DOD looks to the clouds for enterprise computing options
Army’s enterprise messaging and collaboration plan counts on expanded cloud computing role
With a number of cloud computing initiatives already under way across the Defense Department, the military has established something of a beachhead in the dawning days of scalable, on-demand computing via the Internet. Now, as the Army starts to move forward with the first of its consolidated enterprise services, that beachhead is about to expand rapidly.
On March 5, the Army released a draft request for proposals for its new consolidated enterprise e-mail service. The Enterprise Messaging and Collaboration Services program is intended to eventually provide all soldiers with a single e-mail address that follows them throughout their military career, consolidating e-mail across all of the Army’s commands under a single umbrella.
“The ultimate end-state of the Army EMCS is to provide operational forces with the ability to access e-mail from any terminal attached to a DOD network in any operational environment,” wrote Herman Wells, Enterprise Services Chief for the 7th Signal Command, in a concept-of-operations document for enterprise e-mail released March 3. “Forces can easily discover the contact information for, and exchange messages with, anyone in the DOD enterprise.”
That concept of operations describes a service delivered through cloud computing. In its simplest definition, cloud computing puts applications previously run on a specific computer — a server, or even a desktop or laptop PC — into a virtualized environment accessible from any network connection. Cloud computing services include software as a service (SaaS) and virtualized processing power and data storage.
The advantages of using a cloud computing model are that the applications and infrastructure that support them can be standardized, centrally monitored and updated, and they can run across virtual servers at multiple data centers. Users get access to the same tools and data no matter where they are. Security can be improved because all data resides within the cloud — on servers in a data center that have been provisioned for the application. And continuity of operations is easier to manage because applications can easily be shifted from one data center to another without users needing to make any changes.
At least, that’s the vision of cloud computing. But there is no magic wand to create the infrastructure required to support that vision, especially when it’s extended across the entire DOD.
“Security is the big constraining factor with cloud" computing, said Kevin Orr, Cisco Systems’ director of DOD business. “DOD is looking to build clouds on premises so that they can control them. For DOD’s Title 10 responsibilities, they feel they need to own the assets. So each of the services are looking to host and offer those sorts of [cloud computing] services.”
Orr added that many DOD organizations are still getting their arms around how they want to implement and secure the cloud within their data centers.
Orr said one model that is heading in the right direction is the Defense Information Services Agency's approach. “They buy and rebrand their [cloud] offerings kind of ‘by the drink’ — a utility computing model,” Orr said. “I think one of the areas you're going to see cloud growing in is self-service offerings from DOD customers to DOD customers."
DISA has begun incrementally building the infrastructure for a private cloud, which is a cloud secured within DOD’s networks. The Rapid Access Computing Environment, a server virtualization service hosted by DISA’s Defense Enterprise Computing Centers, provides the sort of virtualized processing services that are available through commercial public cloud services, such as Amazon’s Elastic Compute Cloud service.
The RACE platform is the basis for two collaborative SaaS programs at DISA. The first is Forge.mil, an open-source software collaboration space based on tools from CollabNet. It resides within the Unclassified but Sensitive IP Router Network and Secret IP Router Network. It has more than 4,000 registered users and is hosting 170 software development projects, according to DISA officials.
The second program, ProjectForge.mil, is an extension of the Forge.mil program. It provides private project Web portals for teams to develop software that is not open source, which facilitates collaborative development by DOD personnel and contractors.
“ProjectForge is the next logical step in the Forge.mil program that’s surpassed all expectations,” said Rob Veitmeyer, DISA’s Forge.mil program manager. “It was time to address the needs of software developers looking for application life cycle management tools but who aren’t developing open-source software, and ProjectForge is the perfect vehicle.”
Concepts and Experiments
But developer collaboration is a relatively small-scale application of cloud technology. The Army’s EMCS program, even in its initially modest deployment to a few thousand users by the end of 2010, is expected to serve e-mail to a user base of 249,000 by the end of 2012. That will require significantly more storage capacity and processing power deployed across the Army’s future area processing center architecture as part of its larger Global Network Enterprise Construct plan.
The Navy also is looking at cloud services for a number of applications. As part of its evaluation of alternatives for the Next Generation Enterprise Network, the proposed replacement for the Navy Marine Corps Intranet, the Navy has actively sought information on the technical feasibility and security of cloud computing technology. Cloud-based SaaS could potentially serve a number of the functions that NMCI provides, including e-mail and collaboration.
The Navy isn’t limiting itself to SaaS in its cloud research. The Navy’s Space and Naval Warfare Systems Command has been conducting tests that connect a shipboard environment to a secure remote cloud infrastructure as part of its Trident Warrior ’10 experiments. The public cloud could potentially be used for collaboration across domains — sharing data with coalition partners, nongovernmental agencies and other partners in an on-demand fashion.
The Air Force is also conducting experiments with cloud computing. In February, the Air Force awarded IBM a 10-month contract as part of a project to develop a cloud computing infrastructure that can support defense and intelligence networks.
David McQueeney, chief technology officer at IBM Federal, said the Air Force project will determine the capabilities that a cloud computing environment must have to address the information assurance and availability requirements of a military mission environment, which deals with sensitive and often classified data and demands the utmost reliability.
The Air Force has some special requirements, McQueeney said. “In this environment, the cloud will need to prove that it is capable of hosting a critical, live mission. So high availability, high assurance and real-time monitoring of data flow are examples of key capabilities” that the Air Force is seeking to demonstrate on an operating cloud infrastructure in IBM’s Bethesda lab. “We expect that the insights from the Air Force project will have significant influence on government and commercial investments in future cloud computing capabilities and will benefit both the public and private sectors,” McQueeney said.
Meanwhile, several major suppliers of data center infrastructure are bringing defense and government customers increasingly sophisticated tools for constructing cloud computing service.
For large-scale implementations of cloud computing services to succeed at DOD, Cisco’s Orr said, the key is to “come up with a repeatable infrastructure, one that may in three to five years scale much larger."
That would be followed by a second phase of cloud computing involving federated clouds, he said. But many questions remain. “How do we stitch together four or five or six clouds together and have people with the trust levels and the security to go back and forth, in and out of the clouds as needed?" Orr asked. "How do we make sure we lock it down and secure it? In defense, they're looking at virtualization and how secure it is, meeting all the security requirements to lock it down.”
Cisco has partnered with EMC, VMware and NetApp to put together packaged cloud computing and virtualization infrastructures that meet those security needs. Cisco’s part of the equation is built around the Unified Computing System — a data center architecture that combines servers and network infrastructure into a single architecture — and a unified fabric of Ethernet-based storage and data networking.
While Cisco is focusing on transforming DOD’s data center infrastructure for cloud, IBM has been promoting its hosted cloud computing services as an outsourced private cloud. On March 16, IBM announced it was delivering a commercial cloud test bed that commercial and government customers could use to test and develop software for cloud computing environments for scalability and security.
“Our customers often have barriers to scalability and limited resources for deploying quickly,” said Russell Stanley, principal quality management engineer at Trinity Software Solutions, a federal solutions provider and IBM business partner. “With the additional reduction of risk IBM enables in the cloud, we can prioritize quality.”