DISA CSD Cloud Computing Perspective

tunisianbromidrosisInternet και Εφαρμογές Web

5 Φεβ 2013 (πριν από 4 χρόνια και 8 μήνες)

116 εμφανίσεις

A Combat Support Agency

Cloud Computing: An
Operational Perspective

Henry J. Sienkiewicz

Technical Program Director

Center for Computing Services

27 February 2009

A Combat Support Agency

2

An Operational Perspective


Warfighter
-
centric


Legacy & Web 2.0


Internal & external
services

A Combat Support Agency

3

Center For Computing Services

provide medical care

pay the warfighters

provision ships

manage parts and

replenish supplies

manage transportation


and maintenance

provide command

and control


Command & Control

Global Command and Control System (GCCS)

Global Combat Support System (GCSS)

Missile Defense C2BMC


Warfighter Logistics

Defense Distribution Standard System (DSS)

DLA Enterprise Business Management System

Transportation and cargo movement systems

Combat requisition and maintenance systems



DoD Financial and Security

Military and Civilian Pay & Personnel

Electronic business and contracting systems

Public Key Infrastructure (PKI)




Health & Medical Readiness


Composite Health Care System (AHLTA)



Enterprise Services

Global Content Delivery System (GCDS)

DMZ Infrastructure



Combat Support Computing


A Combat Support Agency

4

DISA Computing Environment


4,000,000+ users


13 facilities


445,000 sq ft raised floor


34 mainframes


6100 servers


3800 terabytes of Storage


2,800 application / database
instances


215 software vendors


Defense Enterprise Computing Centers (DECC)

A Combat Support Agency

5


Computing Services


Jan 2009

Systems Management Center (SMC)


@
350
FTEs

(Mainframe & Server processing)



Headquarters

Ogden

Denver

Oklahoma

City


San Antonio

St Louis

Columbus

Dayton

Mechanicsburg

Chambersburg

Huntsville

Montgomery


NCR

Pensacola

Pacific

Europe

Warner Robins


Processing Element PE)


@ 13

FTEs


OCONUS Defense Enterprise Computing


Center (DECC)

Hawaii


Infrastructure Services Center (ISC)


@
100

FTEs

A Combat Support Agency

6

What is “Cloud Computing?”


User:


Builds a web application,


Using a standard platform


Using a standard database


Upload this application to a cloud provider



Cloud provider automatically


Provisions the services


Scales the application and the database together



User


Doesn’t care about which servers, which databases, which
hardware, how much memory (the cloud platform handles all of
that)


Users


are totally free away from any technical complexity other
than the service itself.




Cloud provider


Decides how to cache content, how and where to deploy servers
based on demand, performs backups, and even has the ability
for the business to distinguish "production" from "staging"
deployments.


Has ongoing management and monitoring of the external service.



User:


Only pays for what s/he uses when s/he


needs it.



Everything else is an implementation detail.




A Combat Support Agency

7

Clouds


Complexity With A Promise Of ….


Application Flexibility


Standardized


Increasingly “click to run”
services


Live in remote Internet
data centers


Scalable to millions


Use shared IT
infrastructure


Procurement


Efficient


Rapid


Commoditized


“Pay by the sip”


Security


Simplified


Streamlined

Cloud Computing Storage Mindmap

A Combat Support Agency

8

Cloud Types and Cloud Development

Many Different Types

Environment To Develop

A Combat Support Agency

9

Cloud Types: An Ontology

Different Types But All Services
-
centric


A Combat Support Agency

10

Cloud Types


Platform
-
As
-
A
-
Service (PaaS)


The delivery of a computing platform, and/or solution stack as a service


Facilitates deployment of applications without the cost and complexity of buying and managing the underlying
hardware and software layers


For example:



Web application frameworks


Ajax


Python Jingo


Ruby on Rails


Web hosting


Proprietary



Infrastructure
-
As
-
A
-
Service (IaaS)


The delivery of computer infrastructure as a services, typically platform virtualization


For example:


Full virtualization


Grid computing


Management


Compute



Applications
-
As
-
A
-
Service (AaaS) /Software
-
As
-
A
-
Service (SaaS)


L
everages the Cloud in software architecture


Eliminates the need to install and run the application on the customer's own computer


For example:


Peer
-
to
-
peer / volunteer computing


Web application


Software as a service


Software plus services




Database
-
As
-
A
-
Service (DaaS)



Leverages the Cloud for delivering database services




Users Want To Use The “Cloud” Services


A Combat Support Agency

11

Creating A “Cloud”

Providers Think Of How To Build A “Cloud”


