented at the GSA Cloud Computing IT Quarterly Forum in February 2009.

TRANSCRIPT

Page 1: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

A Combat Support Agency

Cloud Computing: An Cloud Computing: An Operational PerspectiveOperational Perspective

Henry J. SienkiewiczTechnical Program Director

Center for Computing Services27 February 2009

Page 2: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

2

A Combat Support Agency

An Operational Perspective

• Warfighter-centric

• Legacy & Web 2.0

• Internal & external services

Page 3: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

3

A Combat Support Agency

Center For Computing Services

provide medical care

pay the warfighters

provision ships

manage parts and replenish supplies

manage transportation and maintenance

provide command and control

Command & Control Global Command and Control System (GCCS)

Global Combat Support System (GCSS)Missile Defense C2BMC

Warfighter LogisticsDefense Distribution Standard System (DSS)

DLA Enterprise Business Management SystemTransportation and cargo movement systemsCombat requisition and maintenance systems

DoD Financial and SecurityMilitary and Civilian Pay & Personnel

Electronic business and contracting systemsPublic Key Infrastructure (PKI)

Health & Medical Readiness

Composite Health Care System (AHLTA)

Enterprise ServicesGlobal Content Delivery System (GCDS)

DMZ Infrastructure

Combat Support Computing

Page 4: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

4

A Combat Support Agency

DISA Computing Environment

• 4,000,000+ users

• 13 facilities

• 445,000 sq ft raised floor

• 34 mainframes

• 6100 servers

• 3800 terabytes of Storage

• 2,800 application / database

instances

• 215 software vendors

Defense Enterprise Computing Centers (DECC)

Page 5: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

5

A Combat Support Agency

Computing Services – Jan 2009

Systems Management Center (SMC) – @ 350 350 FTEs

(Mainframe & Server processing)

Headquarters

Ogden

Denver

OklahomaCity

San Antonio

St Louis

Columbus

Dayton

Mechanicsburg

Chambersburg

Huntsville

Montgomery

NCR

PensacolaPacific

Europe

Warner Robins

Processing Element PE) – @ 13 FTEs

OCONUS Defense Enterprise Computing Center (DECC)

Hawaii

Infrastructure Services Center (ISC) – @ 100100 FTEs

Page 6: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

6

A Combat Support Agency

What is “Cloud Computing?”

• User:– Builds a web application,– Using a standard platform– Using a standard database– Upload this application to a cloud provider

• Cloud provider automatically– Provisions the services– Scales the application and the database together

• User – Doesn’t care about which servers, which databases, which

hardware, how much memory (the cloud platform handles all of that)

– Users  are totally free away from any technical complexity other than the service itself.

• Cloud provider– Decides how to cache content, how and where to deploy servers

based on demand, performs backups, and even has the ability for the business to distinguish "production" from "staging" deployments.

– Has ongoing management and monitoring of the external service.

• User: – Only pays for what s/he uses when s/he  needs it. – Everything else is an implementation detail.

Page 7: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

7

A Combat Support Agency

Clouds Complexity With A Promise Of ….

• Application Flexibility – Standardized– Increasingly “click to run”

services – Live in remote Internet

data centers– Scalable to millions– Use shared IT

infrastructure• Procurement

– Efficient– Rapid– Commoditized– “Pay by the sip”

• Security – Simplified– Streamlined

Cloud Computing Storage Mindmap

Page 8: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

8

A Combat Support Agency

Cloud Types and Cloud Development

Many Different Types

Environment To Develop

Page 9: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

9

A Combat Support Agency

Cloud Types: An Ontology

Different Types But All Services-centric

Page 10: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

10

A Combat Support Agency

Cloud Types

• Platform-As-A-Service (PaaS)– The delivery of a computing platform, and/or solution stack as a service– Facilitates deployment of applications without the cost and complexity of buying and managing the underlying

hardware and software layers– For example:

• Web application frameworks – Ajax – Python Jingo – Ruby on Rails

• Web hosting • Proprietary

• Infrastructure-As-A-Service (IaaS)– The delivery of computer infrastructure as a services, typically platform virtualization – For example:

• Full virtualization• Grid computing• Management• Compute

• Applications-As-A-Service (AaaS) /Software-As-A-Service (SaaS) – Leverages the Cloud in software architecture– Eliminates the need to install and run the application on the customer's own computer– For example:

• Peer-to-peer / volunteer computing• Web application • Software as a service • Software plus services

• Database-As-A-Service (DaaS) – Leverages the Cloud for delivering database services

Users Want To Use The “Cloud” Services

Page 11: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

11

A Combat Support Agency

Creating A “Cloud”

Providers Think Of How To Build A “Cloud”

Page 12: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

12

A Combat Support Agency

Enabling the Cloud Environment

Infrastructure– Consolidation– Global Information Grid– Capacity Services – Virtualization – Rapid Provisioning– Facility Analysis

Software– Network-Centric Services– Software-as-a-Service (Saas)– Forge.mil

Processes– ITIL – Security (Certification &

Accreditation)– Computing Service Provider

(CSP) Analysis– “Greening”

