The Pentagon sees its future in the cloud
The military seeks to make cloud computing a standard operating procedure
There always comes a point as one technology chapter gives way to the next when the question that systems architects ask themselves changes from “Would the new way work for our project?” to “Why wouldn’t we use the new way?”
That happened in the evolution from mainframe to client/server computing, then again in the transition from client/server to Web-based applications. Now it appears that point has come with cloud computing — a new model for scalable, on-demand computing services that users access via the Internet.
One would be hard-pressed to find a proposal for a new government technology project in which some form of cloud computing wasn’t at least an option. There are signs of the open-to-the-cloud mind-set all around, starting at the top with Federal Chief Information Officer Vivek Kundra’s view of cloud computing as a key tool in his governmentwide initiative to consolidate data centers.
However, cloud computing has arguably had its biggest impact so far in the military. The Defense Department has numerous cloud services up and running, and systems planners are banking on software as a service (SaaS), one of the cloud’s most popular early forms, to deliver some major capabilities sooner rather than later.
The most recent and biggest example is the Army’s Enterprise Messaging and Collaboration Services (EMCS) program. EMCS, as described in a draft request for proposals that the Army issued in March, seeks to provide each soldier with a single e-mail address for his or her entire military career, which would consolidate e-mail service across all the Army’s commands.
“The ultimate end state of the Army EMCS is to provide operational forces with the ability to access e-mail from any terminal attached to a DOD network in any operational environment,” Herman Wells, enterprise services chief for the Army's 7th Signal Command, wrote in a concept-of-operations document released March 3. “Forces can easily discover the contact information for, and exchange messages with, anyone in the DOD enterprise.”
The document describes a service delivered via cloud computing.
Point A to Point B
In its simplest definition, cloud computing puts applications that previously ran on a specific computer — a server or even a desktop or laptop PC — into a virtualized environment that is accessible through any network connection. In addition to SaaS, cloud computing services include virtualized processing power and data storage.
In a cloud computing model, the applications and their infrastructure can be standardized, centrally monitored and updated, and run across virtual servers at multiple data centers. Users have access to the same tools and data no matter where they are. Security can be improved because all data resides in the cloud — on servers in a data center that have been provisioned for the application. And continuity of operations is easier to manage because applications can easily be shifted from one data center to another without users needing to make any changes.
Those are the kinds of capabilities Kundra has in mind as he tries to nudge the government toward a more consolidated and modernized computing infrastructure. “Cloud computing and virtualization are central to that strategy,” said Deniece Peterson, manager of industry analysis at Input.
However, there's no magic wand to create the infrastructure required to support the cloud vision, especially when it’s extended across the federal government. That's a huge challenge at DOD alone, which is why officials are choosing mostly to build private clouds in the DOD network.
“Security is the big constraining factor with cloud" computing, said Kevin Orr, Cisco Systems’ director of DOD business. “DOD is looking to build clouds on-premises so that they can control them. So each of the services [is] looking to host and offer those sorts of [cloud computing] services.”
Orr said many DOD organizations are still getting a handle on how they want to implement and secure cloud computing at their data centers.
Meanwhile, security and privacy are concerns for other agencies. And they’re issues that the Federal Risk and Authorization Management Program (FedRAMP) might deal with. Kundra's office launched FedRAMP to centralize the security certification of cloud infrastructure offerings and set standards for cloud computing that would allow the services to be more compatible. FedRAMP's power and responsibilities are still being defined.
Mine, Not Yours
Meanwhile, some agencies are trying on their own to seize cloud benefits immediately. Orr said one model is the Defense Information Systems Agency's approach.
“They buy and rebrand their [cloud] offerings kind of ‘by the drink’ — a utility computing model,” Orr said. “I think one of the areas you're going to see cloud growing in is self-service offerings from DOD customers to DOD customers."
DISA has begun incrementally building the infrastructure for a private cloud secured in DOD’s networks. The Rapid Access Computing Environment, a server virtualization service hosted by DISA’s Defense Enterprise Computing Centers, provides the sort of virtualized processing available through commercial cloud services such as Amazon’s Elastic Compute Cloud.
