a combat support agency cloud computing: an operational perspective henry j. sienkiewicz technical...
TRANSCRIPT
A Combat Support Agency
Cloud Computing: An Cloud Computing: An Operational PerspectiveOperational Perspective
Henry J. SienkiewiczTechnical Program Director
Center for Computing Services27 February 2009
2
A Combat Support Agency
An Operational Perspective
• Warfighter-centric
• Legacy & Web 2.0
• Internal & external services
3
A Combat Support Agency
Center For Computing Services
provide medical care
pay the warfighters
provision ships
manage parts and replenish supplies
manage transportation and maintenance
provide command and control
Command & Control Global Command and Control System (GCCS)
Global Combat Support System (GCSS)Missile Defense C2BMC
Warfighter LogisticsDefense Distribution Standard System (DSS)
DLA Enterprise Business Management SystemTransportation and cargo movement systemsCombat requisition and maintenance systems
DoD Financial and SecurityMilitary and Civilian Pay & Personnel
Electronic business and contracting systemsPublic Key Infrastructure (PKI)
Health & Medical Readiness
Composite Health Care System (AHLTA)
Enterprise ServicesGlobal Content Delivery System (GCDS)
DMZ Infrastructure
Combat Support Computing
4
A Combat Support Agency
DISA Computing Environment
• 4,000,000+ users
• 13 facilities
• 445,000 sq ft raised floor
• 34 mainframes
• 6100 servers
• 3800 terabytes of Storage
• 2,800 application / database
instances
• 215 software vendors
Defense Enterprise Computing Centers (DECC)
5
A Combat Support Agency
Computing Services – Jan 2009
Systems Management Center (SMC) – @ 350 350 FTEs
(Mainframe & Server processing)
Headquarters
Ogden
Denver
OklahomaCity
San Antonio
St Louis
Columbus
Dayton
Mechanicsburg
Chambersburg
Huntsville
Montgomery
NCR
PensacolaPacific
Europe
Warner Robins
Processing Element PE) – @ 13 FTEs
OCONUS Defense Enterprise Computing Center (DECC)
Hawaii
Infrastructure Services Center (ISC) – @ 100100 FTEs
6
A Combat Support Agency
What is “Cloud Computing?”
• User:– Builds a web application,– Using a standard platform– Using a standard database– Upload this application to a cloud provider
• Cloud provider automatically– Provisions the services– Scales the application and the database together
• User – Doesn’t care about which servers, which databases, which
hardware, how much memory (the cloud platform handles all of that)
– Users are totally free away from any technical complexity other than the service itself.
• Cloud provider– Decides how to cache content, how and where to deploy servers
based on demand, performs backups, and even has the ability for the business to distinguish "production" from "staging" deployments.
– Has ongoing management and monitoring of the external service.
• User: – Only pays for what s/he uses when s/he needs it. – Everything else is an implementation detail.
7
A Combat Support Agency
Clouds Complexity With A Promise Of ….
• Application Flexibility – Standardized– Increasingly “click to run”
services – Live in remote Internet
data centers– Scalable to millions– Use shared IT
infrastructure• Procurement
– Efficient– Rapid– Commoditized– “Pay by the sip”
• Security – Simplified– Streamlined
Cloud Computing Storage Mindmap
8
A Combat Support Agency
Cloud Types and Cloud Development
Many Different Types
Environment To Develop
10
A Combat Support Agency
Cloud Types
• Platform-As-A-Service (PaaS)– The delivery of a computing platform, and/or solution stack as a service– Facilitates deployment of applications without the cost and complexity of buying and managing the underlying
hardware and software layers– For example:
• Web application frameworks – Ajax – Python Jingo – Ruby on Rails
• Web hosting • Proprietary
• Infrastructure-As-A-Service (IaaS)– The delivery of computer infrastructure as a services, typically platform virtualization – For example:
• Full virtualization• Grid computing• Management• Compute
• Applications-As-A-Service (AaaS) /Software-As-A-Service (SaaS) – Leverages the Cloud in software architecture– Eliminates the need to install and run the application on the customer's own computer– For example:
• Peer-to-peer / volunteer computing• Web application • Software as a service • Software plus services
• Database-As-A-Service (DaaS) – Leverages the Cloud for delivering database services
Users Want To Use The “Cloud” Services
12
A Combat Support Agency
Enabling the Cloud Environment
Infrastructure– Consolidation– Global Information Grid– Capacity Services – Virtualization – Rapid Provisioning– Facility Analysis
Software– Network-Centric Services– Software-as-a-Service (Saas)– Forge.mil
Processes– ITIL – Security (Certification &
Accreditation)– Computing Service Provider
(CSP) Analysis– “Greening”
Multiple Technology Rivers Merging
14
A Combat Support Agency
Legacy of Consolidations and Savings
1990 1993 1998 2005
Service/ Agency
consolidation under DMRD
924
• Reduced number of mainframe sites from 194 to 71
• Saved $320M/year
DISA Megacenter
consolidation – DMRD
918/BRAC
• Reduced number of mainframe sites from 71 to 16
• Saved $206M/year
DISA “SMART”
consolidation under QDR
and DRI
• Reduced mainframe sites from 16 to 5
• Saved $203M/year
DISA combat support
computing transformation
• Mainframe & Server consolidation
• 4 primary sites w/ remote system mgmt
• Centralized all business functions
• Saved $143M/year