Multiple Technology Rivers Merging

Page 13: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

13

A Combat Support Agency

Infrastructure

Page 14: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

14

A Combat Support Agency

Legacy of Consolidations and Savings

1990 1993 1998 2005

Service/ Agency

consolidation under DMRD

924

• Reduced number of mainframe sites from 194 to 71

• Saved $320M/year

DISA Megacenter

consolidation – DMRD

918/BRAC

• Reduced number of mainframe sites from 71 to 16

• Saved $206M/year

DISA “SMART”

consolidation under QDR

and DRI

• Reduced mainframe sites from 16 to 5

• Saved $203M/year

DISA combat support

computing transformation

• Mainframe & Server consolidation

• 4 primary sites w/ remote system mgmt

• Centralized all business functions

• Saved $143M/year

Consolidation Helps But Co-location Is Not The “Cloud”

Page 15: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

15

A Combat Support Agency

Network AwareApplications

Common Storage & Retrieval

Shared Long-Haul

TransportFor Services/

AgenciesPlug & Play

Ad HocConnectivity

Single Authentication

Site

FlexibleSOA

Foundation

EverythingOver IP

CentralizedComputing

Services

End-to-EndMPLS

Network Services

Integrated Network Services Are Critical To Delivering “Cloud” Services

Page 16: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

16

A Combat Support Agency

Capacity Services

Concept• Acquire capacity as a service provided by

vendor partners

• Pay much like a homeowner pays for utilities, e.g., by CPU-hours or megabytes consumed

• 439 total orders completed, with a $31.5M annualized value

• Average delivery timeline of 11 days– 14 days for mainframe; 10 for server– 113 orders took less than 5 days– 208 orders took between 5 – 14 days

Processor Orders to date

Storage Orders to date

• 157 Total ESS Orders Completed, with a $9.6M Annualized Value

• Average Delivery Timeline of 14 Days– 7 Days for Disk – 11 Days for Network Ports– 24 Days for Tape Slot Capacity

Speed, Agility, Utility Pricing, Reduced Overhead & Technology Currency

Page 17: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

17

A Combat Support Agency

FY08 FY09

Reduced Footprint

Annual Sustainment: $25.9 M Annual Sustainment: $14.3 M

BEFORE AFTER

45 % savingsVirtualized Is Not In Itself A “Cloud”

Virtualization & Tech Refresh

• Increased server utilization• Significant savings• Faster provisioning

One Customer Infrastructure

Page 18: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

18

A Combat Support Agency

Rapid Access Computing Environment

Agile and responsive computing

Authorized customers order and gain access to a Server in less than 24 hours

Provides flexible development platform for Web, application or

database

Windows, Red Hat, SUSE Servers in less than 30 minutes

MIPR or government credit card

User Self-service

Page 19: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

19

A Combat Support Agency

Facility Analysis

• Building site• Building controls• Electrical systems • Exterior structure • Operations & maintenance service

management • Fire protection systems• Security system• HVAC systems & plumbing• Interior structures • Much, much more……

Comprehensive & Routine Facility Analysis Ensures “Cloud” Readiness

Page 20: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

20

A Combat Support Agency

Software Services:Bridging Developers and Operations

Page 21: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

21

A Combat Support Agency

NCESNCESNCESNCES

Metadata Metadata DiscoveryDiscoveryMetadata Metadata DiscoveryDiscovery

MetadataRegistry

Ability to discover, Ability to discover, develop & reuse data develop & reuse data

semanticssemantics

Enterprise Enterprise ServiceService

ManagementManagement

Enterprise Enterprise ServiceService

ManagementManagement

Monitors services Monitors services availability & availability &

reliabilityreliability

MessagingMessagingMessagingMessaging

Real-time updates Real-time updates & alert & alert

notifications as notifications as data changedata change

CollaborationCollaborationCollaborationCollaboration

Real-time voice, text, Real-time voice, text, video, application video, application

sessionssessions

Access to data; Access to data; improved content improved content

awarenessawareness

Content Content DiscoveryDiscoveryContent Content

DiscoveryDiscovery

Service Service DiscoveryDiscoveryService Service

DiscoveryDiscovery

Ability to discover, Ability to discover, develop & reuse develop & reuse

servicesservices

Ability to operate in Ability to operate in a secure a secure

environmentenvironment

Service Service SecuritySecurityService Service SecuritySecurity

Locate specific Locate specific information for information for

peoplepeople

People People DiscoveryDiscoveryPeople People

DiscoveryDiscovery

MediationMediationMediationMediation

Exchange data Exchange data with unanticipatedwith unanticipated

users & formatsusers & formats

Content Content DeliveryDeliveryContent Content DeliveryDelivery

Improved Improved responsiveness & responsiveness & bandwidth usagebandwidth usage

Web-basedWeb-basedJoint access to NCES Joint access to NCES

using Defense using Defense Knowledge OnlineKnowledge Online

User AccessUser AccessUser AccessUser Access

Net-Centric Enterprise Services

Page 22: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

22

A Combat Support AgencySoftware as a Service (SaaS)