A Combat Support Agency

12

Enabling the

Cloud Environment


Infrastructure


Consolidation


Global Information Grid


Capacity Services


Virtualization


Rapid Provisioning


Facility Analysis


Software


Network
-
Centric Services


Software
-
as
-
a
-
Service (Saas)


Forge.mil


Processes


ITIL


Security (Certification &
Accreditation)


Computing Service Provider
(CSP) Analysis


“Greening”


Multiple Technology Rivers Merging

A Combat Support Agency

13

Infrastructure

A Combat Support Agency

14

Legacy of Consolidations and Savings

1990

1993

1998

2005

Service/
Agency
consolidation
under DMRD
924


Reduced
number of
mainframe
sites from 194
to 71


Saved
$320M/year

DISA
Megacenter
consolidation


DMRD
918/BRAC


Reduced
number of
mainframe
sites from 71
to 16


Saved
$206M/year

DISA
“SMART”
consolidation
under QDR
and DRI


Reduced
mainframe
sites from 16
to 5


Saved
$203M/year

DISA combat
support
computing
transformation


Mainframe & Server
consolidation


4 primary sites w/
remote system mgmt


Centralized all business
functions



Saved


$143M/year

Consolidation Helps But

Co
-
location Is Not The “Cloud”

A Combat Support Agency

15

Network Aware

Applications

Common
Storage &
Retrieval

Shared Long
-
Haul
Transport

For Services/

Agencies

Plug & Play

Ad Hoc

Connectivity

Single
Authentication

Site

Flexible

SOA

Foundation

Everything

Over IP

Centralized

Computing

Services

End
-
to
-
End

MPLS

Network Services

Integrated Network Services Are Critical To
Delivering “Cloud” Services

A Combat Support Agency

16

Capacity Services

Concept


Acquire capacity as a service provided by
vendor partners



Pay much like a homeowner pays for utilities,
e.g., by CPU
-
hours or megabytes consumed


439 total orders completed, with a $31.5M
annualized value


Average delivery timeline of 11 days


14 days for mainframe; 10 for server


113 orders took less than 5 days


208 orders took between 5


14 days

Processor Orders to date

Storage Orders to date


157 Total ESS Orders Completed, with a
$9.6M Annualized Value


Average Delivery Timeline of 14 Days



7 Days for Disk



11 Days for Network Ports



24 Days for Tape Slot Capacity

Speed, Agility, Utility Pricing, Reduced Overhead &
Technology Currency

A Combat Support Agency

17

FY08

FY09

Reduced Footprint

Annual Sustainment: $25.9 M

Annual Sustainment: $14.3 M

BEFORE

AFTER

45 % savings

Virtualized Is Not In Itself A “Cloud”

Virtualization & Tech Refresh


Increased server utilization


Significant savings


Faster provisioning

One Customer Infrastructure

A Combat Support Agency

18

Rapid Access

Computing Environment

Agile and responsive computing


Authorized customers order and gain
access to a Server in less than 24
hours


Provides flexible development


platform for Web, application or
database


Windows, Red Hat, SUSE Servers in less
than 30 minutes


MIPR or government credit card


User Self
-
service

A Combat Support Agency

19

Facility Analysis


Building site


Building controls


Electrical systems


Exterior structure



Operations & maintenance service
management


Fire protection systems


Security system


HVAC systems & plumbing


Interior structures


Much, much more……






Comprehensive & Routine Facility Analysis
Ensures “Cloud” Readiness

A Combat Support Agency

20

Software Services:

Bridging Developers and Operations

A Combat Support Agency

21

NCES

Metadata

Discovery

Metadata

Registry

Ability to discover,
develop & reuse data
semantics

Enterprise

Service

Management

Monitors services
availability &
reliability

Messaging

Real
-
time updates
& alert notifications
as data change

Collaboration

Real
-
time voice, text,
video, application
sessions

Access to data;
improved content
awareness

Content

Discovery

Service

Discovery

Ability to discover,
develop & reuse
services

Ability to operate in
a secure
environment

Service

Security

Locate specific
information for
people

People

Discovery

Mediation

Exchange data

with unanticipated

users & formats


Content

Delivery

Improved
responsiveness &
bandwidth usage

Web
-
based

Joint access to NCES
using Defense
Knowledge Online

User Access

Net
-
Centric Enterprise Services

A Combat Support Agency

22

Software as a Service (SaaS)


Large number of software vendors


3M+ user baseline, continually changing and growing


Dynamic processing requirements


Software acquisition lead time


Outyear capital projection for technology infusion




Ability to rapidly change/grow baseline


Allows technology infusion on timely basis


No outyear capital projections required


Partnership with vendor(s)



