Building private and community clouds for DOD
Automation must comply with stringent security requirements
- By Ben Newton
- Sep 23, 2010
Ben Newton ([email protected]) is technical director for the Defense Department and intelligence community at BMC Software.
It is overwhelming for Defense Department information technology organizations to wade through the hype surrounding cloud computing and attempt to connect the tantalizing idea with the sober reality of supporting the warfighter. The promise of reducing costs and increasing responsiveness is as attractive to the DOD community as it is to the commercial companies that have blazed the trail.
However, there is an important part of the discussion that has been largely ignored: automation. A cloud environment is not only a highly virtualized environment but also a highly automated one. DOD IT shops know — or, at least, they should know — that they can’t just create a fancy cloud Web page and continue using manual methods behind closed doors. Cloud computing is merely the latest in a series of innovations that can't be properly implemented without automation.
That automation must also marry the unique and extensive security requirements of the Defense Information Security Agency compliance process with the need for rapid provisioning and responsiveness required for building a private or community cloud on DOD networks.
It is possible to not only achieve DISA compliance in rapid and flexible fashion but also roll compliance into a larger automation strategy that includes both process and configuration automation. And in doing so, DOD IT organizations could implement tools and strategies that would also improve the operations of their noncloud environments.
Cloud computing gives users the freedom to focus on their missions. As the service provider, you have two primary techniques for providing them with this freedom: abstraction and automation. Abstraction is the process of hiding the details of the implementation from users to focus on service delivery. Automation occurs when service requests, selected by the customer from the service catalog, are automatically converted into the complex tasks necessary to achieve the end result — all while applying DISA security guidelines.
By using automation to integrate processes, you can ensure that you balance the agility and control needed to succeed in your cloud programs. Some of the processes that could be automated include:
- Request management, which provides the essential abstraction and front-end menu over the all the automation necessary to deliver the service needed.
- Change and release management, which, through automation, translates basic information gathered from a customer into very specific requests for change based on existing delivery processes.
- Configuration automation, which deploys the server, client, network or application required by a customer.
- Compliance management, which automatically applies DISA Security Technical Implementation Guide requirements.
- Discovery and the configuration management database (CMDB). The next step is to update the configuration system of record, the CMDB.
- Capacity management, in which performance and usage data flow in one end of the process and recommended environment changes come out the other.
- Availability management and service-level agreements, which define real-time and intelligent availability to keep a finger on the pulse of the cloud.
- The service desk, or in IT Infrastructure Library terms, incident and problem management, which directly relates to customer satisfaction with the cloud because the service desk is the customers' view into the timely resolution of their issues.
As you continue to explore the benefits that cloud computing can bring to your DOD organization, make sure you don’t just get overwhelmed by the immensity of the challenge or rely solely on oversimplified solutions. By using proven technology, you can gain the automation and control necessary to pursue cloud computing in your IT organization — with less risk and greater savings.