• Large number of software vendors

• 3M+ user baseline, continually changing and growing

• Dynamic processing requirements

• Software acquisition lead time

• Outyear capital projection for technology infusion

• Ability to rapidly change/grow baseline

• Allows technology infusion on timely basis

• No outyear capital projections required

• Partnership with vendor(s)

• Manage software on “usage” basis

• Established negotiated prices

• Include future versions/releases

• Provide maintenance and patches

Challenge SaaS Provider(s)

Value Add

Page 23: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

23

A Combat Support Agency

Forge.mil

• Collaborative environment supporting the development and sharing of open source and community source software within the DoD

• Limited Operation Availability: January 23, 2009• General Availability: March 27, 2009

• Common evaluation criteria and an agile certification process to accelerate the certification of reusable, net-centric solutions

• Limited Operational Availability: June 20, 2009

• On demand application development and lifecycle management tools provided buy DISA CSD on a fee-for-service bases for private project or program use

• Availability: TBD

Bridging Developers & Operations – Fosters The Cloud

Page 24: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

24

A Combat Support Agency

Processes

Page 25: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

25

A Combat Support Agency

Information Technology Infrastructure Library

• A customizable framework of best practices designed to promote quality computing services in the information technology (IT) sector.

• A systematic approach to the provisioning and management of IT services, from inception through design, implementation, operation and continual improvement.

• Computing Services is a DoD leader in educating its professional staff in information technology ‘best practices’:

• Almost 100% of staff educated at the Foundation Level of ITIL concepts

• 100% Customer Management Executives (CMEs) are certified ITIL Practitioners in Service Level Management

• Over 100 GS-12 through GS-15s are Practitioners in Incident/Problem Management

• Approximately 50 key personnel are Practitioners in Change/Release/Configuration Management

Service Transition

Service Operation

Service Design

ServiceStrategy

Continual Process Improvement

Continual Process Improvement

Providing The Community With A Common Language & Processes

Page 26: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

26

A Combat Support Agency

Computing Service Provider (CSP) Overview

• A tactical tool that allows DISA to extend enhanced operational capabilities (NetOps) to non-DECC computing center environments. Two primary components:

– Facility capability assessment – Integration of tools and processes to enable NetOps Capabilities

• Applies a structured methodology to enable service management that ensures

– Support for centralized visibility into the operation of key systems and services consistent with NetOps operational construct

– Compliance and risk management under DISA’s IA program – Compliance with DoD requirements for computing infrastructure and operations

processes appropriate to MAC Level

• CSP is not a periodic audit/checklist– Requires specific process and technical changes to enable NetOps – Sustainment requires long-term coordination between DISA, system owner, system

operator

Data Center Operations “Best Practices”

Page 27: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

27

A Combat Support Agency

Certification & Accreditation

• Various C&A approaches– “Traditional” Defense Information

Technology Security Certification and Accreditation Process (DITSCAP)

– Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) DIACAP

– Emerging Models• Landlord/Tenant

• Application Security Evaluation (ASE)

• Appropriate approach based on risk identification and mitigation

Ensuring Security Is Part Of Creating A “Cloud”

Page 28: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

28

A Combat Support Agency

Security Technical Implementation Guide (STIG)

• Goals: – Intrusion Avoidance– Intrusion Detections– Response and Recovery

• Focus Areas: – Network/Perimeter– Peripherals– Operating Systems – Users

Standardized Procedures Critical To Enterprise-wide Security

Page 29: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

29

A Combat Support Agency

“Greening” DECC Infrastructure

• Increasing energy costs

• Increased cooling requirements to support more compact implementations

• Increased regulatory environment

• Consolidation

• Virtualization

• Duct cooling

• Variable frequency drives

• Motion sensor lighting

• Water reclamation

“Greening” Is Part Of Good Stewardship

Initiatives

Challenge

Page 30: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

30

A Combat Support Agency

Multi-faceted Enablement• Infrastructure

– Consolidation– Global Information Grid– Capacity Services – Virtualization – Rapid Provisioning– Facility Analysis

Clouds Complexity With A Promise Of ….

• Software– Network-centric Services– Software-as-a-Service (Saas) – Forge.mil

• Processes– ITIL – Security (Certification &

Accreditation) – Computer Service Provider

(CSP) – “Greening”

It’s A Journey

A Simple Idea• User:

– Builds a web application,– Using a standard platform– Using a standard database– Upload this application to a cloud provider– Only pays for what s/he uses when s/he 

needs it. – Everything else is an implementation

detail.

• Cloud provider automatically– Provisions the services– Scales the application and the database

together

Clear Tenets• Application Flexibility

– Standardized– Increasing “click to run” services– Live in remote Internet data centers– Scalable to millions

• Procurement– Efficient – Rapid– Commoditized– “Pay by the sip”

• Security– Simplified– Streamlined

Page 31: Federal Cloud Computing IT Quarterly Forum Q1 2009 - Cloud Computing - An Operational Perspective From DISA

31

A Combat Support Agency