Consolidation Helps But Co-location Is Not The “Cloud”
15
A Combat Support Agency
Network AwareApplications
Common Storage & Retrieval
Shared Long-Haul
TransportFor Services/
AgenciesPlug & Play
Ad HocConnectivity
Single Authentication
Site
FlexibleSOA
Foundation
EverythingOver IP
CentralizedComputing
Services
End-to-EndMPLS
Network Services
Integrated Network Services Are Critical To Delivering “Cloud” Services
16
A Combat Support Agency
Capacity Services
Concept• Acquire capacity as a service provided by
vendor partners
• Pay much like a homeowner pays for utilities, e.g., by CPU-hours or megabytes consumed
• 439 total orders completed, with a $31.5M annualized value
• Average delivery timeline of 11 days– 14 days for mainframe; 10 for server– 113 orders took less than 5 days– 208 orders took between 5 – 14 days
Processor Orders to date
Storage Orders to date
• 157 Total ESS Orders Completed, with a $9.6M Annualized Value
• Average Delivery Timeline of 14 Days– 7 Days for Disk – 11 Days for Network Ports– 24 Days for Tape Slot Capacity
Speed, Agility, Utility Pricing, Reduced Overhead & Technology Currency
17
A Combat Support Agency
FY08 FY09
Reduced Footprint
Annual Sustainment: $25.9 M Annual Sustainment: $14.3 M
BEFORE AFTER
45 % savingsVirtualized Is Not In Itself A “Cloud”
Virtualization & Tech Refresh
• Increased server utilization• Significant savings• Faster provisioning
One Customer Infrastructure
18
A Combat Support Agency
Rapid Access Computing Environment
Agile and responsive computing
Authorized customers order and gain access to a Server in less than 24 hours
Provides flexible development platform for Web, application or
database
Windows, Red Hat, SUSE Servers in less than 30 minutes
MIPR or government credit card
User Self-service
19
A Combat Support Agency
Facility Analysis
• Building site• Building controls• Electrical systems • Exterior structure • Operations & maintenance service
management • Fire protection systems• Security system• HVAC systems & plumbing• Interior structures • Much, much more……
Comprehensive & Routine Facility Analysis Ensures “Cloud” Readiness
21
A Combat Support Agency
NCESNCESNCESNCES
Metadata Metadata DiscoveryDiscoveryMetadata Metadata DiscoveryDiscovery
MetadataRegistry
Ability to discover, Ability to discover, develop & reuse data develop & reuse data
semanticssemantics
Enterprise Enterprise ServiceService
ManagementManagement
Enterprise Enterprise ServiceService
ManagementManagement
Monitors services Monitors services availability & availability &
reliabilityreliability
MessagingMessagingMessagingMessaging
Real-time updates Real-time updates & alert & alert
notifications as notifications as data changedata change
CollaborationCollaborationCollaborationCollaboration
Real-time voice, text, Real-time voice, text, video, application video, application
sessionssessions
Access to data; Access to data; improved content improved content
awarenessawareness
Content Content DiscoveryDiscoveryContent Content
DiscoveryDiscovery
Service Service DiscoveryDiscoveryService Service
DiscoveryDiscovery
Ability to discover, Ability to discover, develop & reuse develop & reuse
servicesservices
Ability to operate in Ability to operate in a secure a secure
environmentenvironment
Service Service SecuritySecurityService Service SecuritySecurity
Locate specific Locate specific information for information for
peoplepeople
People People DiscoveryDiscoveryPeople People
DiscoveryDiscovery
MediationMediationMediationMediation
Exchange data Exchange data with unanticipatedwith unanticipated
users & formatsusers & formats
Content Content DeliveryDeliveryContent Content DeliveryDelivery
Improved Improved responsiveness & responsiveness & bandwidth usagebandwidth usage
Web-basedWeb-basedJoint access to NCES Joint access to NCES
using Defense using Defense Knowledge OnlineKnowledge Online
User AccessUser AccessUser AccessUser Access
Net-Centric Enterprise Services
22
A Combat Support AgencySoftware as a Service (SaaS)
• Large number of software vendors
• 3M+ user baseline, continually changing and growing
• Dynamic processing requirements
• Software acquisition lead time
• Outyear capital projection for technology infusion
• Ability to rapidly change/grow baseline
• Allows technology infusion on timely basis
• No outyear capital projections required
• Partnership with vendor(s)
• Manage software on “usage” basis
• Established negotiated prices
• Include future versions/releases
• Provide maintenance and patches
Challenge SaaS Provider(s)
Value Add
23
A Combat Support Agency
Forge.mil
• Collaborative environment supporting the development and sharing of open source and community source software within the DoD
• Limited Operation Availability: January 23, 2009• General Availability: March 27, 2009
• Common evaluation criteria and an agile certification process to accelerate the certification of reusable, net-centric solutions
• Limited Operational Availability: June 20, 2009
• On demand application development and lifecycle management tools provided buy DISA CSD on a fee-for-service bases for private project or program use
• Availability: TBD
Bridging Developers & Operations – Fosters The Cloud
25
A Combat Support Agency
Information Technology Infrastructure Library
• A customizable framework of best practices designed to promote quality computing services in the information technology (IT) sector.
