JCISA MULTI-NATIONAL INFORMATION SHARING & COLLABORATION CLOUD

Earl J BrittMinnie Y Britt

UNCLASSIFIED

AGENDA

Part 1 - Cloud computing overviewPart 2 - Implementing Cloud Computing

in JCISA decision brief

PART 1CLOUD COMPUTING OVERVIEW

Earl Britt, JCISAMinnie Britt, MEDCOM

UNCLASSIFIED

NIST DEFINITION OF CLOUD COMPUTING

a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

UNCLASSIFIED

FIVE ESSENTIAL CHARACTERISTICS OF CLOUD COMPUTING

1. On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.

2. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

3. Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.

UNCLASSIFIED

FIVE ESSENTIAL CHARACTERISTICS OF CLOUD COMPUTING

4. Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.

5. Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.

UNCLASSIFIED

THREE CLOUD COMPUTING SERVICE MODELSCloud Software as a Service (SaaS). The capability provided to the consumer is to

use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.

Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).

UNCLASSIFIED

FOUR CLOUD COMPUTING DEPLOYMENT MODELSPublic cloud. The cloud infrastructure is made available to the general

public or a large industry group and is owned by an organization selling cloud services.

Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.

Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.

Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

UNCLASSIFIED

THE NIST CLOUD DEFINITION FRAMEWORK

9

Community

Cloud

Private

Cloud

Public Cloud

Hybrid Clouds

DeploymentModels

ServiceModels

EssentialCharacteristics

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service

(IaaS)

Resource Pooling

Broad Network Access Rapid Elasticity

Measured Service

On Demand Self-Service

10

FOUNDATIONAL ELEMENTS OF CLOUD COMPUTING

Virtualization Grid technology Service Oriented

Architectures Distributed Computing Broadband Networks Browser as a platform Free and Open Source

Software

• Autonomic Systems • Web 2.0 Computing

Environment• Web application

frameworks• Service Level

Agreements

Primary Technologies Other Technologies

PART 2 IMPLEMENTING CLOUD COMPUTING IN JCISA

Earl Britt, JCISAMinnie Britt, MEDCOM

UNCLASSIFIED

WHY MIGRATE TO CLOUD COMPUTING? Army is accepting proposals for Area

Processing Centers / Army Private Cloud (APC2)

JCISA needs to participate in the coming change Lead, follow or get out of the way

UNCLASSIFIED

REQUIREMENT

Continue to virtualize JCISA data centers

Expand the capability to exchange information in more formats with US Allies (including ROK and UNC-K)

Migrate existing information sharing and collaboration capability to Cloud from legacy stove pipe client server applications.

UNCLASSIFIED

CAPABILITY/CHALLENGE/SOLUTION

Problem – collaboration and information sharing ROK – US , US – ROK.

Applications: Share Point, email, web, UAV video, VTC, Video chat, chat, whiteboard, Google search, translation, Project Mgt Application.

Currently – stove pipe client server applications display information that needs to be shared.

IT O&M is Consolidated (Contractor) HW Requirements already virtualized (IaaS,

PaaS)

UNCLASSIFIED

CUSTOMER/CONSUMER

Government, Military (US & ROK), contractor

Information Sharing and collaboration Units that deploy to ROK for

contingency need to be integrated into the Command & Control (C2) information sharing infrastructure.

UNCLASSIFIED

DEPLOYMENT MODELS CONSIDERED

Private Hybrid Cloud Community Cloud Cannot be Public Cloud – Classified

UNCLASSIFIED

CURRENT NETWORK & SYSTEM CHARACTERISTICS

MAC I Classified Security Controls per DoDI 8500.2

STIG Compliance IAVM Compliance, scanning and monitoring Host Based Security System Redundancy CND SP to audit and monitor system,

network and sensor logs >>> Cloud Audit

UNCLASSIFIED

LEGACY CHARACTERISTICS

Managing several workstation builds Managing several server architectures

GCCS-A MS Data Center - Email, Web, File &

SharePoint services Continue to implement virtual servers

in Data Center with VM ESX Clustering

UNCLASSIFIED

ROBUST LEGACY SECURITY

Access and Authentication No trusts between enclaves Performance and Security monitoring Legacy Redundancy

UNCLASSIFIED

BENEFITS/CHALLENGES OF CLOUD COMPUTING Make information sharing workstation

agnostic No savings in IaaS or PaaS Build SaaS that can be accessed by

agnostic workstations/devices

UNCLASSIFIED

COURSES OF ACTION

COA 1: Do nothing. Let big Army direct implementation.

COA 2: Optimize legacy systems and applications to facilitate implementation of APC2 in JCISA

COA 3: Implement Cloud in JCISA regardless of Army efforts.

UNCLASSIFIED

LIFE CYCLE COSTS

1000 SVR Non-VirtualizedCOA 1

Public Cloud

Hybrid Cloud

Private CloudCOA 2

Investment Phase Costs FY10-22

0 $3.0 $6.1 $7.0

O&M CostsFY10-22

$77.3 $22.5 $28.9 $31.1

Total Life Cycle Costs

$77.3 $25.5 $35.0 $38.1

UNCLASSIFIED

SERVICE LEVEL AGREEMENTS (SLA)

Determine SLA for each requirement for each COA (if required). Should include:

What are the Critical Metrics? Define Parties (Customers & Providers) Service Definitions – what is the service

that is required? Resource , Composite or business Metrics Service Level Objectives Obligations should the objective not be met

UNCLASSIFIED

SLA REQUIREMENTS

Security Data Encryption Privacy Data Retention &

Deletion HW Erasure &

Destruct Regulatory

Compliance Transparency

Certification Monitoring Audit ability Metrics Machine-Readable

SLAs Human Interaction Reliability

UNCLASSIFIED

REQUIREMENTS

R1 - Security R2 - Interoperability R3 - Portability /

Flexibility R4 - Disaster

Recovery R5 - High Availability R6 - High

Performance

R7 - Data Storage Scalability

R8 - Virtualization R9 - Redundancy R10 - Fault Tolerance R11 - Investment Cost R12 - O&M Costs

UNCLASSIFIED

COMPARISON OF COAS

R1 - SecurityR2 - Interoperabilty

R3 - Portability / Flexability

R4 - Disaster Recovery

R5 - High Availability

R6 - High PerformanceR7 - Data Storage Scaleability

R8 - Virtualization

R9 - Redundancy

R10 - Fault Tolerance

R11 - Investment Cost

R12 - O&M Costs

0.00

5.00

COA 1COA 2COA 3

UNCLASSIFIED

RECOMMENDATION

COA 2 Stand up SaaS Migrate to Cloud

Rationale: Big Army has RFP to move enterprise to

Cloud for SIPR, NIPR and Coalition networks. Should Pay for big ticket items.

Implement Cloud enabling projects. Support USFK Transformation.

QUESTIONS?