The RACE platform is the basis for two collaborative SaaS programs at DISA. The first is Forge.mil, a collaboration space for open-source software development based on tools from CollabNet. It resides in the Unclassified but Sensitive IP Router Network and Secret IP Router Network. It has more than 4,000 registered users and is hosting 170 software development projects, according to DISA officials.
The second program, ProjectForge.mil, is an extension of Forge.mil. It provides Web portals for teams to develop software that is not open source, which facilitates collaborative development by DOD employees and contractors.
“ProjectForge is the next logical step in the Forge.mil program that’s surpassed all expectations,” said Rob Veitmeyer, DISA’s Forge.mil program manager. “It was time to address the needs of software developers looking for application life cycle management tools but who aren’t developing open-source software, and ProjectForge is the perfect vehicle.”
However, developer collaboration is a relatively small-scale application of cloud technology. The Army’s EMCS program, even in its initially modest deployment to a few thousand users by the end of this year, is expected to provide e-mail services to a user base of 249,000 by the end of 2012. That will require deploying significantly more storage capacity and processing power across the Army’s future area processing centers' architecture as part of its larger Global Network Enterprise Construct plan.
The Navy is also considering cloud services for a number of applications. As part of its evaluation of alternatives for the Next Generation Enterprise Network, the proposed replacement for the Navy Marine Corps Intranet, the Navy has actively sought information on the technical feasibility and security of cloud computing technology. Cloud-based SaaS could provide a number of the functions NMCI offers, including e-mail and collaboration tools.
However, the Navy isn’t limiting itself to SaaS in its cloud research. The Space and Naval Warfare Systems Command has been conducting tests that connect a shipboard environment to a secure remote cloud infrastructure as part of its Trident Warrior ’10 experiments. The public cloud could potentially be used for collaboration across domains — sharing data with coalition partners, nongovernmental agencies and other partners on demand.
In addition, the Air Force is testing cloud computing. In February, it awarded a 10-month contract to IBM as part of a project to develop a cloud computing infrastructure that could support defense and intelligence networks.
David McQueeney, chief technology officer at IBM Federal, said the Air Force project will determine the capabilities that a cloud computing environment must have to deal with the information assurance and availability requirements of a military mission environment, which has sensitive and often classified data and demands the highest degree of reliability.
“In this environment, the cloud will need to prove that it is capable of hosting a critical, live mission,” McQueeney said. “So high availability, high assurance and real-time monitoring of data flow are examples of key capabilities” that the Air Force is seeking to demonstrate in IBM’s lab in Bethesda, Md.
“We expect that the insights from the Air Force project will have significant influence on government and commercial investments in future cloud computing capabilities and will benefit both the public and private sectors,” McQueeney said.
Meanwhile, several major suppliers of data center infrastructure are bringing defense and government customers increasingly sophisticated tools for constructing cloud computing services.
For large-scale implementations to succeed at DOD, officials must “come up with a repeatable infrastructure, one that may in three to five years scale much larger," Orr said.
That success would be followed by a second phase of cloud computing involving federated clouds, he said. However, many questions remain. “How do we stitch together four or five or six clouds and have people with the trust levels and the security to go back and forth, in and out of the clouds as needed?" Orr asked. "How do we make sure we lock it down and secure it? In defense, they're looking at virtualization and how secure it is, meeting all the security requirements to lock it down.”
Cisco has partnered with EMC, VMware and NetApp to package cloud computing and virtualization infrastructures that meet those security needs. Cisco’s component is built around the Unified Computing System — a data center architecture that combines servers and network infrastructure — and a unified fabric of Ethernet-based storage and data networking.
While Cisco is focusing on transforming DOD’s data center infrastructure for the cloud, IBM has been promoting its hosted services as an outsourced private cloud. On March 16, IBM announced it was delivering a commercial cloud test bed that commercial and government customers could use to test and develop software for scalability and security in cloud computing environments.
“Our customers often have barriers to scalability and limited resources for deploying quickly,” said Russell Stanley, principal quality management engineer at Trinity Software Solutions, a federal solutions provider and IBM business partner.