Manage software on “usage” basis


Established negotiated prices


Include future versions/releases


Provide maintenance and patches


Challenge

SaaS Provider(s)

Value Add

A Combat Support Agency

23

Forge.mil


Collaborative environment supporting the development and
sharing of open source and community source software
within the DoD


Limited Operation Availability: January 23, 2009


General Availability: March 27, 2009




Common evaluation criteria and an agile certification
process to accelerate the certification of reusable, net
-
centric solutions


Limited Operational Availability: June 20, 2009





On demand application development and lifecycle
management tools provided buy DISA CSD on a fee
-
for
-
service bases for private project or program use


Availability: TBD

Bridging Developers & Operations



Fosters The Cloud

A Combat Support Agency

24

Processes

A Combat Support Agency

25

Information Technology

Infrastructure Library


A customizable framework of best practices
designed to promote quality computing services in
the information technology (IT) sector.


A systematic approach to the provisioning and
management of IT services, from inception
through design, implementation, operation and
continual improvement.



Computing Services is a DoD leader in educating
its professional staff in information technology
‘best practices’:


Almost 100% of staff educated at the Foundation
Level of ITIL concepts


100% Customer Management Executives (CMEs)
are certified ITIL Practitioners in Service Level
Management


Over 100 GS
-
12 through GS
-
15s are Practitioners in
Incident/Problem Management


Approximately 50 key personnel are Practitioners in
Change/Release/Configuration Management


Service

Transition

Service

Operation

Service

Design

Service

Strategy

Continual

Process Improvement

Continual Process Improvement

Providing The Community

With A Common Language & Processes

A Combat Support Agency

26

Computing Service

Provider (CSP) Overview


A
tactical tool

that allows DISA to extend enhanced operational
capabilities (NetOps) to non
-
DECC computing center
environments. Two primary components:


Facility capability assessment


Integration of tools and processes to enable NetOps Capabilities




Applies a structured methodology to enable service management
that ensures


Support for centralized visibility into the operation of key systems and services
consistent with NetOps operational construct


Compliance and risk management under DISA’s IA program


Compliance with DoD requirements for computing infrastructure and operations
processes appropriate to MAC Level



CSP is not a periodic audit/checklist


Requires specific process and technical changes to enable NetOps


Sustainment requires long
-
term coordination between DISA, system owner, system
operator


Data Center Operations “Best Practices”

A Combat Support Agency

27

Certification & Accreditation


Various C&A approaches


“Traditional” Defense Information
Technology Security Certification and
Accreditation Process (DITSCAP)


Department of Defense Information
Assurance Certification and
Accreditation Process (DIACAP)
DIACAP


Emerging Models


Landlord/Tenant


Application Security Evaluation (ASE)


Appropriate approach based on risk
identification and mitigation

Ensuring Security Is Part Of Creating A “Cloud”

A Combat Support Agency

28

Security Technical

Implementation Guide (STIG)



Goals:


Intrusion Avoidance


Intrusion Detections


Response and Recovery



Focus Areas:


Network/Perimeter


Peripherals


Operating Systems


Users


Standardized Procedures Critical

To Enterprise
-
wide Security

A Combat Support Agency

29

“Greening” DECC Infrastructure


Increasing energy costs


Increased cooling requirements to support
more compact implementations


Increased regulatory environment






Consolidation


Virtualization


Duct cooling


Variable frequency drives


Motion sensor lighting


Water reclamation





“Greening” Is Part Of Good Stewardship

Initiatives


Challenge

A Combat Support Agency

30

Multi
-
faceted Enablement


Infrastructure


Consolidation


Global Information Grid


Capacity Services


Virtualization


Rapid Provisioning


Facility Analysis


Clouds


Complexity With A Promise Of ….


Software


Network
-
centric Services


Software
-
as
-
a
-
Service (Saas)


Forge.mil



Processes


ITIL


Security (Certification &
Accreditation)


Computer Service Provider
(CSP)


“Greening”


It’s A Journey

A Simple Idea


User:


Builds a web application,


Using a standard platform


Using a standard database


Upload this application to a cloud provider


Only pays for what s/he uses when
s/he


needs it.



Everything else is an implementation
detail.



Cloud provider automatically


Provisions the services


Scales the application and the database
together





Clear Tenets


Application Flexibility


Standardized


Increasing “click to run” services


Live in remote Internet data centers


Scalable to millions



Procurement


Efficient


Rapid


Commoditized


“Pay by the sip”



Security


Simplified


Streamlined





A Combat Support Agency

31