Yongsan presentation 2
-
Upload
cloudtek-university -
Category
Education
-
view
1.113 -
download
1
Transcript of Yongsan presentation 2
JCISA MULTI-NATIONAL INFORMATION SHARING & COLLABORATION CLOUD
Earl J BrittMinnie Y Britt
UNCLASSIFIED
AGENDA
Part 1 - Cloud computing overviewPart 2 - Implementing Cloud Computing
in JCISA decision brief
PART 1CLOUD COMPUTING OVERVIEW
Earl Britt, JCISAMinnie Britt, MEDCOM
UNCLASSIFIED
NIST DEFINITION OF CLOUD COMPUTING
a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
UNCLASSIFIED
FIVE ESSENTIAL CHARACTERISTICS OF CLOUD COMPUTING
1. On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.
2. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
3. Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.
UNCLASSIFIED
FIVE ESSENTIAL CHARACTERISTICS OF CLOUD COMPUTING
4. Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
5. Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
UNCLASSIFIED
THREE CLOUD COMPUTING SERVICE MODELSCloud Software as a Service (SaaS). The capability provided to the consumer is to
use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).
UNCLASSIFIED
FOUR CLOUD COMPUTING DEPLOYMENT MODELSPublic cloud. The cloud infrastructure is made available to the general
public or a large industry group and is owned by an organization selling cloud services.
Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.
Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.
Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).
UNCLASSIFIED
THE NIST CLOUD DEFINITION FRAMEWORK
9
Community
Cloud
Private
Cloud
Public Cloud
Hybrid Clouds
DeploymentModels
ServiceModels
EssentialCharacteristics
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service
(IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
10
FOUNDATIONAL ELEMENTS OF CLOUD COMPUTING
Virtualization Grid technology Service Oriented
Architectures Distributed Computing Broadband Networks Browser as a platform Free and Open Source
Software
• Autonomic Systems • Web 2.0 Computing
Environment• Web application
frameworks• Service Level
Agreements
Primary Technologies Other Technologies
PART 2 IMPLEMENTING CLOUD COMPUTING IN JCISA
Earl Britt, JCISAMinnie Britt, MEDCOM
UNCLASSIFIED
WHY MIGRATE TO CLOUD COMPUTING? Army is accepting proposals for Area
Processing Centers / Army Private Cloud (APC2)
JCISA needs to participate in the coming change Lead, follow or get out of the way
UNCLASSIFIED
REQUIREMENT
Continue to virtualize JCISA data centers
Expand the capability to exchange information in more formats with US Allies (including ROK and UNC-K)
Migrate existing information sharing and collaboration capability to Cloud from legacy stove pipe client server applications.
UNCLASSIFIED
CAPABILITY/CHALLENGE/SOLUTION
Problem – collaboration and information sharing ROK – US , US – ROK.
Applications: Share Point, email, web, UAV video, VTC, Video chat, chat, whiteboard, Google search, translation, Project Mgt Application.
Currently – stove pipe client server applications display information that needs to be shared.
IT O&M is Consolidated (Contractor) HW Requirements already virtualized (IaaS,
PaaS)
UNCLASSIFIED
CUSTOMER/CONSUMER
Government, Military (US & ROK), contractor
Information Sharing and collaboration Units that deploy to ROK for
contingency need to be integrated into the Command & Control (C2) information sharing infrastructure.
UNCLASSIFIED
DEPLOYMENT MODELS CONSIDERED
Private Hybrid Cloud Community Cloud Cannot be Public Cloud – Classified
UNCLASSIFIED
CURRENT NETWORK & SYSTEM CHARACTERISTICS
MAC I Classified Security Controls per DoDI 8500.2
STIG Compliance IAVM Compliance, scanning and monitoring Host Based Security System Redundancy CND SP to audit and monitor system,
network and sensor logs >>> Cloud Audit
UNCLASSIFIED
LEGACY CHARACTERISTICS
Managing several workstation builds Managing several server architectures
GCCS-A MS Data Center - Email, Web, File &
SharePoint services Continue to implement virtual servers
in Data Center with VM ESX Clustering
UNCLASSIFIED
ROBUST LEGACY SECURITY
Access and Authentication No trusts between enclaves Performance and Security monitoring Legacy Redundancy
UNCLASSIFIED
BENEFITS/CHALLENGES OF CLOUD COMPUTING Make information sharing workstation
agnostic No savings in IaaS or PaaS Build SaaS that can be accessed by
agnostic workstations/devices
UNCLASSIFIED
COURSES OF ACTION
COA 1: Do nothing. Let big Army direct implementation.
COA 2: Optimize legacy systems and applications to facilitate implementation of APC2 in JCISA
COA 3: Implement Cloud in JCISA regardless of Army efforts.
UNCLASSIFIED
LIFE CYCLE COSTS
1000 SVR Non-VirtualizedCOA 1
Public Cloud
Hybrid Cloud
Private CloudCOA 2
Investment Phase Costs FY10-22
0 $3.0 $6.1 $7.0
O&M CostsFY10-22
$77.3 $22.5 $28.9 $31.1
Total Life Cycle Costs
$77.3 $25.5 $35.0 $38.1
UNCLASSIFIED
SERVICE LEVEL AGREEMENTS (SLA)
Determine SLA for each requirement for each COA (if required). Should include:
What are the Critical Metrics? Define Parties (Customers & Providers) Service Definitions – what is the service
that is required? Resource , Composite or business Metrics Service Level Objectives Obligations should the objective not be met
UNCLASSIFIED
SLA REQUIREMENTS
Security Data Encryption Privacy Data Retention &
Deletion HW Erasure &
Destruct Regulatory
Compliance Transparency
Certification Monitoring Audit ability Metrics Machine-Readable
SLAs Human Interaction Reliability
UNCLASSIFIED
REQUIREMENTS
R1 - Security R2 - Interoperability R3 - Portability /
Flexibility R4 - Disaster
Recovery R5 - High Availability R6 - High
Performance
R7 - Data Storage Scalability
R8 - Virtualization R9 - Redundancy R10 - Fault Tolerance R11 - Investment Cost R12 - O&M Costs
UNCLASSIFIED
COMPARISON OF COAS
R1 - SecurityR2 - Interoperabilty
R3 - Portability / Flexability
R4 - Disaster Recovery
R5 - High Availability
R6 - High PerformanceR7 - Data Storage Scaleability
R8 - Virtualization
R9 - Redundancy
R10 - Fault Tolerance
R11 - Investment Cost
R12 - O&M Costs
0.00
5.00
COA 1COA 2COA 3
UNCLASSIFIED
RECOMMENDATION
COA 2 Stand up SaaS Migrate to Cloud
Rationale: Big Army has RFP to move enterprise to
Cloud for SIPR, NIPR and Coalition networks. Should Pay for big ticket items.
Implement Cloud enabling projects. Support USFK Transformation.
QUESTIONS?