• A systematic approach to the provisioning and management of IT services, from inception through design, implementation, operation and continual improvement.
• Computing Services is a DoD leader in educating its professional staff in information technology ‘best practices’:
• Almost 100% of staff educated at the Foundation Level of ITIL concepts
• 100% Customer Management Executives (CMEs) are certified ITIL Practitioners in Service Level Management
• Over 100 GS-12 through GS-15s are Practitioners in Incident/Problem Management
• Approximately 50 key personnel are Practitioners in Change/Release/Configuration Management
Service Transition
Service Operation
Service Design
ServiceStrategy
Continual Process Improvement
Continual Process Improvement
Providing The Community With A Common Language & Processes
26
A Combat Support Agency
Computing Service Provider (CSP) Overview
• A tactical tool that allows DISA to extend enhanced operational capabilities (NetOps) to non-DECC computing center environments. Two primary components:
– Facility capability assessment – Integration of tools and processes to enable NetOps Capabilities
• Applies a structured methodology to enable service management that ensures
– Support for centralized visibility into the operation of key systems and services consistent with NetOps operational construct
– Compliance and risk management under DISA’s IA program – Compliance with DoD requirements for computing infrastructure and operations
processes appropriate to MAC Level
• CSP is not a periodic audit/checklist– Requires specific process and technical changes to enable NetOps – Sustainment requires long-term coordination between DISA, system owner, system
operator
Data Center Operations “Best Practices”
27
A Combat Support Agency
Certification & Accreditation
• Various C&A approaches– “Traditional” Defense Information
Technology Security Certification and Accreditation Process (DITSCAP)
– Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) DIACAP
– Emerging Models• Landlord/Tenant
• Application Security Evaluation (ASE)
• Appropriate approach based on risk identification and mitigation
Ensuring Security Is Part Of Creating A “Cloud”
28
A Combat Support Agency
Security Technical Implementation Guide (STIG)
• Goals: – Intrusion Avoidance– Intrusion Detections– Response and Recovery
• Focus Areas: – Network/Perimeter– Peripherals– Operating Systems – Users
Standardized Procedures Critical To Enterprise-wide Security
29
A Combat Support Agency
“Greening” DECC Infrastructure
• Increasing energy costs
• Increased cooling requirements to support more compact implementations
• Increased regulatory environment
• Consolidation
• Virtualization
• Duct cooling
• Variable frequency drives
• Motion sensor lighting
• Water reclamation
“Greening” Is Part Of Good Stewardship
Initiatives
Challenge
30
A Combat Support Agency
Multi-faceted Enablement• Infrastructure
– Consolidation– Global Information Grid– Capacity Services – Virtualization – Rapid Provisioning– Facility Analysis
Clouds Complexity With A Promise Of ….
• Software– Network-centric Services– Software-as-a-Service (Saas) – Forge.mil
• Processes– ITIL – Security (Certification &
Accreditation) – Computer Service Provider
(CSP) – “Greening”
It’s A Journey
A Simple Idea• User:
– Builds a web application,– Using a standard platform– Using a standard database– Upload this application to a cloud provider– Only pays for what s/he uses when s/he
needs it. – Everything else is an implementation
detail.
• Cloud provider automatically– Provisions the services– Scales the application and the database
together
Clear Tenets• Application Flexibility
– Standardized– Increasing “click to run” services– Live in remote Internet data centers– Scalable to millions
• Procurement– Efficient – Rapid– Commoditized– “Pay by the sip”
• Security– Simplified– Streamlined